%global gitsnapshot 1
%if 0%{?gitsnapshot}
%global snapcommit f6fc6484d49f6d7dd2b25401cfdb82bca3bed43c
%global snapcount 155
%global shortcommit %(c=%{snapcommit}; echo ${c:0:7})
%global snapver .git.%{snapcount}.%{shortcommit}
%endif

%global tagver 9.12

# RHEL6 still has ancient GnuTLS
%define use_gnutls 0%{?fedora} || 0%{?rhel} >= 7

# Fedora has tss2-sys from F29 onwards, and RHEL from 8 onwards.
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
%define use_tss2_esys 1
%else
%define use_tss2_esys 0
%endif

%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}

Name:		openconnect
Version:	%{tagver}%{?snapver}
Release:	0%{?dist}
Summary:	Open multi-protocol SSL VPN client

License:	LGPLv2
URL:		https://www.infradead.org/openconnect.html
%if 0%{?gitsnapshot}
Source0:        https://github.com/openconnect/%{name}/archive/%{snapcommit}/%{name}-%{shortcommit}.tar.gz
%else
Source0:        https://www.infradead.org/openconnect/download/%{name}-%{version}.tar.gz
%endif
Source2:	gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc
Source3:	macros.gpg

BuildRequires:	make xdg-utils
BuildRequires:	pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2
BuildRequires:	autoconf automake libtool gettext pkgconfig(liblz4)
BuildRequires:	pkgconfig(uid_wrapper) pkgconfig(socket_wrapper)
BuildRequires:	pkgconfig(libproxy-1.0)
BuildRequires:  pkgconfig(stoken) pkgconfig(libpskc)
%if 0%{?fedora}
BuildRequires:  pkgconfig(json-parser)
%endif
%if 0%{?fedora} || 0%{?rhel} <= 7
# SoftHSM doesn't install on EPEL8: https://bugzilla.redhat.com/show_bug.cgi?id=1829480
BuildRequires:  softhsm
%endif
%if 0%{?fedora} || 0%{?rhel} >= 7
Obsoletes:	openconnect-lib-compat < %{version}-%{release}
Requires:	vpnc-script
%else
Requires:	vpnc
%endif
%if 0%{?fedora} >= 30 || 0%{?rhel} >= 9
BuildRequires: glibc-langpack-cs
%endif
%if %{use_gnutls}
BuildRequires:	pkgconfig(gnutls) trousers-devel
# Anywhere we use GnuTLS ,there should be an ocserv package too
BuildRequires:	ocserv
%else
BuildRequires:	pkgconfig(openssl) pkgconfig(libp11) pkgconfig(p11-kit-1)
%endif
%if %{use_tss2_esys}
BuildRequires: pkgconfig(tss2-esys) pkgconfig(tss2-tctildr) pkgconfig(tss2-mu)
# https://bugzilla.redhat.com/show_bug.cgi?id=1638961
BuildRequires: libgcrypt-devel
%if 0%{?fedora} > 32
# Older versions of tss2-esys don't have the swtpm TCTI
BuildRequires: swtpm swtpm-tools
%endif
%endif

%description
This package provides a multiprotocol VPN client for Cisco AnyConnect,
Juniper SSL VPN / Pulse Connect Secure, and Palo Alto Networks GlobalProtect
SSL VPN.

%package devel
Summary: Development package for OpenConnect VPN authentication tools
Requires: %{name}%{?_isa} = %{version}-%{release}

%description devel
This package provides the core HTTP and authentication support from
the OpenConnect VPN client, to be used by GUI authentication dialogs
for NetworkManager etc.

%include %SOURCE3
%prep
%if 0%{?gitsnapshot}
%setup -q -n %{name}-%{shortcommit}
NOCONFIGURE=x ./autogen.sh
%else
%gpg_verify
%setup -q
if [ ! -x configure ]; then
    NOCONFIGURE=x ./autogen.sh
fi
%endif

%build
%configure	--with-vpnc-script=/etc/vpnc/vpnc-script \
		--disable-dsa-tests \
%if %{use_gnutls}
%if 0%{?fedora} || 0%{?rhel} > 7
		--with-default-gnutls-priority="@OPENCONNECT,SYSTEM" \
		--without-gnutls-version-check \
%endif
%else
		--with-openssl --without-openssl-version-check \
%endif
		--htmldir=%{_pkgdocdir}
make %{?_smp_mflags} V=1


%install
%make_install
mkdir -p $RPM_BUILD_ROOT/%{_pkgdocdir}
rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la
rm -f $RPM_BUILD_ROOT/%{_libexecdir}/openconnect/tncc-wrapper.py
rm -f $RPM_BUILD_ROOT/%{_libexecdir}/openconnect/hipreport-android.sh
%find_lang %{name}

%check
%if 0%{?fedora} || 0%{?rhel} > 7
# Clear RDRAND capability bit to work around
# https://bugzilla.redhat.com/show_bug.cgi?id=1831086
make VERBOSE=1 OPENSSL_ia32cap=~0x4000000000000000 XFAIL_TESTS="obsolete-server-crypto" check
%else
# Test setup for OpenSSL builds in RHEL6.
make VERBOSE=1 XFAIL_TESTS="auth-nonascii bad_dtls_test" check
%endif

%ldconfig_scriptlets

%files -f %{name}.lang
%{_libdir}/libopenconnect.so.5*
%{_sbindir}/openconnect
%{_libexecdir}/openconnect/
%{_mandir}/man8/*
%{_datadir}/bash-completion/completions/openconnect
%doc TODO COPYING.LGPL
%doc %{_pkgdocdir}

%files devel
%{_libdir}/libopenconnect.so
%{_includedir}/openconnect.h
%{_libdir}/pkgconfig/openconnect.pc

%changelog
* Tue Jul 16 2019 David Woodhouse <dwmw2@infradead.org> - %{version}-%{release}
- Autopackaging for COPR