Skip to content

gh-91279: ZipFile.writestr now respect SOURCE_DATE_EPOCH #124435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 20, 2025
Merged

gh-91279: ZipFile.writestr now respect SOURCE_DATE_EPOCH #124435

merged 3 commits into from
Jan 20, 2025

Conversation

Wulian233
Copy link
Contributor

@Wulian233 Wulian233 commented Sep 24, 2024
edited
Loading

No SOURCE_DATE_EPOCH environment variable makes pip installing a package generate non-reproducible build artifacts.

SOURCE_DATE_EPOCH is a standardised environment variable that distributions can set centrally and have build tools consume this in order to produce reproducible output. In practice, specifies the last modification of something, usually the source code, measured in the number seconds since the Unix epoch, ie. .SOURCE_DATE_EPOCHJanuary 1st 1970, 00:00:00 UTC

See https://reproducible-builds.org/docs/source-date-epoch/
details in issue: #91279

@ghost
Copy link

ghost commented Sep 24, 2024
edited by ghost
Loading

All commit authors signed the Contributor License Agreement.
CLA signed

@bedevere-app bedevere-app bot mentioned this pull request Sep 24, 2024
Closed
@ZeroIntensity
Copy link
Member

Could you add a test for this?

@Wulian233
Copy link
Contributor Author

Could you add a test for this?

Yes, this change should also be synchronized in the tests.

Note: zipfile.writestr is not a function, it is the zipfile.ZipFile.writestr method

https://github.com/python/cpython/blob/main/Lib/test/test_zipfile/_path/test_path.py#L668-L668

@ZeroIntensity
Copy link
Member

Oh! TIL

@Wulian233 Wulian233 requested a review from jaraco as a code owner September 25, 2024 11:33
@Wulian233 Wulian233 marked this pull request as draft September 25, 2024 13:40
@Wulian233 Wulian233 marked this pull request as ready for review September 27, 2024 12:56
ZeroIntensity
ZeroIntensity approved these changes Sep 27, 2024
View reviewed changes
Copy link
Member

@ZeroIntensity ZeroIntensity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@Wulian233 Wulian233 mentioned this pull request Nov 2, 2024
Merged
jaraco
jaraco requested changes Dec 29, 2024
View reviewed changes
@bedevere-app
Copy link

bedevere-app bot commented Dec 29, 2024

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@Wulian233 Wulian233 closed this Dec 30, 2024
@Wulian233 Wulian233 reopened this Dec 30, 2024
@Wulian233
Copy link
Contributor Author

Wulian233 commented Dec 30, 2024
edited
Loading

I have made the requested changes; please review again

@bedevere-app
Copy link

bedevere-app bot commented Dec 30, 2024

Thanks for making the requested changes!

@jaraco: please review the changes made to this pull request.

@bedevere-app bedevere-app bot requested a review from jaraco December 30, 2024 12:06
jaraco
jaraco requested changes Jan 1, 2025
View reviewed changes
Lib/zipfile/__init__.py Outdated
# gh-91279: Set the SOURCE_DATE_EPOCH to a specific timestamp
epoch = os.environ.get('SOURCE_DATE_EPOCH')
get_time = int(epoch) if epoch else time.time()
self.date_time = time.gmtime(get_time)[:6]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little uneasy that time.localtime() is now replaced by time.gmtime(). That means that the value will change depending on the local time zone of the machine running the code, which may not be adequately exercised in the code. Are there existing tests that validate that gmtime is the correct usage here?

Copy link
Contributor Author

@Wulian233 Wulian233 Jan 1, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked the documentation. Should time.gmtime return UTC time and not change with time zones? time.localtime says "Like gmtime() but converts to local time"

https://docs.python.org/3.14/library/time.html#time.gmtime

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I mean is that this change alters the behavior for all cases. The issue doesn't make mention of gmtime and only mentions localtime in relation to the current implementation. What's the motivation for changing it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I see that I was mistaken. To implement this PR I originally thought it was necessary to change it to gmtime, but in fact, this modification should not have been made😥

@bedevere-app
Copy link

bedevere-app bot commented Jan 1, 2025

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@Wulian233
Copy link
Contributor Author

I have made the requested changes; please review again

Sorry again for the inconvenience

@bedevere-app
Copy link

bedevere-app bot commented Jan 1, 2025

Thanks for making the requested changes!

@jaraco: please review the changes made to this pull request.

@bedevere-app bedevere-app bot requested a review from jaraco January 1, 2025 07:26
@jaraco jaraco merged commit 5d57959 into python:main Jan 20, 2025
43 of 46 checks passed
@Wulian233 Wulian233 deleted the SOURCE_DATE_EPOCH branch January 20, 2025 21:09
srinivasreddy pushed a commit to srinivasreddy/cpython that referenced this pull request Jan 21, 2025
@Wulian233 @srinivasreddy
pythongh-91279: ZipFile.writestr now respect SOURCE_DATE_EPOCH (pytho…
a3b40da 
…n#124435)
@Wulian233 Wulian233 mentioned this pull request May 20, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaraco jaraco jaraco approved these changes

@ZeroIntensity ZeroIntensity ZeroIntensity approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Wulian233 @ZeroIntensity @jaraco