[Python-modules-team] Bug#852289: python-passlib: please make the build reproducible (timestamps)
Dhole
dhole at openmailbox.org
Mon Jan 23 09:59:13 UTC 2017
Source: python-passlib
Version: 1.7.0-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org
Hi,
While working on the "reproducible builds" effort [1], we have noticed that
python-passlib could not be built reproducibly.
The version string of the package includes a timestamp that is generated at
build time.
The attached patch fixes this by using SOURCE_DATE_EPOCH as the timestamp for
the version string. Once applied, python-passlib can be built reproducibly in
our current experimental framework.
[1]: https://wiki.debian.org/ReproducibleBuilds
Regards,
--
Dhole
-------------- next part --------------
diff -Nru python-passlib-1.7.0/debian/changelog python-passlib-1.7.0/debian/changelog
--- python-passlib-1.7.0/debian/changelog 2016-11-28 17:31:28.000000000 +0100
+++ python-passlib-1.7.0/debian/changelog 2017-01-23 10:36:30.000000000 +0100
@@ -1,3 +1,11 @@
+python-passlib (1.7.0-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Use date from SOURCE_DATE_EPOCH for version number to make the build
+ reproducible.
+
+ -- red <red at repro> Mon, 23 Jan 2017 10:36:30 +0100
+
python-passlib (1.7.0-1) unstable; urgency=medium
* Team upload.
diff -Nru python-passlib-1.7.0/debian/patches/reproducible-version-name.patch python-passlib-1.7.0/debian/patches/reproducible-version-name.patch
--- python-passlib-1.7.0/debian/patches/reproducible-version-name.patch 1970-01-01 01:00:00.000000000 +0100
+++ python-passlib-1.7.0/debian/patches/reproducible-version-name.patch 2017-01-23 10:36:30.000000000 +0100
@@ -0,0 +1,20 @@
+Description: Generate a reproducible version name
+ Use date from SOURCE_DATE_EPOCH for version number to make the build
+ reproducible.
+Author: red <red at repro>
+
+
+Index: python-passlib-1.7.0/setup.py
+===================================================================
+--- python-passlib-1.7.0.orig/setup.py
++++ python-passlib-1.7.0/setup.py
+@@ -58,7 +58,8 @@ if os.environ.get("PASSLIB_SETUP_TAG_REL
+ stamp = stamp.decode("ascii")
+ except (OSError, subprocess.CalledProcessError):
+ # fallback - just use build date
+- stamp = time.strftime("%Y%m%d%H%M%S")
++ build_date = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
++ stamp = time.strftime("%Y%m%d%H%M%S", time.gmtime(build_date))
+
+ # modify version
+ if version.endswith((".dev0", ".post0")):
diff -Nru python-passlib-1.7.0/debian/patches/series python-passlib-1.7.0/debian/patches/series
--- python-passlib-1.7.0/debian/patches/series 2016-11-28 17:31:28.000000000 +0100
+++ python-passlib-1.7.0/debian/patches/series 2017-01-23 10:36:30.000000000 +0100
@@ -1 +1,2 @@
0001-Disable-Django-support.patch
+reproducible-version-name.patch
More information about the Python-modules-team
mailing list