From 4e4fdc6753d6f74bfebd6ddfedeffe59cf56e8c4 Mon Sep 17 00:00:00 2001
From: Vitalii Kuzhdin <vitaliikuzhdin@gmail.com>
Date: Wed, 24 Sep 2025 19:48:19 +0300
Subject: [PATCH] Initial build (3.8.9)

---
 .SRCINFO                                 |  40 +++++++++
 .gitignore                               |   8 ++
 .nvchecker.toml                          |   2 +
 PKGBUILD                                 | 108 +++++++++++++++++++++++
 gnutls-ktls_disable_keyupdate_test.patch |  13 +++
 gnutls3.8.9-config                       |   9 ++
 gnutls3.8.9.modules-load                 |   1 +
 7 files changed, 181 insertions(+)
 create mode 100644 .SRCINFO
 create mode 100644 .gitignore
 create mode 100644 .nvchecker.toml
 create mode 100644 PKGBUILD
 create mode 100644 gnutls-ktls_disable_keyupdate_test.patch
 create mode 100644 gnutls3.8.9-config
 create mode 100644 gnutls3.8.9.modules-load

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..958803f38038
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,40 @@
+pkgbase = gnutls3.8.9
+	pkgdesc = A library which provides a secure layer over a reliable transport layer
+	pkgver = 3.8.9
+	pkgrel = 1
+	url = https://www.gnutls.org
+	arch = x86_64
+	license = GPL-3.0-or-later AND LGPL-2.1-or-later
+	checkdepends = net-tools
+	checkdepends = tpm2-tools
+	makedepends = tpm2-tss
+	makedepends = gtk-doc
+	depends = brotli>=1.0.0
+	depends = gcc-libs
+	depends = glibc
+	depends = gmp
+	depends = leancrypto>=1.2.0
+	depends = libidn2
+	depends = libp11-kit>=0.23.11
+	depends = libtasn1
+	depends = libunistring
+	depends = nettle
+	depends = zlib
+	depends = zstd
+	optdepends = tpm2-tss: support for TPM2 wrapped keys
+	options = !zipman
+	backup = etc/gnutls3.8.9/config
+	backup = etc/modules-load.d/gnutls3.8.9.conf
+	source = gnutls-3.8.9.tar.xz::https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.9.tar.xz
+	source = gnutls-3.8.9.tar.xz.sig::https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.9.tar.xz.sig
+	source = gnutls-ktls_disable_keyupdate_test.patch
+	source = gnutls3.8.9-config
+	source = gnutls3.8.9.modules-load
+	validpgpkeys = 462225C3B46F34879FC8496CD605848ED7E69871
+	sha256sums = 69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed
+	sha256sums = SKIP
+	sha256sums = 2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708
+	sha256sums = 22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5
+	sha256sums = bdc4c4eb010d766cb8dca8832adddd58b964e715473a823cfd7a6b236a54ceb6
+
+pkgname = gnutls3.8.9
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000000..61011d4f490b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+*
+!PKGBUILD
+!.SRCINFO
+!.gitignore
+!.nvchecker.toml
+!*.patch
+!gnutls3.8.9-config
+!*.modules-load
diff --git a/.nvchecker.toml b/.nvchecker.toml
new file mode 100644
index 000000000000..b826bdf160af
--- /dev/null
+++ b/.nvchecker.toml
@@ -0,0 +1,2 @@
+["gnutls3.8.9"]
+source = "manual"
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..d9062136b802
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,108 @@
+# Maintainer:  Vitalii Kuzhdin <vitaliikuzhdin@gmail.com>
+# Contributor: Andreas Radke <andyrtr@archlinux.org>
+# Contributor: Jan de Groot <jgc@archlinux.org>
+
+_basename=gnutls
+pkgver=3.8.9
+pkgrel=1
+pkgname="${_basename}${pkgver}"
+pkgdesc="A library which provides a secure layer over a reliable transport layer"
+arch=('x86_64')
+license=('GPL-3.0-or-later AND LGPL-2.1-or-later')
+url="https://www.gnutls.org"
+depends=(
+  'brotli>=1.0.0'
+  'gcc-libs'
+  'glibc'
+  'gmp'
+  'leancrypto>=1.2.0'
+  'libidn2'
+  'libp11-kit>=0.23.11'
+  'libtasn1'
+  'libunistring'
+  'nettle'
+  'zlib' 
+  'zstd'
+)
+makedepends=(
+  'tpm2-tss'
+  'gtk-doc' # required for autoreconf when patching
+)
+checkdepends=(
+  'net-tools'
+  'tpm2-tools'
+)
+optdepends=(
+  'tpm2-tss: support for TPM2 wrapped keys'
+)
+options=(
+  '!zipman'
+)
+backup=(
+  "etc/${pkgname}/config"
+  "etc/modules-load.d/${pkgname}.conf"
+)
+_pkgsrc="${_basename}-${pkgver}"
+source=("${_pkgsrc}.tar.xz::https://www.gnupg.org/ftp/gcrypt/${_basename}/v${pkgver%.*}/${_pkgsrc}.tar.xz"
+        "${_pkgsrc}.tar.xz.sig::https://www.gnupg.org/ftp/gcrypt/${_basename}/v${pkgver%.*}/${_pkgsrc}.tar.xz.sig"
+        "${_basename}-ktls_disable_keyupdate_test.patch"
+        "${pkgname}-config"
+        "${pkgname}.modules-load")
+sha256sums=('69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed'
+            'SKIP'
+            '2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708'
+            '22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5'
+            'bdc4c4eb010d766cb8dca8832adddd58b964e715473a823cfd7a6b236a54ceb6')
+validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno <ueno@unixuser.org>"
+
+prepare() {
+  cd "${srcdir}/${_pkgsrc}"
+  patch -Np1 -i "${srcdir}/${_basename}-ktls_disable_keyupdate_test.patch"
+}
+
+build() {
+  local configure_options=(
+    --prefix='/usr'
+    --program-suffix="${pkgver}"
+    --includedir="/usr/include/${pkgname}"
+    --libdir="/usr/lib/${pkgname}"
+    --docdir="/usr/share/doc/${pkgname}"
+    --with-system-priority-file="/etc/${pkgname}/config"
+    --with-idn
+    --with-brotli
+    --with-zstd
+    --with-tpm2
+    --enable-openssl-compatibility
+    --with-default-trust-store-pkcs11="pkcs11:"
+    --enable-ktls
+    --with-leancrypto
+  )
+
+  cd "${srcdir}/${_pkgsrc}"
+  autoreconf -vfi
+  ./configure "${configure_options[@]}"
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+}
+
+check() {
+  cd "${srcdir}/${_pkgsrc}"
+  make check
+}
+
+package() {
+  cd "${srcdir}"
+  install -vDm644 "${pkgname}-config" "${pkgdir}/etc/${pkgname}/config"
+  install -vDm644 "${pkgname}.modules-load" "${pkgdir}/etc/modules-load.d/${pkgname}.conf"
+
+  cd "${_pkgsrc}"
+  make DESTDIR="${pkgdir}" install
+
+  cd "${pkgdir}/usr"
+  ln -vsf "/usr/lib/${pkgname}/libgnutls.so.30.40.3" \
+    "lib/libgnutls.so.30.40.3"
+
+  # TODO
+  cd "share"
+  rm -rf "info" "locale"
+}
diff --git a/gnutls-ktls_disable_keyupdate_test.patch b/gnutls-ktls_disable_keyupdate_test.patch
new file mode 100644
index 000000000000..cab7547c6e3a
--- /dev/null
+++ b/gnutls-ktls_disable_keyupdate_test.patch
@@ -0,0 +1,13 @@
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 2872cb1aa..247dfd3d8 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -504,8 +504,6 @@ endif
+ if ENABLE_KTLS
+ indirect_tests += gnutls_ktls
+ dist_check_SCRIPTS += ktls.sh
+-indirect_tests += ktls_keyupdate
+-dist_check_SCRIPTS += ktls_keyupdate.sh
+ endif
+ 
+ if !WINDOWS
diff --git a/gnutls3.8.9-config b/gnutls3.8.9-config
new file mode 100644
index 000000000000..69c29a3bea11
--- /dev/null
+++ b/gnutls3.8.9-config
@@ -0,0 +1,9 @@
+# https://gnutls.org/manual/html_node/Enabling_002fDisabling-system_002facceleration-protocols.html#Enabling-KTLS
+#
+# GnuTLS is built with -–enable-ktls configuration, KTLS is disabled by default.
+# This can be enabled by setting ktls = true in [global] section.
+#
+
+[global]
+ktls = false
+#ktls = true
diff --git a/gnutls3.8.9.modules-load b/gnutls3.8.9.modules-load
new file mode 100644
index 000000000000..9871681dc61f
--- /dev/null
+++ b/gnutls3.8.9.modules-load
@@ -0,0 +1 @@
+#tls