Build not reproducible when different python environement used #5377
Comments
|
Hmm, you're right. Currently, the builds are not build-location invariant, and therefore not reproducible (on any OS) when the virtual environment is relocated (even if Setting However, the And consequently, the final exe (which is bootloader + PKG archive) is not reproducible, either. Considering we are stripping the paths from .pyc files in the PYZ and from the frozen script in PKG, not doing so for the pyinstaller loader modules in PKG does look like an oversight (or there is a technical reason of which I'm not yet aware). |
This makes the .pyc modules in the PKG archive invariant to the build-environment location, and in turn enables reproducible builds without having to match the location of the build environment. Fixes pyinstaller#5377.
This makes the .pyc modules in the PKG archive invariant to the build-environment location, and in turn enables reproducible builds without having to match the location of the build environment. Fixes #5377.
|
Great, thank you very much. This went super fast :) |
…r#5380) This makes the .pyc modules in the PKG archive invariant to the build-environment location, and in turn enables reproducible builds without having to match the location of the build environment. Fixes pyinstaller#5377.
I'm not sure whether this is a bug but I found that a build on Windows is not reproducible when a different virtualenv is used even when both environements have exactly the same packages.
Im using
Python 3.8.3
pyinstaller 4.1
Windows 10
What I did:
open cmd
mkdir folder_1
cd folder_1
echo print('hello world') >> test.py
set PYTHONHASHSEED=1
C:\path_to_python_38\python.exe -m virtualenv venv
venv\Scripts\activate
python -m pip install pyinstaller
python -m PyInstaller --clean test.py
:: md5 checksum data of: dist\test 16C651921E1AF9A6CC5B539E4AE772C0
:: md5 checksum data and names of: dist\test 4521166FB1B3B049CB7FEEF23FAD181E
:: md5 checksum data of: dist\test\test.exe 3A2E7CDB2FF328172FEF5ECC4805E99B
open cmd
mkdir folder_2
cd folder_2
echo print('hello world') >> test.py
set PYTHONHASHSEED=1
C:\path_to_python_38\python.exe -m virtualenv venv
venv\Scripts\activate
python -m pip install pyinstaller
python -m PyInstaller --clean test.py
:: md5 checksum data of: dist\test 7FB0108BEB9E484B99D935A1D8121934
:: md5 checksum data and names of: dist\test C8A76D3B688AD89536ABC1A0A5841482
:: md5 checksum data of: dist\test\test.exe A3183BD4FC7778BBFB6C41CFD6308F0F
This implies that a third person is probably not able to reproduce a given binary and even on the same computer when a folder is changed, the binary will differ. I'm not sure wether this is even a desired feature and maybe I understand this wrong, but what is the point of reproducibility if you cannot reproduce the binary file on a third machine in order to check wether a given binary actually is the one corresponding to a given code.
The text was updated successfully, but these errors were encountered: