Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compiled source files are not identical across installations even when SOURCE_DATE_EPOCH is set to the same value #8414

Closed
dshcherb opened this issue Jun 9, 2020 · 2 comments
Closed

Compiled source files are not identical across installations even when SOURCE_DATE_EPOCH is set to the same value #8414

dshcherb opened this issue Jun 9, 2020 · 2 comments

Comments

@dshcherb
Copy link

dshcherb commented Jun 9, 2020
edited
Loading

Environment

  • pip version: 20.0.2
  • Python version: 3.8.2
  • OS: Ubuntu 20.04

Description

.pyc files generated during wheel installation include absolute paths of files unpacked to temporary directories such as '/tmp/pip-unpacked-wheel-79blnlyq/setuptools/command/bdist_egg.py.

Thus, even when SOURCE_DATE_EPOCH is set to the same value across different installations of the same package, .pyc files are different.

A distro bug with more details: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1882535 starting with comment 2.

This happens because pip passes absolute paths for source files to py_compile which then uses source_to_code to get a code object that includes this absolute file path. py_compile then uses marshal.dumps on that code object to generate the final .pyc file - as a result, the .pyc file content always includes bytes from the temporary path generated by pip => builds aren't reproducible even when the PycInvalidationMode is forced to CHECKED_HASH via SOURCE_DATE_EPOCH.

https://github.com/python/cpython/blob/0f5a28f834bdac2da8a04597dc0fc5b71e50da9d/Lib/py_compile.py#L144-L145
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.source_to_code

Expected behavior

.pyc files have the same hash across installations if SOURCE_DATE_EPOCH is the same.

How to Reproduce

export SOURCE_DATE_EPOCH=1591640328
pip3 install -t ./ setuptools

sha256sum setuptools/command/__pycache__/bdist_egg.cpython-38.pyc
e52f3e2bb06005c3576fcc7402f18e5757cc2c53fc39b5f366c8ea159191c136  setuptools/command/__pycache__/bdist_egg.cpython-38.pyc

grep -a /tmp/pip-unpacked-wheel setuptools/command/__pycache__/bdist_egg.cpython-38.pyc
EntryPoint)�Library)�Command�SetuptoolsDeprecationWarning)get_path�get_python_versioncCtd�S)N�purelib)r�rr�@/tmp/pip-unpacked-wheel-lbfyixdd/setuptools/command/bdist_egg.py�
       _get_purelibr)�get_python_librcCtd�S)NF)rrrrrr scCs2d|krtj�|�d}|�d�r.|dd�}|S)N�.r�modulei����)�os�pathsplitextendswith)filenamerrr�
                                                                                                                                          strip_module$s


rm -r ./*

sha256sum setuptools/command/__pycache__/bdist_egg.cpython-38.pyc
54f4a618de763a70b6d055de478735e3e7f6f202ecf5706f5b44bfbddf8c1fd5  setuptools/command/__pycache__/bdist_egg.cpython-38.pyc

grep -a /tmp/pip-unpacked-wheel setuptools/command/__pycache__/bdist_egg.cpython-38.pyc
EntryPoint)�Library)�Command�SetuptoolsDeprecationWarning)get_path�get_python_versioncCtd�S)N�purelib)r�rr�@/tmp/pip-unpacked-wheel-3x647bdf/setuptools/command/bdist_egg.py�
       _get_purelibr)�get_python_librcCtd�S)NF)rrrrrr scCs2d|krtj�|�d}|�d�r.|dd�}|S)N�.r�modulei����)�os�pathsplitextendswith)filenamerrr�
                                                                                                                                          strip_module$s
@triage-new-issues triage-new-issues bot added the S: needs triage Issues/PRs that need to be triaged label Jun 9, 2020
@FRidh
Copy link

FRidh commented Jun 22, 2020

This is a duplicate of #7808.

@pradyunsg
Copy link
Member

pradyunsg commented Aug 30, 2020
edited
Loading

Thanks @FRidh! Closing as a duplicate of #7808.

peteyan pushed a commit to peteyan/microstack that referenced this issue Jan 7, 2021
Use focal/core20/Ussuri/OVN & enable confinement
780a4c4 
Major changes:

* Plumbing necessary for strict confinement with
  the microstack-support interface
  canonical/snapd#8926
  * Until the interface is merged, devmode will be used and kernel
    modules will be loaded via an auxiliary service.
* upgraded OpenStack components to Focal (20.04) and OpenStack Ussuri;
  * reworked the old patches;
  * added the Placement service since it is now separate;
  * addressed various build issues due to changes in snapcraft and
    built dependencies:
    * e.g. libvirt requires the build directory to be separate from the
      source directory) and LP: #1882255;
    * LP: #1882535 and pypa/pip#8414
    * LP: #1882839
    * LP: #1885294
    * https://storyboard.openstack.org/#!/story/2007806
    * LP: #1864589
    * LP: #1777121
    * LP: #1881590
* ML2/OVS replated with ML2/OVN;
  * dnsmasq is not used anymore;
  * neutron l3 and DHCP agents are not used anymore;
  * Linux network namespaces are only used for
    neutron-ovn-metadata-agent.
  * ML2 DNS support is done via native OVN mechanisms;
  * OVN-related database services (southbound and northbound dbs);
  * OVN-related control plane services (ovn-controller, ovn-northd);
* core20 base support (bionic hosts are supported);
* the removal procedure now relies on the "remove" hook since `snap
remove` cannot be used from the confined environment anymore;
* prerequisites to enabling AppArmor confinement for QEMU processes
  created by the confined libvirtd.
* Added the Spice html5 console proxy service to enable clients to
  retrieve and use it via
  `microstack.openstack console url show --spice <servername>`.
* Added missing Cinder templates and DB migrations for the Cinder DB.
* Added experimental support for a loop device-based LVM backend for
  Cinder. Due to LP: #1892895 this is not recommended to be used in
  production except for tempest testing with an applied workaround;
  * includes iscsid and iscsi-tcp kernel module loading;
  * includes LIO and loading of relevant kernel modules;
  * An LVM PV is created on top of a loop device with a backing file
  present in $SNAP_COMMON/cinder-lvm.img;
  * A VG is created on top of the PV;
  * LVs are created by Cinder and exported via LIO over iscsi to iscsid
  which hot-plugs new SCSI devices. Those SCSI devices are then
  propagated by Nova to libvirt and QEMU during volume attachment;
* Added post-deployment testing via rally and tempest (via the
  microstack-test snap). A set of tests included into Refstack 2018.02
  is executed (except for object storage tests due to the lack of object
  storage support).

Change-Id: Ic70770095860a57d5e0a55a8a9451f9db6be7448
@pradyunsg pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Feb 12, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FRidh @pradyunsg @dshcherb