Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reproducible sdist builds #1102

Closed
2 tasks done
zpah opened this issue May 15, 2019 · 8 comments · Fixed by python-poetry/poetry-core#142
Closed
2 tasks done

Reproducible sdist builds #1102

zpah opened this issue May 15, 2019 · 8 comments · Fixed by python-poetry/poetry-core#142

Comments

@zpah
Copy link

zpah commented May 15, 2019
edited
Loading

  • I have searched the issues of this repo and believe that this is not a duplicate.
  • I have searched the documentation and believe that my question is not covered.

Feature Request

Poetry (v0.12.15) makes different sdist archives by each build command invoke. It`s poor.

Would be great if poetry generated reproducible sdists for concrete SCM commits (with identical checksums!).
In my setup.py-based projects i achieve this behaviour by setuptools.command.sdist substitution, where:

  • use bz2 archiver (gzip store current timestamp in archive)
  • sort archive items by path
  • assign owner/group of tar items to root:root
  • assign archive items timestamps from SCM (Mercurial, Git) commit metadata
@drunkwcodes
Copy link

Can it be done with gzip and without root?

@zpah
Copy link
Author

zpah commented May 16, 2019

Can it be done with gzip and without root?

  1. Poetry use gzip.GzipFile in command sdist: https://github.com/sdispater/poetry/blob/cb6491415f59742f06f0ca322ec546b88aa412ef/poetry/masonry/builders/sdist.py#L56
    Option mtime, for example, can be involed:
    gzip.GzipFile("test.txt.gz", mode="wb", mtime=stable_timestamp_from_scm).
    It will provide stable archive checksum.
  2. Without root ?! I mean any stable predictable uid/gid for all sdist tar-archive items!
    Poetry already does it. It add sdist items with uid/gid assigned to 0/0.
    User and group 'root:root' (uid=0, gid=0) in this case was good neutral candidat. For this purpose the privileges of the superuser are not required during archive creation.

@stale
Copy link

stale bot commented Nov 13, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Nov 13, 2019
@stale
Copy link

stale bot commented Nov 20, 2019

Closing this issue automatically because it has not had any activity since it has been marked as stale. If you think it is still relevant and should be addressed, feel free to open a new one.

@stale stale bot closed this as completed Nov 20, 2019
@Natureshadow
Copy link

Will poetry be changed to create reproducible sdist builds any time soon?

@abn abn mentioned this issue Mar 22, 2021
Merged
@abn
Copy link
Member

abn commented Mar 22, 2021

@Natureshadow The linked PR should resolve this.

@zpah
Copy link
Author

zpah commented Mar 22, 2021

Not will. Python became rotted. Migrate to Rust.

@dimbleby dimbleby mentioned this issue Oct 17, 2023
Closed
3 tasks
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 2, 2024

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use deterministic time for generated sdist files abn/poetry-core
4 participants
@abn @Natureshadow @zpah @drunkwcodes