Entry in .git_archival.txt makes repository artifacts non-reproducible #1394
Comments
|
The guidance is the same as in many other repos where @dvzrv opened the same issue — use sdists on PyPI. They are immutable and are the source for the downstreams. Using regular Git instead of the exported archive should also work. |
No, the guidance should instead be to follow the revised upstream documentation of setuptools_scm (https://github.com/pypa/setuptools_scm/pull/1033/files) and remove known problematic settings from that file :)
It doesn't (as one can not lock the file contents at a given tag due to the problematic settings in .git_archival.txt). @abhinavsingh AFAIK this entire topic is basically down to two things (for you as project maintainer):
|
|
Ah, so one line can be removed and I that'll work. I'll need to adjust it in my projects too, then. Git archive is something that is useful for non-tagged commits so I wouldn't remove the use of this feature. It's much more frictionless, than having to instruct the users to set env vars. |
Describe the bug
Hi 👋
We are currently rebuilding all relevant packages against Python 3.12 on Arch Linux.
While revisiting the proxy.py package I noticed that it uses setuptools_scm and a .git_archival.txt setup which makes the artifacts of this repository non-reproducible.
As we would like to be able to rely on transparent sources (those not created by a custom process) for our packages, it would be great if you could revise/ remove the .git_archival.txt file from this repository.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The artifacts of a repository (the auto-generated tarballs) do not change due to arbitrary changes to the repository done after a tag.
Version information
Additional context
The problem has been discussed upstream in pypa/setuptools_scm#806 and led to them revising (removing) the problematic content in question in their documentation (pypa/setuptools_scm#1033).
Screenshots
n/a
The text was updated successfully, but these errors were encountered: