Stable order for outputs
Data structures such as Perl hashes, Python dictionaries, or Ruby Hash objects will list their keys in a different order on every run to limit algorithmic complexity attacks.
The following Perl code will output the list in a different order on every run:
foreach my $package (keys %deps) {
print MANIFEST, "$package: $deps[$packages]";
}To get a deterministic output, the easiest way is to explicitly sort the keys:
foreach my $package (sort keys %deps) {
print MANIFEST, "$package: $deps[$packages]";
}For Perl, it is possible to set PERL_HASH_SEED=0 in the environment. This
will result in hash keys always being in the same order. See
perlrun(1) for more information.
Python users can similarly set the environment variable PYTHONHASHSEED. When set to a given integer value, orders in dictionaries will be the same on every run.
Beware that the locale settings
might affect the output of some sorting functions or the sort command.
Introduction
Achieve deterministic builds
- SOURCE_DATE_EPOCH
- Deterministic build systems
- Volatile inputs can disappear
- Stable order for inputs
- Value initialization
- Version information
- Timestamps
- Timezones
- Locales
- Archive metadata
- Stable order for outputs
- Randomness
- Build path
- System images
- JVM
Define a build environment
- What's in a build environment?
- Recording the build environment
- Definition strategies
- Proprietary operating systems
Distribute the environment
Comparison protocol
Specifications
Follow us on Twitter @ReproBuilds, Mastodon @reproducible_builds@fosstodon.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches welcome via our Git repository (instructions) or via our mailing list. • Full contact info
