Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is more information about reproducible builds on the Debian wiki and on https://reproducible-builds.org. These pages explain in more depth why this is useful, what common issues exist and which workarounds and solutions are known.
We try to apply these principles to Ironclad. We periodically
check ironclad master branch and each release tarball
before releasing for variations using
reprotest.
Here are listed the expected variables that will change build output, if they remain constant, Ironclad builds will be reproducible.
| Variable | Reason |
|---|---|
| Compiler/linker versions | Generated code will change |
| gprbuild/gnatmake versions | Different tooling versions may change flags |
| OS directory listing order | gprbuild/gnatmake use OS directory listing order to fetch source directory contents for compilation and linking, which makes them a compilation variable. Hopefully, that gets fixed soon. |