We have successfully created an independent, bit-by-bit-identical rebuild of the nixos-minimal ISO published by Hydra 🎉 Why is this useful? While there are a number of ‘side-benefits’, the main point of Reproducible Builds is that it gives us a reliable way to verify the binaries we ship are faithful to their sources, and have not been tampered with anywhere in the build pipeline (e.g. on Hydra). For general information on Reproducible Builds see: What exactly was reproduced? This me...

Great achievement by the NixOS Developers. Congratulations!

  • completion@lemmy.oneEnglish
    12·
    1 year ago

    I think the ISO specifically wasn’t reproducible but now it is.

    Nix packages are probably what you’re thinking of. They are reproducible

    • Corngood@lemmy.ml
      33·
      1 year ago

      In general nix packages are not reproducible in the sense that the output will be bit-for-bit identical. When a package is built on two different machines, nix will run the same commands, with the same environment variables, using identical inputs (e.g. source tarballs). However there are various ways build systems, compilers etc can still be non-deterministic, and this effort is about fixing that.

      • Atemu@lemmy.ml
        6·
        1 year ago

        In general nix packages are not reproducible in the sense that the output will be bit-for-bit identical.

        A large amount aren’t but, OTOH, a large amount also are because Nix does almost everything it can to set up an environment without easily preventable sources of non-determinism such as general filesystem access, networking or other means of communication with some uncontrolled system.