#37159: Implement reproducible artifact builds
-------------------------------------+-------------------------------------
Reporter: Jacob Walls | Owner: Jacob
Type: | Walls
Cleanup/optimization | Status: assigned
Component: Packaging | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Charles Roelli):
* has_patch: 0 => 1
Comment:
I've linked a PR to switch to `hatchling`. Moving away from `setuptools`
also allows us to remove `MANIFEST.in` (#36740).
This is the file listing diff from the unpacked setuptools sdist to the
unpacked hatchling sdist.
{{{
$ diff -u <(find setuptools/django-6.2.dev20260611202632 -printf '%P\n')
<(find hatchling/django-6.2.dev20260615084851/ -printf '%P\n')
@@ -6436,7 +6436,6 @@
tests/signing
tests/signing/tests.py
tests/signing/__init__.py
-tests/.coveragerc
tests/sites_framework
tests/sites_framework/tests.py
tests/sites_framework/migrations
@@ -10276,18 +10275,10 @@
docs/releases/3.0.2.txt
docs/lint.py
pyproject.toml
-MANIFEST.in
LICENSE
+.gitignore
AUTHORS
Gruntfile.js
INSTALL
LICENSE.python
-Django.egg-info
-Django.egg-info/entry_points.txt
-Django.egg-info/requires.txt
-Django.egg-info/PKG-INFO
-Django.egg-info/top_level.txt
-Django.egg-info/dependency_links.txt
-Django.egg-info/SOURCES.txt
-setup.cfg
CONTRIBUTING.rst
}}}
For the wheel, we have:
{{{
$ diff -u <(find setuptools/django-6.2.dist-info/ -printf '%P\n') <(find
hatchling/django-6.2.dev20260615084851.dist-info/ -printf '%P\n')
@@ -7,4 +7,3 @@
licenses/AUTHORS
licenses/LICENSE.python
METADATA
-top_level.txt
$ diff -u <(find setuptools/django/ -printf '%P\n') <(find
hatchling/django/ -printf '%P\n')
(empty)
}}}
The hashes for the hatchling artifact build which are hopefully
reproducible:
{{{
~/Code/django/hatchling-build$ sha256sum dist/*
275b282ec5efdb0d85926de3abf36d9f25cd4a1f7e010a8582b00f325123ae1c
dist/django-6.2.dev20260615084851-py3-none-any.whl
50e81862ee1a860fb17386201d739d4415e3ec2695cee38ea12a06cd3749fe5b
dist/django-6.2.dev20260615084851.tar.gz
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/37159#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019ecb317148-55765fef-f5a9-4f63-a3ec-3c2175f342d2-000000%40eu-central-1.amazonses.com.
