Source: python-apt
Version: 0.9.3.10
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
Hi!
As part of the “reproducible builds” projects [1], we have discovered
that the apt_pkg module provided by python-apt embeds the date and time
of the build. This makes the build process unreproducible.
We don't believe such timestamps to be useful. In the case of apt_pkg,
it's even a little bit confusing because the values of VERSION and
LIB_VERSION are actually coming from apt, but DATE and TIME will depend
solely on the build time of python-apt.
The attached patch simply removes the DATE and TIME apt_pkg members.
This is the only modification needed to make the package build
reproducible. The sole known user of these members in the Debian archive
in the example script in python-apt, according to codesearch:
http://codesearch.debian.net/search?q=apt_pkg\.DATE
http://codesearch.debian.net/search?q=apt_pkg\.TIME
If the API change is not acceptable, another solution would be to
generate their value from the latest entry of debian/changelog.
[1]: https://wiki.debian.org/ReproducibleBuilds
--
Lunar .''`.
lunar@debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
diff -Nru python-apt-0.9.3.10/debian/changelog python-apt-0.9.3.10.0reproducible1/debian/changelog
--- python-apt-0.9.3.10/debian/changelog 2014-09-04 18:08:55.000000000 +0200
+++ python-apt-0.9.3.10.0reproducible1/debian/changelog 2014-09-24 12:09:21.000000000 +0200
@@ -1,3 +1,10 @@
+python-apt (0.9.3.10.0reproducible1) UNRELEASED; urgency=medium
+
+ * Stop providing apt_pkg.DATE and apt_pkg.TIME as they make the build
+ unreproducible.
+
+ -- Jérémy Bobbio <lunar@debian.org> Wed, 24 Sep 2014 10:08:36 +0000
+
python-apt (0.9.3.10) unstable; urgency=medium
* python/tag.cc: ensure that the final \n is there when
diff -Nru python-apt-0.9.3.10/python/apt_pkgmodule.cc python-apt-0.9.3.10.0reproducible1/python/apt_pkgmodule.cc
--- python-apt-0.9.3.10/python/apt_pkgmodule.cc 2014-09-04 18:08:55.000000000 +0200
+++ python-apt-0.9.3.10.0reproducible1/python/apt_pkgmodule.cc 2014-09-24 12:08:34.000000000 +0200
@@ -880,8 +880,6 @@
// Version..
PyModule_AddStringConstant(Module,"VERSION",(char *)pkgVersion);
PyModule_AddStringConstant(Module,"LIB_VERSION",(char *)pkgLibVersion);
- PyModule_AddStringConstant(Module,"DATE",__DATE__);
- PyModule_AddStringConstant(Module,"TIME",__TIME__);
// My constants
PyModule_AddIntConstant(Module,"PRI_IMPORTANT",pkgCache::State::Important);
diff -Nru python-apt-0.9.3.10/doc/examples/config.py python-apt-0.9.3.10.0reproducible1/doc/examples/config.py
--- python-apt-0.9.3.10/doc/examples/config.py 2014-09-04 16:08:55.000000000 +0000
+++ python-apt-0.9.3.10.0reproducible1/doc/examples/config.py 2014-09-24 10:21:34.000000000 +0000
@@ -45,8 +45,7 @@
print "Version selected - 1.1"
if Cnf.find_b("help", 0) == 1:
- print "python-apt", apt_pkg.VERSION, \
- "compiled on", apt_pkg.DATE, apt_pkg.TIME
+ print "python-apt", apt_pkg.VERSION
print "Hi, I am the help text for this program"
sys.exit(0)
Attachment:
signature.asc
Description: Digital signature