MantisBT - Doomseeker
View Issue Details
0003255Doomseeker[All Projects] Suggestionpublic2017-09-07 21:212018-10-06 11:51
0003255: Support reproducible, deterministic builds
This is a parent report for all reports concerning reproducibility.
On the high level:

      Build from source a first time.

      Save the result.

      Perform as many changes to the environment as possible.

      Build from source a second time.

      Compare the results. [^]


  • Debian Policy Manual v4.1.0.0 (and later versions), section 4.15.

No tags attached.
parent of 0003256feedback Pol M Failure to reproduce builds with variations in build path 
related to 0003538closed Zalewa The preferred form of IP2C database for modifications (CSV) is not currently distributed 
child of 0003246confirmed WubTheCaptain Debian packaging 
Not all the children of this issue are yet resolved or closed.
Issue History
2017-09-07 21:21WubTheCaptainNew Issue
2017-09-07 21:59WubTheCaptainNote Added: 0018240
2017-09-07 22:07AOSPNote Added: 0018242
2017-09-08 01:53Blzut3Relationship addedparent of 0003256
2017-09-08 01:53Blzut3Note Deleted: 0018242
2017-09-08 02:01WubTheCaptainNote Added: 0018246
2017-09-11 16:58ZalewaRelationship addedchild of 0003246
2017-09-18 07:38ZalewaNote Added: 0018309
2017-09-18 19:40WubTheCaptainNote Added: 0018328
2017-09-19 09:29WubTheCaptainNote Added: 0018342
2017-09-20 20:54ZalewaNote Added: 0018352
2017-09-20 21:57WubTheCaptainNote Added: 0018354
2017-09-20 22:02WubTheCaptainNote Edited: 0018354bug_revision_view_page.php?bugnote_id=18354#r10984
2017-09-20 22:12WubTheCaptainNote Edited: 0018354bug_revision_view_page.php?bugnote_id=18354#r10985
2017-10-05 01:50WubTheCaptainStatusnew => confirmed
2018-10-05 07:40WubTheCaptainPrioritynormal => low
2018-10-06 11:51WubTheCaptainRelationship addedrelated to 0003538

2017-09-07 21:59   
Build path tested so far, bug 0003256. I've not yet tested other changes in environment.
2017-09-08 02:01   
Build ID differs as a result of other issues.
2017-09-18 07:38   
I gather that to solve this it will be sufficient to put a description in COMPILE.txt explaining how to achieve deterministic build?
2017-09-18 19:40   
To solve this, I think one should first test many (all) of the possible variations and find what changes in the build. Fix or define whatever comes up differently.

Then the build should be as close to deterministic by default, or defined how to reproduce.
2017-09-19 09:29   
0003266 is possibly related.
2017-09-20 20:54   
I identified some problems that prevented reproducible builds and described how to overcome them: [^]

When followed, sha256sum for all binaries is produced the same regardless of build time, build path and locale.

Building in Docker still produces different results than building in Ubuntu 16.04, though I would assume that this is caused by different Qt version (5.2.1 vs 5.5.1).
2017-09-20 21:57   
(edited on: 2017-09-20 22:12)
QT_HASH_SEED may not need to be touched? The behavior of binary doesn't need to be deterministic; only the build system needs to produce bit-to-bit identical binaries, and the build environment should be recorded or pre-defined. Else I think (at least) Debian GNU/Linux already does all that deterministically, since I had no issue reproducing without touching QT_HASH_SEED.

Documenting RPATH skipping addresses 0003256 mostly, until a way is found to address 0003239.

SHA256 hashing is a good way of verifying the output matches. Of course different Qt versions will have an effect, so somewhere on the website the Qt versions (build environment) should be defined later.