Playable assemblies in python

Question

Playable assemblies in python

I need to send a compiled version of a python script and be able to prove (using a hash) that the compiled file really matches the source.

What we use so far is simple:

find . -name "*.py" -print0 | xargs -0 python2 -m py_compile

The problem is that it is not reproducible (not sure which vibrational factors, but 2 executions do not give us the same .pyc for the same python file) and forces us to always send the same compiled version instead of Being able to just give the build script to someone to create a new compiled version.

Is there any way to achieve this?

thanks

+5

python binary-reproducibility

Martin Trigaux Sep 13 '16 at 13:59

source share

1 answer

holdenweb · Accepted Answer · 2016-09-13T14:19:07+0000

Compiled Python files include a four-byte magic number and four-byte time and compilation date. This probably explains the discrepancies you see.

If you omit bytes 5-8 from the checksum process, you should see constant checksums for this version of Python.

The .pyc file format is given in this blog post by Ned Batchelder.

Playable assemblies in python

More articles: