FS#70214 - [certbot] Package is unreproducible due to .pyc shipped in the package

Attached to Project: Community Packages
Opened by Z. Ren (zren) - Tuesday, 30 March 2021, 06:52 GMT
Last edited by Jelle van der Waa (jelly) - Wednesday, 16 March 2022, 16:57 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Jelle van der Waa (jelly)
Felix Yan (felixonmars)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Hi!

While conducting a research in the spirit of the "reproducible builds" [1], we have noticed that the package certbot could not be built reproducibly, in that the python interpreter introduces non-determinism when generating the bytecode (.pyc file, see the attached diff.json). According to the documentation [2], invoking "export PYTHONHASHSEED=0" before the bytecode compiling will solve this issue.

The attached patch does exactly this. Once applied, the package can be built reproducibly.


Additional info:
* certbot 1.13.0-1

Steps to reproduce:
The unreproducible build result could be detected with reprotest [2].

[1]: https://wiki.debian.org/ReproducibleBuilds
[2]: https://wiki.archlinux.org/index.php/Python_package_guidelines#Reproducible_bytecode
[3]: https://wiki.archlinux.org/index.php/DeveloperWiki:ReproducibleBuilds

Best wishes,
Z. Ren
This task depends upon

Closed by  Jelle van der Waa (jelly)
Wednesday, 16 March 2022, 16:57 GMT
Reason for closing:  Won't implement
Additional comments about closing:  PYTHONHASHSEED=0 is the default now

Loading...