
# Copyright (C) 2010-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=openvpn

PKG_VERSION:=2.7.4
PKG_RELEASE:=2

PKG_SOURCE_URL:=\
	https://build.openvpn.net/downloads/releases/ \
	https://swupdate.openvpn.net/community/releases/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_HASH:=18db05f3d5eee3663db1914590044e5f96ff5cd47b6e7846c6a350806c23dbce

PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>

PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=gc-sections
PKG_LICENSE:=GPL-2.0
PKG_CPE_ID:=cpe:/a:openvpn:openvpn

include $(INCLUDE_DIR)/package.mk

define Package/openvpn/Default
  TITLE:=Open source VPN solution using $(2)
  SECTION:=net
  CATEGORY:=Network
  URL:=https://openvpn.net/community/
  SUBMENU:=VPN
  MENU:=1
  DEPENDS:=+kmod-tun \
	   +libcap-ng \
	   +OPENVPN_$(1)_ENABLE_LZO:liblzo \
	   +OPENVPN_$(1)_ENABLE_LZ4:liblz4 \
	   +OPENVPN_$(1)_ENABLE_IPROUTE2:ip \
	   +OPENVPN_$(1)_ENABLE_DCO:libnl-genl \
	   +OPENVPN_$(1)_ENABLE_DCO:kmod-ovpn-backports \
	   $(3)
  VARIANT:=$(1)
  DEFAULT_VARIANT:=$(4)
  PROVIDES:=openvpn openvpn-crypto
endef

Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+PACKAGE_openvpn-openssl:libopenssl)
Package/openvpn-mbedtls=$(call Package/openvpn/Default,mbedtls,mbedTLS,+PACKAGE_openvpn-mbedtls:libmbedtls,1)
Package/openvpn-wolfssl=$(call Package/openvpn/Default,wolfssl,WolfSSL,+PACKAGE_openvpn-wolfssl:libwolfssl @BROKEN)

define Package/openvpn/config/Default
	source "$(SOURCE)/Config-$(1).in"
endef

Package/openvpn-openssl/config=$(call Package/openvpn/config/Default,openssl)
Package/openvpn-mbedtls/config=$(call Package/openvpn/config/Default,mbedtls)
Package/openvpn-wolfssl/config=$(call Package/openvpn/config/Default,wolfssl)

ifeq ($(BUILD_VARIANT),mbedtls)
CONFIG_OPENVPN_MBEDTLS:=y
endif
ifeq ($(BUILD_VARIANT),openssl)
CONFIG_OPENVPN_OPENSSL:=y
endif
ifeq ($(BUILD_VARIANT),wolfssl)
CONFIG_OPENVPN_WOLFSSL:=y
endif

CONFIGURE_VARS += \
	IPROUTE=/sbin/ip \
	NETSTAT=/sbin/netstat

define Build/Configure
	$(call Build/Configure/Default, \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SMALL),--enable-small) \
		--disable-selinux \
		--disable-systemd \
		--disable-plugins \
		--disable-debug \
		--disable-pkcs11 \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZ4),--enable,--disable)-lz4 \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),--enable,--disable)-x509-alt-username \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_PORT_SHARE),--enable,--disable)-port-share \
		$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_DCO),--enable,--disable)-dco \
		$(if $(CONFIG_OPENVPN_OPENSSL),--with-crypto-library=openssl --with-openssl-engine=no) \
		$(if $(CONFIG_OPENVPN_MBEDTLS),--with-crypto-library=mbedtls) \
		$(if $(CONFIG_OPENVPN_WOLFSSL),--with-crypto-library=wolfssl) \
	)
endef

define Package/openvpn-$(BUILD_VARIANT)/conffiles
/etc/openvpn.user
endef

define Package/openvpn-$(BUILD_VARIANT)/install
	$(INSTALL_DIR) $(1)/usr/sbin
	$(INSTALL_BIN) \
		$(PKG_INSTALL_DIR)/usr/sbin/openvpn \
		$(1)/usr/sbin/

	$(INSTALL_DIR) $(1)/lib/netifd/proto
	$(INSTALL_BIN) \
		files/lib/netifd/proto/openvpn.sh \
		$(1)/lib/netifd/proto/

	$(INSTALL_DIR) $(1)/etc/uci-defaults
	$(INSTALL_BIN) \
		files/etc/uci-defaults/60_openvpn_migrate.sh \
		$(1)/etc/uci-defaults/

	$(INSTALL_DIR) $(1)/usr/share/openvpn
	$(INSTALL_DATA) \
		files/usr/share/openvpn/openvpn.options \
		$(1)/usr/share/openvpn/
	$(INSTALL_BIN) \
		files/usr/share/openvpn/up.uc \
		files/usr/share/openvpn/down.uc \
		files/usr/share/openvpn/route-pre-down.uc \
		files/usr/share/openvpn/route-up.uc \
		files/usr/share/openvpn/ipchange.uc \
		files/usr/share/openvpn/client-connect.uc \
		files/usr/share/openvpn/client-disconnect.uc \
		files/usr/share/openvpn/client-crresponse.uc \
		files/usr/share/openvpn/auth-user-pass-verify.uc \
		files/usr/share/openvpn/tls-verify.uc \
		$(1)/usr/share/openvpn/

	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
	$(INSTALL_DATA) \
		files/lib/upgrade/keep.d/openvpn \
		$(1)/lib/upgrade/keep.d/

	$(INSTALL_DIR) $(1)/usr/libexec
	$(INSTALL_BIN) \
		files/usr/libexec/openvpn-hotplug \
		$(1)/usr/libexec/

	$(INSTALL_DIR) $(1)/etc
	$(INSTALL_DATA) \
		files/etc/openvpn.user \
		$(1)/etc/

	$(INSTALL_DIR) $(1)/etc/hotplug.d/openvpn
	$(INSTALL_DATA) \
		files/etc/hotplug.d/openvpn/01-user \
		$(1)/etc/hotplug.d/openvpn/
endef

$(eval $(call BuildPackage,openvpn-openssl))
$(eval $(call BuildPackage,openvpn-mbedtls))
$(eval $(call BuildPackage,openvpn-wolfssl))
