Hi all, On Fri, Sep 29, 2017 at 12:04 PM, Jakub Wilk <[email protected]> wrote: > It not enough to normalize timestamps. You need to normalize permissions and > ownership, too. > > (I'm using https://pypi.python.org/pypi/distutils644 for normalizing > permissions/ownership in my own packages.) > Thanks Jakub this will be helpful for me;
> Yeah, I don't believe distutils honors SOURCE_DATE_EPOCH at the moment. > >> Second; is there a convention to store the SDE value ? > > In the changelog. I'll consider that as well; On Sun, Oct 1, 2017 at 10:31 PM, Nick Coghlan <[email protected]> wrote: > On 30 September 2017 at 06:02, Thomas Kluyver <[email protected]> wrote: >> On Fri, Sep 29, 2017, at 07:16 PM, Matthias Bussonnier wrote: > > For distro level reproducible build purposes, we typically treat the > published tarball *as* the original sources, and don't really worry > about the question of "Can we reproduce that tarball, from that VCS > tree?". Thanks for the detail explanation Nick, even if this was not the original goal of SDE, I would still like to have it reproducible build of sdist even if my package does not have source generation like Cython; I'll embed the timestamp in the commit for now; and see if I can also extract the timestamp from the commit log. AFAICT it's `git log -1 --pretty=format:%ct` if it's of interest to anyone. My interest in this is to have CI to build the sdist, and make sure independant machines can get the same artifact in order to have a potentially distributed agreement on what the sdist is. Is there any plan (or would it be accepted), to try to upstream patches like distutils644 Jakub linked to ? Thanks, -- Matthias _______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
