Debian Bug report logs -
#804339
dh-python: please pass --force to `setup.py install` to avoid non-determinstic shebangs and dependencies
Reported by: Chris Lamb <lamby@debian.org>
Date: Sat, 7 Nov 2015 15:03:02 UTC
Severity: normal
Tags: patch
Found in version dh-python/2.20151103
Fixed in version dh-python/2.20160609
Done: Piotr Ożarowski <piotr@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-builds@lists.alioth.debian.org, Piotr Ożarowski <piotr@debian.org>:
Bug#804339; Package src:dh-python.
(Sat, 07 Nov 2015 15:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-builds@lists.alioth.debian.org, Piotr Ożarowski <piotr@debian.org>.
(Sat, 07 Nov 2015 15:03:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: dh-python
Version: 2.20151103
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: randomness toolchain
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
Hi,
Whilst working on the "reproducible builds" effort [0], we noticed that dh-python non-deterministically creates packages with differing shebangs and--by extension--binary dependencies:
│ -#!/usr/bin/python3
│ +#!/usr/bin/python3.5
[..]
│ -Depends: python3-six, python3:any (>= 3.3.2-2~)
│ +Depends: python3-six, python3.5:any, python3:any (>= 3.3.2-2~)
This is caused by us building multiple Python versions into separate directories under {build_dir} but then installing them to the *same* {destdir}.
If any of these builds complete in under 1 second, distutils may decide to skip copying files to {destdir} as it incorrectly believes them to be up-to-date. This will result in a package arbitrarily containing scripts with different version shebangs and, by extension, binary dependencies.
A patch is attached that passes --force to `setup.py install [..]` which avoids the underling calls to distutils's `dep_util.newer` and always updates {destdir}.
[0] https://wiki.debian.org/ReproducibleBuilds
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
[dh-python.diff.txt (text/plain, attachment)]
Severity set to 'normal' from 'wishlist'
Request was from Holger Levsen <holger@layer-acht.org>
to control@bugs.debian.org.
(Mon, 09 Nov 2015 13:06:09 GMT) (full text, mbox, link).
Reply sent
to Piotr Ożarowski <piotr@debian.org>:
You have taken responsibility.
(Thu, 09 Jun 2016 16:54:13 GMT) (full text, mbox, link).
Notification sent
to Chris Lamb <lamby@debian.org>:
Bug acknowledged by developer.
(Thu, 09 Jun 2016 16:54:13 GMT) (full text, mbox, link).
Message #12 received at 804339-close@bugs.debian.org (full text, mbox, reply):
Source: dh-python
Source-Version: 2.20160609
We believe that the bug you reported is fixed in the latest version of
dh-python, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 804339@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Piotr Ożarowski <piotr@debian.org> (supplier of updated dh-python package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 09 Jun 2016 18:37:46 +0200
Source: dh-python
Binary: dh-python
Architecture: source all
Version: 2.20160609
Distribution: unstable
Urgency: medium
Maintainer: Piotr Ożarowski <piotr@debian.org>
Changed-By: Piotr Ożarowski <piotr@debian.org>
Description:
dh-python - Debian helper tools for packaging Python libraries and applicatio
Closes: 791433 801719 804339 811083 819353
Changes:
dh-python (2.20160609) unstable; urgency=medium
.
[ Piotr Ożarowski ]
* pybuild's distutils build plugin: use force option at install stage to
avoid non-deterministic shebangs (closes: 804339)
* pybuild.pm:
- fail with a message about missing interpreter package in
Build-Depends if there's none (closes: 819353)
- do not pass --dir to pybuild if it's equal to current directory
(to make PYBUILD_DIR override possible)
* dh_pypy: fix dpkg search template to find more pypy egg-info packages
* dh_py*:
- add interpreter to Depends if .so file is detected in private dir
only if python{,3,all,3-all}-dev is in Build-Depends (closes: 811083)
- use Build-Depends' minimum version for required libraries if other
methods to detect it failed (closes: 791433)
- --requires now tries to find given file in debian/pkg-name/ dir
(`--requires foo/bar.txt` will try debian/python3-spam/foo/bar.txt and
fall back to ./foo/bar.txt)
- print an error if there's no package to act on
- fix handling symlinks while moving files to common directory
(closes: 801719)
.
[ Ondřej Nový ]
* When depends on python{3,}-setuptools-scm, set
SETUPTOOLS_SCM_PRETEND_VERSION to upstream version
* Standards-Version is 3.9.8 now (no changes needed)
* Changed Vcs-* URLs to https protocol
.
[ James Page ]
* dhpython/pydist.py: Ensure that != dependency versions are ignored
(LP: #1581065).
Checksums-Sha1:
115ec0072abd30672fb923dac9684909addb63d5 1712 dh-python_2.20160609.dsc
e875d3eea5d3f82d8e5c8818e075863dd89d0bc6 80768 dh-python_2.20160609.tar.xz
5acd0d8258b136c6cff0c6338b3cba7f107e3463 78374 dh-python_2.20160609_all.deb
Checksums-Sha256:
36ca37386a00b771aa4137b51a121fb964193084049043a3ebdc63a4ab1ae8e5 1712 dh-python_2.20160609.dsc
36d6c8584b0cf6aaed0c74b914d88602a01e949033518a452304275a6ba05e82 80768 dh-python_2.20160609.tar.xz
8668072f56936c61f94ca4085d91af16b8472717c5c7d9b4caac968c6749b2ec 78374 dh-python_2.20160609_all.deb
Files:
44f5f97ced3d8c86dc058c600dce9e40 1712 python optional dh-python_2.20160609.dsc
f0228727ca4f7ed0c2df2e729e01bfe1 80768 python optional dh-python_2.20160609.tar.xz
159fbd2d6e354b7eca016bcfbee29344 78374 python optional dh-python_2.20160609_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXWZu8AAoJEK728aKnRXZFuu8QAMsG5jiOwGnDY1I0HVSMSTVE
3n8L70YjyHHvFYzQ0Ikb4DjLU6fLsrLgYRkyxlfcVLNG9xIXo8iki3a9YuBM+EOk
ACF6SkGpYNJVl/OrxsAdVzwRUa7WeQps1Z5vEjEev/Op0fT4aJHkHVjoBZ4qXymL
6ecL6SGN9V7+mpAe3LsYc2Imoh3hQNB/8Fd/NP+k3rpfPC4GNogFW8fGTJP9qpUV
Gensl8te/cJJJJtG5F91OfUyPTfdIoWGy06lQ0KRuaUEClN9jAulYgzodcgGD465
TCEcSzXyrTy/rrwdz1mHcahVZdZjCZtRXL+IncxwvdMtL8cPgKBFWZkrB1sLQfz/
AfF1siHXobrP7VgqinZEL5coe7vhUi78CE4dBvvW+hS0ChH45D9+F/6Ty80339mZ
i6jOyQLhQlx5Q8IfuVu0KrSDZTpAfO8plkogcpgkNnsA29Nko/NgGCH6D+p3rYN+
jjFdqQXx+DSViMVCzsAFtut7zub032SXCYxtkmRvyTgiVBcxP7rtIqn/sLwk1cJy
UqdyM8FsG9iICe1uhDtTiu34+T7KKI6FKbf3q+skN/OZvs6B8qU8v0cq10j3ZhfC
79xI7wbgd8Smv2uXrmfF3QMloeqYS9M39Sa4f4OSIcZZca96pgFzWzapTWoLFobu
7YB+xIaFWlJEm4EZ3bVL
=pN/q
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 13 Jul 2016 07:29:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 14:05:50 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.