You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When you build wheel files unfortunately they are not build deterministically (read: reproducible) at the moment. This is a larger issue in the wheel library since it creates a list of files included in the wheel file that also includes timestamps for each file when adding the file to the wheel file and not of its original file creation datetime.
That would override the timestamp used in the list of files and should make it possible to create local copies of the files created on the Jazzband continuous integration system.
So here’s the idea to make this easier for Jazzband:
Create a timestamp on the CI system in the release workflow with the current epoch on the build system.
Find a way to submit that timestamp together with the rest of the metadata to the Jazzband package index (e.g. as part of the package meta data, or an asset file on the CI service or ..).
During verification, use the original timestamp from CI when recreating the wheel file locally.
So all we would need to do is to provide a way to store the SOURCE_DATE_EPOCH timestamp to solve (2) and document (3).
The text was updated successfully, but these errors were encountered:
When you build wheel files unfortunately they are not build deterministically (read: reproducible) at the moment. This is a larger issue in the wheel library since it creates a list of files included in the wheel file that also includes timestamps for each file when adding the file to the wheel file and not of its original file creation datetime.
There is however a workaround that I think we could use in the future, the SOURCE_DATE_EPOCH env variable (https://reproducible-builds.org/docs/source-date-epoch/).
Flit explains it a bit like that as well: https://flit.readthedocs.io/en/latest/reproducible.html
That would override the timestamp used in the list of files and should make it possible to create local copies of the files created on the Jazzband continuous integration system.
So here’s the idea to make this easier for Jazzband:
Create a timestamp on the CI system in the release workflow with the current epoch on the build system.
Find a way to submit that timestamp together with the rest of the metadata to the Jazzband package index (e.g. as part of the package meta data, or an asset file on the CI service or ..).
During verification, use the original timestamp from CI when recreating the wheel file locally.
So all we would need to do is to provide a way to store the SOURCE_DATE_EPOCH timestamp to solve (2) and document (3).
The text was updated successfully, but these errors were encountered: