# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

EAPI=6

SSL_CERT_MANDATORY=1
inherit eutils ssl-cert versionator multilib user

DESCRIPTION="An advanced Internet Relay Chat daemon"
HOMEPAGE="https://www.unrealircd.org/"
SRC_URI="https://www.unrealircd.org/${PN}$(get_version_component_range 1)/${P}.tar.gz"

SLOT="0"
LICENSE="GPL-2"
KEYWORDS="~amd64 ~ppc ~x86 ~x86-fbsd ~amd64-linux"
IUSE="class-nofakelag curl +extban-stacking +operoverride operoverride-verify +prefixaq
	showlistmodes shunnotices topicisnuhost +usermod"

RDEPEND="dev-libs/openssl:=
	curl? ( net-misc/curl[adns] )
	dev-libs/libpcre2
	dev-libs/tre
	>=net-dns/c-ares-1.7"
DEPEND="${RDEPEND}
	virtual/pkgconfig"

pkg_pretend() {
	local v
	for v in ${REPLACING_VERSIONS}; do
		version_is_at_least 4 "${v}" && continue
		ewarn "The configuration file format has changed since ${v}."
		ewarn "Please be prepared to manually update them and visit:"
		ewarn "https://www.unrealircd.org/docs/Upgrading_from_3.2.x"
		break
	done
}

pkg_setup() {
	enewuser unrealircd
}

src_prepare() {
	# QA check against bundled pkgs
	rm -r extras || die

	if use class-nofakelag; then
		sed -i -e 's:#undef\( FAKELAG_CONFIGURABLE\):#define\1:' include/config.h || die
	fi

	eapply_user
}

src_configure() {
	econf \
		--with-bindir="${EPREFIX}"/usr/bin \
		--with-cachedir="${EPREFIX}"/var/lib/${PN} \
		--with-confdir="${EPREFIX}"/etc/${PN} \
		--with-datadir="${EPREFIX}"/var/lib/${PN} \
		--with-docdir="${EPREFIX}"/usr/share/doc/${PF} \
		--with-logdir="${EPREFIX}"/var/log/${PN} \
		--with-modulesdir="${EPREFIX}"/usr/"$(get_libdir)"/${PN}/modules \
		--with-pidfile="${EPREFIX}"/run/${PN}/ircd.pid \
		--with-tmpdir="${EPREFIX}"/var/lib/${PN}/tmp \
		--with-nick-history=2000 \
		--with-sendq=3000000 \
		--with-permissions=0640 \
		--with-fd-setsize=1024 \
		--with-system-cares \
		--with-system-pcre2 \
		--with-system-tre \
		--enable-dynamic-linking \
		--enable-ssl="${EPREFIX}"/usr \
		$(use_enable curl libcurl "${EPREFIX}"/usr) \
		$(use_enable prefixaq) \
		$(use_with showlistmodes) \
		$(use_with topicisnuhost) \
		$(use_with shunnotices) \
		$(use_with !operoverride no-operoverride) \
		$(use_with operoverride-verify) \
		$(use_with !usermod disableusermod) \
		$(use_with !extban-stacking disable-extendedban-stacking)
}

src_install() {
	keepdir /var/log/${PN}
	keepdir /var/lib/${PN}/tmp

	newbin src/ircd ${PN}

	(
		cd src/modules || die
		for subdir in $(find . -type d -print); do
			if [[ -n $(shopt -s nullglob; echo ${subdir}/*.so) ]]; then
				exeinto /usr/$(get_libdir)/${PN}/modules/"${subdir}"
				doexe "${subdir}"/*.so
			fi
		done
	)

	insinto /etc/${PN}
	# Purposefully omitting the examples/ and ssl/ subdirectories. ssl
	# is redundant with app-misc/ca-certificates and examples will all
	# be in docs anyway.
	doins -r doc/conf/{aliases,help}
	doins doc/conf/*.conf
	newins doc/conf/examples/example.conf ${PN}.conf
	keepdir /etc/${PN}/ssl

	dodoc \
		doc/{Changes.old,Changes.older,RELEASE-NOTES} \
		doc/{Donation,translations.txt}

	newinitd "${FILESDIR}"/${PN}.initd-r1 ${PN}
	newconfd "${FILESDIR}"/${PN}.confd-r2 ${PN}

	# config should be read-only
	fperms -R 0640 /etc/${PN}
	fperms 0750 /etc/${PN}{,/aliases,/help}
	fperms 0750 /etc/${PN}/ssl
	# state is editable but not owned by unrealircd directly
	fperms 0770 /var/log/${PN}
	fperms 0770 /var/lib/${PN}{,/tmp}
	fowners -R root:unrealircd /{etc,var/{lib,log}}/${PN}
}

pkg_preinst() {
	# Must pre-create directories; otherwise their permissions are lost
	# on installation.

	# Usage: _unrealircd_dir_permissions <user> <group> <mode> <dir>[, <dir>…]
	#
	# Ensure that directories are created with the correct permissions
	# before portage tries to merge them to the filesystem because,
	# otherwise, those directories are installed world-readable.
	#
	# If this is a first-time install, create those directories with
	# correct permissions before installing. Otherwise, update
	# permissions—but only if we are replacing an unrealircd ebuild at
	# least as old as net-irc/unrealircd-3.2.10. Portage handles normal
	# file permissions correctly, so no need for recursive
	# chmoding/chowning.
	_unrealircd_dir_permissions() {
		local user=${1} group=${2} mode=${3} dir v
		shift 3
		while dir=${1} && shift; do
			if [[ ! -d "${EROOT}${dir}" ]]; then
				ebegin "Creating ""${EROOT}${dir}"" with correct permissions"
				install -d -m "${mode}" -o "${user}" -g "${group}" "${EROOT}${dir}" || die
				eend ${?}
			elif ! [[ ${REPLACING_VERSIONS} ]] || for v in ${REPLACING_VERSIONS}; do
					# If 3.2.10 ≤ ${REPLACING_VERSIONS}, then we update
					# existing permissions.
					version_is_at_least "${v}" 3.2.10 && break
				done; then
				ebegin "Correcting permissions of ""${EROOT}${dir}"" left by ${CATEGORY}/${PN}-${v}"
				chmod "${mode}" "${EROOT}${dir}" \
					&& chown ${user}:${group} "${EROOT}${dir}" \
					|| die "Unable to correct permissions of ${EROOT}${dir}"
				eend ${?}
			fi
		done
	}

	# unrealircd only needs to be able to read files in /etc/unrealircd.
	_unrealircd_dir_permissions root unrealircd 0750 etc/${PN}{,/aliases}

	# unrealircd needs to be able to create files in /var/lib/unrealircd
	# and /var/log/unrealircd.
	_unrealircd_dir_permissions root unrealircd 0770 var/{lib,log}/${PN}
}

pkg_postinst() {
	# Move docert call from src_install() to install_cert in pkg_postinst for
	# bug #201682
	if [[ ! -f "${EROOT}"etc/${PN}/ssl/server.cert.key ]]; then
		if [[ -f "${EROOT}"etc/${PN}/server.cert.key ]]; then
			ewarn "The location ${PN} looks for SSL certificates has changed"
			ewarn "from ${EROOT}etc/${PN} to ${EROOT}etc/${PN}/ssl."
			ewarn "Please move your existing certificates."
		else
			(
				umask 0037
				install_cert /etc/${PN}/ssl/server.cert
				chown unrealircd "${EROOT}"etc/${PN}/ssl/server.cert.*
				ln -snf server.cert.key "${EROOT}"etc/${PN}/ssl/server.key.pem
			)
		fi
	fi

	local unrealircd_conf="${EROOT}"etc/${PN}/${PN}.conf
	# Fix up the default cloak keys.
	if grep -qe '"and another one";$' "${unrealircd_conf}" && grep -qe '"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";$' "${unrealircd_conf}"; then
		ebegin "Generating cloak-keys"
		local keys=(
			$(${PN} -k 2>&1 | tail -n 3)
		)
		[[ -n ${keys[0]} || -n ${keys[1]} || -n ${keys[2]} ]]
		eend $?

		ebegin "Substituting cloak-keys into ${unrealircd_conf}"
		sed -i \
			-e '/cloak-keys/ {
n
s/"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";/"'"${keys[0]}"'";/
n
s/"and another one";/"'"${keys[1]}"'";/
n
s/"and another one";/"'"${keys[2]}"'";/
}' \
			"${unrealircd_conf}"
		eend $?
	fi

	# Precreate ircd.tune and ircd.log with the correct ownership to
	# protect people from themselves when they run unrealircd as root
	# before trying the initscripts. #560790
	local f
	for f in "${EROOT}"var/{lib/${PN}/ircd.tune,log/${PN}/ircd.log}; do
		[[ -e ${f} ]] && continue
		ebegin "Precreating ${f} to set ownership"
		(
			umask 0037
			# ircd.tune must be seeded with content instead of being empty.
			if [[ ${f} == *ircd.tune ]]; then
				echo 0 > "${f}"
				echo 0 >> "${f}"
			fi
			touch "${f}"
		)
		chown unrealircd "${f}"
		eend $?
	done

	elog "UnrealIRCd will not run until you've set up /etc/unrealircd/unrealircd.conf"
	elog
	elog "You can also configure ${PN} start at boot with rc-update(1)."
	elog "It is recommended to run unrealircd as an unprivileged user."
	elog "The provided init.d script does this for you."
}