# Contributor: Kiyoshi Aman <adelie@aerdan.vulpine.house>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=python3
pkgver=3.6.10
_basever="${pkgver%.*}"
pkgrel=2
pkgdesc="A high-level scripting language"
url="https://www.python.org"
arch="all"
license="Python-2.0"
provides="py3-pip"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests::noarch
	$pkgname-wininst"
# If Python 3 is installed during the build, you get:
#
# Installing collected packages: setuptools, pip
#   Found existing installation: setuptools 28.8.0
#     Uninstalling setuptools-28.8.0:
# Exception:
# Traceback (most recent call last):
#   File "/usr/src/packages/system/python3/src/Python-3.6.5/Lib/shutil.py", line 544, in move
#     os.rename(src, real_dst)
# PermissionError: [Errno 13] Permission denied: '/usr/bin/easy_install-3.6' -> '/tmp/pip-_n3b1tzj-uninstall/usr/bin/easy_install-3.6'
#
# and then 'setuptools' is not installed in the package image.
#
# This breaks a great number of things, including the ability to build most
# py3-* packages from abuild.
#
# Do not, under any circumstance, remove "!python3" from makedepends.
#
# I repeat.
#
# DO NOT REMOVE "!python3" FROM MAKEDEPENDS.
#
# This has been a message from A. Wilcox and the Foundation for Ensuring
# Packages Are Actually Buildable.
makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev xz-dev
	sqlite-dev libffi-dev tcl-dev linux-headers !python3"
source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
	musl-find_library.patch
	fix-xattrs-glibc.patch
	CVE-2019-18348.patch
	"
builddir="$srcdir/Python-$pkgver"

# secfixes: python
#   3.6.5-r0:
#     - CVE-2018-1060
#     - CVE-2018-1061
#   3.6.8-r0:
#     - CVE-2018-14647
#     - CVE-2018-20406
#     - CVE-2019-9636
#     - CVE-2019-9740
#     - CVE-2019-9947
#   3.6.9-r0:
#     - CVE-2018-20852
#     - CVE-2019-5010
#     - CVE-2019-9948
#   3.6.9-r1:
#     - CVE-2019-16056
#   3.6.9-r2:
#     - CVE-2019-16935
#   3.6.10-r0:
#     - CVE-2019-18348

prepare() {
	default_prepare

	# force system libs
	rm -r Modules/expat \
		Modules/zlib \
		Modules/_ctypes/darwin* \
		Modules/_ctypes/libffi*
}

build() {
	# --enable-optimizations is not enabled because it
	# is very, very slow as many tests are ran sequentially
	# for profile guided optimizations. additionally it
	# seems some of the training tests hang on certain
	# e.g. architectures (x86) possibly due to grsec or musl.

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--enable-ipv6 \
		--enable-loadable-sqlite-extensions \
		--enable-shared \
		--with-lto \
		--with-computed-gotos \
		--with-dbmliborder=ndbm \
		--with-system-expat \
		--with-system-ffi \
		--with-threads

	# set thread stack size to 1MB so we don't segfault before we hit
	# sys.getrecursionlimit()
	make EXTRA_CFLAGS="$CFLAGS -DTHREAD_STACK_SIZE=0x100000"
}

check() {
	# test that we reach recursionlimit before we segfault
	cat > test-stacksize.py <<-EOF
	import threading
	import sys

	def fun(i):
	  try:
	    fun(i+1)
	  except:
	    sys.exit(0)

	t = threading.Thread(target=fun, args=[1])
	t.start()
EOF
	LD_LIBRARY_PATH=$PWD ./python test-stacksize.py

	local fail

	# musl related
	fail="test__locale test_locale test_strptime test_re"	# various musl locale deficiencies
	fail="$fail test_datetime"				# hangs if 'tzdata' installed
	fail="$fail test_os"					# fpathconf, ttyname errno values
	fail="$fail test_posix"					# sched_[gs]etscheduler not impl
	fail="$fail test_shutil"				# lchmod, requires real unzip

	# failures needing investigation
	fail="$fail test_faulthandler test_gdb"			# hangs(?)
	fail="$fail test_tokenize test_tools"			# SLOW (~60s)
	fail="$fail test_capi"					# test.test_capi.EmbeddingTests
	fail="$fail test_threadsignals"				# test_{,r}lock_acquire_interruption
	fail="$fail test_time"					# strftime/strptime %Z related
	fail="$fail test_cmath test_math"			# hang(?) on x86
	fail="$fail test_hash test_plistlib"			# fail on armhf
	fail="$fail test_ctypes"				# fail on aarch64 (ctypes.test.test_win32.Structures)

	# kernel related
	fail="$fail test_fcntl"					# wants DNOTIFY, we don't have it

	# dumb
	fail="$fail test_ssl"					# tries to do SSLv2 which we have disabled in OpenSSL

	# hangs when run with other tests - run separately
	fail="$fail test_threading"

	# defaults from Tools/scripts/run_tests.py + -network,-urlfetch
	use="all,-largefile,-audio,-gui,-network,-urlfetch"

	make quicktest TESTOPTS="--use '$use' --exclude $fail"
	make test TESTOPTS="test_threading"
}

package() {
	export XDG_CACHE_HOME="$(mktemp -d)"
	make -j1 DESTDIR="$pkgdir" EXTRA_CFLAGS="$CFLAGS" install maninstall
	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	# those are provided by python3-tkinter
	rm -r "$pkgdir"/usr/bin/idle* "$pkgdir"/usr/lib/python*/idlelib \
		"$pkgdir"/usr/lib/python*/tkinter

	rm -rf "$XDG_CACHE_HOME"
}

dev() {
	default_dev

	# pyconfig.h is needed runtime so we move it back
	mkdir -p "$pkgdir"/usr/include/python${_basever}m
	mv "$subpkgdir"/usr/include/python${_basever}m/pyconfig.h \
		"$pkgdir"/usr/include/python${_basever}m/
}

tests() {
	pkgdesc="Test modules from the main Python package"

	cd "$pkgdir"/usr/lib/python$_basever
	local i; for i in */test */tests; do
		mkdir -p "$subpkgdir"/usr/lib/python$_basever/"$i"
		mv "$i"/* "$subpkgdir"/usr/lib/python$_basever/"$i"
		rm -rf "$i"
	done
	mv "$pkgdir"/usr/lib/python$_basever/test \
		"$subpkgdir"/usr/lib/python$_basever/
}

wininst() {
	pkgdesc="Python wininst files"
	mkdir -p "$subpkgdir"/usr/lib/python$_basever/distutils/command
	mv "$pkgdir"/usr/lib/python$_basever/distutils/command/*.exe \
		"$subpkgdir"/usr/lib/python$_basever/distutils/command
}

sha512sums="26147099e1f1a0ffc85febad26e18e991f019599a150887ea0b925e34663fad8e03b3c2a941e2770c1a63960695e173ef32709572c9361e7f2cb862ccf75b28a  Python-3.6.10.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad  fix-xattrs-glibc.patch
7a15409165feb60358455b711f978b7b1c4dea9ad53aa7b5be07c1f70262988e592e7a630f83125f37051bbed14d14b66d2acd775234a163ff5b048621b9a59c  CVE-2019-18348.patch"