nixpkgs/pkgs/development/interpreters/python/cpython/3.5/default.nix
Frederik Rietdijk acd32a4caf Python: set DETERMINISTIC_BUILD and PYTHONHASHSEED in setupHook
The Python interpreters are patched so they can build .pyc bytecode free
of certain indeterminism.

When building Python packages we currently set

```
compiling python files.
in nix store.
DETERMINISTIC_BUILD=1;
PYTHONHASHSEED = 0;
```

Instead if setting these environment variables in the function that
builds the package, this commit sets the variables instead in the Python
setup hook. That way, whenever Python is included in a derivation, these
variables are set.

See also the issue https://github.com/NixOS/nixpkgs/issues/25707.
2017-05-19 16:28:11 +02:00

184 lines
6.6 KiB
Nix

{ stdenv, fetchurl, fetchpatch
, bzip2
, expat
, libffi
, gdbm
, lzma
, ncurses
, openssl
, readline
, sqlite
, tcl ? null, tk ? null, tix ? null, libX11 ? null, xproto ? null, x11Support ? false
, zlib
, callPackage
, self
, CF, configd
, python-setup-hook
# For the Python package set
, pkgs, packageOverrides ? (self: super: {})
}:
assert x11Support -> tcl != null
&& tk != null
&& xproto != null
&& libX11 != null;
with stdenv.lib;
let
majorVersion = "3.5";
minorVersion = "3";
minorVersionSuffix = "";
pythonVersion = majorVersion;
version = "${majorVersion}.${minorVersion}${minorVersionSuffix}";
libPrefix = "python${majorVersion}";
sitePackages = "lib/${libPrefix}/site-packages";
buildInputs = filter (p: p != null) [
zlib bzip2 expat lzma libffi gdbm sqlite readline ncurses openssl ]
++ optionals x11Support [ tcl tk libX11 xproto ]
++ optionals stdenv.isDarwin [ CF configd ];
in stdenv.mkDerivation {
name = "python3-${version}";
pythonVersion = majorVersion;
inherit majorVersion version;
inherit buildInputs;
src = fetchurl {
url = "https://www.python.org/ftp/python/${majorVersion}.${minorVersion}/Python-${version}.tar.xz";
sha256 = "1c6v1n9nz4mlx9mw1125fxpmbrgniqdbbx9hnqx44maqazb2mzpf";
};
NIX_LDFLAGS = optionalString stdenv.isLinux "-lgcc_s";
# Determinism: The interpreter is patched to write null timestamps when compiling python files.
# This way python doesn't try to update them when we freeze timestamps in nix store.
DETERMINISTIC_BUILD=1;
# Determinism: We fix the hashes of str, bytes and datetime objects.
PYTHONHASHSEED=0;
prePatch = optionalString stdenv.isDarwin ''
substituteInPlace configure --replace '`/usr/bin/arch`' '"i386"'
substituteInPlace configure --replace '-Wl,-stack_size,1000000' ' '
'';
patches = [
(fetchpatch {
name = "glibc-2.25-enosys.patch";
url = https://github.com/python/cpython/commit/035ba5da3e53e.patch;
sha256 = "1y74ir1w5cq542w27rgzgp70chhq2x047db9911mihpab8p2nj71";
})
];
postPatch = ''
# Determinism
substituteInPlace "Lib/py_compile.py" --replace "source_stats['mtime']" "(1 if 'DETERMINISTIC_BUILD' in os.environ else source_stats['mtime'])"
# Determinism. This is done unconditionally
substituteInPlace "Lib/importlib/_bootstrap_external.py" --replace "source_mtime = int(st['mtime'])" "source_mtime = 1"
'' + optionalString (x11Support && (tix != null)) ''
substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
'';
CPPFLAGS="${concatStringsSep " " (map (p: "-I${getDev p}/include") buildInputs)}";
LDFLAGS="${concatStringsSep " " (map (p: "-L${getLib p}/lib") buildInputs)}";
LIBS="${optionalString (!stdenv.isDarwin) "-lcrypt"} ${optionalString (ncurses != null) "-lncurses"}";
configureFlags = [
"--enable-shared"
"--with-threads"
"--without-ensurepip"
"--with-system-expat"
"--with-system-ffi"
];
preConfigure = ''
for i in /usr /sw /opt /pkg; do # improve purity
substituteInPlace ./setup.py --replace $i /no-such-path
done
${optionalString stdenv.isDarwin ''
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -msse2"
export MACOSX_DEPLOYMENT_TARGET=10.6
''}
'';
setupHook = python-setup-hook sitePackages;
postInstall = ''
# needed for some packages, especially packages that backport functionality
# to 2.x from 3.x
for item in $out/lib/python${majorVersion}/test/*; do
if [[ "$item" != */test_support.py* ]]; then
rm -rf "$item"
else
echo $item
fi
done
touch $out/lib/python${majorVersion}/test/__init__.py
ln -s "$out/include/python${majorVersion}m" "$out/include/python${majorVersion}"
paxmark E $out/bin/python${majorVersion}
# Python on Nix is not manylinux1 compatible. https://github.com/NixOS/nixpkgs/issues/18484
echo "manylinux1_compatible=False" >> $out/lib/${libPrefix}/_manylinux.py
# Determinism: Windows installers were not deterministic.
# We're also not interested in building Windows installers.
find "$out" -name 'wininst*.exe' | xargs -r rm -f
# Use Python3 as default python
ln -s "$out/bin/idle3" "$out/bin/idle"
ln -s "$out/bin/pip3" "$out/bin/pip"
ln -s "$out/bin/pydoc3" "$out/bin/pydoc"
ln -s "$out/bin/python3" "$out/bin/python"
ln -s "$out/bin/python3-config" "$out/bin/python-config"
ln -s "$out/lib/pkgconfig/python3.pc" "$out/lib/pkgconfig/python.pc"
# Get rid of retained dependencies on -dev packages, and remove
# some $TMPDIR references to improve binary reproducibility.
# Note that the .pyc file of _sysconfigdata.py should be regenerated!
for i in $out/lib/python${majorVersion}/_sysconfigdata.py $out/lib/python${majorVersion}/config-${majorVersion}m/Makefile; do
sed -i $i -e "s|-I/nix/store/[^ ']*||g" -e "s|-L/nix/store/[^ ']*||g" -e "s|$TMPDIR|/no-such-path|g"
done
# Determinism: rebuild all bytecode
# We exclude lib2to3 because that's Python 2 code which fails
# We rebuild three times, once for each optimization level
find $out -name "*.py" | $out/bin/python -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -O -m compileall -q -f -x "lib2to3" -i -
find $out -name "*.py" | $out/bin/python -OO -m compileall -q -f -x "lib2to3" -i -
'';
passthru = let
pythonPackages = callPackage ../../../../../top-level/python-packages.nix {python=self; overrides=packageOverrides;};
in rec {
inherit libPrefix sitePackages x11Support;
executable = "${libPrefix}m";
buildEnv = callPackage ../../wrapper.nix { python = self; };
withPackages = import ../../with-packages.nix { inherit buildEnv pythonPackages;};
pkgs = pythonPackages;
isPy3 = true;
isPy35 = true;
interpreter = "${self}/bin/${executable}";
};
enableParallelBuilding = true;
meta = {
homepage = http://python.org;
description = "A high-level dynamically-typed programming language";
longDescription = ''
Python is a remarkably powerful dynamic programming language that
is used in a wide variety of application domains. Some of its key
distinguishing features include: clear, readable syntax; strong
introspection capabilities; intuitive object orientation; natural
expression of procedural code; full modularity, supporting
hierarchical packages; exception-based error handling; and very
high level dynamic data types.
'';
license = licenses.psfl;
platforms = with platforms; linux ++ darwin;
maintainers = with maintainers; [ chaoflow domenkozar cstrahan ];
};
}