pythonPackages.limits: hack around versioneer non-reproducibility

Context: #84312 documents that using .gitattributes on GitHub results in non-reproducible release tarballs. versioneer uses this to provide version numbers for Python libraries. Hack around that issue by deleting the file containing substitutions in the fixed hash input derivation, and recreate the required info from the derivation's version info at patchPhase time.
2 years ago · 6e0f386ae4
parent 8ad52489e9
commit 6e0f386ae4
1 changed files with 10 additions and 1 deletions
--- a/pkgs/development/python-modules/limits/default.nix
+++ b/pkgs/development/python-modules/limits/default.nix
@ -26,7 +26,13 @@ buildPythonPackage rec {
    owner = "alisaifee";
    repo = pname;
    rev = version;
-    hash = "sha256-4Njai0LT72U9Ra4pgHU0ZjF9oZexbijUgLFYaZi/LgE=";
+    # Upstream uses versioneer, which relies on git attributes substitution.
+    # This leads to non-reproducible archives on github. Remove the substituted
+    # file here, and recreate it later based on our version info.
+    extraPostFetch = ''
+      rm "$out/limits/_version.py"
+    '';
+    hash = "sha256-ja+YbRHCcZ5tFnoofdR44jbkkdDroVUdKeDOt6yE0LI=";
  };

  propagatedBuildInputs = [
@ -53,6 +59,9 @@ buildPythonPackage rec {
    # redis-py-cluster doesn't support redis > 4
    substituteInPlace tests/conftest.py \
      --replace "import rediscluster" ""
+
+    # Recreate _version.py, deleted at fetch time due to non-reproducibility.
+    echo 'def get_versions(): return {"version": "${version}"}' > limits/_version.py
  '';

  pythonImportsCheck = [