[New-bugs-announce] [issue38632] setup.py sdist should honor SOURCE_DATE_EPOCH
Zack Weinberg
report at bugs.python.org
Tue Oct 29 09:03:17 EDT 2019
New submission from Zack Weinberg <zackw at panix.com>:
Reproducibility has so far been concerned primarily with binary packages, but it's also desirable for source tarballs to be reproducible starting from a version-control checkout. This is particularly important for Python, where 'setup.py sdist' can run arbitrary code and generated files (e.g. Cython-generated C) are often included in sdists.
As a small step toward this goal, please add support for the SOURCE_DATE_EPOCH environment variable to distutils.command.sdist. The most natural way to implement this would be with an additional user option, perhaps called 'timestamp_limit', which takes a date and time argument. File modification timestamps in the generated tarball or zipfile will be adjusted to be no later than that time. If 'timestamp_limit' is not set, it defaults to the value of os.environ['SOURCE_DATE_EPOCH'].
The specification for SOURCE_DATE_EPOCH may be found at https://reproducible-builds.org/specs/source-date-epoch/ .
----------
components: Distutils
messages: 355652
nosy: dstufft, eric.araujo, zwol
priority: normal
severity: normal
status: open
title: setup.py sdist should honor SOURCE_DATE_EPOCH
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38632>
_______________________________________
More information about the New-bugs-announce
mailing list