poetry-core icon indicating copy to clipboard operation
poetry-core copied to clipboard

Published 20 hours ago verified publisher icon python-poetry

Use file timestamps for wheel content dates

Open mattsta opened this issue 4 years ago • 1 comments

Previously the file modify timestamps weren't checked, so Python defaulted all source files to a timestamp of 1980-01-01 while poetry-core was also setting the metadata files to a fixed timestamp of 2016-01-01 to allow reproducible builds.

This change uses real file change timestamps for package files as well as updating the metadata timestamp logic to use the highest timestamp of all source files (since source files are read/written before metadata files).

Using the highest timestamp of the source files still guarantees wheel output will not change if rebuilt between source file changes.

Verified wheel dates match the filesystem dates now:

$ PYTHONPATH=. poetry build
Building poetry-core (1.0.0)
  - Building sdist
  - Built poetry-core-1.0.0.tar.gz
  - Building wheel
  - Built poetry_core-1.0.0-py2.py3-none-any.whl

$ zipinfo dist/poetry_core-1.0.0-py2.py3-none-any.whl
Archive:  dist/poetry_core-1.0.0-py2.py3-none-any.whl
Zip file size: 405851 bytes, number of entries: 201
-rw-r--r--  2.0 unx       77 b- defN 21-Jan-03 10:02 poetry/__init__.py
-rw-r--r--  2.0 unx      305 b- defN 21-Jan-03 10:02 poetry/core/__init__.py
-rw-r--r--  2.0 unx       23 b- defN 21-Jan-03 10:02 poetry/core/_vendor/_pyrsistent_version.py
-rw-r--r--  2.0 unx     1349 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/__init__.py
-rw-r--r--  2.0 unx     7326 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/_compat.py
-rw-r--r--  2.0 unx      514 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/_config.py
-rw-r--r--  2.0 unx     9696 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/_funcs.py
-rw-r--r--  2.0 unx    70807 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/_make.py
-rw-r--r--  2.0 unx     2162 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/_version_info.py
-rw-r--r--  2.0 unx     2141 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/converters.py
-rw-r--r--  2.0 unx     1635 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/exceptions.py
-rw-r--r--  2.0 unx     1098 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/filters.py
-rw-r--r--  2.0 unx        0 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/py.typed
-rw-r--r--  2.0 unx    11460 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attr/validators.py
-rw-r--r--  2.0 unx     1082 b- defN 21-Jan-03 10:02 poetry/core/_vendor/attrs.LICENSE
...

Resolves: python-poetry/poetry#3531

  • [ ] Added tests for changed code.
  • [ ] Updated documentation for changed code.

mattsta avatar Jan 03 '21 19:01 mattsta

I am not sure if this is something we should do. While this produces reproducible builds on the same machine, it can lead to different content hashes on a different environment.

If the sdists today do not create reproducible artefacts, we should probably consider fixing that instead of reusing source timetsamps in the wheel.

abn avatar Jan 04 '21 23:01 abn