Your message dated Thu, 01 Dec 2016 16:37:51 +0000
with message-id <e1ccump-0007tl...@fasolo.debian.org>
and subject line Bug#845325: fixed in wheel 0.29.0-2
has caused the Debian Bug report #845325,
regarding wheel: please make the output of METADATA files reproducible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
845325: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845325
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: wheel
Version: 0.29.0-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness toolchain
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0], we noticed
that wheel generates nondeterminstic output.
For example, in python-pip's urllib3-1.15.1.dist-info/METADATA, a
``Requires-Dist header`` has two version constraints and they appear
in a nondeterminstic order:
│ │ │ │ │ -Requires-Dist: PySocks (>=1.5.6,<2.0); extra == 'socks'
│ │ │ │ │ +Requires-Dist: PySocks (<2.0,>=1.5.6); extra == 'socks'
Patch attached.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diff --git a/wheel/metadata.py b/wheel/metadata.py
index b3cc65c..6da0cc4 100644
--- a/wheel/metadata.py
+++ b/wheel/metadata.py
@@ -223,7 +223,7 @@ def requires_to_requires_dist(requirement):
requires_dist.append(op + ver)
if not requires_dist:
return ''
- return " (%s)" % ','.join(requires_dist)
+ return " (%s)" % ','.join(sorted(requires_dist))
def convert_requirements(requirements):
"""Yield Requires-Dist: strings for parsed requirements strings."""
--- End Message ---
--- Begin Message ---
Source: wheel
Source-Version: 0.29.0-2
We believe that the bug you reported is fixed in the latest version of
wheel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 845...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Barry Warsaw <ba...@debian.org> (supplier of updated wheel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 01 Dec 2016 11:04:31 -0500
Source: wheel
Binary: python-wheel python3-wheel python-wheel-common
Architecture: source all
Version: 0.29.0-2
Distribution: unstable
Urgency: medium
Maintainer: Barry Warsaw <ba...@debian.org>
Changed-By: Barry Warsaw <ba...@debian.org>
Description:
python-wheel - built-package format for Python
python-wheel-common - built-package format for Python
python3-wheel - built-package format for Python
Closes: 845325
Changes:
wheel (0.29.0-2) unstable; urgency=medium
.
* d/patches/reproducible-builds.patch: Added to sort Requires-Dist
headers into a deterministic order. Given by Chris Lamb.
(Closes: #845325)
* d/control:
- Bump Standards-Version to 3.9.8 with no other changes necessary.
- Add Recommends for python{,3}-keyring, python{,3}-keyrings.alt, and
python{,3}-xdg for signature/keyring support.
* d/tests/control: Add additional Depends for pytest commands.
* wrap-and-sort -at
Checksums-Sha1:
eb86973fe0881f2bf40a1d5a774799ba18953148 2469 wheel_0.29.0-2.dsc
c640cf20bd881075322c58b1f469bfd59fdb370f 9700 wheel_0.29.0-2.debian.tar.xz
1357367d7e49530b19e38f8c02f39f5ab9e1076d 9680
python-wheel-common_0.29.0-2_all.deb
db36272b4883f66140921702e7e3eb13296f930f 51734 python-wheel_0.29.0-2_all.deb
7bccb19dc2712dfe0692bc529082dea2ebf8fcb7 51822 python3-wheel_0.29.0-2_all.deb
a44b2f0f9b0e398b2955007b0885df88785e4586 6320 wheel_0.29.0-2_amd64.buildinfo
Checksums-Sha256:
7cbf85cd0958b68893914cd996caadeef2d0fc666c986f8498c178de5d24283b 2469
wheel_0.29.0-2.dsc
e3a5fe908814114ceb155ee37ec7e6e7dd3ff4b6f0976417740fa1fa21800d68 9700
wheel_0.29.0-2.debian.tar.xz
1dd45c2e0cfdccea7dd9ac4a9182a077565b8bf80324a9fb07c8bb577a4c2c7c 9680
python-wheel-common_0.29.0-2_all.deb
1f45b430e72523b3ac65985164cf574845dabcc88e01802f612a126fc5fb46a8 51734
python-wheel_0.29.0-2_all.deb
aaadbaff27adaa022dca3528e94bbf4d0a0740b05c0df473084afc4032a2292b 51822
python3-wheel_0.29.0-2_all.deb
e44a303ef268d35a6c263b80244bda6a748c0ae259906507fef359dc7a0bcbf9 6320
wheel_0.29.0-2_amd64.buildinfo
Files:
e080fe03d1da4f89cc9b61c233a74006 2469 python optional wheel_0.29.0-2.dsc
7623d0149c7aa3d7adaa685b8391ea31 9700 python optional
wheel_0.29.0-2.debian.tar.xz
221170276147926b8309c6b4aaf9683e 9680 python optional
python-wheel-common_0.29.0-2_all.deb
80734705baab54b8e94563d6986f9950 51734 python optional
python-wheel_0.29.0-2_all.deb
7f0c0929619f857313adc9b50a012543 51822 python optional
python3-wheel_0.29.0-2_all.deb
306c778696d43b739a1b1e14f6920078 6320 python optional
wheel_0.29.0-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEhBcVftvnPZ6sHlObEm61Y6dLBr8FAlhATBcACgkQEm61Y6dL
Br//Ag/5AYAdPo5dDh0gjntR5h7wOGrr7PWNAsUfcbkdze1uZOAUvOLX2pORagIv
wJlvTZVjteoKf9txV7d4fdvLhQUL8tomvB4Gp1RJqiqSJcjWRDStpWs7NGcl7f4A
sKFMs60OgAIKvyS0N2ffZKwpfEzUw00CerxOBI46Sses0Zu1JKhff1ctVdmWzd+d
4QuxA9hlxaJvo4morO0v81Z9XnEjf4shqtaY5hQlVAB2BGGMNcXfHRqNSJe2gAG+
tsmO4Q+9zYLMJevGzcEGEMTqQuXiUr94g91Vtv96e09bFIeC4MHcTdEEC6NcjwZS
w1Kfg0OaJUbliAt+Iw8Z5oDIu1HKsDe9tAZk5cLfAIDRkDTGNPYzjovQcOMI6wFt
3FGi88JVGSwEarvoZGkn3ZjOru51fw8hS9pQ0KWdws+lGgYHKRUUUM7yiblELDrU
lw8EsjTZXPN+LciMVvkTlVIpwXzgqwFTr5BOzhasf4ioaLSsOJ/N4sMsNAHnkO4w
0RColvUkUsyDjLFWSGw8SZOszTaouQ13if7ERi3SyMjceJNqZ6NOfvQJ2e5nDceI
KyZwVRSW7fA46IBCWKeesA7ytc8zT7WQoQ/TR9DbE1ZqFBiM84ySM5eBym8fEqCt
qrv4N8ph/I77P1RFwfiV69k+WmPWmdTUH3hksqTQrBf/pMtAN5Q=
=lg6A
-----END PGP SIGNATURE-----
--- End Message ---
