-
Notifications
You must be signed in to change notification settings - Fork 2.9k
Reproducible crate builds #8612
Copy link
Copy link
Closed
Labels
A-reproducibilityArea: reproducible / deterministic buildsArea: reproducible / deterministic buildsC-feature-requestCategory: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`Command-package
Description
Metadata
Metadata
Assignees
Labels
A-reproducibilityArea: reproducible / deterministic buildsArea: reproducible / deterministic buildsC-feature-requestCategory: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`Command-package
Type
Fields
Give feedbackNo fields configured for issues without a type.
Describe the problem you are trying to solve
I'd like to provide a way for folks who receive my crate from crates.io to have confidence that it is exactly identical to the one built from the source.
Describe the solution you'd like
I'd like to have a reproducible crate build so that running
crate packageon two different systems (with the same version of cargo) produces bit-for-bit identical archives. I imagine that would look like this:SOURCE_DATE_EPOCHenvironment variable or the latest commit, if the working tree is unmodified and version controlled.Possibly this could be controlled with a flag if having it as the default behavior isn't wanted.
Notes
More information about reproducible builds and why they're valuable can be found at https://reproducible-builds.org/. I'm happy to implement this if folks think it's a good idea.