From ee8a69dcdb128142eefefed7001b0978ce9fc8b4 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Sun, 4 Sep 2022 17:49:14 +0100 Subject: [PATCH] Ensure zipapp generation is reproducible --- public/pip-22.2.2.pyz | Bin 2023932 -> 2023932 bytes public/pip.pyz | Bin 2023932 -> 2023932 bytes scripts/generate.py | 8 ++++++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/public/pip-22.2.2.pyz b/public/pip-22.2.2.pyz index 7c8eec81b39a25ec0f626760e8c55077ba6b53bf..be4afbdd6f5d04753547f4a02552bf7c9a853d0e 100644 GIT binary patch delta 89 zcmW;8xebFb06D6y*nV_7^7N!>F7M2#)7Pc1l7LFFq7OocV7M>Q~7QPn#7J(MQ7NHj57LgXw q7O@ub7Ks+g7O58L7MT{=C35yGd_5|m+ga@8wk`rQr|*3zXAb~+mmSOi diff --git a/public/pip.pyz b/public/pip.pyz index 7c8eec81b39a25ec0f626760e8c55077ba6b53bf..be4afbdd6f5d04753547f4a02552bf7c9a853d0e 100644 GIT binary patch delta 89 zcmW;8xebFb06D6y*nV_7^7N!>F7M2#)7Pc1l7LFFq7OocV7M>Q~7QPn#7J(MQ7NHj57LgXw q7O@ub7Ks+g7O58L7MT{=C35yGd_5|m+ga@8wk`rQr|*3zXAb~+mmSOi diff --git a/scripts/generate.py b/scripts/generate.py index 4868d729..e9e59fde 100644 --- a/scripts/generate.py +++ b/scripts/generate.py @@ -10,7 +10,7 @@ from io import BytesIO from pathlib import Path from typing import Dict, Iterable, List, TextIO, Tuple -from zipfile import ZipFile +from zipfile import ZipFile, ZipInfo import requests from cachecontrol import CacheControl @@ -341,7 +341,11 @@ def generate_zipapp(pip_version: Version, *, console: Console, pip_versions: Dic console.log(f" Python requirement {py_req} too complex - check skipped") # Write the main script - dest.writestr("__main__.py", ZIPAPP_MAIN.format(version_check=version_check)) + # Use a ZipInfo object to ensure reproducibility - otherwise the current time + # is embedded in the file. + main_info = ZipInfo() + main_info.filename = "__main__.py" + dest.writestr(main_info, ZIPAPP_MAIN.format(version_check=version_check)) # Make the unversioned pip.pyz shutil.copyfile(zipapp_name, "public/pip.pyz")