path: root/main/python2/APKBUILD

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

pkgname=python2
# the python2-tkinter's pkgver needs to be synchronized with this.
pkgver=2.7.16
_verbase=${pkgver%.*}
pkgrel=2
pkgdesc="A high-level scripting language"
url="https://www.python.org/"
arch="all"
license="custom"
provides="python=$pkgver-r$pkgrel"
replaces="python"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests py-gdbm:gdbm
	$pkgname-wininst"
makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev
	gdbm-dev sqlite-dev libffi-dev readline-dev linux-headers paxmark"
source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
	musl-find_library.patch
	unchecked-ioctl.patch
	CVE-2019-9636.patch
	CVE-2019-9948.patch
	"
builddir="$srcdir/Python-$pkgver"

# secfixes:
#   2.7.16-r1:
#   - CVE-2019-9636
#   - CVE-2019-9948
#   2.7.16-r0:
#   - CVE-2018-14647
#   2.7.15-r3:
#   - CVE-2019-5010
#   2.7.15-r0:
#   - CVE-2018-1060
#   - CVE-2018-1061

prepare() {
	default_prepare

	# Make sure we use system libs
	rm -r Modules/expat Modules/_ctypes/libffi* Modules/zlib

	# make sure our /dev/shm is world writeable
	if ! touch /dev/shm/$pkgname-$pkgver; then
		error "/dev/shm is not world writeable. this will cause a broken python2 build"
		return 1
	fi
	rm /dev/shm/$pkgname-$pkgver
}

build() {
	cd "$builddir"
	export OPT="$CFLAGS -DTHREAD_STACK_SIZE=0x100000"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--enable-ipv6 \
		--enable-optimizations \
		--enable-shared \
		--enable-unicode=ucs4 \
		--with-system-expat \
		--with-system-ffi \
		--with-system-zlib \
		--with-threads
	make
}

check() {
	cd "$builddir"

	# test that we reach recursionlimit before we segfault
	cat > test-stacksize.py <<-EOF
	import threading
	import sys

	def fun(i):
	  try:
	    fun(i+1)
	  except:
	    sys.exit(0)

	t = threading.Thread(target=fun, args=[1])
	t.start()
EOF
	LD_LIBRARY_PATH=$PWD ./python test-stacksize.py
}

package() {
	cd "$builddir"
	make -j1 DESTDIR="$pkgdir" install
	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	rm "$pkgdir/usr/bin/2to3"
	# we need to enable emutramp - needed for virt-manager
	# disable mprotect - needed for cffi
	paxmark -zm "$pkgdir"/usr/bin/python$_verbase
}

_mv_files() {
	local i
	for i in "$@"; do
		mkdir -p "$subpkgdir"/${i%/*}
		mv "$pkgdir"/$i "$subpkgdir"/$i
	done
}

dev() {
	provides="python-dev=$pkgver-r$pkgrel"
	replaces="python-dev"

	# pyconfig.h is needed runtime so we move it back
	default_dev
	mkdir -p "$pkgdir"/usr/include/python$_verbase
	mv "$subpkgdir"/usr/include/python$_verbase/pyconfig.h \
		"$pkgdir"/usr/include/python$_verbase/
}

tests() {
	pkgdesc="The test modules from the main python package"
	provides="python-tests=$pkgver-r$pkgrel"
	replaces="python-tests"

	cd "$pkgdir"
	_mv_files usr/lib/python*/*/test \
		usr/lib/python*/test
}

gdbm() {
	pkgdesc="GNU dbm database support for Python"
	provides="python-gdbm=$pkgver-r$pkgrel"
	replaces="python-gdbm py-gdbm"

	cd "$pkgdir"
	_mv_files $(find usr/lib -name '*gdbm*')
}

wininst() {
	pkgdesc="Python wininst files"
	mkdir -p "$subpkgdir"/usr/lib/python$_verbase/distutils/command
	mv "$pkgdir"/usr/lib/python$_verbase/distutils/command/*.exe \
		"$subpkgdir"/usr/lib/python$_verbase/distutils/command
}

sha512sums="16e814e8dcffc707b595ca2919bd2fa3db0d15794c63d977364652c4a5b92e90e72b8c9e1cc83b5020398bd90a1b397dbdd7cb931c49f1aa4af6ef95414b43e0  Python-2.7.16.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82  unchecked-ioctl.patch
54086e7b4d3597969b945b1460fe578ff3a13289703d58d79b8f00f644eccc4acc11fc6128b7b114f022a6f6cedc91e02eead6373bac0d36e22eb580a1becb53  CVE-2019-9636.patch
2f9523bd3e39c4831110821d93aef1562ca80708f1b553428eb5c228cdf2192feb13d7aef41097a5df4b4243da8b8f7247f691c0ab73967b0bf2bf6a1a0d487f  CVE-2019-9948.patch"