summaryrefslogtreecommitdiff
path: root/system/python3/APKBUILD
blob: a9cdba51df9d7198b0e84723c40eadafa8800b90 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# Contributor: Sheila Aman <sheila@vulpine.house>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=python3
pkgver=3.11.0
_basever="${pkgver%.*}"
pkgrel=0
pkgdesc="A high-level scripting language"
url="https://www.python.org"
arch="all"
license="Python-2.0"
provides="py3-pip"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests::noarch"
# If Python 3 is installed during the build, you get:
#
# Installing collected packages: setuptools, pip
#   Found existing installation: setuptools 28.8.0
#     Uninstalling setuptools-28.8.0:
# Exception:
# Traceback (most recent call last):
#   File "/usr/src/packages/system/python3/src/Python-3.6.5/Lib/shutil.py", line 544, in move
#     os.rename(src, real_dst)
# PermissionError: [Errno 13] Permission denied: '/usr/bin/easy_install-3.6' -> '/tmp/pip-_n3b1tzj-uninstall/usr/bin/easy_install-3.6'
#
# and then 'setuptools' is not installed in the package image.
#
# This breaks a great number of things, including the ability to build most
# py3-* packages from abuild.
#
# Do not, under any circumstance, remove "!python3" from makedepends.
#
# I repeat.
#
# DO NOT REMOVE "!python3" FROM MAKEDEPENDS.
#
# This has been a message from A. Wilcox and the Foundation for Ensuring
# Packages Are Actually Buildable.
makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev xz-dev
	sqlite-dev libffi-dev tcl-dev linux-headers !python3"
source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
	musl-find_library.patch
	musl-has-login_tty.patch
	fix-xattrs-glibc.patch
	CVE-2022-45061.patch
	"
builddir="$srcdir/Python-$pkgver"

# secfixes: python
#   3.6.5-r0:
#     - CVE-2018-1060
#     - CVE-2018-1061
#   3.6.8-r0:
#     - CVE-2018-14647
#     - CVE-2018-20406
#     - CVE-2019-9636
#     - CVE-2019-9740
#     - CVE-2019-9947
#   3.6.9-r0:
#     - CVE-2018-20852
#     - CVE-2019-5010
#     - CVE-2019-9948
#   3.6.9-r1:
#     - CVE-2019-16056
#   3.6.9-r2:
#     - CVE-2019-16935
#   3.6.10-r0:
#     - CVE-2019-18348
#   3.11.0-r0:
#     - CVE-2020-10735
#     - CVE-2022-37454
#     - CVE-2022-42919
#     - CVE-2022-45061

prepare() {
	default_prepare

	# force system libs
	rm -r Modules/expat \
		Modules/_ctypes/darwin* \
		Modules/_ctypes/libffi*
}

build() {
	# --enable-optimizations is not enabled because it
	# is very, very slow as many tests are ran sequentially
	# for profile guided optimizations. additionally it
	# seems some of the training tests hang on certain
	# e.g. architectures (x86) possibly due to grsec or musl.

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--enable-ipv6 \
		--enable-loadable-sqlite-extensions \
		--enable-shared \
		--with-lto \
		--with-computed-gotos \
		--with-dbmliborder=ndbm \
		--with-system-expat \
		--with-system-ffi

	# set thread stack size to 1MB so we don't segfault before we hit
	# sys.getrecursionlimit()
	stacksize=0x100000;
	make EXTRA_CFLAGS="$CFLAGS -DTHREAD_STACK_SIZE=$stacksize"
}

check() {
	# test that we reach recursionlimit before we segfault
	cat > test-stacksize.py <<-EOF
	import threading
	import sys

	def fun(i):
	  try:
	    fun(i+1)
	  except:
	    sys.exit(0)

	t = threading.Thread(target=fun, args=[1])
	t.start()
EOF
	LD_LIBRARY_PATH=$PWD ./python test-stacksize.py

	local fail

	# musl related
	fail="test__locale test_locale test_strptime test_re"	# various musl locale deficiencies
	fail="$fail test_c_locale_coercion"
	fail="$fail test_datetime"				# hangs if 'tzdata' installed
	fail="$fail test_os"					# fpathconf, ttyname errno values
	fail="$fail test_posix"					# sched_[gs]etscheduler not impl
	fail="$fail test_shutil"				# lchmod, requires real unzip

	# failures needing investigation
	fail="$fail test_faulthandler test_gdb"			# hangs(?)
	fail="$fail test_tokenize test_tools"			# SLOW (~60s)
	fail="$fail test_capi"					# test.test_capi.EmbeddingTests
	fail="$fail test_threadsignals"				# test_{,r}lock_acquire_interruption
	fail="$fail test_time"					# strftime/strptime %Z related
	fail="$fail test_cmath test_math"			# hang(?) on x86
	fail="$fail test_hash test_plistlib"			# fail on armhf
	fail="$fail test_ctypes"				# fail on aarch64 (ctypes.test.test_win32.Structures)

	# kernel related
	fail="$fail test_fcntl"					# wants DNOTIFY, we don't have it

	# dumb
	fail="$fail test_ssl"					# tries to do SSLv2 which we have disabled in OpenSSL

	# hangs when run with other tests - run separately
	fail="$fail test_threading"

	# defaults from Tools/scripts/run_tests.py + -network,-urlfetch
	use="all,-largefile,-audio,-gui,-network,-urlfetch"

	make quicktest TESTOPTS="--use '$use' --exclude $fail"
	make test TESTOPTS="test_threading"
}

package() {
	export XDG_CACHE_HOME="$(mktemp -d)"
	make -j1 DESTDIR="$pkgdir" EXTRA_CFLAGS="$CFLAGS" install maninstall
	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	# those are provided by python3-tkinter
	rm -r "$pkgdir"/usr/bin/idle* "$pkgdir"/usr/lib/python*/idlelib \
		"$pkgdir"/usr/lib/python*/tkinter

	rm -rf "$XDG_CACHE_HOME"
}

dev() {
	default_dev

	# pyconfig.h is needed runtime so we move it back
	mkdir -p "$pkgdir"/usr/include/python${_basever}
	mv "$subpkgdir"/usr/include/python${_basever}/pyconfig.h \
		"$pkgdir"/usr/include/python${_basever}/
}

tests() {
	pkgdesc="Test modules from the main Python package"

	cd "$pkgdir"/usr/lib/python$_basever
	local i; for i in */test */tests; do
		mkdir -p "$subpkgdir"/usr/lib/python$_basever/"$i"
		mv "$i"/* "$subpkgdir"/usr/lib/python$_basever/"$i"
		rm -rf "$i"
	done
	mv "$pkgdir"/usr/lib/python$_basever/test \
		"$subpkgdir"/usr/lib/python$_basever/
}

sha512sums="314eef88ae0d68760f34d7a32f238fd2ecb27c50963baa7357c42ad8159026ec50229a0b31d83c39710a472904a06422afc082f9658a90a1dc83ccb74c08039d  Python-3.11.0.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
75c60afecba2e57f11d58c20aadc611ebbb5c68e05b14415c5cf2f7aa75e103986764ca22f76e6a58b2c08e2ff3acffdbf6d85d2c8c4589743a0b949a4c90687  musl-has-login_tty.patch
4b4696d139e53aad184b72461478821335aadedc4811ec9e96cdea9a4f7ef19ebf0aac8c6afae6345f33c79fbd3ae2c63021de36044a2803d0dc8894fa291cf5  fix-xattrs-glibc.patch
039982b5f35d5aa412596dba81b0666fdf979e6c120aefa3ae29333fbaa56f6f6ad69db513dcd93e06a66522405058be2e39e56350816abcb9febd8f5778036f  CVE-2022-45061.patch"