How to produce deterministic binary output with g++?

Question

I work in a very regulated environment where we need to be able to produce identical binary input give the same source code every time be build out products. We currently u

Answer 1

We also depend on bit-identical rebuilds, and are using gcc-4.7.x.

Besides setting PWD=/proc/self/cwd and using -frandom-seed=<input-file-name>, there are a handful of patches, which can be found in svn://gcc.gnu.org/svn/gcc/branches/google/gcc-4_7 branch.

Answer 2

Use of the 'DATE' macro makes the build non-deterministic

Answer 3

The Debian Reproducible builds project attempts to standardize Debian packages byte-by-byte, and has received a Linux Foundation grant in 2016.

While this may include more than compilation, you should have a look at it.

It also pointed me to this article, which adds the following points to what @Employed said:

• put the source in a fixed folder (e.g. /tmp/build) to deal with __FILE__
• for __DATE__, __TIME__, __TIMESTAMP__:
  • libfaketime : https://github.com/wolfcw/libfaketime
  • override those macros with -D
  • -Wdate-time or -Werror=date-time: warn or fail if either __TIME__, __DATE__ or __TIMESTAMP__ are is used. The Linux kernel 4.4 uses it by default.
• use the D flag with ar, or use https://github.com/nh2/ar-timestamp-wiper/tree/master to wipe stamps
• -fno-guess-branch-probability: older manual versions say it is a source of non-determinism, but not anymore. Not sure if this is covered by -frandom-seed or not.

Buildroot has a BR2_REPRODUCIBLE option which may give some ideas on the package level, but it is far from complete at this point.

Related threads:

• https://superuser.com/questions/639351/does-recompiling-a-program-produce-a-bit-for-bit-identical-binary
• https://www.quora.com/What-can-be-the-possible-reasons-for-the-object-code-of-an-unchanged-C-file-to-change-on-recompilation