FS#70340 - [python-*] Many packages are unreproducible due to .pyc shipped in the package

Attached to Project: Community Packages
Opened by Z. Ren (zren) - Thursday, 08 April 2021, 02:03 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 21 April 2021, 13:38 GMT
Task Type Bug Report
Category Reproducible Builds
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Hi!

While conducting a research in the spirit of the "reproducible builds" [1], we have noticed that the package python-aiogram could not be built reproducibly, in that the python interpreter introduces non-determinism when generating the bytecode (.pyc file, see the attached diff.json). According to the documentation [2], invoking "export PYTHONHASHSEED=0" before the bytecode compiling will solve this issue.

The attached patch does exactly this. Once applied, the package can be built reproducibly.


Additional info:
* python-aiogram 2.12.1-1

Steps to reproduce:
The unreproducible build result could be detected with reprotest [3].

[1]: https://wiki.debian.org/ReproducibleBuilds
[2]: https://wiki.archlinux.org/index.php/Python_package_guidelines#Reproducible_bytecode
[3]: https://wiki.archlinux.org/index.php/DeveloperWiki:ReproducibleBuilds

This task depends upon

Closed by  Andreas Radke (AndyRTR)
Wednesday, 21 April 2021, 13:38 GMT
Reason for closing:  None
Additional comments about closing:  tracked by Todo list
Comment by Eli Schwartz (eschwartz) - Thursday, 08 April 2021, 04:16 GMT
  • Field changed: Summary ([python-aiogram] Package is unreproducible due to .pyc shipped in the package → [python-*] Many packages are unreproducible due to .pyc shipped in the package)
Thank you! I've created a mass TODO list to handle this and other packages: https://archlinux.org/todo/unreproducible-python-bytecode/

I'll keep this bug open (randomly chosen due to being first) as a general tracking bug for the topic. If we've missed any packages, or there is other news/discussion on the overall approach, we can discuss it here.
Comment by Eli Schwartz (eschwartz) - Wednesday, 14 April 2021, 22:46 GMT
FFY00 has submitted a fantastic patch to CPython to make this not be a problem: https://github.com/python/cpython/pull/25411

So this might sort itself out!

Loading...