Bugzilla – Bug 1206342
python-maturin reproducible builds
Last modified: 2022-12-13 07:56:28 UTC
While working on reproducible builds for openSUSE, I found that
our python-maturin varies from 8 random bytes
probably from vendor/ahash-0.3.8/src/random_state.rs
that gets pulled in by
chumsky/Cargo.lock-name = "ahash"
chumsky/Cargo.lock:version = "0.3.8"
rfc2047-decoder/Cargo.lock-name = "ahash"
rfc2047-decoder/Cargo.lock:version = "0.3.8"
When I read https://github.com/tkaitchuck/aHash/blob/master/src/random_state.rs correctly, the current version should not have this problem.
I think, this could be solved by updating the vendor.tar.xz to only use the newer ahash version.
I’ve made an attempt (sr#1042453) and left a comment on the chumsky issue tracker. They’ve updated the dependency in git master, but there’s no release containing that change yet.
This is an autogenerated message for OBS integration:
This bug (1206342) was mentioned in
https://build.opensuse.org/request/show/1042453 Factory / python-maturin
I ran my tests on devel:languages:python/python-maturin
and it looks good.
Thanks for this quick fix.
Closing as fixed, then.
I have a lot of things to say about Cargo and the Rust ecosystem