reproducible build
also: deterministic build
A build process that produces byte-for-byte identical binaries from the same source code, enabling verification that software hasn't been tampered with and improving transparency.
A reproducible build is one where compiling the same source code with the same toolchain produces identical output files every time, bit-for-bit. This removes non-deterministic elements like timestamps, build paths, and random values that normally cause rebuilds to differ.
This matters for security and trust: if you can rebuild a binary from source and it matches the distributed version, you know the distributed binary wasn't modified or injected with malware during the build process. It's particularly important for projects like Tor Browser and Debian, where users want assurance that the software is exactly what was intended.
Common obstacles include embedded timestamps, file ordering from hash tables, and compiler-generated random values. Reproducible builds require tools like SOURCE_DATE_EPOCH to control timestamps and careful build system configuration to ensure deterministic output.