;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages mit-krb5)
  #:use-module (gnu packages)
  #:use-module (gnu packages bison)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages gcc)
  #:use-module (guix licenses)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix utils)
  #:use-module (guix build-system gnu))

(define-public mit-krb5
  (package
    (name "mit-krb5")
    (version "1.13.2")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://web.mit.edu/kerberos/www/dist/krb5/"
                                  (version-major+minor version)
                                  "/krb5-" version "-signed.tar"))
              (sha256 (base32
                       "1qbdzyrws7d0q4filsibh28z54pd5l987jr0ygv43iq9085w6a75"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("bison" ,bison)
       ("perl" ,perl)

       ;; Include the patches as native-inputs.
       ,@(map (lambda (label)
                (let ((input-name (string-append "patch/" label))
                      (file-name  (string-append name "-" label ".patch")))
                  `(,input-name ,(search-patch file-name))))
              '("CVE-2015-2695-pt1"
                "CVE-2015-2695-pt2"
                "CVE-2015-2696"
                "CVE-2015-2697"
                "CVE-2015-2698-pt1"
                "CVE-2015-2698-pt2"))))
    (arguments
     `(#:modules ((ice-9 ftw)
                  (ice-9 match)
                  (srfi srfi-1)
                  ,@%gnu-build-system-modules)
       #:phases
       (modify-phases %standard-phases
         (replace 'unpack
           (lambda* (#:key source #:allow-other-keys)
             (define (sub-directory? name)
               (and (not (member name '("." "..")))
                    (equal? (stat:type (stat name))
                            'directory)))
             (and (zero? (system* "tar" "xvf" source))
                  (match (find-files "." "\\.tar\\.gz$")
                    ((inner-tar-file)
                     (zero? (system* "tar" "xvf" inner-tar-file))))
                  (match (scandir "." sub-directory?)
                    ((directory)
                     (chdir directory)
                     #t)))))

         (add-after 'unpack 'apply-patches
           (lambda* (#:key inputs native-inputs #:allow-other-keys)
             (let ((patches (filter (match-lambda
                                      ((name . file)
                                       (string-prefix? "patch/" name)))
                                    (or native-inputs inputs))))
               (every (match-lambda
                        ((name . file)
                         (format (current-error-port)
                                 "applying '~a'...~%" name)
                         (zero? (system* "patch" "-p1" "--force" "-i" file))))
                      patches))))

         (add-after 'apply-patches 'enter-source-directory
           (lambda _
             (chdir "src")
             #t))

         (add-before 'check 'pre-check
           (lambda* (#:key inputs #:allow-other-keys)
             (let ((perl (assoc-ref inputs "perl")))
               (substitute* "plugins/kdb/db2/libdb2/test/run.test"
                 (("/bin/cat") (string-append perl "/bin/perl"))
                 (("D/bin/sh") (string-append "D" (which "bash")))
                 (("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))

             ;; avoid service names since /etc/services is unavailable
             (substitute* "tests/resolve/Makefile"
               (("-p telnet") "-p 23"))
             #t)))))
    (synopsis "MIT Kerberos 5")
    (description
     "Massachusetts Institute of Technology implementation of Kerberos.
Kerberos is a network authentication protocol designed to provide strong
authentication for client/server applications by using secret-key
cryptography.")
    (license (non-copyleft "file://NOTICE"
                           "See NOTICE in the distribution."))
    (home-page "http://web.mit.edu/kerberos/")))