3

We need to check the md5sum of self made python packages, actually taking it from resulting *.whl file. The problem is that the md5sum changes on every build, even if there no changes in source code. Also we have tested this on third party packages, i.e. django-celery, and get the same behavior.

So the questions are:

  1. What differs if we don't change the source code?
  2. Is it possible to get the same md5sum for the same python builds?

upd.

To illustrate the issue I get two reports made on two django-celery builds. Build content checksums is exactly the same (4th column), but the checksums of the *.whl files itself differs.

Links to the reports:

https://www.dropbox.com/s/0kkbhwd2fgopg67/django_celery-3.1.17-py2-none-any2.htm?dl=0 https://www.dropbox.com/s/vecrq587jjrjh2r/django_celery-3.1.17-py2-none-any1.htm?dl=0

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
ilov3
  • 427
  • 2
  • 7

1 Answers1

1

Quoting the relevant PEP:

A wheel is a ZIP-format archive with a specially formatted file name and the .whl extension.

ZIP archives preserve the modification time of each file.

Wheel archives do not contain just source code, but also other files and directories that are generated on the fly when the archive is created. Therefore, even if you don't touch your Python source code, the wheel will still contain contents that have a different modification time.

One way to work around this problem is to unzip the wheel and compute the checksums of the contents.

Andrea Corbellini
  • 17,339
  • 3
  • 53
  • 69