%if 0%{?mbedtls2}
# When building mbedtls 2.28.x
%define major 14
%define x509major 1
%define cryptomajor 7
%else
# When building mbedtls 3.6.x
%define major 21
%define x509major 7
%define cryptomajor 16
%define libeverest %{?_lib}everest
%define libp256m %{?_lib}p256m
%endif
%define libname %{?_lib}%{name}%{major}
%define libx509 %{?_lib}mbedx590_%{x509major}
%define libcrypto %{?lib}mbedcrypto%{cryptomajor}
%define develname %{?_lib}%{name}-devel

Name:           mbedtls
%if 0%{?mbedtls2}
# Please stay on LTS branch 2.28.x:
# https://www.trustedfirmware.org/blog/MBed-TLS_1-3/
Version:        2.28.8
%else
# Please stay on LTS branch 3.6.x:
# https://www.trustedfirmware.org/blog/mbed-tls-3-6-0-lts
Version:        3.6.0
%endif
Release:        1%{?dist}
Summary:        Light-weight cryptographic and SSL/TLS library
Group:          System/Libraries
License:        ASL 2.0
URL:            https://www.trustedfirmware.org/projects/mbed-tls/
Source0:        https://github.com/Mbed-TLS/mbedtls/releases/download/v%{version}/%{name}-%{version}.tar.bz2

%if "%{version}" >= "3.0" && "0%{?suse_version}" == "0"
%bcond_without apidocs
%else
%bcond_with apidocs
%endif

BuildRequires:  gcc
BuildRequires:  cmake
%if "%{version}" < "3.0.0"
# Support for pkcs11-helper and zlib were removed in mbedtls v3
BuildRequires:  pkgconfig(libpkcs11-helper-1)
BuildRequires:  pkgconfig(zlib)
%else
# Check:
BuildRequires:  pkgconfig(python3)
BuildRequires:  perl
# Documentation:
%if %{with apidocs}
BuildRequires:  doxygen
BuildRequires:  graphviz
#BuildRequires:  python3dist(breathe)
# Required to convert Markdown to HTML; it could probably be patched to use cmark instead.
#BuildRequires:  pandoc
%endif
%endif


%description
mbed TLS (formerly known as PolarSSL) is an SSL library written in ANSI C.
mbed TLS makes it easy for developers to include cryptographic and SSL/TLS
capabilities in their (embedded) products with as little hassle as possible.
It is designed to be readable, documented, tested, loosely coupled and
portable.

This package contains mbed TLS programs.

%package -n %{libname}
Summary:        mbed TLS library
Group:          System/Libraries

%description -n	%{libname}
mbed TLS (formerly known as PolarSSL) is an SSL library written in ANSI C.
mbed TLS makes it easy for developers to include cryptographic and SSL/TLS
capabilities in their (embedded) products with as little hassle as possible.
It is designed to be readable, documented, tested, loosely coupled and
portable.

This package contains the library itself.

%package -n %{libx509}
Summary:        mbed TLS X509 library
Group:          System/Libraries

%description -n %{libx509}
mbed TLS (formerly known as PolarSSL) is an SSL library written in ANSI C.
mbed TLS makes it easy for developers to include cryptographic and SSL/TLS
capabilities in their (embedded) products with as little hassle as possible.
It is designed to be readable, documented, tested, loosely coupled and
portable.

This package contains mbed X509 library.

%package -n %{libcrypto}
Summary:        mbed crypto library
Group:          System/Libraries

%description -n %{libcrypto}
mbed TLS (formerly known as PolarSSL) is an SSL library written in ANSI C.
mbed TLS makes it easy for developers to include cryptographic and SSL/TLS
capabilities in their (embedded) products with as little hassle as possible.
It is designed to be readable, documented, tested, loosely coupled and
portable.

This package contains mbed mbedcrypto library.

%if "%{version}" >= "3.0"
%package -n %{libeverest}
Summary:        mbed everest library
Group:          System/Libraries

%description -n %{libeverest}
mbed TLS (formerly known as PolarSSL) is an SSL library written in ANSI C.
mbed TLS makes it easy for developers to include cryptographic and SSL/TLS
capabilities in their (embedded) products with as little hassle as possible.
It is designed to be readable, documented, tested, loosely coupled and
portable.

This package contains mbed everest library.

%package -n %{libp256m}
Summary:        mbed p256m library
Group:          System/Libraries

%description -n %{libp256m}
mbed TLS (formerly known as PolarSSL) is an SSL library written in ANSI C.
mbed TLS makes it easy for developers to include cryptographic and SSL/TLS
capabilities in their (embedded) products with as little hassle as possible.
It is designed to be readable, documented, tested, loosely coupled and
portable.

This package contains mbed p256m library.
%endif

%package -n %{develname}
Summary:        mbed TLS development files
Group:          Development/C
Requires:       %{libname} = %{version}-%{release}
Requires:       %{libx509} = %{version}-%{release}
Requires:       %{libcrypto} = %{version}-%{release}
Provides:       %{name}-devel = %{version}-%{release}

%description -n %{develname}
mbed TLS (formerly known as PolarSSL) is an SSL library written in ANSI C.
mbed TLS makes it easy for developers to include cryptographic and SSL/TLS
capabilities in their (embedded) products with as little hassle as possible.
It is designed to be readable, documented, tested, loosely coupled and
portable.

This package contains development files.

%prep
%autosetup -p1 -n %{name}-%{version}

# Enable MBEDTLS_THREADING_PTHREAD and MBEDTLS_THREADING_C flags
# https://bugs.mageia.org/show_bug.cgi?id=15391#c4
sed -i -e 's|.*\(#define MBEDTLS_THREADING_C\)|\1|' \
    -e 's|.*\(#define MBEDTLS_THREADING_PTHREAD\)|\1|' \
%if "%{version}" < "3.0"
    include/mbedtls/config.h
%else
    include/mbedtls/mbedtls_config.h
%endif

%build
# Could probably be done more cleanly by BuildSystem/BuildOption in rpm 4.20+
%cmake \
    -DUSE_SHARED_MBEDTLS_LIBRARY=ON \
%if "%{version}" < "3.0"
    -DENABLE_ZLIB_SUPPORT=ON
%else
    -DMBEDTLS_FATAL_WARNINGS=OFF
%endif

%cmake_build

%if %{with apidocs}
# Use doxygen to generate API documentation.
%make_build apidoc && rm -rf apidoc/xml && find apidoc -name '*.md5' -exec rm -f '{}' \;
%define develdocname apidoc
# Alternatively, use breathe_apidoc to make readthedocs-style documentation (still requires doxygen to generate the XML feels needed by breathe).
#cd docs && %%make breathe_apidoc && mv _build/html . && rm -rf ../apidoc api requirements* _build && find . -path '*/*/Makefile' -exec sh -c 'cd $(dirname "{}") && %%make_build html && rm -f Makefile *.md' \; || true
#%%define develdocname docs
%endif

%check
%if "%{version}" < "3.0.0"
%make_build check PYTHON=%{__python}
%else
ctest
%endif

%install
%cmake_install

# prevent possible file clashes
pushd %{buildroot}%{_bindir}
    for i in *; do mv ${i} %{name}-${i}; done
popd

rm -f %{buildroot}%{_libdir}/*.a

%files
%doc ChangeLog README*
%{_bindir}/%{name}-*

%files -n %{libname}
%license LICENSE
%{_libdir}/lib%{name}.so.%{major}
%{_libdir}/lib%{name}.so.%{version}

%files -n %{libx509}
%{_libdir}/libmbedx509.so.%{x509major}
%{_libdir}/libmbedx509.so.%{version}

%files -n %{libcrypto}
%{_libdir}/libmbedcrypto.so.%{cryptomajor}
%{_libdir}/libmbedcrypto.so.%{version}

%if "%{version}" >= "3.0"
%files -n %{libeverest}
%{_libdir}/libeverest.so

%files -n %{libp256m}
%{_libdir}/libp256m.so
%endif

%files -n %{develname}
%{_includedir}/%{name}/
%if "%{version}" >= "2.23"
%{_includedir}/psa/
%endif
%if "%{version}" >= "2.28.8"
%{_includedir}/everest/
%{_libdir}/pkgconfig/mbed*.pc
%endif
%{_libdir}/libmbed*.so
%if "%{version}" >= "3.0"
%{_libdir}/cmake/MbedTLS/*.cmake
%endif
%if %{with apidocs}
%doc %{develdocname}
%endif