lucc / khard

Console vcard client
https://khard.readthedocs.io/en/latest/
GNU General Public License v3.0
600 stars 65 forks source link

prepopulated __pycache__ directory in pypi sdist makes package unreproducible #268

Closed dvzrv closed 4 years ago

dvzrv commented 4 years ago

Hi! When rebuilding the khard 0.16.1 package on Arch Linux and running our reproducible build tools against it, diffoscope bails out on it:

--- khard-0.16.1-2-any.pkg.tar.zst
+++ build/khard-0.16.1-2-any.pkg.tar.zst
├── khard-0.16.1-2-any.pkg.tar
│ ├── file list
│ │ @@ -1,22 +1,22 @@
│ │  -rw-r--r--   0 root         (0) root         (0)     6564 2020-07-15 20:34:21.000000 .BUILDINFO
│ │ --rw-r--r--   0 root         (0) root         (0)     4817 2020-07-15 20:34:21.000000 .MTREE
│ │ +-rw-r--r--   0 root         (0) root         (0)     4808 2020-07-15 20:34:21.000000 .MTREE
│ │  -rw-r--r--   0 root         (0) root         (0)      748 2020-07-15 20:34:21.000000 .PKGINFO
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/bin/
│ │  -rwxr-xr-x   0 root         (0) root         (0)      950 2020-07-15 20:34:21.000000 usr/bin/khard
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/lib/
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/lib/khard/
│ │  -rwxr-xr-x   0 root         (0) root         (0)      690 2020-07-15 20:34:21.000000 usr/lib/khard/sdiff_khard_wrapper.sh
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/lib/python3.8/
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard/
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/
│ │  -rw-r--r--   0 root         (0) root         (0)     4688 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/PKG-INFO
│ │ --rw-r--r--   0 root         (0) root         (0)     4147 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/SOURCES.txt
│ │ +-rw-r--r--   0 root         (0) root         (0)     3594 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/SOURCES.txt
│ │  -rw-r--r--   0 root         (0) root         (0)        1 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/dependency_links.txt
│ │  -rw-r--r--   0 root         (0) root         (0)       44 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/entry_points.txt
│ │  -rw-r--r--   0 root         (0) root         (0)      107 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/requires.txt
│ │  -rw-r--r--   0 root         (0) root         (0)        6 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/top_level.txt
│ │  -rw-r--r--   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard/__init__.py
│ │  -rw-r--r--   0 root         (0) root         (0)       56 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard/__main__.py
│ │  drwxr-xr-x   0 root         (0) root         (0)        0 2020-07-15 20:34:21.000000 usr/lib/python3.8/site-packages/khard/__pycache__/
│ ├── .MTREE
│ │ ├── .MTREE-content
│ │ │ @@ -1,11 +1,11 @@
│ │ │  #mtree
│ │ │  /set type=file uid=0 gid=0 mode=644
│ │ │  ./.BUILDINFO time=1594845261.0 size=6564 md5digest=0a813e9ad9e13fe84e635069f6a1c188 sha256digest=1a8bc36993da5085119f6d9f8318001dabe623aa4937c7f5840f5565b7e29f5c
│ │ │ -./.PKGINFO time=1594845261.0 size=748 md5digest=89bcd4ad90b3af5cc72434e23c400800 sha256digest=fcd81bc4f58bdf131a1ae757ee870330d87ce7d9e4d5b252d1c582ed297f8a2e
│ │ │ +./.PKGINFO time=1594845261.0 size=748 md5digest=c2de9a8d917608c40ed1c0f6109264db sha256digest=254410ab894c1e2317bf581f0842b288750e47d3a0725eb59a15f0fe58a691ee
│ │ │  /set mode=755
│ │ │  ./usr time=1594845261.0 type=dir
│ │ │  ./usr/bin time=1594845261.0 type=dir
│ │ │  ./usr/bin/khard time=1594845261.0 size=950 md5digest=08470fe36e271d340005775ee310422c sha256digest=a5b8ab06b0b496b75ca8055a5cfee48a213f68e141e8c4638bd1abfce4979308
│ │ │  ./usr/lib time=1594845261.0 type=dir
│ │ │  ./usr/lib/khard time=1594845261.0 type=dir
│ │ │  ./usr/lib/khard/sdiff_khard_wrapper.sh time=1594845261.0 size=690 md5digest=708ee4a4faa622b4845cf2e24418be5f sha256digest=a0736b61cae8fd7c5bdaff9f3030e25fce1534b4958d5479b84b753c2e03f74b
│ │ │ @@ -51,15 +51,15 @@
│ │ │  ./usr/lib/python3.8/site-packages/khard/__pycache__/version.cpython-38.opt-1.pyc time=1594845261.0 size=158 md5digest=75c366a35a28bc7b88cdb60a463de1a4 sha256digest=eb40aadf113cdca4f92048a94088ebc3d0d0f64d7a1b106917db48b37c0c5cd8
│ │ │  ./usr/lib/python3.8/site-packages/khard/__pycache__/version.cpython-38.pyc time=1594845261.0 size=158 md5digest=75c366a35a28bc7b88cdb60a463de1a4 sha256digest=eb40aadf113cdca4f92048a94088ebc3d0d0f64d7a1b106917db48b37c0c5cd8
│ │ │  ./usr/lib/python3.8/site-packages/khard/data time=1594845261.0 mode=755 type=dir
│ │ │  ./usr/lib/python3.8/site-packages/khard/data/config.spec time=1594845261.0 size=904 md5digest=60654be9593144d3905c7d419f14ccdb sha256digest=029a40e8472000ae31191f5e97c3babda65a74e713bdb09062a767f97d6c0a86
│ │ │  ./usr/lib/python3.8/site-packages/khard/data/template.yaml time=1594845261.0 size=3032 md5digest=2e61d70acfb1491542f3fa550df09759 sha256digest=8648b616e430caef08c6c475d665c0e99e188f18b62715061b01e814cc6fa74a
│ │ │  ./usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info time=1594845261.0 mode=755 type=dir
│ │ │  ./usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/PKG-INFO time=1594845261.0 size=4688 md5digest=062344f3f483371923c95b3ccec80f02 sha256digest=50a915323ca2079665ca7746362183e1d4b1f68af2c9a7af16e8dfd93d9c040b
│ │ │ -./usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/SOURCES.txt time=1594845261.0 size=4147 md5digest=30beb3d3ad18fffc328581c8ad5b88ad sha256digest=b8950ad83770655649b9772132c898bd25ece9ae2dde93a1354026b87f68f7b9
│ │ │ +./usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/SOURCES.txt time=1594845261.0 size=3594 md5digest=a9e9c8413ebd368af6305c3b643eb1b0 sha256digest=e75f6fbc7aacb8da278c58d0202f839a1714759f535da13c12aa1a1a78c9b650
│ │ │  ./usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/dependency_links.txt time=1594845261.0 size=1 md5digest=68b329da9893e34099c7d8ad5cb9c940 sha256digest=01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
│ │ │  ./usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/entry_points.txt time=1594845261.0 size=44 md5digest=51187f34ac7a9f1bda983d28f1ccf5af sha256digest=496e841c21a880af077b92cb7cb0762e03ddde52d31d4cc6eff1ff2039a5c89f
│ │ │  ./usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/requires.txt time=1594845261.0 size=107 md5digest=111dc1d7b87974cb6b0fa9ef19cd0170 sha256digest=77f7aba99b56248a64ece35b6fc96c038059698b8d1589dd5df6be5ba0fd64d9
│ │ │  ./usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/top_level.txt time=1594845261.0 size=6 md5digest=7b490aeba51398989cf090b89d92cf21 sha256digest=22136d40b3eee1ea66d8074d8109f2d55c9557daa056de6616a10d86c36ccb5d
│ │ │  /set mode=755
│ │ │  ./usr/share time=1594845261.0 type=dir
│ │ │  ./usr/share/doc time=1594845261.0 type=dir
│ ├── .PKGINFO
│ │ @@ -3,15 +3,15 @@
│ │  pkgname = khard
│ │  pkgbase = khard
│ │  pkgver = 0.16.1-2
│ │  pkgdesc = Console CardDAV client
│ │  url = https://github.com/scheibler/khard
│ │  builddate = 1594845261
│ │  packager = David Runge <dvzrv@archlinux.org>
│ │ -size = 993361
│ │ +size = 992808
│ │  arch = any
│ │  license = GPL3
│ │  depend = python-atomicwrites
│ │  depend = python-configobj
│ │  depend = python-ruamel-yaml
│ │  depend = python-setuptools
│ │  depend = python-unidecode
│ ├── usr/lib/python3.8/site-packages/khard-0.16.1-py3.8.egg-info/SOURCES.txt
│ │ @@ -67,45 +67,36 @@
│ │  test/__pycache__/__init__.cpython-37.pyc
│ │  test/__pycache__/__init__.cpython-38.pyc
│ │  test/__pycache__/__init__.pypy3-71.pyc
│ │  test/__pycache__/helpers.cpython-37.pyc
│ │  test/__pycache__/helpers.cpython-38.pyc
│ │  test/__pycache__/helpers.pypy3-71.pyc
│ │  test/__pycache__/test_actions.cpython-37.pyc
│ │ -test/__pycache__/test_actions.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_actions.cpython-38.pyc
│ │  test/__pycache__/test_address_book.cpython-37.pyc
│ │ -test/__pycache__/test_address_book.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_address_book.cpython-38.pyc
│ │  test/__pycache__/test_address_book.pypy3-71.pyc
│ │  test/__pycache__/test_carddav_object.cpython-37.pyc
│ │ -test/__pycache__/test_carddav_object.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_carddav_object.cpython-38.pyc
│ │  test/__pycache__/test_carddav_object.pypy3-71.pyc
│ │  test/__pycache__/test_command_line_interface.cpython-37.pyc
│ │ -test/__pycache__/test_command_line_interface.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_command_line_interface.cpython-38.pyc
│ │  test/__pycache__/test_command_line_interface.pypy3-71.pyc
│ │  test/__pycache__/test_config.cpython-37.pyc
│ │ -test/__pycache__/test_config.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_config.cpython-38.pyc
│ │  test/__pycache__/test_config.pypy3-71.pyc
│ │  test/__pycache__/test_formatter.cpython-37.pyc
│ │ -test/__pycache__/test_formatter.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_helpers.cpython-37.pyc
│ │ -test/__pycache__/test_helpers.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_helpers.cpython-38.pyc
│ │  test/__pycache__/test_helpers.pypy3-71.pyc
│ │  test/__pycache__/test_khard.cpython-37.pyc
│ │  test/__pycache__/test_query.cpython-37.pyc
│ │  test/__pycache__/test_vcard_wrapper.cpython-37.pyc
│ │ -test/__pycache__/test_vcard_wrapper.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_vcard_wrapper.cpython-38.pyc
│ │  test/__pycache__/test_yaml.cpython-37.pyc
│ │ -test/__pycache__/test_yaml.cpython-38-pytest-5.4.3.pyc
│ │  test/__pycache__/test_yaml.cpython-38.pyc
│ │  test/__pycache__/test_yaml.pypy3-71.pyc
│ │  test/fixture/minimal.conf
│ │  test/fixture/multiple_values.yaml
│ │  test/fixture/single_values.yaml
│ │  test/fixture/broken.abook/unparsable.vcf
│ │  test/fixture/minimal.abook/minimal.vcf

The prepopulated *.pyc files in the test directory should not be in the sdist tarball on pypi.org because they make packaging unreproducible.

lucc commented 4 years ago

Sorry for that. Does https://test.pypi.org/project/khard/0.16.2rc1/ fix that? It is a test release based on b98fca997bd27fa3a796aa4647050716ba8b337f.

lucc commented 4 years ago

I merged de835302342954c52e5dbe5ae52447a8c912c49c into develop, it will be part of the next release.