distributable:
  url: https://www.openssl.org/source/openssl-{{version.raw}}.tar.gz
  sha: ${{url}}.sha256
  sig: ${{url}}.asc
  strip-components: 1

versions:
  github: openssl/openssl/releases
  strip: /^OpenSSL /

provides:
  - bin/openssl
  - bin/c_rehash

dependencies:
  curl.se/ca-certs: '*'

build:
  dependencies:
    tea.xyz/gx/cc: c99
    tea.xyz/gx/make: '*'
    perl.org: 5
    git-scm.org: 2  # to apply our patch
  script: |
    git apply props/x509_def.c.diff

    ./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS --openssldir={{prefix}}/ssl
    make --jobs {{ hw.concurrency }}
    make install_sw   # `_sw` avoids installing docs

    cd "{{prefix}}"
    if test -d lib64; then
      mv lib64 lib
      ln -s lib lib64
    fi

  env:
    darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}
    darwin/x86-64:  {ARCH: 'darwin64-x86_64-cc'}
    linux/aarch64:  {ARCH: 'linux-aarch64'}
    linux/x86-64:   {ARCH: 'linux-x86_64'}
    darwin:
      # supposedly enables important optimizations
      ARGS: enable-ec_nistp_64_gcc_128
  test:
    make test

#TODO need to test the SSL certs work
# otherwise we are basically relying on wget etc. to test for it

test:
  dependencies:
    gnu.org/wget: '*'
  script: |
    echo "This is a test file" > in
    openssl dgst -sha256 -out out ./in
    if test {{version.major}} = 3; then
      test "$(cat ./out)" = "SHA2-256(./in)= $SAMPLE"
    else
      test "$(cat ./out)" = "SHA256(./in)= $SAMPLE"
    fi

    if test {{version.major}} = 1; then
      wget tea.xyz  # test the certs work
    fi
    # ^^ can't test openssl 3 yet since like, what uses it even?!
  env:
    SAMPLE: c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35