[New-bugs-announce] [issue40963] distutils make_zipfile uses random order
ghost43
report at bugs.python.org
Fri Jun 12 13:30:20 EDT 2020
New submission from ghost43 <somber.night at protonmail.com>:
I am trying to generate .zip sdists for a project in a reproducible manner, using setuptoools.
The generated zips differ in the order of packed files.
The root cause of the non-determinicity is using os.walk() in make_zipfile here:
https://github.com/python/cpython/blob/0d3350daa8123a3e16d4a534b6e873eb12c10d7c/Lib/distutils/archive_util.py#L174
For a potential fix, see https://github.com/pypa/setuptools/commit/29688821b381268a0d59c0d26317d88ad518f966
I guess https://bugs.python.org/issue30693 is sort of related. The change made there is necessary, and was sufficient to make the tars reproducible but not the zips.
(sidenote: Is it acceptable to sign the PSF CLA with a pseudonym?)
----------
components: Distutils
messages: 371400
nosy: dstufft, eric.araujo, ghost43
priority: normal
severity: normal
status: open
title: distutils make_zipfile uses random order
type: behavior
versions: Python 3.10, Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue40963>
_______________________________________
More information about the New-bugs-announce
mailing list