Long story short

We noticed in repro test that this package does not result in deterministic output. The problem is creation of temporary directory here https://github.com/aio-libs/frozenlist/blob/8c15ec9/packaging/pep517_backend/_backend.py#L199. It leaks into debuginfo (we spotted this through analysing _frozenlist.cpython-312-aarch64-linux-gnu.so.debug)

Expected behaviour

Debuginfo is deterministic

Actual behaviour

Debuginfo is not deterministic

Steps to reproduce

Build twice, extract debuginfo, run diffoscope on data.

Your environment

freedesktop-sdk.

The root cause seems to be https://github.com/aio-libs/frozenlist/blob/8c15ec9/packaging/pep517_backend/_backend.py#L289 where in-place build is forced to false when building wheel. This means the wheels will always be non-deterministic. This is not great because these days everyone is expected to first create a wheel before installing packages. (this is also what pip does by default)

This was asked on Matrix too and I sent that person to Cython, so they filed cython/cython#5949. I'd rather wait for them to figure out an acceptable solution before trying to invent hacks here. The solution will likely involve a PEP 517 config setting for a custom pre-determined path and/or a setting to build in-place.

That sounds a bit odd though. We build a lot of projects with Cython (we build everything with pypa/build and use pypa/installer to install them) and frozenlist is the only one that is not deterministic.

Iirc most projects here do not create random dirs but build in subdir under source tree.