From 8ad1f3f02c90003035fd6dbeb558752a1bb9cb0b Mon Sep 17 00:00:00 2001 From: Chris Lamb Date: Thu, 9 Jul 2020 15:22:07 +0100 Subject: [PATCH] Make the build reproducible While auditing Debian's packages, Chris Lamb reported[*] that weather-util's correlation set generation is not reproducible because it embeds timestamps without a means to override them and also varies by system timezone. Allow SOURCE_DATE_EPOCH from the calling environment and assume UTC rather than relying on locale settings when no timezones are specified. [*] https://bugs.debian.org/964721 --- weather.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/weather.py b/weather.py index d9f5ed2..bdda3ee 100644 --- a/weather.py +++ b/weather.py @@ -1268,56 +1268,56 @@ def correlate(): weather_copyright, os.path.basename( sys.argv[0] ), datetime.date.isoformat( - datetime.datetime.fromtimestamp( time.time() ) + datetime.datetime.utcfromtimestamp( int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ) ), hashlib.md5( open(gcounties_an, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(gcounties_an) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(gcounties_an) ) ), gcounties_an, hashlib.md5( open(gcousubs_an, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(gcousubs_an) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(gcousubs_an) ) ), gcousubs_an, hashlib.md5( open(gplace_an, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(gplace_an) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(gplace_an) ) ), gplace_an, hashlib.md5( open(gzcta_an, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(gzcta_an) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(gzcta_an) ) ), gzcta_an, hashlib.md5( open(cpfzcf_fn, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(cpfzcf_fn) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(cpfzcf_fn) ) ), cpfzcf_fn, hashlib.md5( open(nsdcccc_fn, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(nsdcccc_fn) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(nsdcccc_fn) ) ), nsdcccc_fn, hashlib.md5( open(ourairports_fn, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(ourairports_fn) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(ourairports_fn) ) ), ourairports_fn, hashlib.md5( open(overrides_fn, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(overrides_fn) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(overrides_fn) ) ), overrides_fn, hashlib.md5( open(slist_fn, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(slist_fn) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(slist_fn) ) ), slist_fn, hashlib.md5( open(zlist_fn, "rb").read() ).hexdigest(), datetime.date.isoformat( - datetime.datetime.fromtimestamp( os.path.getmtime(zlist_fn) ) + datetime.datetime.utcfromtimestamp( os.path.getmtime(zlist_fn) ) ), zlist_fn ) -- 2.11.0