[Python-modules-team] Bug#852289: python-passlib: please make the build reproducible (timestamps)

Dhole dhole at openmailbox.org
Mon Jan 23 09:59:13 UTC 2017 

Source: python-passlib
Version: 1.7.0-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

Hi,

While working on the "reproducible builds" effort [1], we have noticed that
python-passlib could not be built reproducibly.

The version string of the package includes a timestamp that is generated at
build time.

The attached patch fixes this by using SOURCE_DATE_EPOCH as the timestamp for
the version string. Once applied, python-passlib can be built reproducibly in
our current experimental framework.

 [1]: https://wiki.debian.org/ReproducibleBuilds

Regards,
-- 
Dhole
-------------- next part --------------
diff -Nru python-passlib-1.7.0/debian/changelog python-passlib-1.7.0/debian/changelog
--- python-passlib-1.7.0/debian/changelog	2016-11-28 17:31:28.000000000 +0100
+++ python-passlib-1.7.0/debian/changelog	2017-01-23 10:36:30.000000000 +0100
@@ -1,3 +1,11 @@
+python-passlib (1.7.0-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Use date from SOURCE_DATE_EPOCH for version number to make the build
+    reproducible. 
+
+ -- red <red at repro>  Mon, 23 Jan 2017 10:36:30 +0100
+
 python-passlib (1.7.0-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru python-passlib-1.7.0/debian/patches/reproducible-version-name.patch python-passlib-1.7.0/debian/patches/reproducible-version-name.patch
--- python-passlib-1.7.0/debian/patches/reproducible-version-name.patch	1970-01-01 01:00:00.000000000 +0100
+++ python-passlib-1.7.0/debian/patches/reproducible-version-name.patch	2017-01-23 10:36:30.000000000 +0100
@@ -0,0 +1,20 @@
+Description: Generate a reproducible version name
+ Use date from SOURCE_DATE_EPOCH for version number to make the build
+ reproducible.
+Author: red <red at repro>
+
+
+Index: python-passlib-1.7.0/setup.py
+===================================================================
+--- python-passlib-1.7.0.orig/setup.py
++++ python-passlib-1.7.0/setup.py
+@@ -58,7 +58,8 @@ if os.environ.get("PASSLIB_SETUP_TAG_REL
+         stamp = stamp.decode("ascii")
+     except (OSError, subprocess.CalledProcessError):
+         # fallback - just use build date
+-        stamp = time.strftime("%Y%m%d%H%M%S")
++        build_date = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
++        stamp = time.strftime("%Y%m%d%H%M%S", time.gmtime(build_date))
+ 
+     # modify version
+     if version.endswith((".dev0", ".post0")):
diff -Nru python-passlib-1.7.0/debian/patches/series python-passlib-1.7.0/debian/patches/series
--- python-passlib-1.7.0/debian/patches/series	2016-11-28 17:31:28.000000000 +0100
+++ python-passlib-1.7.0/debian/patches/series	2017-01-23 10:36:30.000000000 +0100
@@ -1 +1,2 @@
 0001-Disable-Django-support.patch
+reproducible-version-name.patch

More information about the Python-modules-team mailing list