Ensure zipapp generation is reproducible

pypa · Sep 4, 2022 · ee8a69d · ee8a69d
1 parent ee477d8
commit ee8a69d
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/public/pip-22.2.2.pyz b/public/pip-22.2.2.pyz
diff --git a/public/pip.pyz b/public/pip.pyz
diff --git a/scripts/generate.py b/scripts/generate.py
@@ -10,7 +10,7 @@
 from io import BytesIO
 from pathlib import Path
 from typing import Dict, Iterable, List, TextIO, Tuple
-from zipfile import ZipFile
+from zipfile import ZipFile, ZipInfo
 
 import requests
 from cachecontrol import CacheControl
@@ -341,7 +341,11 @@ def generate_zipapp(pip_version: Version, *, console: Console, pip_versions: Dic
                                 console.log(f"  Python requirement {py_req} too complex - check skipped")
 
             # Write the main script
-            dest.writestr("__main__.py", ZIPAPP_MAIN.format(version_check=version_check))
+            # Use a ZipInfo object to ensure reproducibility - otherwise the current time
+            # is embedded in the file.
+            main_info = ZipInfo()
+            main_info.filename = "__main__.py"
+            dest.writestr(main_info, ZIPAPP_MAIN.format(version_check=version_check))
 
     # Make the unversioned pip.pyz
     shutil.copyfile(zipapp_name, "public/pip.pyz")