reproducible builds and python
bmorbach
bmorbach at redhat.com
Mon Aug 11 18:01:23 UTC 2014
Hi everyone!
I've been doing some work towards reproducible builds in Fedora (mostly
with various upstreams so far) and one of the elephants in the Room are
obviously Pythons .pyc and .pyo files.
As those contain the mtime of the original .py file, they might be
different for each rebuild of an srpm.
For many rpms this isn't a problem, because the files are not modified
and thus retain their timestamp from the archive. Quite a few rpms do
modify to .py files though and because of that, every build has a
different result.
I would like to propose to set the mtime of all .py files to a fixed
(for this specific srpm) time. This could be done
in /usr/lib/rpm/brp-python-bytecompile before doing the actual
byte-compilation. This would result in the same .py{c,o} files being
created for each rebuild.
The timestamp could be e.g. the mtime of the oldest file in the
buildroot (which would assume that not _all_ of the files are modified)
But if you are interested in the idea, I'd certainly be open to
suggestions.
To address the obvious question:
Why not special-case those files when comparing rpms?
It will certainly be impossible to achieve this for all packages in
Fedora, so for some files this might indeed be needed, but I think we
should avoid this where possible. The idea of reproducible builds
becomes meaningless if the amount of differences that you just ignore
gets to big.
What do you think of this proposal?
Greetings,
Benedikt
More information about the python-devel
mailing list