While tracking a reproducibility issue from maturin's output, we found that the .so file in the output .whl were not ordered the same every time.
Order of the external libraries in the .whl comes down to the order soname_map is iterated. But, std::HashMap does not provide a stable order and that create an unstable order in the wheel.
Switch to std::BTreeMap which keeps keys sorted and is iterable in a stable order.
This can be tested by building current python3-cryptography :
SOURCE_DATE_EPOCH=1728915855 maturin build
Before this commit, the above give two possible outputs (~50% each), the difference is in the order of libssl and libcrypto.
ycongal-smile
commented
1 month ago
While tracking a reproducibility issue from maturin's output, we found that the .so file in the output .whl were not ordered the same every time.
Order of the external libraries in the .whl comes down to the order
soname_mapis iterated. But,std::HashMapdoes not provide a stable order and that create an unstable order in the wheel.Switch to
std::BTreeMapwhich keeps keys sorted and is iterable in a stable order.This can be tested by building current python3-cryptography :
Before this commit, the above give two possible outputs (~50% each), the difference is in the order of libssl and libcrypto.
After this commit, the output is reproducible.