Source: python-apt Version: 0.9.3.10 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps Hi! As part of the “reproducible builds” projects [1], we have discovered that the apt_pkg module provided by python-apt embeds the date and time of the build. This makes the build process unreproducible. We don't believe such timestamps to be useful. In the case of apt_pkg, it's even a little bit confusing because the values of VERSION and LIB_VERSION are actually coming from apt, but DATE and TIME will depend solely on the build time of python-apt. The attached patch simply removes the DATE and TIME apt_pkg members. This is the only modification needed to make the package build reproducible. The sole known user of these members in the Debian archive in the example script in python-apt, according to codesearch: http://codesearch.debian.net/search?q=apt_pkg\.DATE http://codesearch.debian.net/search?q=apt_pkg\.TIME If the API change is not acceptable, another solution would be to generate their value from the latest entry of debian/changelog. [1]: https://wiki.debian.org/ReproducibleBuilds -- Lunar .''`. lunar@debian.org : :Ⓐ : # apt-get install anarchism `. `'` `-
diff -Nru python-apt-0.9.3.10/debian/changelog python-apt-0.9.3.10.0reproducible1/debian/changelog --- python-apt-0.9.3.10/debian/changelog 2014-09-04 18:08:55.000000000 +0200 +++ python-apt-0.9.3.10.0reproducible1/debian/changelog 2014-09-24 12:09:21.000000000 +0200 @@ -1,3 +1,10 @@ +python-apt (0.9.3.10.0reproducible1) UNRELEASED; urgency=medium + + * Stop providing apt_pkg.DATE and apt_pkg.TIME as they make the build + unreproducible. + + -- Jérémy Bobbio <lunar@debian.org> Wed, 24 Sep 2014 10:08:36 +0000 + python-apt (0.9.3.10) unstable; urgency=medium * python/tag.cc: ensure that the final \n is there when diff -Nru python-apt-0.9.3.10/python/apt_pkgmodule.cc python-apt-0.9.3.10.0reproducible1/python/apt_pkgmodule.cc --- python-apt-0.9.3.10/python/apt_pkgmodule.cc 2014-09-04 18:08:55.000000000 +0200 +++ python-apt-0.9.3.10.0reproducible1/python/apt_pkgmodule.cc 2014-09-24 12:08:34.000000000 +0200 @@ -880,8 +880,6 @@ // Version.. PyModule_AddStringConstant(Module,"VERSION",(char *)pkgVersion); PyModule_AddStringConstant(Module,"LIB_VERSION",(char *)pkgLibVersion); - PyModule_AddStringConstant(Module,"DATE",__DATE__); - PyModule_AddStringConstant(Module,"TIME",__TIME__); // My constants PyModule_AddIntConstant(Module,"PRI_IMPORTANT",pkgCache::State::Important); diff -Nru python-apt-0.9.3.10/doc/examples/config.py python-apt-0.9.3.10.0reproducible1/doc/examples/config.py --- python-apt-0.9.3.10/doc/examples/config.py 2014-09-04 16:08:55.000000000 +0000 +++ python-apt-0.9.3.10.0reproducible1/doc/examples/config.py 2014-09-24 10:21:34.000000000 +0000 @@ -45,8 +45,7 @@ print "Version selected - 1.1" if Cnf.find_b("help", 0) == 1: - print "python-apt", apt_pkg.VERSION, \ - "compiled on", apt_pkg.DATE, apt_pkg.TIME + print "python-apt", apt_pkg.VERSION print "Hi, I am the help text for this program" sys.exit(0)
Attachment:
signature.asc
Description: Digital signature