#!/usr/bin/make -f
# -*- makefile -*-

include /usr/share/dpkg/default.mk

export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DEB_BUILD_OPTIONS+=nocheck

SYSTEMD_SYSTEM_UNIT_DIR=$(shell pkg-config systemd --variable=systemd_system_unit_dir)

%:
	dh $@ --with python3

override_dh_auto_configure:
	dh_auto_configure -- \
    -Dbash-completion=enabled \
    -Dopenvpn_username=_openvpn \
    -Dopenvpn_group=_openvpn \
    -Dasio_path=/usr/ \
    -Dunit_tests=disabled \
    -Dtest_programs=disabled \
    -Daddon-aws=enabled \
    -Daddon-deviceposture=enabled

override_dh_install:
        # This is deprecated - remove it manually for now until it is removed upstream
	rm -f $(CURDIR)/debian/tmp/usr/sbin/openvpn3-autoload
	rm -f $(CURDIR)/debian/tmp/usr/share/man/man8/openvpn3-autoload.8*
	rm -f $(CURDIR)/debian/tmp/$(SYSTEMD_SYSTEM_UNIT_DIR)/openvpn3-autoload.service

	# openvpn3-addon-aws files
	mkdir -vp $(CURDIR)/debian/openvpn3-addon-aws/etc/openvpn3/awscerts \
		$(CURDIR)/debian/openvpn3-addon-aws/$(SYSTEMD_SYSTEM_UNIT_DIR) \
		$(CURDIR)/debian/openvpn3-addon-aws/usr/libexec/openvpn3-linux \
		$(CURDIR)/debian/openvpn3-addon-aws/usr/share/dbus-1/system.d/ \
		$(CURDIR)/debian/openvpn3-addon-aws/usr/share/man/man8/
	mv -vf $(CURDIR)/debian/tmp/etc/openvpn3/awscerts			      $(CURDIR)/debian/openvpn3-addon-aws/etc/openvpn3
	mv -vf $(CURDIR)/debian/tmp/usr/libexec/openvpn3-linux/openvpn3-service-aws   $(CURDIR)/debian/openvpn3-addon-aws/usr/libexec/openvpn3-linux/
	mv -vf $(CURDIR)/debian/tmp/usr/share/dbus-1/system.d/net.openvpn.v3.aws.conf $(CURDIR)/debian/openvpn3-addon-aws/usr/share/dbus-1/system.d/
	mv -vf $(CURDIR)/debian/tmp/usr/share/man/man8/openvpn3-service-aws.8*	      $(CURDIR)/debian/openvpn3-addon-aws/usr/share/man/man8/
	mv -vf $(CURDIR)/debian/tmp/$(SYSTEMD_SYSTEM_UNIT_DIR)/openvpn3-aws.service   $(CURDIR)/debian/openvpn3-addon-aws/$(SYSTEMD_SYSTEM_UNIT_DIR)/

	# openvpn3-dpc-openvpninc files - must be processed before openvpn3-addon-devposture
	mkdir -vp $(CURDIR)/debian/openvpn3-dpc-openvpninc/var/lib/openvpn3/deviceposture/profiles/
	mv -vf $(CURDIR)/debian/tmp/var/lib/openvpn3/deviceposture/profiles/openvpninc.json  $(CURDIR)/debian/openvpn3-dpc-openvpninc/var/lib/openvpn3/deviceposture/profiles/

	# openvpn3-addon-devposture files
	mkdir -vp $(CURDIR)/debian/openvpn3-addon-devposture/usr/libexec/openvpn3-linux \
		$(CURDIR)/debian/openvpn3-addon-devposture/usr/share/dbus-1/system.d/ \
		$(CURDIR)/debian/openvpn3-addon-devposture/usr/share/dbus-1/system-services/ \
		$(CURDIR)/debian/openvpn3-addon-devposture/usr/share/doc/openvpn3-addon-devposture \
		$(CURDIR)/debian/openvpn3-addon-devposture/usr/share/man/man8/ \
		$(CURDIR)/debian/openvpn3-addon-devposture/var/lib/openvpn3/deviceposture/profiles/
	mv -vf $(CURDIR)/debian/tmp/usr/libexec/openvpn3-linux/openvpn3-service-devposture		$(CURDIR)/debian/openvpn3-addon-devposture/usr/libexec/openvpn3-linux/
	mv -vf $(CURDIR)/debian/tmp/usr/share/dbus-1/system.d/net.openvpn.v3.devposture.conf		$(CURDIR)/debian/openvpn3-addon-devposture/usr/share/dbus-1/system.d/
	mv -vf $(CURDIR)/debian/tmp/usr/share/dbus-1/system-services/net.openvpn.v3.devposture.service	$(CURDIR)/debian/openvpn3-addon-devposture/usr/share/dbus-1/system-services/
	mv -vf $(CURDIR)/debian/tmp/usr/share/doc/openvpn3/device-posture/profile-format.md		$(CURDIR)/debian/openvpn3-addon-devposture/usr/share/doc/openvpn3-addon-devposture/
	mv -vf $(CURDIR)/debian/tmp/usr/share/man/man8/openvpn3-service-devposture.8*			$(CURDIR)/debian/openvpn3-addon-devposture/usr/share/man/man8/
	mv -vf $(CURDIR)/debian/tmp/var/lib/openvpn3/deviceposture/profiles/*				$(CURDIR)/debian/openvpn3-addon-devposture/var/lib/openvpn3/deviceposture/profiles/
	rm -rvf $(CURDIR)/debian/tmp/var/lib/openvpn3/deviceposture

	# Move the rest of the files to the openvpn3-client package
	mkdir -vp $(CURDIR)/debian/openvpn3-client
	cp -rvf $(CURDIR)/debian/tmp/* $(CURDIR)/debian/openvpn3-client/
	rm -rf $(CURDIR)/debian/tmp

# dh_ needs to be called in the arch independent build. It is only part
# of the default sequence from compat level 14
override_dh_auto_install:
	dh_installsysusers
	dh_auto_install
	# delete the installed header file, this is not a library
	$(RM) -r $(CURDIR)/debian/openvpn3-client/usr/include
	# allow the directory to be created with tmpfiles.d with the
	# correct owner/permissions
	$(RM) -r $(CURDIR)/debian/openvpn3-client/var/lib/openvpn3/configs

# Override sytemctl enable on the provided unit file
# This should first be enabled once the sysadmin has
# done the appropriate configuration steps
override_dh_installsystemd:
	dh_installsystemd --no-start --no-enable
