classification
Title: setup.py sdist should honor SOURCE_DATE_EPOCH
Type: Stage: resolved
Components: Distutils Versions:
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: dstufft, eric.araujo, mbussonn, steve.dower, zwol
Priority: normal Keywords: patch

Created on 2019-10-29 13:03 by zwol, last changed 2021-02-03 18:08 by steve.dower. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 20331 closed mbussonn, 2020-05-23 19:31
Messages (3)
msg355652 - (view) Author: Zack Weinberg (zwol) * Date: 2019-10-29 13:03
Reproducibility has so far been concerned primarily with binary packages, but it's also desirable for source tarballs to be reproducible starting from a version-control checkout.  This is particularly important for Python, where 'setup.py sdist' can run arbitrary code and generated files (e.g. Cython-generated C) are often included in sdists.

As a small step toward this goal, please add support for the SOURCE_DATE_EPOCH environment variable to distutils.command.sdist.  The most natural way to implement this would be with an additional user option, perhaps called 'timestamp_limit', which takes a date and time argument.  File modification timestamps in the generated tarball or zipfile will be adjusted to be no later than that time.  If 'timestamp_limit' is not set, it defaults to the value of os.environ['SOURCE_DATE_EPOCH'].

The specification for SOURCE_DATE_EPOCH may be found at https://reproducible-builds.org/specs/source-date-epoch/ .
msg369739 - (view) Author: Matthias Bussonnier (mbussonn) * Date: 2020-05-23 19:34
https://github.com/python/cpython/pull/20331 is a first step toward this. 

See comments in there, I would love some reviews. If that gets im I'll be happy to send further refactor to make the compression step also respect SOURCE_DATE_EPOCH.

For projects building with older python you should be able to unpack/repack with your custom scripts that should allow you have bytes identical tar in many cases.
msg386269 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2021-02-03 18:08
Distutils is now deprecated (see PEP 632) and all tagged issues are being closed. From now until removal, only release blocking issues will be considered for distutils.

If this issue does not relate to distutils, please remove the component and reopen it. If you believe it still requires a fix, most likely the issue should be re-reported at https://github.com/pypa/setuptools
History
Date User Action Args
2021-02-03 18:08:04steve.dowersetstatus: open -> closed

nosy: + steve.dower
messages: + msg386269

resolution: out of date
stage: patch review -> resolved
2020-10-22 20:40:05eric.araujounlinkissue29708 dependencies
2020-10-22 20:39:28eric.araujolinkissue29708 dependencies
2020-05-23 19:34:54mbussonnsetmessages: + msg369739
2020-05-23 19:31:12mbussonnsetkeywords: + patch
stage: patch review
pull_requests: + pull_request19599
2020-05-23 17:51:31mbussonnsetnosy: + mbussonn
2019-10-29 13:03:17zwolcreate