depot/third_party/nixpkgs/pkgs/development/libraries/libsoup/default.nix

{
  stdenv,
  lib,
  fetchurl,
  fetchpatch,
  glib,
  libxml2,
  meson,
  ninja,
  pkg-config,
  gnome,
  libsysprof-capture,
  gobject-introspection,
  vala,
  libpsl,
  brotli,
  gnomeSupport ? true,
  sqlite,
  buildPackages,
  withIntrospection ?
    lib.meta.availableOn stdenv.hostPlatform gobject-introspection
    && stdenv.hostPlatform.emulatorAvailable buildPackages,
}:

stdenv.mkDerivation rec {
  pname = "libsoup";
  version = "2.74.3";

  outputs = [
    "out"
    "dev"
  ];

  src = fetchurl {
    url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
    sha256 = "sha256-5Ld8Qc/EyMWgNfzcMgx7xs+3XvfFoDQVPfFBP6HZLxM=";
  };

  patches = [
    (fetchpatch {
      name = "CVE-2024-52530.patch";
      url = "https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b.patch";
      hash = "sha256-WRLiW2B/xxr3hW0nmeRNrXtZL44S0nTptPRdTqBV8Iw=";
    })
    (fetchpatch {
      name = "CVE-2024-52531_1.patch";
      url = "https://git.launchpad.net/ubuntu/+source/libsoup2.4/patch/?id=4ce2f2dc8ba0c458edce0f039a087fb3ac57787e";
      hash = "sha256-wg1qz8xHcnTiinBTF0ECMkrsD8W6M4IbiKGgbJ1gp9o=";
    })
    (fetchpatch {
      name = "CVE-2024-52531_2.patch";
      url = "https://git.launchpad.net/ubuntu/+source/libsoup2.4/patch/?id=5866d63aed3500700c5f1d2868ff689bb2ba8b82";
      hash = "sha256-e/VXtKX+agCw+ESGbgQ83NaVNbB3jLTxL7+VgNGbZ7U=";
    })
    (fetchpatch {
      name = "CVE-2024-52532_1.patch";
      url = "https://git.launchpad.net/ubuntu/+source/libsoup2.4/patch/?id=98e096a0d2142e3c63de2cca7d4023f9c52ed2c6";
      hash = "sha256-h7k+HpcKlsVYlAONxTOiupMhsMkf2v246ouxLejurcY=";
    })
    (fetchpatch {
      name = "CVE-2024-52532_2.patch";
      url = "https://git.launchpad.net/ubuntu/+source/libsoup2.4/patch/?id=030e72420e8271299c324273f393d92f6d4bb53e";
      hash = "sha256-0BEJpEKgjmKACf53lHMglxhmevKsSXR4ejEoTtr4wII=";
    })
  ];

  depsBuildBuild = [
    pkg-config
  ];

  nativeBuildInputs =
    [
      meson
      ninja
      pkg-config
      glib
    ]
    ++ lib.optionals withIntrospection [
      gobject-introspection
      vala
    ];

  buildInputs =
    [
      sqlite
      libpsl
      glib.out
      brotli
    ]
    ++ lib.optionals stdenv.hostPlatform.isLinux [
      libsysprof-capture
    ];

  propagatedBuildInputs = [
    glib
    libxml2
  ];

  mesonFlags =
    [
      "-Dtls_check=false" # glib-networking is a runtime dependency, not a compile-time dependency
      "-Dgssapi=disabled"
      "-Dvapi=${if withIntrospection then "enabled" else "disabled"}"
      "-Dintrospection=${if withIntrospection then "enabled" else "disabled"}"
      "-Dgnome=${lib.boolToString gnomeSupport}"
      "-Dntlm=disabled"
    ]
    ++ lib.optionals (!stdenv.hostPlatform.isLinux) [
      "-Dsysprof=disabled"
    ];

  env.NIX_CFLAGS_COMPILE = "-lpthread";

  doCheck = false; # ERROR:../tests/socket-test.c:37:do_unconnected_socket_test: assertion failed (res == SOUP_STATUS_OK): (2 == 200)
  separateDebugInfo = true;

  postPatch = ''
    # fixes finding vapigen when cross-compiling
    # the commit is in 3.0.6
    # https://gitlab.gnome.org/GNOME/libsoup/-/commit/5280e936d0a76f94dbc5d8489cfbdc0a06343f65
    substituteInPlace meson.build \
      --replace "required: vapi_opt)" "required: vapi_opt, native: false)"

    patchShebangs libsoup/
  '';

  passthru = {
    updateScript = gnome.updateScript {
      attrPath = "libsoup_2_4";
      packageName = pname;
      versionPolicy = "odd-unstable";
      freeze = true;
    };
  };

  meta = {
    description = "HTTP client/server library for GNOME";
    homepage = "https://gitlab.gnome.org/GNOME/libsoup";
    license = lib.licenses.lgpl2Plus;
    inherit (glib.meta) maintainers platforms;
    pkgConfigModules = [
      "libsoup-2.4"
      "libsoup-gnome-2.4"
    ];
  };
}