#!/bin/bash

DEPS=(bash coreutils findutils libp11-kit)

SOURCE=https://src.fedoraproject.org/rpms/ca-certificates
DESC="CA certificate utilities"

build() {
  asciidoc.py -v -d manpage -b docbook update-ca-trust.8.txt
  xsltproc --nonet -o update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl update-ca-trust.8.xml
}

package () {
    rm update-ca-trust
    wget https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/ca-certificates/trunk/update-ca-trust

    install -Dt "$PKG_DEST/usr/bin" update-ca-trust
    install -Dt "$PKG_DEST/usr/share/man/man8" -m644 update-ca-trust.8
    install -Dt "$PKG_DEST/usr/share/libalpm/hooks" -m644 *.hook

    # Trust source directories
    # Upstream also adds "blocklist" but that's useless without support in p11-kit
    install -d "$PKG_DEST"/{etc,usr/share}/ca-certificates/trust-source/{anchors,blocklist}

    # Directories used by update-ca-trust (aka "trust extract-compat")
    install -d "$PKG_DEST"/etc/{ssl/certs/{edk2,java},ca-certificates/extracted}

    # Compatibility link for OpenSSL using /etc/ssl as CAdir
    # Used in preference to the individual links in /etc/ssl/certs
    ln -sr "$PKG_DEST/etc/ca-certificates/extracted/tls-ca-bundle.pem" "$PKG_DEST/etc/ssl/cert.pem"

    # Compatiblity link for legacy bundle
    ln -sr "$PKG_DEST/etc/ca-certificates/extracted/tls-ca-bundle.pem" "$PKG_DEST/etc/ssl/certs/ca-certificates.crt"

}