Add support for reproducible builds #2
Conversation
See [1] for more info about reproducible builds. In case of zip files we need to adjust timestamps. After this change, each built zip archive will have same hash (as long as packaged files do not change) [1] https://hatch.pypa.io/latest/config/build/#reproducible-builds
There was a problem hiding this comment.
@adamws Thank you for the PR! I think adding the capability of reproducible builds is a valuable addition.
Currently, this code fails our CI tests, due to various style nits.
Here are some comments which call out those nits, and add a few more.
The most important has to do with not reading whole files into memory in ZipArchive.add_file.
(If you'd rather I fix these, say so. I don't want to mess with your code, however, if you feel like addressing these issues.)
Hello, this code is derived from my project: https://github.com/adamws/hatch-kicad |
Restore the behavior (from ZipFile.writestr) of setting the timestamp to the current time for non-reproducible builds.
Plus a couple of stylistic refactorings
Ripped from hatchling's WheelArchive.add_file: Popular VCSs only track whether a file is executable or not. The exact permissions can vary on systems with different umasks. Normalizing to 644 (non executable) or 755 (executable) makes builds more reproducible.
@adamws Thank you. I think I've addressed the issues raised in my comments. Again, thank you for the PR. I think it's a good addition. |
|
Released in 0.1.0b4. |
See [1] for more info about reproducible builds. In case of zip files we need to adjust timestamps. After this change, each built zip archive will have same hash (as long as packaged files do not change)
[1] https://hatch.pypa.io/latest/config/build/#reproducible-builds