# Copyright 2023-2026 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

inherit desktop optfeature xdg

DESCRIPTION="Password manager and secure wallet"
HOMEPAGE="https://1password.com"
SRC_URI="
	amd64? ( https://downloads.1password.com/linux/tar/stable/x86_64/${P}.x64.tar.gz -> ${P}-amd64.tar.gz )
	arm64? ( https://downloads.1password.com/linux/tar/stable/aarch64/${P}.arm64.tar.gz -> ${P}-arm64.tar.gz )
"

S="${WORKDIR}"

LICENSE="all-rights-reserved"
SLOT="0"
KEYWORDS="~amd64 ~arm64"
RESTRICT="bindist mirror strip"

BDEPEND="
	x11-misc/xdg-utils
"
RDEPEND="
	acct-group/onepassword
	app-accessibility/at-spi2-core:2
	dev-libs/expat
	dev-libs/glib:2
	dev-libs/nspr
	dev-libs/nss
	media-libs/alsa-lib
	media-libs/mesa
	net-print/cups
	sys-apps/dbus
	virtual/zlib
	x11-libs/cairo
	x11-libs/gtk+:3
	x11-libs/libX11
	x11-libs/libXcomposite
	x11-libs/libXdamage
	x11-libs/libXext
	x11-libs/libXfixes
	x11-libs/libXrandr
	x11-libs/libxcb
	x11-libs/libxkbcommon
	x11-libs/pango
"

QA_PREBUILT="*"

src_install() {
	local arch
	case ${ARCH} in
		amd64) arch=x64;;
		arm64) arch=arm64;;
	esac

	cd "${P}.${arch}" || die "Failed to enter directory"

	dodir /opt/1Password
	cp -ar * "${ED}"/opt/1Password || die "Install failed"

	dosym -r /opt/1Password/1password /usr/bin/1password
	dosym -r /opt/1Password/op-ssh-sign /usr/bin/op-ssh-sign

	domenu resources/1password.desktop
	local size
	for size in 32 64 256 512; do
		doicon -s ${size} resources/icons/hicolor/${size}x${size}/apps/1password.png
	done

	dodoc resources/custom_allowed_browsers

	# cleanup unneeded files
	rm "${ED}"/opt/1Password/after-*.sh
	rm "${ED}"/opt/1Password/install_biometrics_policy.sh
	rm "${ED}"/opt/1Password/resources/{1password.desktop,custom_allowed_browsers}
	rm -r "${ED}/opt/1Password/resources/icons"
}

pkg_preinst() {
	xdg_pkg_preinst

	mkdir -p "${ED}/etc/polkit-1/actions"
	local policy_owners
	policy_owners="$(cut -d: -f1,3 /etc/passwd \
		| grep -E ':[0-9]{4}$' \
		| cut -d: -f1 \
		| head -n 10 \
		| sed 's/^/unix-user:/' \
		| tr '\n' ' ')"
	sed -e "s/\${POLICY_OWNERS}/${policy_owners}/" \
		"${ED}"/opt/1Password/com.1password.1Password.policy.tpl \
		> "${ED}"/etc/polkit-1/actions/com.1password.1Password.policy ||
		die "Failed to create policy file"

	rm "${ED}"/opt/1Password/com.1password.1Password.policy.tpl

	# chrome-sandbox requires the setuid bit to be specifically set.
	# See https://github.com/electron/electron/issues/17972
	fperms 4755 /opt/1Password/chrome-sandbox

	# This gives no extra permissions to the binary. It only hardens it against environmental tampering.
	fowners :onepassword /opt/1Password/1Password-BrowserSupport
	fperms g+s /opt/1Password/1Password-BrowserSupport
}

pkg_postinst() {
	xdg_pkg_postinst

	optfeature "1Password CLI" app-admin/1password-cli
}