FS#70215 - [certbot-apache] Package is unreproducible due to .pyc shipped in the package
Attached to Project:
Community Packages
Opened by Z. Ren (zren) - Tuesday, 30 March 2021, 06:58 GMT
Last edited by Jelle van der Waa (jelly) - Wednesday, 16 March 2022, 16:58 GMT
Opened by Z. Ren (zren) - Tuesday, 30 March 2021, 06:58 GMT
Last edited by Jelle van der Waa (jelly) - Wednesday, 16 March 2022, 16:58 GMT
|
Details
Hi!
While conducting a research in the spirit of the "reproducible builds" [1], we have noticed that the package certbot-apache could not be built reproducibly, in that the python interpreter introduces non-determinism when generating the bytecode (.pyc file, see the attached diff.json). According to the documentation [2], invoking "export PYTHONHASHSEED=0" before the bytecode compiling will solve this issue. The attached patch does exactly this. Once applied, the package can be built reproducibly. Additional info: * certbot-apache 1.13.0-1 Steps to reproduce: The unreproducible build result could be detected with reprotest [2]. [1]: https://wiki.debian.org/ReproducibleBuilds [2]: https://wiki.archlinux.org/index.php/Python_package_guidelines#Reproducible_bytecode [3]: https://wiki.archlinux.org/index.php/DeveloperWiki:ReproducibleBuilds Best wishes. Z. Ren |
This task depends upon
Closed by Jelle van der Waa (jelly)
Wednesday, 16 March 2022, 16:58 GMT
Reason for closing: Won't implement
Additional comments about closing: PYTHONHASHSEED=0 is the default now
Wednesday, 16 March 2022, 16:58 GMT
Reason for closing: Won't implement
Additional comments about closing: PYTHONHASHSEED=0 is the default now