How to produce deterministic binary output with g++?
The Debian Reproducible builds project attempts to standardize Debian packages byte-by-byte, and has received a Linux Foundation grant in 2016.
While this may include more than compilation, you should have a look at it.
It also pointed me to this article, which adds the following points to what @Employed said:
- put the source in a fixed folder (e.g.
/tmp/build) to deal with__FILE__ - for
__DATE__,__TIME__,__TIMESTAMP__:- libfaketime : https://github.com/wolfcw/libfaketime
- override those macros with
-D -Wdate-timeor-Werror=date-time: warn or fail if either__TIME__,__DATE__or__TIMESTAMP__are is used. The Linux kernel 4.4 uses it by default.
- use the
Dflag withar, or use https://github.com/nh2/ar-timestamp-wiper/tree/master to wipe stamps -fno-guess-branch-probability: older manual versions say it is a source of non-determinism, but not anymore. Not sure if this is covered by-frandom-seedor not.
Buildroot has a BR2_REPRODUCIBLE option which may give some ideas on the package level, but it is far from complete at this point.
Related threads:
- https://superuser.com/questions/639351/does-recompiling-a-program-produce-a-bit-for-bit-identical-binary
- https://www.quora.com/What-can-be-the-possible-reasons-for-the-object-code-of-an-unchanged-C-file-to-change-on-recompilation
We also depend on bit-identical rebuilds, and are using gcc-4.7.x.
Besides setting PWD=/proc/self/cwd and using -frandom-seed=<input-file-name>, there are a handful of patches, which can be found in svn://gcc.gnu.org/svn/gcc/branches/google/gcc-4_7 branch.