In the world of functional package managers like Nix, build reproducibility is highly valued, but not always guaranteed. Despite the marketing pitch of “Reproducible builds and deployments,” Nix has faced criticism from those dedicated to achieving bitwise reproducibility in their builds. Recently, a study spanning 6 years found that Nixpkgs saw a steady increase in reproducibility rates, reaching an impressive 91% in 2023. Surprising reasons for non-reproducibility include embedded dates, uname outputs, environment variables, and build IDs. This research highlights the potential for leveraging build reproducibility to enhance trust in distributed artifacts, a key factor in the software supply chain.
https://luj.fr/blog/is-nixos-truly-reproducible.html