aports/testing/python2/APKBUILD

# Maintainer: Natanael Copa <ncopa@alpinelinux.org>

pkgname=python2
# the python2-tkinter's pkgver needs to be synchronized with this.
pkgver=2.7.18
_verbase=${pkgver%.*}
pkgrel=4
pkgdesc="A high-level scripting language"
url="https://www.python.org/"
arch="all"
license="custom"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-tests py-gdbm:gdbm
	$pkgname-wininst"
makedepends="expat-dev openssl1.1-compat-dev zlib-dev ncurses-dev bzip2-dev
	gdbm-dev sqlite-dev libffi-dev readline-dev linux-headers"
source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
	musl-find_library.patch
	unchecked-ioctl.patch
        cve-2021-3177.patch
	"
builddir="$srcdir/Python-$pkgver"

# secfixes:
#   2.7.18-r1:
#     - CVE-2021-3177
#   2.7.18-r0:
#     - CVE-2019-18348
#   2.7.17-r0:
#     - CVE-2019-15903
#   2.7.16-r3:
#     - CVE-2019-16056
#     - CVE-2019-16935
#   2.7.16-r1:
#     - CVE-2019-9636
#     - CVE-2019-9948
#   2.7.16-r0:
#     - CVE-2018-14647
#   2.7.15-r3:
#     - CVE-2019-5010
#   2.7.15-r0:
#     - CVE-2018-1060
#     - CVE-2018-1061

prepare() {
	default_prepare

	# Make sure we use system libs
	rm -r Modules/expat Modules/_ctypes/libffi* Modules/zlib

	# make sure our /dev/shm is world writeable
	if ! touch /dev/shm/$pkgname-$pkgver; then
		error "/dev/shm is not world writeable. this will cause a broken python2 build"
		return 1
	fi
	rm /dev/shm/$pkgname-$pkgver
}

build() {
	export OPT="$CFLAGS -DTHREAD_STACK_SIZE=0x100000"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--enable-ipv6 \
		--enable-optimizations \
		--enable-shared \
		--enable-unicode=ucs4 \
		--with-system-expat \
		--with-system-ffi \
		--with-system-zlib \
		--with-threads
	make
}

check() {
	# test that we reach recursionlimit before we segfault
	cat > test-stacksize.py <<-EOF
	import threading
	import sys

	def fun(i):
	  try:
	    fun(i+1)
	  except:
	    sys.exit(0)

	t = threading.Thread(target=fun, args=[1])
	t.start()
EOF
	LD_LIBRARY_PATH=$PWD ./python test-stacksize.py
}

package() {
	make -j1 DESTDIR="$pkgdir" install
	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	rm "$pkgdir/usr/bin/2to3"

	# This symlink should be owned by python3 but due to lots of packages
	# wanting it to be python2, leave it as is
	# rm -f "$pkgdir"/usr/bin/python
}

_mv_files() {
	local i
	for i in "$@"; do
		mkdir -p "$subpkgdir"/${i%/*}
		mv "$pkgdir"/$i "$subpkgdir"/$i
	done
}

dev() {
	# pyconfig.h is needed runtime so we move it back
	default_dev
	mkdir -p "$pkgdir"/usr/include/python$_verbase
	mv "$subpkgdir"/usr/include/python$_verbase/pyconfig.h \
		"$pkgdir"/usr/include/python$_verbase/
}

tests() {
	pkgdesc="The test modules from the main python package"
	provides="python-tests=$pkgver-r$pkgrel"
	replaces="python-tests"

	cd "$pkgdir"
	_mv_files usr/lib/python*/*/test \
		usr/lib/python*/test
}

gdbm() {
	pkgdesc="GNU dbm database support for Python"
	provides="python-gdbm=$pkgver-r$pkgrel"
	replaces="python-gdbm py-gdbm"

	cd "$pkgdir"
	_mv_files $(find usr/lib -name '*gdbm*')
}

wininst() {
	pkgdesc="Python wininst files"
	mkdir -p "$subpkgdir"/usr/lib/python$_verbase/distutils/command
	mv "$pkgdir"/usr/lib/python$_verbase/distutils/command/*.exe \
		"$subpkgdir"/usr/lib/python$_verbase/distutils/command
}

sha512sums="a7bb62b51f48ff0b6df0b18f5b0312a523e3110f49c3237936bfe56ed0e26838c0274ff5401bda6fc21bf24337477ccac49e8026c5d651e4b4cafb5eb5086f6c  Python-2.7.18.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82  unchecked-ioctl.patch
7d6c5d85a572450fb463feea9c7a8159aa8dd0c604e69f19da6eb57108c60e37ebce41b80758f63dd01e4a22286f80665ce4d778a30fa45ad5f1d6ce074c1f81  cve-2021-3177.patch"