PyPI - reproducibly - Versions diffs - 0.0.11__py3-none-any.whl → 0.0.15__py3-none-any.whl - Mend

reproducibly 0.0.11py3-none-any.whl → 0.0.15py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

{reproducibly-0.0.11.dist-info → reproducibly-0.0.15.dist-info}/METADATA RENAMED Viewed

@@ -1,16 +1,16 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: reproducibly
-Version: 0.0.11
+Version: 0.0.15
 Summary: Reproducibly build Python packages
 Author-email: Keith Maxwell <keith.maxwell@gmail.com>
-Requires-Python: >=3.11
+Requires-Python: >=3.13
 Description-Content-Type: text/markdown
 Classifier: Programming Language :: Python :: 3
 Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)
-Requires-Dist: build==1.2.1
-Requires-Dist: cibuildwheel==2.20.0
-Requires-Dist: packaging==24.1
-Requires-Dist: pyproject_hooks==1.1.0
+Requires-Dist: build==1.2.2.post1
+Requires-Dist: cibuildwheel==2.23.2
+Requires-Dist: packaging==24.2
+Requires-Dist: pyproject_hooks==1.2.0
 Project-URL: Homepage, https://github.com/maxwell-k/reproducibly/
 Project-URL: Issues, https://github.com/maxwell-k/reproducibly/issues
@@ -54,6 +54,7 @@ features:
 - Builds a source distribution (sdist) from a git repository
 - Builds a wheel from a sdist
 - Resets metadata like user and group names and ids to predictable values
+- Uses no compression for predictable file hashes across Linux distributions
 - By default uses the last commit date and time from git
 - Respects SOURCE_DATE_EPOCH when building a sdist
 - Single file script with inline script metadata or PyPI package
@@ -93,5 +94,7 @@ To run unit tests and integration tests:
 README.md
 Copyright 2023 Keith Maxwell
 SPDX-License-Identifier: CC-BY-SA-4.0
+vim: set filetype=markdown.dprint.cog.htmlCommentNoSpell :
 -->

reproducibly-0.0.15.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,5 @@
+reproducibly.py,sha256=AgMNoWREhLsRyyXuA9BwMJSI99_i9B_ft4RwwilTobQ,13518
+reproducibly-0.0.15.dist-info/METADATA,sha256=rOEfFbBwOe1F21wBsSSxht4xNYBMd2Hnf3AcO9wvBvI,2995
+reproducibly-0.0.15.dist-info/WHEEL,sha256=G2gURzTEtmeR8nrdXUJfNiB3VYVxigPQ-bEQujpNiNs,82
+reproducibly-0.0.15.dist-info/entry_points.txt,sha256=J4fRzmY7XffHnoo9etzvgeph8np598MPpIy3jpnGlfk,50
+reproducibly-0.0.15.dist-info/RECORD,,

{reproducibly-0.0.11.dist-info → reproducibly-0.0.15.dist-info}/WHEEL RENAMED Viewed

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: flit 3.9.0
+Generator: flit 3.12.0
 Root-Is-Purelib: true
 Tag: py3-none-any

reproducibly.py CHANGED Viewed

@@ -5,6 +5,7 @@ features:
 - Builds a source distribution (sdist) from a git repository
 - Builds a wheel from a sdist
 - Resets metadata like user and group names and ids to predictable values
+- Uses no compression for predictable file hashes across Linux distributions
 - By default uses the last commit date and time from git
 - Respects SOURCE_DATE_EPOCH when building a sdist
 - Single file script with inline script metadata or PyPI package
@@ -14,7 +15,6 @@ features:
 # Copyright 2024 Keith Maxwell
 # SPDX-License-Identifier: MPL-2.0
 import gzip
-import tarfile
 from argparse import ArgumentParser, RawDescriptionHelpFormatter
 from contextlib import chdir
 from datetime import datetime
@@ -25,15 +25,15 @@ from shutil import copyfileobj, move
 from stat import S_IWGRP, S_IWOTH
 from subprocess import CalledProcessError, run
 from sys import version_info
+from tarfile import TarFile, TarInfo
 from tempfile import TemporaryDirectory
 from typing import cast, Literal, TypedDict
-from zipfile import ZipFile, ZipInfo
+from zipfile import ZIP_DEFLATED, ZipFile, ZipInfo
 from build import ProjectBuilder
 from build.env import DefaultIsolatedEnv
 from cibuildwheel.__main__ import build_in_directory
 from cibuildwheel.options import CommandLineArguments
-from packaging.requirements import Requirement
 from pyproject_hooks import default_subprocess_runner
 # [[[cog import cog ; from pathlib import Path ]]]
@@ -52,12 +52,12 @@ from pyproject_hooks import default_subprocess_runner
 # cog.outl("# ///")
 # ]]]
 # /// script
-# requires-python = ">=3.11"
+# requires-python = ">=3.13"
 # dependencies = [
-#   "build==1.2.1",
-#   "cibuildwheel==2.20.0",
-#   "packaging==24.1",
-#   "pyproject_hooks==1.1.0",
+#   "build==1.2.2.post1",
+#   "cibuildwheel==2.23.2",
+#   "packaging==24.2",
+#   "pyproject_hooks==1.2.0",
 # ]
 # ///
 # [[[end]]]
@@ -68,20 +68,11 @@ from pyproject_hooks import default_subprocess_runner
 # - Built distributions are typically zip files
 # - The default date for this script is the earliest date supported by both
 # - The minimum date value supported by zip files, is documented in
-#   <https://github.com/python/cpython/blob/3.11/Lib/zipfile.py>.
+#   <https://github.com/python/cpython/blob/3.13/Lib/zipfile.py>.
 EARLIEST = datetime(1980, 1, 1, 0, 0, 0).timestamp()  # 315532800.0
-CONSTRAINTS = {
-    # [[[cog
-    # for line in Path("constraints.txt").read_text().splitlines():
-    #   cog.outl(f'"{line}",')
-    # ]]]
-    "wheel==0.44.0",
-    # [[[end]]]
-}
-__version__ = "0.0.11"
+__version__ = "0.0.15"
 def _build(
@@ -96,15 +87,15 @@ def _build(
             srcdir,
             runner=default_subprocess_runner,
         )
-        env.install(override(builder.build_system_requires))
-        env.install(override(builder.get_requires_for_build(distribution)))
+        env.install(builder.build_system_requires)
+        env.install(builder.get_requires_for_build(distribution))
         built = builder.build(distribution, output)
     return output / built
 def _extract_to_empty_directory(sdist: Path, directory: str) -> Path:
-    with tarfile.open(sdist) as t:
-        t.extractall(directory)
+    with TarFile.open(sdist) as t:
+        t.extractall(directory, filter="data")
     return next(Path(directory).iterdir())
@@ -112,14 +103,12 @@ def _cibuildwheel(sdist: Path, output: Path) -> Path:
     """Call the cibuildwheel API
     Returns the path to the built distribution"""
-    filename = Path("constraints.txt")
     with (
         ModifiedEnvironment(
-            CIBW_DEPENDENCY_VERSIONS=str(filename),
             CIBW_BUILD_FRONTEND="build",
             CIBW_CONTAINER_ENGINE="podman",
             CIBW_ENVIRONMENT_PASS_LINUX="SOURCE_DATE_EPOCH",
-            CIBW_ENVIRONMENT=f"PIP_TIMEOUT=150 PIP_CONSTRAINT=/{filename}",
+            CIBW_ENVIRONMENT="PIP_TIMEOUT=150",
         ),
         TemporaryDirectory() as directory,
     ):
@@ -129,7 +118,6 @@ def _cibuildwheel(sdist: Path, output: Path) -> Path:
         args.output_dir = Path(directory).resolve()
         args.platform = None
         with chdir(directory):  # output maybe a relative path
-            filename.write_text("\n".join(CONSTRAINTS) + "\n")
             build_in_directory(args)
         wheel = next(args.output_dir.glob("*.whl"))
         output.joinpath(wheel.name).unlink(missing_ok=True)
@@ -172,13 +160,13 @@ class Builder(Enum):
     @nonmember
     @staticmethod
     def which(archive: Path) -> "Builder":
-        with tarfile.open(archive, "r:gz") as tar:
+        with TarFile.open(archive, "r:gz") as tar:
             c = any(i.name.endswith(".c") for i in tar.getmembers())
         return Builder.cibuildwheel if c else Builder.build
-def cleanse_metadata(path_: Path, mtime: float) -> int:
-    """Cleanse metadata from a single source distribution
+def cleanse_sdist(path_: Path, mtime: float) -> int:
+    """Cleanse a single source distribution
     - Set all uids and gids to zero
     - Set all unames and gnames to root
@@ -186,22 +174,22 @@ def cleanse_metadata(path_: Path, mtime: float) -> int:
     - Set modified time for .tar inside .gz
     - Set modified time for files inside the .tar
     - Remove group and other write permissions for files inside the .tar
+    - Set the compression level to zero i.e. no compression
     """
-    path = path_.absolute()
+    filename = path_.absolute()
     mtime = max(mtime, EARLIEST)
-    with TemporaryDirectory() as directory:
-        with tarfile.open(path) as tar:
-            tar.extractall(path=directory)
+    with TemporaryDirectory() as path:
+        with TarFile.open(filename) as tar:
+            tar.extractall(path=path, filter="data")
-        path.unlink(missing_ok=True)
-        (extracted,) = Path(directory).iterdir()
-        uncompressed = f"{extracted}.tar"
+        filename.unlink(missing_ok=True)
+        (extracted,) = Path(path).iterdir()
-        prefix = directory.removeprefix("/") + "/"
+        prefix = path.removeprefix("/") + "/"
-        def filter_(tarinfo: tarfile.TarInfo) -> tarfile.TarInfo:
+        def filter_(tarinfo: TarInfo) -> TarInfo:
             tarinfo.mtime = int(mtime)
             tarinfo.uid = tarinfo.gid = 0
             tarinfo.uname = tarinfo.gname = "root"
@@ -209,19 +197,25 @@ def cleanse_metadata(path_: Path, mtime: float) -> int:
             tarinfo.path = tarinfo.path.removeprefix(prefix)
             return tarinfo
-        with tarfile.open(uncompressed, "w") as tar:
-            tar.add(extracted, filter=filter_)
-        with gzip.GzipFile(filename=path, mode="wb", mtime=mtime) as file:
-            with open(uncompressed, "rb") as tar:
+        tar = f"{extracted}.tar"
+        with TarFile.open(tar, "w") as tarfile:
+            tarfile.add(extracted, filter=filter_)
+        with gzip.GzipFile(
+            filename=filename,
+            mode="wb",
+            mtime=mtime,
+            compresslevel=0,
+        ) as file:
+            with open(tar, "rb") as tar:
                 copyfileobj(tar, file)
-        utime(path, (mtime, mtime))
+        utime(filename, (mtime, mtime))
     return 0
 def latest_modification_time(archive: Path) -> str:
     """Latest modification time for a gzipped tarfile as a string"""
-    with tarfile.open(archive, "r:gz") as tar:
+    with TarFile.open(archive, "r:gz") as tar:
         latest = max(member.mtime for member in tar.getmembers())
     return "{:.0f}".format(latest)
@@ -257,21 +251,24 @@ def key(input_: bytes | ZipInfo) -> tuple[int, list[str | list]]:
     return (group, breadth_first_key(item))
-def override(before: set[str], constraints: set[str] = CONSTRAINTS) -> set[str]:
-    """Replace certain requirements from constraints"""
-    after = set()
-    for replacement in constraints:
-        name = Requirement(replacement).name
-        for i in before:
-            after.add(replacement if Requirement(i).name == name else i)
-    return after
+def fix_zip_members(path: Path, umask: int = 0o022) -> Path:
+    """Apply fixes to members in a zip file
+    Processes the zip file in place. Path is both the source and destination, a
+    temporary working copy is made.
-def zipumask(path: Path, umask: int = 0o022) -> Path:
-    """Apply a umask to a zip file at path
+    - Apply a umask to each member
+    - Change to compression level zero
-    Path is both the source and destination, a temporary working copy is
-    made."""
+    When using the default deflate compression and comparing wheels created on
+    Ubuntu 24.04 and Fedora 40, minor differences in the size of the compressed
+    wheel were observed. For example:
+    │ -112 files, 909030 bytes uncompressed, 272160 bytes compressed:  70.1%
+    │ +112 files, 909030 bytes uncompressed, 271653 bytes compressed:  70.1%
+    As a solution this function uses compression level zero i.e. no compression.
+    """
     operand = ~(umask << 16)
     with TemporaryDirectory() as directory:
@@ -280,6 +277,8 @@ def zipumask(path: Path, umask: int = 0o022) -> Path:
             for member in original.infolist():
                 data = original.read(member)
                 member.external_attr = member.external_attr & operand
+                member.compress_type = ZIP_DEFLATED
+                member.compress_level = 0
                 destination.writestr(member, data)
         path.unlink()
         move(copy, path)  # can't rename as /tmp may be a different device
@@ -377,7 +376,7 @@ def main(arguments: list[str] | None = None) -> int:
             date = float(environ["SOURCE_DATE_EPOCH"])
         else:
             date = latest_commit_time(repository)
-        cleanse_metadata(sdist, date)
+        cleanse_sdist(sdist, date)
     for sdist in parsed["sdists"]:
         with ModifiedEnvironment(SOURCE_DATE_EPOCH=latest_modification_time(sdist)):
             if Builder.which(sdist) == Builder.cibuildwheel:
@@ -386,7 +385,7 @@ def main(arguments: list[str] | None = None) -> int:
                 with TemporaryDirectory() as directory:
                     srcdir = _extract_to_empty_directory(sdist, directory)
                     built = _build(srcdir, parsed["output"], "wheel")
-        _sortwheel(zipumask(built))
+        fix_zip_members(_sortwheel(built))
     return 0

reproducibly-0.0.11.dist-info/RECORD DELETED Viewed

@@ -1,5 +0,0 @@
-reproducibly.py,sha256=0HzRBIu4mk68d9cl3IB3tXsjOLfKySOtckG43wF4DHU,13407
-reproducibly-0.0.11.dist-info/METADATA,sha256=TsvqUUQUMC_nEy4lZr48izwic1aV2ckp061JN8NP9Io,2852
-reproducibly-0.0.11.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
-reproducibly-0.0.11.dist-info/entry_points.txt,sha256=J4fRzmY7XffHnoo9etzvgeph8np598MPpIy3jpnGlfk,50
-reproducibly-0.0.11.dist-info/RECORD,,

{reproducibly-0.0.11.dist-info → reproducibly-0.0.15.dist-info}/entry_points.txt RENAMED Viewed

File without changes

reproducibly 0.0.11__py3-none-any.whl → 0.0.15__py3-none-any.whl

reproducibly 0.0.11py3-none-any.whl → 0.0.15py3-none-any.whl