Created on 2019-11-06 20:14 by zwol, last changed 2020-10-22 21:31 by eric.araujo.
| Messages (4) | |||
|---|---|---|---|
| msg356152 - (view) | Author: Zack Weinberg (zwol) * | Date: 2019-11-06 20:14 | |
Recent versions of the gzip command-line utility have an option `-n` which causes it to omit the FNAME field of the gzip file header, and write out the MTIME field as zero. Both of these properties are desirable when constructing reproducible build artifacts (see https://reproducible-builds.org/ ). An sdist tarball is a build artifact and it should be created as reproducibly as possible. In particular, --format=gztar should behave as-if `gzip -n` were in use. (The stdlib's gzip module can produce output equivalent to what gzip -n does, but this is not currently documented nor is it accessible via `tarfile`. Both of those should be easy fixes. See bug 38725 and bug 38726.) |
|||
| msg379343 - (view) | Author: Éric Araujo (eric.araujo) *  |
Date: 2020-10-22 20:41 | |
Distutils isn’t used much (directly), I think this should be reported to the tools that create sdists, such as setuptools and flit. |
|||
| msg379352 - (view) | Author: Zack Weinberg (zwol) * | Date: 2020-10-22 21:20 | |
The code that needs to be changed is in distutils, setuptools just calls into it. I haven't checked flit but I expect it does the same. |
|||
| msg379357 - (view) | Author: Éric Araujo (eric.araujo) * |
Date: 2020-10-22 21:31 | |
setuptools has its own copy of distutils now. flit is independent of distutils. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2020-10-22 21:31:41 | eric.araujo | set | messages: + msg379357 |
| 2020-10-22 21:20:03 | zwol | set | messages: + msg379352 |
| 2020-10-22 20:41:26 | eric.araujo | set | messages: + msg379343 |
| 2020-10-22 20:40:05 | eric.araujo | unlink | issue29708 dependencies |
| 2020-10-22 20:39:28 | eric.araujo | link | issue29708 dependencies |
| 2019-11-06 20:14:38 | zwol | create | |