On 01. 02. 18 16:25, Neal Gompa wrote:
On Thu, Feb 1, 2018 at 10:21 AM, Nick Coghlan <ncogh...@gmail.com> wrote:
On 1 February 2018 at 23:54, Petr Viktorin <pvikt...@redhat.com> wrote:
Honestly, I'm not sure we want to use this in Fedora. Is anyone here into
reproducible builds, to make a better argument for this?
I believe rpmbuild (et al) all set SOURCE_DATE_EPOCH in the
environment, so Fedora's likely to get the new CHECKED_HASH behaviour
by default:
https://docs.python.org/dev/library/py_compile.html#py_compile.compile
Given that SELinux typically won't allow user applications to rewrite
the bytecode anyway, we may want to specify the use of UNCHECKED_HASH
at build time instead - with that setting, Python will ignore source
file changes entirely, and trust that RPM will keep the source and pyc
files consistent.
We have not set this to be on in Fedora. It's still switched off by
default. To the best of my knowledge, the only distribution doing it
so far is openSUSE.
This is now set in Fedora:
https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/57
Now all Python pyc files (except python3 itself) are in CHECKED_HASH mode.
We need to figure this out.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
python-devel mailing list -- python-devel@lists.fedoraproject.org
To unsubscribe send an email to python-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/python-devel@lists.fedoraproject.org
