Your message dated Thu, 17 Aug 2023 02:50:22 +0000
with message-id <[email protected]>
and subject line Bug#1043330: fixed in tox 4.9.0-1
has caused the Debian Bug report #1043330,
regarding tox: please make the build reproducible
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1043330: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043330
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tox
Version: 4.4.6-2
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: timestamps, randomness
X-Debbugs-Cc: [email protected]

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
tox could not be built reproducibly.

This is because:

a) The documentation embeded the current build date via the copyright
year and a "last updated" timestamp. The attached patch changes this
to use SOURCE_DATE_EPOCH if available.

b) The default value for the --hashset argument (a random integer) was
encoded into the documentation. As this value was nondeterminstic, a
fresh value is inserted into the documentation on each build. This in
turn makes the package unreproducible. The attached patch changes this
to use the Pythonic "default=None … if default is None" pattern (NB.
this is distinct from the "notset" value, which, incidentally, is
typod in the --help text.)


 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] / chris-lamb.co.uk
       `-
--- a/debian/patches/reproducible-build.patch   1970-01-01 01:00:00.000000000 
+0100
--- b/debian/patches/reproducible-build.patch   2023-08-09 09:12:22.249949353 
+0100
@@ -0,0 +1,67 @@
+Description: Make the build reproducible
+Author: Chris Lamb <[email protected]>
+Last-Update: 2023-08-09
+
+--- tox-4.4.6.orig/docs/conf.py
++++ tox-4.4.6/docs/conf.py
+@@ -1,9 +1,11 @@
+ from __future__ import annotations
+ 
++import os
+ import re
+ import subprocess
+ import sys
+-from datetime import date, datetime
++import time
++from datetime import datetime
+ from importlib.machinery import SourceFileLoader
+ from pathlib import Path
+ from subprocess import check_output
+@@ -20,9 +22,13 @@ from sphinx.ext.extlinks import External
+ 
+ from tox import __version__
+ 
++build_date = datetime.utcfromtimestamp(
++    int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
++)
++
+ company, name = "tox-dev", "tox"
+ release, version = __version__, ".".join(__version__.split(".")[:2])
+-copyright = f"2010-{date.today().year}, {company}"
++copyright = f"2010-{build_date.year}, {company}"
+ master_doc, source_suffix = "index", ".rst"
+ 
+ sphinx_argparse_cli_prefix_document = True
+@@ -31,7 +37,7 @@ man_pages = [
+ ]
+ 
+ html_theme = "furo"
+-html_title, html_last_updated_fmt = "tox", datetime.now().isoformat()
++html_title, html_last_updated_fmt = "tox", build_date.isoformat()
+ pygments_style, pygments_dark_style = "sphinx", "monokai"
+ html_static_path, html_css_files = ["_static"], ["custom.css"]
+ html_logo, html_favicon = "_static/img/tox.svg", "_static/img/toxfavi.ico"
+--- tox-4.4.6.orig/src/tox/session/cmd/run/common.py
++++ tox-4.4.6/src/tox/session/cmd/run/common.py
+@@ -122,6 +122,8 @@ def env_run_create_flags(parser: Argumen
+             ) -> None:
+                 if values == "notset":
+                     result = None
++                elif values is None:
++                    result = random.randint(1, 1024 if sys.platform == 
"win32" else 4294967295)
+                 else:
+                     try:
+                         result = int(cast(str, values))
+@@ -135,10 +137,10 @@ def env_run_create_flags(parser: Argumen
+             "--hashseed",
+             metavar="SEED",
+             help="set PYTHONHASHSEED to SEED before running commands. 
Defaults to a random integer in the range "
+-            "[1, 4294967295] ([1, 1024] on Windows). Passing 'noset' 
suppresses this behavior.",
++            "[1, 4294967295] ([1, 1024] on Windows). Passing 'notset' 
suppresses this behavior.",
+             action=SeedAction,
+             of_type=Optional[int],
+-            default=random.randint(1, 1024 if sys.platform == "win32" else 
4294967295),
++            default=None,
+             dest="hash_seed",
+         )
+     parser.add_argument(
--- a/debian/patches/series     2023-08-09 09:02:18.061945063 +0100
--- b/debian/patches/series     2023-08-09 09:06:31.910569337 +0100
@@ -2,3 +2,4 @@
 docs-remove-shields-io-badges.patch
 sphinx-manpage-conf.patch
 intersphinx-mapping-local.patch
+reproducible-build.patch

--- End Message ---
--- Begin Message ---
Source: tox
Source-Version: 4.9.0-1
Done: Faidon Liambotis <[email protected]>

We believe that the bug you reported is fixed in the latest version of
tox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Faidon Liambotis <[email protected]> (supplier of updated tox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 16 Aug 2023 22:03:46 +0300
Source: tox
Architecture: source
Version: 4.9.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Faidon Liambotis <[email protected]>
Closes: 1043330
Changes:
 tox (4.9.0-1) unstable; urgency=medium
 .
   * New upstream release.
     - Drop patch override_append, merged upstream.
   * Pass TOX_HASH_SEED when building the docs, to make the build reproducible.
     See upstream issue #2942 for more context. (Closes: #1043330)
Checksums-Sha1:
 8caac5b145f0da1b94a2cc3b45d282f2311b9d21 2432 tox_4.9.0-1.dsc
 bdad4cfa4961528908bb0f7bf76fe410a864e066 309928 tox_4.9.0.orig.tar.gz
 72090f05ecd9505d923a19e7c78b192d4a5cdeef 9468 tox_4.9.0-1.debian.tar.xz
 c1ff5074839289e2e35779df4067c7e6f4f88de5 8701 tox_4.9.0-1_amd64.buildinfo
Checksums-Sha256:
 0ac160b0fdbd696b1fba1c7254be4a14c125a9fb93dedd4c1d284585d5323fe6 2432 
tox_4.9.0-1.dsc
 df3aa72f14a900b94c76c983df3ddca31b58187047aa67432bd2721c1ecf1f9b 309928 
tox_4.9.0.orig.tar.gz
 c329b65a722a1948651547c4dfce5003afd7f89881415d1123aea776fe64c48f 9468 
tox_4.9.0-1.debian.tar.xz
 93e948fa008feec9686812c78350326bfe012f528e239e8058adcb97e5a06ab6 8701 
tox_4.9.0-1_amd64.buildinfo
Files:
 dc70359c0090bb702eb56218d7183a1b 2432 python optional tox_4.9.0-1.dsc
 e179ba59006729271f4f095be3be51ae 309928 python optional tox_4.9.0.orig.tar.gz
 c3e5d71704aad03be9e64ed00e8ffa27 9468 python optional tox_4.9.0-1.debian.tar.xz
 dc98af16961bd4c32821487515c4850f 8701 python optional 
tox_4.9.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqVksUhy5BAd9ZZgAnQteWx7sjw4FAmTde7AACgkQnQteWx7s
jw4qxw/7BBx1V8KGpZp0FibI/5bnH21nqI1a08JG2qIbGyux0FCOVe4gEkcsb9MZ
WkZUgVaorYGm9gT2wbdCM2rs2qPP97lL5pzybIxEnFltGwSsoieAJiJZemxKmkww
rUnJ0CB0mNbNsuM79iB5eWlNMLNH/Zwkq7MhLEfTjcPwiu8nBnfPyGpgah4aF7Pe
z4NC7GmnJVbw77kBvKWAitcqUYBmM/CGsR8EnE67no1Ep4ksF+pT8xlUhVU71/2N
8v5Lk/QtKtEUOxuV2khchH+AXZYTIr0thgKvaxmrOg41RPAZLUh/rv8BFarVoPmE
vZ+2uUmKdOG1zHOLMS5g7d7zUO+tRd+hAoECBufMGdLVRIOxcpUgBvelUd9itWMf
xPs7T9UdZx81qP5XekNOtMXeE2SCcdROc5PdfYlbjsQvtJ253JmzaWBCfoXPjvaH
9FF1Si3zeo30izP+xg1SOPLXtTFaBojbAjFAS8o/KY4YEVKqDC2ecWVEysCySf5v
LHNbFRvUnqcHrZdvi1WLVQHMTP70X9zsfZSWrq70wIetmLnMg6PW4tqyFxc9rnf2
0u4wtePMhbenT+ALWzrV/ZuSNPH+wmqH958/vWGjAPE7rxIFzhR1w/OoideY1My9
Xc/iweLha+w35vNGCAFijvkH0h6Eh23UYNWB9rrVFniAebz9E/k=
=Isbi
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to