[pacman-dev] [PATCH 5/5] makepkg: unify source file times for improved build reproducibility

[Allan McRae]

On 16/05/17 22:28, Eli Schwartz wrote:
> On 05/15/2017 08:51 PM, Allan McRae wrote:
>> Given I think python packages are the primary problem here, I'm going to
>> propose another solution....  Clearly embedding the timestamp in the
>> pyc/o files is a design decision and not going to be changed.  Could we
>> however, have a pass in makepkg that generates these files?  In the
>> "tidy" loop.  That would allow us to set times on the any .py files in
>> the package, and then generate pyc/o files.   No setting of source times
>> needed.
>>
>> Allan
>>
> 
> As I said on IRC, this is easier said than done. We'd have to somehow
> figure out which files are python2 and which ones are python3; while
> most will be in the appropriate /usr/lib/python$ver directory, some will
> be elsewhere, e.g. Sigil installs python3 files used for its private
> plugin interface under /usr/share/sigil instead.
> 
> Cinnamon seems to do the same (not that we ship pyc/pyo for any of
> that), as does bleachbit, but I am not sure why (since its launcher
> executable apparently claims either that or site-packages are both
> expected places to find itself???) but whatever, different topic.
> 
> Reading the shebang could help cover those cases, but then again, not
> all python modules actually come with shebangs, probably because the
> author doesn't expect people to care. "Why do you need them, syntax
> highlighting is okay because .py and you're not running them, you're
> importing them."

Other options...

1) We could actually use makepkg-template and have the python package
provide a function to do this.

2) We could follow most other distros have have the pyo/c files
generated by a hook  (I am not a fan due to having more untracked files...)

Allan