Nix also needs the build output to be deterministic to calculate the hash. It also has the problems of timestamps etc. The build environment tries to be hermetic by setting the time to be epoch among other things.
Nix also needs the build output to be deterministic to calculate the hash. It also has the problems of timestamps etc. The build environment tries to be hermetic by setting the time to be epoch among other things.
Yes, reading this I was thinking about how many of these problems go away with a nix environment. Certainly not all of them, but it’s a great way to get a reproducible build environment that includes direct specification of system dependencies.
SOURCE_DATE_EPOCH is not a Nix thing
https://reproducible-builds.org/docs/source-date-epoch/
(although Nix sets it as a default)
Nix hashes the build inputs, for which deterministic builds are not required, only desirable.