Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

build: reproducibility issue with hatch version

See original GitHub issue

I’m currently seeing our wheel file contents changing without changes to source:

diff -r locally-built-whl/tuf-1.1.0.dist-info/WHEEL github-whl/tuf-1.1.0.dist-info/WHEEL
2c2
< Generator: hatch 0.23.0
---
> Generator: hatch 0.22.0

So yes, we need to pin hatch version. This makes a lot of sense to me – why would we not pin the build tool when we pin all other dependencies?

I’m also a bit worried about that 0.22? Where did that come from – I don’t see it on pypi?

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

2reactions
ofekcommented, Apr 28, 2022
0reactions
jkucommented, Apr 28, 2022

Maybe it [WHEEL] should say hatchling 0.22.0?

I think this is the issue: we depend on hatchling only but for some reason the WHEEL file documents it as hatch but still using hatchling version numbers.

Then it makes sense:

  • we just pin our hatchling version pyproject.toml and build is now reproducible
  • whatever component uses the wrong name in WHEEL should be fixed … but it’s not critical to our build reproducibility
Read more comments on GitHub >

github_iconTop Results From Across the Web

#1005825 - hatchling: please make the build reproducible
Debian Bug report logs - #1005825 hatchling: please make the build reproducible. version graph. Package: src:hatchling; Maintainer for src: ...
Read more >
About - Hatch
Standardized build system with reproducible builds by default · Robust environment management with support for custom scripts · Easy publishing to ...
Read more >
Release-pipeline: reproducible builds · Issue #18292 - GitHub
To be clear, reproducible builds have been possible for a long time. The only requirement is that the source be checked out to...
Read more >
CMake / G++ reproducible build issue with changing build path
For quite some time I have been investigating with limited success reproducible build issue I have with a software I am packaging for...
Read more >
Reproducible Builds vs Semantic Versioning - Matrix AI
Theoretically you should be able to update patch and minor versions of dependencies without any kind of problem.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

RFE: expose delegated metadata to client application

Next page

cd: re-enable release signing