|
|
# Contributor: Síle Ekaterin Liszka <sheila@vulpine.house>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=python3
pkgver=3.11.0
_basever="${pkgver%.*}"
pkgrel=0
pkgdesc="A high-level scripting language"
url="https://www.python.org"
arch="all"
license="Python-2.0"
provides="py3-pip"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests::noarch"
# If Python 3 is installed during the build, you get:
#
# Installing collected packages: setuptools, pip
# Found existing installation: setuptools 28.8.0
# Uninstalling setuptools-28.8.0:
# Exception:
# Traceback (most recent call last):
# File "/usr/src/packages/system/python3/src/Python-3.6.5/Lib/shutil.py", line 544, in move
# os.rename(src, real_dst)
# PermissionError: [Errno 13] Permission denied: '/usr/bin/easy_install-3.6' -> '/tmp/pip-_n3b1tzj-uninstall/usr/bin/easy_install-3.6'
#
# and then 'setuptools' is not installed in the package image.
#
# This breaks a great number of things, including the ability to build most
# py3-* packages from abuild.
#
# Do not, under any circumstance, remove "!python3" from makedepends.
#
# I repeat.
#
# DO NOT REMOVE "!python3" FROM MAKEDEPENDS.
#
# This has been a message from A. Wilcox and the Foundation for Ensuring
# Packages Are Actually Buildable.
makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev xz-dev
sqlite-dev libffi-dev tcl-dev linux-headers !python3"
source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
musl-find_library.patch
musl-has-login_tty.patch
fix-xattrs-glibc.patch
CVE-2022-45061.patch
"
builddir="$srcdir/Python-$pkgver"
# secfixes: python
# 3.6.5-r0:
# - CVE-2018-1060
# - CVE-2018-1061
# 3.6.8-r0:
# - CVE-2018-14647
# - CVE-2018-20406
# - CVE-2019-9636
# - CVE-2019-9740
# - CVE-2019-9947
# 3.6.9-r0:
# - CVE-2018-20852
# - CVE-2019-5010
# - CVE-2019-9948
# 3.6.9-r1:
# - CVE-2019-16056
# 3.6.9-r2:
# - CVE-2019-16935
# 3.6.10-r0:
# - CVE-2019-18348
# 3.11.0-r0:
# - CVE-2020-10735
# - CVE-2022-37454
# - CVE-2022-42919
# - CVE-2022-45061
prepare() {
default_prepare
# force system libs
rm -r Modules/expat \
Modules/_ctypes/darwin* \
Modules/_ctypes/libffi*
}
build() {
# --enable-optimizations is not enabled because it
# is very, very slow as many tests are ran sequentially
# for profile guided optimizations. additionally it
# seems some of the training tests hang on certain
# e.g. architectures (x86) possibly due to grsec or musl.
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--enable-ipv6 \
--enable-loadable-sqlite-extensions \
--enable-shared \
--with-lto \
--with-computed-gotos \
--with-dbmliborder=ndbm \
--with-system-expat \
--with-system-ffi
# set thread stack size to 1MB so we don't segfault before we hit
# sys.getrecursionlimit()
stacksize=0x100000;
make EXTRA_CFLAGS="$CFLAGS -DTHREAD_STACK_SIZE=$stacksize"
}
check() {
# test that we reach recursionlimit before we segfault
cat > test-stacksize.py <<-EOF
import threading
import sys
def fun(i):
try:
fun(i+1)
except:
sys.exit(0)
t = threading.Thread(target=fun, args=[1])
t.start()
EOF
LD_LIBRARY_PATH=$PWD ./python test-stacksize.py
local fail
# musl related
fail="test__locale test_locale test_strptime test_re" # various musl locale deficiencies
fail="$fail test_c_locale_coercion"
fail="$fail test_datetime" # hangs if 'tzdata' installed
fail="$fail test_os" # fpathconf, ttyname errno values
fail="$fail test_posix" # sched_[gs]etscheduler not impl
fail="$fail test_shutil" # lchmod, requires real unzip
# failures needing investigation
fail="$fail test_faulthandler test_gdb" # hangs(?)
fail="$fail test_tokenize test_tools" # SLOW (~60s)
fail="$fail test_capi" # test.test_capi.EmbeddingTests
fail="$fail test_threadsignals" # test_{,r}lock_acquire_interruption
fail="$fail test_time" # strftime/strptime %Z related
fail="$fail test_cmath test_math" # hang(?) on x86
fail="$fail test_hash test_plistlib" # fail on armhf
fail="$fail test_ctypes" # fail on aarch64 (ctypes.test.test_win32.Structures)
# kernel related
fail="$fail test_fcntl" # wants DNOTIFY, we don't have it
# dumb
fail="$fail test_ssl" # tries to do SSLv2 which we have disabled in OpenSSL
# hangs when run with other tests - run separately
fail="$fail test_threading"
# defaults from Tools/scripts/run_tests.py + -network,-urlfetch
use="all,-largefile,-audio,-gui,-network,-urlfetch"
make quicktest TESTOPTS="--use '$use' --exclude $fail"
make test TESTOPTS="test_threading"
}
package() {
export XDG_CACHE_HOME="$(mktemp -d)"
make -j1 DESTDIR="$pkgdir" EXTRA_CFLAGS="$CFLAGS" install maninstall
install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
# those are provided by python3-tkinter
rm -r "$pkgdir"/usr/bin/idle* "$pkgdir"/usr/lib/python*/idlelib \
"$pkgdir"/usr/lib/python*/tkinter
rm -rf "$XDG_CACHE_HOME"
}
dev() {
default_dev
# pyconfig.h is needed runtime so we move it back
mkdir -p "$pkgdir"/usr/include/python${_basever}
mv "$subpkgdir"/usr/include/python${_basever}/pyconfig.h \
"$pkgdir"/usr/include/python${_basever}/
}
tests() {
pkgdesc="Test modules from the main Python package"
cd "$pkgdir"/usr/lib/python$_basever
local i; for i in */test */tests; do
mkdir -p "$subpkgdir"/usr/lib/python$_basever/"$i"
mv "$i"/* "$subpkgdir"/usr/lib/python$_basever/"$i"
rm -rf "$i"
done
mv "$pkgdir"/usr/lib/python$_basever/test \
"$subpkgdir"/usr/lib/python$_basever/
}
sha512sums="314eef88ae0d68760f34d7a32f238fd2ecb27c50963baa7357c42ad8159026ec50229a0b31d83c39710a472904a06422afc082f9658a90a1dc83ccb74c08039d Python-3.11.0.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch
75c60afecba2e57f11d58c20aadc611ebbb5c68e05b14415c5cf2f7aa75e103986764ca22f76e6a58b2c08e2ff3acffdbf6d85d2c8c4589743a0b949a4c90687 musl-has-login_tty.patch
4b4696d139e53aad184b72461478821335aadedc4811ec9e96cdea9a4f7ef19ebf0aac8c6afae6345f33c79fbd3ae2c63021de36044a2803d0dc8894fa291cf5 fix-xattrs-glibc.patch
039982b5f35d5aa412596dba81b0666fdf979e6c120aefa3ae29333fbaa56f6f6ad69db513dcd93e06a66522405058be2e39e56350816abcb9febd8f5778036f CVE-2022-45061.patch"
|