Debian Bug report logs -
#1032057
pyproject-api: please make the build reproducible
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian Python Team <team+python@tracker.debian.org>:
Bug#1032057; Package src:pyproject-api.
(Mon, 27 Feb 2023 07:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "Chris Lamb" <lamby@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian Python Team <team+python@tracker.debian.org>.
(Mon, 27 Feb 2023 07:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: pyproject-api
Version: 1.5.0-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0] we noticed
that pyproject-api could not be built reproducibly.
This is because the documentation embeds the current date in the
build system's current timezone. A patch is attached that uses
SOURCE_DATE_EPOCH [1] if available.
[0] https://reproducible-builds.org/
[1] https://reproducible-builds.org/specs/source-date-epoch/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
[pyproject-api.diff.txt (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Team <team+python@tracker.debian.org>:
Bug#1032057; Package src:pyproject-api.
(Sat, 04 Mar 2023 11:57:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Faidon Liambotis <paravoid@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Team <team+python@tracker.debian.org>.
(Sat, 04 Mar 2023 11:57:02 GMT) (full text, mbox, link).
Message #10 received at 1032057@bugs.debian.org (full text, mbox, reply):
Hi Chris!
On Mon, Feb 27, 2023 at 07:53:12AM +0000, Chris Lamb wrote:
> Whilst working on the Reproducible Builds effort [0] we noticed
> that pyproject-api could not be built reproducibly.
That's unfortunate! Sorry for not realizing it before you did.
For what it's worth, this package was uploaded as a new dependency of
tox 4. It looks like tox 4.4.6-1 (uploaded to experimental last week)
suffers from the same issue as well. I will handle it there as soon as
we conclude our resolution of this one -- no need for a separate bug :)
> This is because the documentation embeds the current date in the
> build system's current timezone. A patch is attached that uses
> SOURCE_DATE_EPOCH [1] if available.
>
> ...
>
> + html_theme = "furo"
> +-html_title, html_last_updated_fmt = "pyproject-api docs", datetime.now().isoformat()
> ++build_date = datetime.utcfromtimestamp(
> ++ int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
> ++)
> ++html_title, html_last_updated_fmt = "pyproject-api docs", build_date.isoformat()
Looking at Sphinx's documentation, it looks like html_last_updated_fmt,
as the name hints, is supposed to be the format string, not the actual
date. (A literal date works as a format because anything that's not
percent-encoded is passed on unmodified. So I think that's just a happy
accident.)
I checked the Sphinx source code, and it looks like the string is used
in prepare_writing() from builders/html/__init__.py, which in turn
passes it on as an argument to format_date() from util/i18n.py. It looks
like format_date() has support for SOURCE_DATE_EPOCH.
So from what I can tell, a much simpler patch would be to set
html_last_updated_fmt to "%Y-%m-%dT%H:%M:%S.%f" for the equivalent ISO
8601 string (or even something with less accuracy) -- no need to fiddle
with the datetime module, or SOURCE_DATE_EPOCH at all.
I know you've gone to great lengths to make Sphinx docs reproducible
across the board, so I'm leaning on your experience to let me know if
I'm missing something here before I patch it locally and pass it on to
the two upstream projects. Looking forward to your feedback.
Best,
Faidon
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Team <team+python@tracker.debian.org>:
Bug#1032057; Package src:pyproject-api.
(Mon, 13 Mar 2023 13:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Faidon Liambotis <paravoid@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Team <team+python@tracker.debian.org>.
(Mon, 13 Mar 2023 13:36:03 GMT) (full text, mbox, link).
Message #17 received at 1032057@bugs.debian.org (full text, mbox, reply):
On Sat, Mar 04, 2023 at 01:17:55PM +0200, Faidon Liambotis wrote:
> I checked the Sphinx source code, and it looks like the string is used
> in prepare_writing() from builders/html/__init__.py, which in turn
> passes it on as an argument to format_date() from util/i18n.py. It looks
> like format_date() has support for SOURCE_DATE_EPOCH.
>
> So from what I can tell, a much simpler patch would be to set
> html_last_updated_fmt to "%Y-%m-%dT%H:%M:%S.%f" for the equivalent ISO
> 8601 string (or even something with less accuracy) -- no need to fiddle
> with the datetime module, or SOURCE_DATE_EPOCH at all.
I submitted a PR and fixed this issue upstream in both pyproject-api and
tox. The former was included in the 1.5.1 release, which I'll upload
shortly.
Regards,
Faidon
Reply sent
to Faidon Liambotis <paravoid@debian.org>:
You have taken responsibility.
(Mon, 13 Mar 2023 14:39:05 GMT) (full text, mbox, link).
Notification sent
to "Chris Lamb" <lamby@debian.org>:
Bug acknowledged by developer.
(Mon, 13 Mar 2023 14:39:05 GMT) (full text, mbox, link).
Message #22 received at 1032057-close@bugs.debian.org (full text, mbox, reply):
Source: pyproject-api
Source-Version: 1.5.1-1
Done: Faidon Liambotis <paravoid@debian.org>
We believe that the bug you reported is fixed in the latest version of
pyproject-api, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1032057@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Faidon Liambotis <paravoid@debian.org> (supplier of updated pyproject-api package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 13 Mar 2023 15:32:10 +0200
Source: pyproject-api
Architecture: source
Version: 1.5.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Faidon Liambotis <paravoid@debian.org>
Closes: 1032057
Changes:
pyproject-api (1.5.1-1) unstable; urgency=medium
.
* New upstream release.
- Fixes build reproducibility issue, as reported by Chris Lamb.
(Closes: #1032057)
Checksums-Sha1:
391063c612474f0112cf609e4e1855337f47ecf7 2449 pyproject-api_1.5.1-1.dsc
e91c92fa7dea858062a573d93aaabbc0cc38997e 22081 pyproject-api_1.5.1.orig.tar.gz
6ab71b60f1537383b90e63bfa01285e704ce94f2 2980 pyproject-api_1.5.1-1.debian.tar.xz
45d6d11e448c9b1b64190d11258acb6cee9dc36e 9314 pyproject-api_1.5.1-1_source.buildinfo
Checksums-Sha256:
8ca2a6c15a440e939a2356b4b37a217f94f6886eb70fffdd12526b2547c33ea4 2449 pyproject-api_1.5.1-1.dsc
435f46547a9ff22cf4208ee274fca3e2869aeb062a4834adfc99a4dd64af3cf9 22081 pyproject-api_1.5.1.orig.tar.gz
bfdb13d53926e887ee02338572d61097fd92f0d3799d992d1e274919d78e8e1a 2980 pyproject-api_1.5.1-1.debian.tar.xz
fbdd2d6e362795d72128902fbb4516d84a1f30bf4d47ec0c4d7c0ba1c33a1d30 9314 pyproject-api_1.5.1-1_source.buildinfo
Files:
3c5a7f9d0056b69245a6a0587ebb96b4 2449 python optional pyproject-api_1.5.1-1.dsc
e4cccbdd42c5f9abf86600dc39377ae1 22081 python optional pyproject-api_1.5.1.orig.tar.gz
5d3bd3964bc731bb4ead3723c50701fa 2980 python optional pyproject-api_1.5.1-1.debian.tar.xz
8389cf6eea6531ccb67249a7039a2091 9314 python optional pyproject-api_1.5.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEqVksUhy5BAd9ZZgAnQteWx7sjw4FAmQPLY8ACgkQnQteWx7s
jw5OgA/+KX23Ex/jxdj611s8ahb7PLsm3J57Asu2Y89OyPrBj09sYoyOsQzwCMON
N2I6Tkc08uRfcacOtocZcLNxotgksUnhulpvJ/gC2SnvJAMWBzOb/l6q0qh8y0TH
NdABO9ZGxGFxExEYOVdG4ygtVziOjR2GG99NTVY7VNIsGIvhnaYDS+0H7YafYXcD
EPCvjpCJQwDC2gn6gfqmDRUJk7p+XGuEbAiWcnvBuaOKw8oTU6O4pDc1z9B0LWr2
Hnz8W2egzW26yNX1XkdYaHx2OLLGlYbq/4eNwIT0FDTQkXAP1sOC+vu3LtMoiUiw
cvsT0Dt98fOJ4aSVynrkOLGLN4qA+Kzi3rlAZRcEWfAy4s3K9L7Zk+PsVkP4LQDD
zWZQ2SHLJ+cjzExZLSAM05WuzZj0kw5O9MY89oafENDVxr7OxPxLnjkGEdbjxmKR
U6ohfnQs5h7WrImCrT6E2igXeXbuO0mRIeSDVse3tfEYeTzPlZNDWcFqu7MbEWpX
sGL8yQrBTm4KJg7xnjqF4Q4EIJIw+0NRYx/Xb/mNtrXvr6v0aNtgrhPXmpB5w+wV
KzpHYuOlqlX6paGOE6BnoZt0z3RP1VuZGF/z/nYXYXPSmE7n07X4ieEZC/FMuCCD
xJDy2VCHHWcfoD4wZvsHTuH2GlDO6R5G4uu+eQa2trVIL1M2hWI=
=KpNx
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 11 Apr 2023 07:25:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 12:34:51 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.