Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#70216 - [certbot-nginx] Package is unreproducible due to .pyc shipped in the package

Attached to Project: Community Packages
Opened by Z. Ren (zren) - Tuesday, 30 March 2021, 06:59 GMT
Last edited by Jelle van der Waa (jelly) - Wednesday, 16 March 2022, 16:58 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Hi!

While conducting a research in the spirit of the "reproducible builds" [1], we have noticed that the package certbot-nginx could not be built reproducibly, in that the python interpreter introduces non-determinism when generating the bytecode (.pyc file, see the attached diff.json). According to the documentation [2], invoking "export PYTHONHASHSEED=0" before the bytecode compiling will solve this issue.

The attached patch does exactly this. Once applied, the package can be built reproducibly.


Additional info:
* certbot-nginx 1.13.0-1

Steps to reproduce:
The unreproducible build result could be detected with reprotest [2].

[1]: https://wiki.debian.org/ReproducibleBuilds
[2]: https://wiki.archlinux.org/index.php/Python_package_guidelines#Reproducible_bytecode
[3]: https://wiki.archlinux.org/index.php/DeveloperWiki:ReproducibleBuilds

Best wishes,
Z. Ren
This task depends upon

Closed by  Jelle van der Waa (jelly)
Wednesday, 16 March 2022, 16:58 GMT
Reason for closing:  Won't implement
Additional comments about closing:  PYTHONHASHSEED=0 is the default now

Loading...