bdist_wheel is not idempotent #248
Comments
|
This will probably be because of differing timestamps in the resulting zip archive/wheel. I'd be happy to submit a PR to make the resulting archive have a constant timestamp (1980-01-01 00:00:00 because MS-DOS date times). There's probably two approaches to pick from depending on the codebase (I'll check later):
As a hopefully short-term solution™ you could use python-stripzip which I made last night and will continue to improve with proper CLI arguments, exception catching, and testing. |
|
from wheel.wheelfile (mentions #143): def get_zipinfo_datetime(timestamp=None):
# Some applications need reproducible .whl files, but they can't do this without forcing
# the timestamp of the individual ZipInfo objects. See issue #143.
timestamp = int(os.environ.get('SOURCE_DATE_EPOCH', timestamp or time.time()))
return time.gmtime(timestamp)[0:6]for existing files, the original modification time is used (so low stability, as they are clobbered by git), and the I'm wondering how relevant modification times are in the use of wheels; should the timestamps in the generated archives always be a fixed date? It sounds like the Debian folks are using I'm inclined to make a PR for: def get_zipinfo_datetime(timestamp=None):
# assuming timestamps are irrelevant, so set all dates to the lowest available in zips (_1980-01-01 00:00:00_)
timestamp = int(os.environ.get('SOURCE_DATE_EPOCH', 315532800))
return time.gmtime(timestamp)[0:6] |
|
One thing that makes things more likely to move around when building is the WHEEL in the packed So something to consider when making builds deterministic |
|
"reproducible builds" means if you have the same versions of tools then you will get the same output. The generator version is a feature. |
|
What disturbs me more is the fact that the file permissions in the resulting wheel depend on the current umask. In my opinion the permissions should be the same regardless of which OS the wheel was built on (and consequently, the umask). |
|
@dholth I'm thinking of using 0o644 permissions for all files regardless of their permissions in the build directory. Any objections? |
|
I'm also not opposed to setting the timestamp to |
|
Even with fixed |
|
@kushaldas which files inside the wheel differ then? |
|
Does the build process recreate any files? |
|
@agronholm I found the following differences. And also: The |
|
@kushaldas which wheel version did you try with? Wheel has not generated |
|
Regarding the differences in the |
|
@dkamm I will close this issue as invalid if you don't respond within a week. Can you verify that there is something that wheel does wrong here? Like, is it bad that it runs the |
|
@agronholm feel free to close as invalid. It ended up not mattering for me. Sorry to send you guys down this goose chase |
Now I tried with After this, the only difference is in the binary
Any tips on how to make sure that we can have reproducible binary wheels? |
|
How to compile C code in a reproducible manner is outside the scope of my experience. This topic would be better addressed by talking about it on the distutils-sig list. |
If I run
python setup.py build bdist_wheeltwice without changing any files, the resulting wheels have binary differences. This seems a bit unexpected given that other archive tools like tar are idempotent. Is there a reason for this? I tested on python 2 and 3.The text was updated successfully, but these errors were encountered: