FS#70225 - [vidcutter] Package is unreproducible due to .pyc shipped in the package
Attached to Project:
Community Packages
Opened by Z. Ren (zren) - Tuesday, 30 March 2021, 07:09 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 30 March 2021, 21:34 GMT
Opened by Z. Ren (zren) - Tuesday, 30 March 2021, 07:09 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 30 March 2021, 21:34 GMT
|
Details
Hi!
While conducting a research in the spirit of the "reproducible builds" [1], we have noticed that the package vidcutter could not be built reproducibly, in that the python interpreter introduces non-determinism when generating the bytecode (.pyc file, see the attached diff.json). According to the documentation [2], invoking "export PYTHONHASHSEED=0" before the bytecode compiling will solve this issue. The attached patch does exactly this. Once applied, the package can be built reproducibly. Additional info: * vidcutter 6.0.5-1 Steps to reproduce: The unreproducible build result could be detected with reprotest [2]. [1]: https://wiki.debian.org/ReproducibleBuilds [2]: https://wiki.archlinux.org/index.php/Python_package_guidelines#Reproducible_bytecode [3]: https://wiki.archlinux.org/index.php/DeveloperWiki:ReproducibleBuilds Best wishes |
This task depends upon
Closed by Antonio Rojas (arojas)
Tuesday, 30 March 2021, 21:34 GMT
Reason for closing: Fixed
Additional comments about closing: vidcutter 6.0.5-2
Tuesday, 30 March 2021, 21:34 GMT
Reason for closing: Fixed
Additional comments about closing: vidcutter 6.0.5-2