[issue38727] setup.py sdist --format=gztar should use (equivalent of) `gzip -n`
Zack Weinberg
report at bugs.python.org
Wed Nov 6 15:14:38 EST 2019
New submission from Zack Weinberg <zackw at panix.com>:
Recent versions of the gzip command-line utility have an option `-n` which causes it to omit the FNAME field of the gzip file header, and write out the MTIME field as zero. Both of these properties are desirable when constructing reproducible build artifacts (see https://reproducible-builds.org/ ).
An sdist tarball is a build artifact and it should be created as reproducibly as possible. In particular, --format=gztar should behave as-if `gzip -n` were in use. (The stdlib's gzip module can produce output equivalent to what gzip -n does, but this is not currently documented nor is it accessible via `tarfile`. Both of those should be easy fixes. See bug 38725 and bug 38726.)
----------
components: Distutils
messages: 356152
nosy: dstufft, eric.araujo, zwol
priority: normal
severity: normal
status: open
title: setup.py sdist --format=gztar should use (equivalent of) `gzip -n`
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38727>
_______________________________________
More information about the Python-bugs-list
mailing list