Deterministic compilation, also known as reproducible builds, is a process of compiling software which ensures the resulting binary code can be reproduced. Source code compiled using deterministic compilation will always output the same binary.
Deterministic compilation can act as part of a chain of trust; the source code can be signed, and deterministic compilation can prove that the binary was compiled from trusted source code.
Methods
For the compilation process to be deterministic, the input to the compiler must be the same, regardless of the build environment used. This typically involves stripping variables that may change, such as timestamps, locales, and paths.
Build systems, such as Bazel, can be used to automate a deterministic build process.