python3.8-minimal postinstall scripts make reproducible bytecode difficult
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python3.8 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
The python interpreter writes reproducible bytecode when two environment variables (SOURCE_DATE_EPOCH and PYTHONHASHSEED) are set. Without PYHONHASHSEED set, various internal data structures get serialized to a .pyc file in arbitrary order. With PYTHONHASHSEED, that order is deterministic.
The postinstall script in the python3.8-minimal package builds bytecode with `python3.8 -E -S -O /usr/lib/
Observed behavior: when the installer process runs with these two environment variables, bytecode differs between installations.
Expected behavior: the same bytecode under every installation
Status changed to 'Confirmed' because the bug affects multiple users.