Author ghost43
Recipients dstufft, eric.araujo, ghost43
Date 2020-06-12.17:30:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1591983020.96.0.753934283459.issue40963@roundup.psfhosted.org>
In-reply-to
Content
I am trying to generate .zip sdists for a project in a reproducible manner, using setuptoools.
The generated zips differ in the order of packed files.

The root cause of the non-determinicity is using os.walk() in make_zipfile here:
https://github.com/python/cpython/blob/0d3350daa8123a3e16d4a534b6e873eb12c10d7c/Lib/distutils/archive_util.py#L174

For a potential fix, see https://github.com/pypa/setuptools/commit/29688821b381268a0d59c0d26317d88ad518f966

I guess https://bugs.python.org/issue30693 is sort of related. The change made there is necessary, and was sufficient to make the tars reproducible but not the zips.

(sidenote: Is it acceptable to sign the PSF CLA with a pseudonym?)
History
Date User Action Args
2020-06-12 17:30:21ghost43setrecipients: + ghost43, eric.araujo, dstufft
2020-06-12 17:30:20ghost43setmessageid: <1591983020.96.0.753934283459.issue40963@roundup.psfhosted.org>
2020-06-12 17:30:20ghost43linkissue40963 messages
2020-06-12 17:30:20ghost43create