# $Id: Portfile 106023 2013-05-13 18:19:56Z larryv@macports.org $

PortSystem 1.0
name			certsync
version			1.0.1
categories		security
conflicts		curl-ca-bundle
maintainers		landonf openmaintainer
description		Export x509 CAs from the Mac OS X Keychain.
long_description	The package implements exporting of x509 CAs from \
			the Mac OS X keychain, for use by OpenSSL and gnutls.
homepage		http://www.macports.org
platforms		darwin

distfiles

use_configure no

# TODO: How should we run this automatically? Attempts to use SecKeychainAddCallback()
# in a blocking daemon haven't been successful; the callback is never called.
# One possible hack is observing events on /System/Library/Keychains
#startupitem.create yes
#startupitem.start "${prefix}/bin/update-ca-certificates"

build {
	file mkdir "${worksrcpath}"
	system "${configure.objc} \
		${configure.objcflags} \
		-mmacosx-version-min=10.6 \
		-Wall \
		${filespath}/certsync.m -o ${worksrcpath}/certsync \
		${configure.ldflags} \
		-framework Foundation -framework Security"
	file copy "${filespath}/update-ca-certificates" "${worksrcpath}/update-ca-certificates"
	reinplace "s|@PREFIX@|${prefix}|g" "${worksrcpath}/update-ca-certificates"
}

destroot {
	xinstall -d "${destroot}${prefix}/bin"
	xinstall -m 755 "${worksrcpath}/certsync" "${destroot}${prefix}/bin/certsync"
	xinstall -m 755 "${worksrcpath}/update-ca-certificates" "${destroot}${prefix}/bin/update-ca-certificates"

	# Provide backwards compatibility with curl-ca-bundle
	xinstall -d "${destroot}${prefix}/share/curl"
	ln -s ${prefix}/etc/openssl/cert.pem ${destroot}${prefix}/share/curl/curl-ca-bundle.crt
}

post-activate {
	system "${prefix}/bin/update-ca-certificates"
}