-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[discussion] should we remove .pyc files from all packages? #5278
Comments
Hey, So, the There are some discussions about this:
Personal conclusions/opinions [ feel free to argue/disagree ]:
I guess I got carried away with the background :) In any case, I would choose to fix But, if we fix this in the Thanks |
See: openwrt#5278 This should make Python & Python3 packages reproducible when building. In my local tests, I got the same sha256 for a sample .pyc file, so likely this is the solution that should address this. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
@lynxis [ i know it's the holidays now ; will ping again later :) ] |
no. chaos communication congress ;) |
What do other reproducible distros do with .pyc files? |
Tbh, I don’t know.
I’d have to check.
I’ll try to do that in the upcoming days.
I suspect that the .pyc packaging is a bit unique to OpenWrt as an
open-distro.
Other distros may just ship .py files and allow .pyc generation at runtime.
Since most just target x86 and the resources are not such a big issue.
I’ll come back with some data.
…On Thu, 28 Dec 2017 at 11:15, Matthias Schiffer ***@***.***> wrote:
What do other reproducible distros do with .pyc files?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5278 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACo3jK5tWDUhe8dqYGHFU6Rs1VYtReQQks5tE1xJgaJpZM4RC0e7>
.
|
@NeoRaider So, for a sampling of a few distros, see below:
All in all, I am not sure if other distros have got to care about Python bytecodes, so we could be in the lead with this, and we could push this for consideration to the Python project. If this goes in I'll re-check the link that @lynxis sent and if all is good I can sent this upstream for consideration. |
Hey, An update ; seems I forgot a bit about any potential discussions within Python [upstream] about reproduce-ability. Yesterday, I checked and found this [and joined in]: https://bugs.python.org/issue29708 Seems that PEP-552 was created to address this officially. Will try to keep track of that until it settles. |
More stuff for reproduce-ability: |
See: openwrt#5278 This should make Python & Python3 packages reproducible when building. In my local tests, I got the same sha256 for a sample .pyc file, so likely this is the solution that should address this. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
See: openwrt#5278 This should make Python & Python3 packages reproducible when building. In my local tests, I got the same sha256 for a sample .pyc file, so likely this is the solution that should address this. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
See: openwrt#5278 This should make Python & Python3 packages reproducible when building. In my local tests, I got the same sha256 for a sample .pyc file, so likely this is the solution that should address this. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
@lynxis |
seems the job has stopped running ; last run was on the ~20th of January ; any thoughts on when it would be back ? |
fwiw: i've added a few changes that may help Python3 be reproducible and i'd be curios what the build says |
See: openwrt#5278 This should make Python & Python3 packages reproducible when building. In my local tests, I got the same sha256 for a sample .pyc file, so likely this is the solution that should address this. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
What's the progress on this? |
So, there was a build that also included packages feed. I found this: As far as I remember, there was some work that I did to make Py3 more reproducible and I think the results were pretty good. It would be great to have a view regarding all packages, where we can see this. @lynxis |
Current tests on reproducible-builds.org are building base/core packages only. Building all packages was "temporarily disabled" in Oct 2018, re-enabled then disabled again on the same day in Feb 2019. I assume there are problems building all packages but there are no details in the commit messages. |
this seems to have died closing; feel free to re-open if i'm wrong |
maintainers: @jefferyto @kissg1988 @commodo @dangowrt
(I've taken a random amount of py maintainers, nobody should feel excluded here)
Because of reproducible builds, I've noticed many (>50) python packages are unreproducible.
Those unreproducible packages are shipping .pyc which are unreproducible [0].
When packaging the result
python-foo.ipk
all timestamp of the files in the archive will be modified to$SOURCE_DATE_EPOCH
[1]. So the timestamp of the .py won't match the .pyc.What are the reasons for .pyc files in LEDE packages?
Should we remove it?
Should we fix the .pyc timestamp?
PS: I might not know all facts of the .pyc files.
[0] https://tests.reproducible-builds.org/lede/lede_ar71xx.html (search for unreproducible)
[1] https://reproducible-builds.org/specs/source-date-epoch/
The text was updated successfully, but these errors were encountered: