Ubuntu
python3.8 package

python3.8-minimal postinstall scripts make reproducible bytecode difficult

Bug #1983124 reported by Josh
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
python3.8 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

The python interpreter writes reproducible bytecode when two environment variables (SOURCE_DATE_EPOCH and PYTHONHASHSEED) are set. Without PYHONHASHSEED set, various internal data structures get serialized to a .pyc file in arbitrary order. With PYTHONHASHSEED, that order is deterministic.

The postinstall script in the python3.8-minimal package builds bytecode with `python3.8 -E -S -O /usr/lib/python3.8/py_compile.py`. The -E option in particular causes PYTHONHASHSEED to be ignored. Users who want to reproducibly install Python into a container image must either delete or rewrite the bytecode after the installation concludes.

Observed behavior: when the installer process runs with these two environment variables, bytecode differs between installations.

Expected behavior: the same bytecode under every installation

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python3.8 (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.