# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0
PortGroup           legacysupport 1.1

# _strnlen
legacysupport.newest_darwin_requires_legacy 10

name                openvpn2
version             2.6.14
revision            0
distname            openvpn-${version}
categories          net security
maintainers         {i0ntempest @i0ntempest} openmaintainer
license             {GPL-2 OpenSSLException}

description         easy-to-use, robust, and highly configurable VPN
long_description    \
    OpenVPN is an easy-to-use, robust, and highly configurable VPN (Virtual \
    Private Network) daemon which can be used to securely link two or more \
    private networks using an encrypted tunnel over the internet.

homepage            https://openvpn.net
master_sites        https://swupdate.openvpn.net/community/releases/

checksums           rmd160  833f78c2efa960da9794cd5039054b7a9d7e400e \
                    sha256  9eb6a6618352f9e7b771a9d38ae1631b5edfeed6d40233e243e602ddf2195e7a \
                    size    1926343

depends_build       path:bin/pkg-config:pkgconfig
depends_lib         port:lzo2 \
                    port:lz4 \
                    path:lib/libssl.dylib:openssl

configure.args      --program-suffix=2 \
                    --docdir=${prefix}/share/doc/${name}

post-destroot {
    set docdir ${destroot}${prefix}/share/doc/${name}
    set exdir ${destroot}${prefix}/share/examples/${name}
    xinstall -m 755 -d ${docdir}
    xinstall -m 755 -d ${exdir}
    foreach dir "sample/sample-config-files \
                sample/sample-keys \
                sample/sample-plugins \
                sample/sample-scripts"  {
        file copy ${worksrcpath}/${dir} ${exdir}/
    }
    file copy ${worksrcpath}/contrib ${docdir}/
    xinstall -m 644 -W ${worksrcpath} AUTHORS ${docdir}/
}

post-activate {
    if {![file exists ${prefix}/etc/${name}]} {
        xinstall -d ${prefix}/etc/${name}
    }
    foreach f { server.conf client.conf } {
        if {![file exists ${prefix}/etc/${name}/${f}]} {
                xinstall ${prefix}/share/examples/${name}/sample-config-files/${f} ${prefix}/etc/${name}/
        }
    }
}

variant pkcs11 description "Enable PKCS #11/Cryptoki support" {
    configure.args-append \
        --enable-pkcs11

    depends_lib-append \
        port:pkcs11-helper
}

variant passwordsave description {Build with --enable-password-save} {
    configure.args-append --enable-password-save
}

notes "
If not existing, a default server.conf has been created in ${prefix}/etc/${name}/
Startup launch script is set to start with it.
Please adjust to your need, especially passphrase or certificates

For minimal configuration, you need to follow these steps

A) With a shared secret
    $ sudo openvpn2 --genkey --secret ${prefix}/etc/openvpn2/static.key
   Use 'secret static.key' in your config file

B) With self-signed certificates, follow
   ${homepage}/index.php/open-source/documentation/howto.html#pki

Alternate GUI: https://tunnelblick.net/

Openvpn uses a tun device to create its network interface. It could either be:
- utun device built into OSX 10.7+
- tun device from port tuntaposx
"

if {${os.platform} eq "darwin" && ${os.major} <= 9} {
    post-patch {
        reinplace {s|security/pam_appl\.h|pam/pam_appl.h|g} \
            ${worksrcpath}/src/plugins/auth-pam/auth-pam.c \
            ${worksrcpath}/src/plugins/auth-pam/pamdl.c
    }
}

startupitem.create      yes
startupitem.executable  ${prefix}/sbin/openvpn2 --config ${prefix}/etc/${name}/server.conf

livecheck.type      regex
livecheck.url       ${homepage}/community-downloads/
livecheck.regex     {/openvpn-(\d+(?:\.\d+)*)\.tar}
