[gentoo-commits] repo/proj/libressl:master commit in: dev-python/pypy/, dev-python/pypy/files/

[gentoo-commits] repo/proj/libressl:master commit in: dev-python/pypy/, dev-python/pypy/files/

[orbea]

commit:     022c251a569eab1b2257dc4cb956ea125cc5570f
Author:     Vic Kerr <wikky <AT> memleek <DOT> org>
AuthorDate: Fri Jul 19 13:49:46 2024 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Thu Jul 25 18:01:33 2024 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=022c251a

dev-python/pypy: new package

Most patches are from OpenBSD:
https://github.com/openbsd/ports/tree/master/lang/pypy/patches

The rest are for compatibility with pypy 7.3.16 and libressl 3.9.2.

Signed-off-by: Vic Kerr <wikky <AT> memleek.org>
Signed-off-by: orbea <orbea <AT> riseup.net>

 dev-python/pypy/Manifest                         |   2 +
 dev-python/pypy/files/pypy-7.3.16-libressl.patch | 285 +++++++++++++++++++++
 dev-python/pypy/metadata.xml                     |  19 ++
 dev-python/pypy/pypy-7.3.16.ebuild               | 307 +++++++++++++++++++++++
 4 files changed, 613 insertions(+)

diff --git a/dev-python/pypy/Manifest b/dev-python/pypy/Manifest
new file mode 100644
index 0000000..07bbe9c
--- /dev/null
+++ b/dev-python/pypy/Manifest
@@ -0,0 +1,2 @@
+DIST pypy2.7-gentoo-patches-7.3.16.tar.xz 5312 BLAKE2B b265dd7afee097ad66bacd9df01514eed6bb30afe19410b2594ee7c2d61ababc67e11c0dd0392a0b1f81e0bc609963cde044834ab24e67d007d101b8aa8052cb SHA512 0d0309f3ed7314f6d310b0e34eedbbfdcc5a75d9bbd59b9071e567968bb10925549435776fab5bc7ec97e2b3422921dc282619427f930d89df6c7bc98ea701c1
+DIST pypy2.7-v7.3.16-src.tar.bz2 19843601 BLAKE2B 9c37a03561fcdf742eccde760f6cadcbc2e1b140dd6d3e67856cc072e0c3db85759c398f590ed44fb4e4ed2f5f7745d5589cb9a95cefcbec79f3b1be6c4956e1 SHA512 131635433e53d4d86730a3daf1ad81799a7dd1117511618cc2607ac7234ce3aa5c833400df09cbd3376a391e125d6d2ec3471f120f81a6d53700f5c3d087793c

diff --git a/dev-python/pypy/files/pypy-7.3.16-libressl.patch b/dev-python/pypy/files/pypy-7.3.16-libressl.patch
new file mode 100644
index 0000000..1a94c50
--- /dev/null
+++ b/dev-python/pypy/files/pypy-7.3.16-libressl.patch
@@ -0,0 +1,285 @@
+LibreSSL defines OPENSSL_NO_ENGINE yet provides some ENGINE symbols.
+I am not sure about the value of Cryptography_HAS_ENGINE in this case but at least this prevents symbol collisions.
+
+diff -u a/lib_pypy/_cffi_ssl/_cffi_src/openssl/engine.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/engine.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/engine.py	2024-04-21 01:03:52.000000000 +0000
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/engine.py	2024-07-17 07:40:07.395339433 +0000
+@@ -30,6 +30,7 @@
+ CUSTOMIZATIONS = """
+ #ifdef OPENSSL_NO_ENGINE
+ static const long Cryptography_HAS_ENGINE = 0;
++#ifndef CRYPTOGRAPHY_IS_LIBRESSL
+ 
+ ENGINE *(*ENGINE_by_id)(const char *) = NULL;
+ int ENGINE_init(ENGINE *);
+@@ -34,9 +34,11 @@
+ ENGINE *(*ENGINE_by_id)(const char *) = NULL;
+ int (*ENGINE_init)(ENGINE *) = NULL;
+ int (*ENGINE_finish)(ENGINE *) = NULL;
++#endif
+ ENGINE *(*ENGINE_get_default_RAND)(void) = NULL;
+ int (*ENGINE_set_default_RAND)(ENGINE *) = NULL;
+ void (*ENGINE_unregister_RAND)(ENGINE *) = NULL;
++#ifndef CRYPTOGRAPHY_IS_LIBRESSL
+ int (*ENGINE_ctrl_cmd)(ENGINE *, const char *, long, void *,
+                        void (*)(void), int) = NULL;
+ 
+@@ -47,6 +47,7 @@
+ const char *(*ENGINE_get_id)(const ENGINE *) = NULL;
+ const char *(*ENGINE_get_name)(const ENGINE *) = NULL;
+ 
++#endif
+ #else
+ static const long Cryptography_HAS_ENGINE = 1;
+ #endif
+diff -ru pypy2.7-v7.3.16-src/lib_pypy/_cffi_ssl/_cffi_src/openssl/err.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/err.py
+--- pypy2.7-v7.3.16-src/lib_pypy/_cffi_ssl/_cffi_src/openssl/err.py	2024-04-21 01:03:52.000000000 +0000
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/err.py	2024-07-19 12:51:27.645284720 +0000
+@@ -232,5 +232,10 @@
+ static const int ERR_LIB_OSSL_ENCODER = -42;
+ static const int ERR_LIB_PROP = -42;
+ static const int ERR_LIB_PROV = -42;
++#ifdef CRYPTOGRAPHY_IS_LIBRESSL
++static const int ERR_LIB_ASYNC = -42;
++static const int ERR_LIB_OSSL_STORE = -42;
++static const int ERR_LIB_SM2 = -42;
++#endif
+ #endif
+ """
+LibreSSL now provides OPENSSL_cleanup()
+
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/crypto.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/crypto.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/crypto.py
+@@ -92,9 +92,7 @@ static const long Cryptography_HAS_LOCKING_CALLBACKS =
+ #endif
+ 
+ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+-static const long Cryptography_HAS_OPENSSL_CLEANUP = 0;
+-
+-void (*OPENSSL_cleanup)(void) = NULL;
++static const long Cryptography_HAS_OPENSSL_CLEANUP = 1;
+ 
+ /* This function has a significantly different signature pre-1.1.0. since it is
+  * for testing only, we don't bother to expose it on older OpenSSLs.
+Adapt for Certificate Transparency support in LibreSSL 3.5
+
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/ct.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ct.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ct.py
+@@ -5,7 +5,7 @@
+ from __future__ import absolute_import, division, print_function
+ 
+ INCLUDES = """
+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER || CRYPTOGRAPHY_IS_LIBRESSL
+ #include <openssl/ct.h>
+ 
+ typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT;
+@@ -65,7 +65,7 @@ int SCT_set_log_entry_type(SCT *, ct_log_entry_type_t)
+ """
+ 
+ CUSTOMIZATIONS = """
+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER || CRYPTOGRAPHY_IS_LIBRESSL
+ static const long Cryptography_HAS_SCT = 1;
+ #else
+ static const long Cryptography_HAS_SCT = 0;
+Do not redefine a constant available in LibreSSL's headers.
+
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/dh.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/dh.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/dh.py
+@@ -110,7 +110,7 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_
+ }
+ #endif
+ 
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+ #ifndef DH_CHECK_Q_NOT_PRIME
+ #define DH_CHECK_Q_NOT_PRIME            0x10
+ #endif
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py
+@@ -212,10 +212,11 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, cons
+ #endif
+ 
+ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
+-static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
+-static const long Cryptography_HAS_RAW_KEY = 0;
+ static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
+ int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3070000fL
++static const long Cryptography_HAS_RAW_KEY = 0;
++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
+ int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *,
+                       const unsigned char *tbs, size_t) = NULL;
+ int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t,
+@@ -228,6 +229,10 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, 
+                                     size_t *) = NULL;
+ int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,
+                                    size_t *) = NULL;
++#else
++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
++static const long Cryptography_HAS_RAW_KEY = 1;
++#endif
+ #else
+ static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
+ static const long Cryptography_HAS_RAW_KEY = 1;
+Fix build with opaque HMAC_CTX in LibreSSL 3.5.
+
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/hmac.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/hmac.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/hmac.py
+@@ -24,7 +24,7 @@ void Cryptography_HMAC_CTX_free(HMAC_CTX *ctx);
+ 
+ CUSTOMIZATIONS = """
+ HMAC_CTX *Cryptography_HMAC_CTX_new(void) {
+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER || defined(LIBRESSL_VERSION_NUMBER)
+     return HMAC_CTX_new();
+ #else
+     /* This uses OPENSSL_zalloc in 1.1.0, which is malloc + memset */
+@@ -36,7 +36,7 @@ HMAC_CTX *Cryptography_HMAC_CTX_new(void) {
+ 
+ 
+ void Cryptography_HMAC_CTX_free(HMAC_CTX *ctx) {
+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER || defined(LIBRESSL_VERSION_NUMBER)
+     return HMAC_CTX_free(ctx);
+ #else
+     if (ctx != NULL) {
+Fix build with opaque OCSP in LibreSSL 3.5.
+
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/ocsp.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ocsp.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ocsp.py
+@@ -109,7 +109,7 @@ struct ocsp_basic_response_st {
+ };
+ #endif
+ 
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && LIBRESSL_VERSION_NUMBER < 0x3050000fL
+ /* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */
+ const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
+ {
+@@ -148,7 +148,7 @@ const ASN1_OCTET_STRING *OCSP_resp_get0_signature(cons
+ }
+ #endif
+ 
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J && LIBRESSL_VERSION_NUMBER < 0x3050000fL
+ const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
+ {
+ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+Fix build with opaque SSL_CTX and COMP_METHOD and do not redefine
+DTLSv1.2 and TLSv1.3 related defined vailable in recent LibreSSL versions.
+
++ SSL_CTX_*_min_proto_version
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
+@@ -552,7 +552,7 @@ int SSL_CTX_set_max_early_data(SSL_CTX *, uint32_t);
+ CUSTOMIZATIONS = """
+ /* Added in 1.0.2 but we need it in all versions now due to the great
+    opaquing. */
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL
+ /* from ssl/ssl_lib.c */
+ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) {
+     return ctx->method;
+@@ -681,8 +681,8 @@ static const long Cryptography_HAS_SET_CERT_CB = 1;
+ 
+ /* In OpenSSL 1.0.2i+ the handling of COMP_METHOD when OPENSSL_NO_COMP was
+    changed and we no longer need to typedef void */
+-#if (defined(OPENSSL_NO_COMP) && CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I) || \
+-    CRYPTOGRAPHY_IS_LIBRESSL
++#if (defined(OPENSSL_NO_COMP) && CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I) && \
++    !CRYPTOGRAPHY_IS_LIBRESSL
+ static const long Cryptography_HAS_COMPRESSION = 0;
+ typedef void COMP_METHOD;
+ #else
+@@ -729,8 +729,6 @@ const SSL_METHOD *(*DTLS_client_method)(void) = NULL;
+ static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1;
+ #endif
+ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+-static const long SSL_OP_NO_DTLSv1 = 0;
+-static const long SSL_OP_NO_DTLSv1_2 = 0;
+ long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
+ long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
+ #endif
+@@ -836,7 +834,7 @@ static const long Cryptography_HAS_CIPHER_DETAILS = 0;
+ static const long Cryptography_HAS_CIPHER_DETAILS = 1;
+ #endif
+ 
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL
+ static const long Cryptography_HAS_TLSv1_3 = 0;
+ static const long SSL_OP_NO_TLSv1_3 = 0;
+ static const long SSL_VERIFY_POST_HANDSHAKE = 0;
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/x509name.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/x509name.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/x509name.py
+@@ -75,7 +75,7 @@ Cryptography_STACK_OF_X509_NAME_ENTRY *sk_X509_NAME_EN
+ """
+ 
+ CUSTOMIZATIONS = """
+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER || defined(LIBRESSL_VERSION_NUMBER)
+ int Cryptography_X509_NAME_ENTRY_set(X509_NAME_ENTRY *ne) {
+     return X509_NAME_ENTRY_set(ne);
+ }
+Index: lib_pypy/_cffi_ssl/_cffi_src/openssl/x509.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/x509.py
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/x509.py
+@@ -282,7 +282,7 @@ int X509_get_signature_nid(const X509 *x)
+ 
+ /* Added in 1.0.2 but we need it in all versions now due to the great
+    opaquing. */
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !defined(LIBRESSL_VERSION_NUMBER)
+ /* from x509/x_x509.c */
+ int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
+ {
+@@ -308,7 +308,7 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOK
+ 
+ /* Added in 1.1.0 but we need it in all versions now due to the great
+    opaquing. */
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !defined(LIBRESSL_VERSION_NUMBER)
+ int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+ {
+     req->req_info->enc.modified = 1;
+diff -ru a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py	2024-07-19 10:38:37.482873478 +0000
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py	2024-07-19 10:41:18.411921508 +0000
+@@ -577,7 +577,7 @@
+ """
+ 
+ CUSTOMIZATIONS = """
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL
+ #error Python 3.7 requires OpenSSL >= 1.0.2
+ #endif
+ 
+@@ -739,7 +739,7 @@
+ int (*SSL_get_min_proto_version)(SSL *ssl) = NULL;
+ int (*SSL_get_max_proto_version)(SSL *ssl) = NULL;
+ #endif
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
+ int (*SSL_CTX_set_min_proto_version)(SSL_CTX *ctx, int version) = NULL;
+ int (*SSL_CTX_set_max_proto_version)(SSL_CTX *ctx, int version) = NULL;
+ int (*SSL_set_min_proto_version)(SSL *ssl, int version) = NULL;
+diff -ru a/lib_pypy/_cffi_ssl/_cffi_src/openssl/x509v3.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/x509v3.py
+--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/x509v3.py	2024-04-21 01:03:52.000000000 +0000
++++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/x509v3.py	2024-07-19 13:16:55.369740670 +0000
+@@ -320,4 +320,7 @@
+ """
+ 
+ CUSTOMIZATIONS = """
++#ifdef CRYPTOGRAPHY_IS_LIBRESSL
++int (*X509V3_EXT_add_alias)(int, int) = NULL;
++#endif
+ """

diff --git a/dev-python/pypy/metadata.xml b/dev-python/pypy/metadata.xml
new file mode 100644
index 0000000..cfd6192
--- /dev/null
+++ b/dev-python/pypy/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>python@gentoo.org</email>
+		<name>Python</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">pypy/pypy</remote-id>
+	</upstream>
+	<use>
+		<flag name="full-stdlib">
+			Install complete stdlib as necessary to use PyPy for general
+			purpose programs.  By default, only a limited subset that is
+			used when building PyPy3 executables is installed.  Note
+			that PyPy2.7's stdlib contains multiple known vulnerabilities.
+		</flag>
+	</use>
+</pkgmetadata>

diff --git a/dev-python/pypy/pypy-7.3.16.ebuild b/dev-python/pypy/pypy-7.3.16.ebuild
new file mode 100644
index 0000000..6128560
--- /dev/null
+++ b/dev-python/pypy/pypy-7.3.16.ebuild
@@ -0,0 +1,307 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit pax-utils
+
+PYPY_PV=${PV%_p*}
+MY_P=pypy2.7-v${PYPY_PV/_}
+PATCHSET="pypy2.7-gentoo-patches-${PV/_rc/rc}"
+
+DESCRIPTION="A fast, compliant alternative implementation of the Python language"
+HOMEPAGE="
+	https://www.pypy.org/
+	https://github.com/pypy/pypy/
+"
+SRC_URI="
+	https://downloads.python.org/pypy/${MY_P}-src.tar.bz2
+	https://buildbot.pypy.org/pypy/${MY_P}-src.tar.bz2
+	https://dev.gentoo.org/~mgorny/dist/python/${PATCHSET}.tar.xz
+"
+S="${WORKDIR}/${MY_P}-src"
+
+LICENSE="MIT"
+# pypy -c 'import sysconfig; print sysconfig.get_config_var("SOABI")'
+SLOT="0/73"
+KEYWORDS="amd64 ~arm64 ~ppc64 x86 ~amd64-linux ~x86-linux"
+IUSE="bzip2 full-stdlib gdbm +jit ncurses sqlite tk"
+RESTRICT="test"
+
+RDEPEND="
+	|| (
+		>=dev-python/pypy-exe-bin-${PYPY_PV}:${PYPY_PV}
+		>=dev-python/pypy-exe-${PYPY_PV}:${PYPY_PV}[bzip2?,ncurses?]
+	)
+	dev-libs/openssl:0=
+	gdbm? ( sys-libs/gdbm:0= )
+	sqlite? ( dev-db/sqlite:3= )
+	tk? (
+		dev-lang/tk:0=
+		dev-tcltk/tix:0=
+	)
+"
+DEPEND="
+	${RDEPEND}
+"
+
+src_prepare() {
+	local PATCHES=(
+		"${WORKDIR}/${PATCHSET}"
+		"${FILESDIR}"/${PN}-7.3.16-libressl.patch
+	)
+	default
+}
+
+src_compile() {
+	# copy over to make sys.prefix happy
+	cp -p "${BROOT}"/usr/lib/pypy2.7/pypy-c-${PYPY_PV} pypy-c || die
+	cp -p "${BROOT}"/usr/lib/pypy2.7/include/${PYPY_PV}/* include/ || die
+	# (not installed by pypy)
+	rm pypy/module/cpyext/include/_numpypy/numpy/README || die
+	mv pypy/module/cpyext/include/* include/ || die
+	mv pypy/module/cpyext/parse/*.h include/ || die
+	pax-mark m pypy-c
+
+	# verify the subslot
+	local soabi=$(
+		./pypy-c - <<-EOF
+			import sysconfig
+			print sysconfig.get_config_var("SOABI")
+		EOF
+	)
+	[[ ${soabi#pypy-} == ${SLOT#*/} ]] || die "update subslot to ${soabi}"
+
+	einfo "Generating caches and CFFI modules ..."
+
+	if use full-stdlib; then
+		# Generate Grammar and PatternGrammar pickles.
+		./pypy-c - <<-EOF || die "Generation of Grammar and PatternGrammar pickles failed"
+			import lib2to3.pygram
+			import lib2to3.patcomp
+			lib2to3.patcomp.PatternCompiler()
+		EOF
+
+		# Generate cffi modules
+		# Please keep in sync with pypy/tool/build_cffi_imports.py!
+		cffi_targets=( pypy_util ssl audioop syslog pwdgrp resource )
+		use gdbm && cffi_targets+=( gdbm )
+		use ncurses && cffi_targets+=( curses )
+		use sqlite && cffi_targets+=( sqlite3 )
+		use tk && cffi_targets+=( tkinter/tklib )
+
+		local t
+		# all modules except tkinter output to .
+		# tkinter outputs to the correct dir ...
+		cd lib_pypy || die
+		for t in "${cffi_targets[@]}"; do
+			# tkinter doesn't work via -m
+			../pypy-c "_${t}_build.py" || die "Failed to build CFFI bindings for ${t}"
+		done
+
+		# Verify that CFFI module list is up-to-date
+		local expected_cksum=-7df4eab0
+		local local_cksum=$(
+			../pypy-c - <<-EOF
+				import binascii
+				import json
+				from pypy_tools.build_cffi_imports import cffi_build_scripts as x
+				print("%08x" % (binascii.crc32(json.dumps(x)),))
+			EOF
+		)
+		if [[ ${local_cksum} != ${expected_cksum} ]]; then
+			die "Please verify cffi_targets and update checksum to ${local_cksum}"
+		fi
+
+		# Cleanup temporary objects
+		find -name "_cffi_*.[co]" -delete || die
+		find -type d -empty -delete || die
+	fi
+}
+
+src_test() {
+	# (unset)
+	local -x PYTHONDONTWRITEBYTECODE=
+	local -x COLUMNS=80
+
+	local ignored_tests=(
+		# network
+		--ignore=lib-python/2.7/test/test_urllibnet.py
+		--ignore=lib-python/2.7/test/test_urllib2net.py
+		# lots of free space
+		--ignore=lib-python/2.7/test/test_zipfile64.py
+
+		# broken by expat-2.4.5
+		--ignore=lib-python/2.7/test/test_minidom.py
+		--ignore=lib-python/2.7/test/test_xml_etree.py
+		--ignore=lib-python/2.7/test/test_xml_etree_c.py
+	)
+
+	./pypy-c ./pypy/test_all.py --pypy=./pypy-c -vv \
+		"${ignored_tests[@]}" lib-python || die
+}
+
+src_install() {
+	local dest=/usr/lib/pypy2.7
+	einfo "Installing PyPy ..."
+	dosym pypy-c-${PYPY_PV} "${dest}/pypy-c"
+	insinto "${dest}"
+	# preserve mtimes to avoid obsoleting caches
+	insopts -p
+	if use full-stdlib; then
+		doins -r include lib_pypy lib-python
+
+		# replace copied headers with symlinks
+		for x in "${BROOT}"/usr/lib/pypy2.7/include/${PYPY_PV}/*; do
+			dosym "${PYPY_PV}/${x##*/}" "${dest}/include/${x##*/}"
+		done
+
+		if ! use gdbm; then
+			rm -r "${ED}${dest}"/lib_pypy/gdbm.py \
+				"${ED}${dest}"/lib-python/*2.7/test/test_gdbm.py || die
+		fi
+		if ! use sqlite; then
+			rm -r "${ED}${dest}"/lib-python/*2.7/sqlite3 \
+				"${ED}${dest}"/lib_pypy/_sqlite3.py \
+				"${ED}${dest}"/lib-python/*2.7/test/test_sqlite.py || die
+		fi
+		if ! use tk; then
+			rm -r "${ED}${dest}"/lib-python/*2.7/{idlelib,lib-tk} \
+				"${ED}${dest}"/lib_pypy/_tkinter \
+				"${ED}${dest}"/lib-python/*2.7/test/test_{tcl,tk,ttk*}.py || die
+		fi
+	else
+		# install only the absolutely minimal subset of modules needed
+		# for pypy3 build
+		local lib_py_modules=(
+			# base modules needed to even start pypy (and import site)
+			codecs.py
+			copy_reg.py
+			encodings
+			genericpath.py
+			linecache.py
+			os.py
+			pkgutil.py
+			posixpath.py
+			re.py
+			runpy.py
+			site.py
+			sre_compile.py
+			sre_constants.py
+			sre_parse.py
+			stat.py
+			string.py
+			sysconfig.py
+			traceback.py
+			warnings.py
+			UserDict.py
+
+			# needed for python_optimize
+			compileall.py
+			getopt.py
+			py_compile.py
+			struct.py
+
+			# needed for rpython
+			argparse.py
+			atexit.py
+			base64.py
+			bdb.py
+			bisect.py
+			cmd.py
+			code.py
+			codeop.py
+			collections.py
+			colorsys.py
+			contextlib.py
+			copy.py
+			ctypes
+			dis.py
+			fnmatch.py
+			functools.py
+			gettext.py
+			hashlib.py
+			heapq.py
+			inspect.py
+			io.py
+			json
+			keyword.py
+			locale.py
+			logging
+			new.py
+			opcode.py
+			optparse.py
+			pdb.py
+			pickle.py
+			platform.py
+			pprint.py
+			random.py
+			repr.py
+			shlex.py
+			shutil.py
+			StringIO.py
+			subprocess.py
+			tempfile.py
+			textwrap.py
+			threading.py
+			tokenize.py
+			weakref.py
+			zipfile.py
+		)
+
+		local distutils_modules=(
+			# needed by site
+			__init__.py
+			errors.py
+			sysconfig.py
+			sysconfig_cpython.py
+			sysconfig_pypy.py
+		)
+
+		local lib_pypy_modules=(
+			# needed by site
+			_sysconfigdata.py
+
+			# needed by rpython
+			cffi
+			_ctypes
+			_ffi.py
+			_functools.py
+			_sha.py
+			_sha256.py
+			_sha512.py
+
+			# NB: we're deliberately skipping _hashlib to avoid some deps
+		)
+
+		cd lib-python/2.7 || die
+		insinto "${dest}/lib-python/2.7"
+		doins -r "${lib_py_modules[@]}"
+		cd - >/dev/null || die
+
+		cd lib-python/2.7/distutils || die
+		insinto "${dest}/lib-python/2.7/distutils"
+		doins -r "${distutils_modules[@]}"
+		cd - >/dev/null || die
+
+		cd lib_pypy || die
+		insinto "${dest}/lib_pypy"
+		doins -r "${lib_pypy_modules[@]}"
+		cd - >/dev/null || die
+	fi
+
+	dosym ../lib/pypy2.7/pypy-c /usr/bin/pypy
+	dodoc README.rst
+
+	local -x PYTHON=${ED}${dest}/pypy-c-${PYPY_PV}
+	# temporarily copy to build tree to facilitate module builds
+	cp -p "${BROOT}${dest}/pypy-c-${PYPY_PV}" "${PYTHON}" || die
+
+	einfo "Byte-compiling Python standard library..."
+	"${PYTHON}" -m compileall \
+		-x 'bad_coding|badsyntax|make_ssl_data|lib2to3/tests/data' \
+		-q -f -d "${dest}" "${ED}/${dest}" || die
+
+	# remove to avoid collisions
+	rm "${PYTHON}" || die
+}