-
-
Notifications
You must be signed in to change notification settings - Fork 590
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Entry in .git_archival.txt makes repository artifacts non-reproducible #1394
Comments
The guidance is the same as in many other repos where @dvzrv opened the same issue — use sdists on PyPI. They are immutable and are the source for the downstreams. Using regular Git instead of the exported archive should also work. |
No, the guidance should instead be to follow the revised upstream documentation of setuptools_scm (https://github.com/pypa/setuptools_scm/pull/1033/files) and remove known problematic settings from that file :)
It doesn't (as one can not lock the file contents at a given tag due to the problematic settings in .git_archival.txt). @abhinavsingh AFAIK this entire topic is basically down to two things (for you as project maintainer):
|
Ah, so one line can be removed and I that'll work. I'll need to adjust it in my projects too, then. Git archive is something that is useful for non-tagged commits so I wouldn't remove the use of this feature. It's much more frictionless, than having to instruct the users to set env vars. |
Describe the bug
Hi 👋
We are currently rebuilding all relevant packages against Python 3.12 on Arch Linux.
While revisiting the proxy.py package I noticed that it uses setuptools_scm and a .git_archival.txt setup which makes the artifacts of this repository non-reproducible.
As we would like to be able to rely on transparent sources (those not created by a custom process) for our packages, it would be great if you could revise/ remove the .git_archival.txt file from this repository.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The artifacts of a repository (the auto-generated tarballs) do not change due to arbitrary changes to the repository done after a tag.
Version information
Additional context
The problem has been discussed upstream in pypa/setuptools-scm#806 and led to them revising (removing) the problematic content in question in their documentation (pypa/setuptools-scm#1033).
Screenshots
n/a
The text was updated successfully, but these errors were encountered: