[Reproducible-builds] Bug#776026: wheel: please make whl files reproducible
Reiner Herrmann
reiner at reiner-h.de
Thu Jan 22 22:03:20 UTC 2015
Source: wheel
Version: 0.24.0-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: toolchain timestamps randomness
Hi!
While working on Debian's “reproducible builds” effort [1], we have noticed
that wheel files (.whl) cannot be build reproducibly.
The data inside metadata.json is unsorted and varies with each build.
And the zip archive timestamps also depend on the build time of packages.
The attached patch fixes this by sorting the JSON file, and by using fixed
timestamps for each file in the archive.
Regards,
Reiner
[1]: https://wiki.debian.org/ReproducibleBuilds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wheel_reproducible.patch
Type: text/x-patch
Size: 2038 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150122/4323f5b2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150122/4323f5b2/attachment.sig>
More information about the Reproducible-builds
mailing list