# Maintainer: Alexey Pavlov <alexpux@gmail.com>

_realname=dnssec-anchors
pkgbase=mingw-w64-${_realname}
pkgname="${MINGW_PACKAGE_PREFIX}-${_realname}"
pkgver=20130320
pkgrel=2
pkgdesc='DNSSEC trust anchors for the root zone (mingw-w64)'
url='https://data.iana.org/root-anchors/'
license=('custom:NoCopyright')
arch=('any')
mingw_arch=('mingw32' 'mingw64' 'ucrt64' 'clang64' 'clangarm64' 'clang32')
source=('LICENSE'
        'trusted-key.key')
sha256sums=('dd37e92942d5a4024f1c77df49d61ca77fc6284691814903a741785df61f78cb'
            'ca6388cc16223b29b607f07a9aa77e0aa52f653106d440cdc92cc40e145a4bb5')

get_trusted-key() {
  drill -z -s DNSKEY . > root.key

  curl https://data.iana.org/root-anchors/root-anchors.xml |
  awk 'BEGIN{ORS=" "}(NR>4){gsub(/<[^>]*>/,"");print tolower($0)}' |
  sed 's/   /\n/' > root.ds

  # Any of those tests failing is suspicious; check thoroughly!
  [[ "$(<root.ds)" = '19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5' ]] &&
  grep -Pq 'IN\tDS\t'"$(<root.ds)" root.key ||
  return 1

  sed '/DNSKEY/s/ ;{id = '"$(cut -d\  -f1<root.ds)"' .*//;t;d' root.key > trusted-key.key
}

package() {
  cd "${srcdir}"
  install -Dm644 trusted-key.key "${pkgdir}${MINGW_PREFIX}"/etc/trusted-key.key
  install -Dm644 LICENSE "${pkgdir}${MINGW_PREFIX}/share/licenses/${_realname}/LICENSE"
}