<!DOCTYPE html> <html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <title>Reproducible Builds &mdash; a set of software development practices that create an independently-verifiable path from source to binary code</title> <link rel="stylesheet" href="/assets/styles/main.css?1739821384"> <link rel="shortcut icon" type="image/png" href="/assets/images/favicon.png"/> <link href="/assets/fonts/overpass.css" rel="stylesheet"> <link href="/assets/fonts/overpass-mono.css" rel="stylesheet"> <link rel="stylesheet" href="/assets/static/open-iconic-bootstrap.css" /> <link rel="stylesheet" href="/assets/static/bootstrap.min.css"> <link rel="alternate" type="application/rss+xml" title="Reproducible Builds - Posts" href="https://reproducible-builds.org/feed.xml" /> <link rel="alternate" type="application/rss+xml" title="Reproducible Builds - All News" href="https://reproducible-builds.org/blog/index.rss" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="twitter:card" content="summary"> <meta name="twitter:site" content="@ReproBuilds"> <meta name="twitter:title" content="Reproducible Builds"> <meta name="twitter:description" content="Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code."> <meta name="twitter:image" content="https://reproducible-builds.org/images/logos/rb-logo-only.png"> </head> <body> <nav class="navbar navbar-expand-lg navbar-light sticky-top rb-navbar__top"> <a class="navbar-brand mr-5" href="/"> <img src="/assets/images/logo-text-white.png" height="30" width="auto" alt=""></img> </a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarSupportedContent"> <ul class="navbar-nav mr-auto"> <li class="nav-item"> <a class="nav-link" href="/news/">News</a> </li> <li class="nav-item"> <a class="nav-link" href="/docs/">Docs</a> </li> <li class="nav-item"> <a class="nav-link" href="/success-stories/">Success stories</a> </li> <li class="nav-item"> <a class="nav-link" href="/tools/">Tools</a> </li> <li class="nav-item"> <a class="nav-link" href="/who/">Who is involved?</a> </li> <li class="nav-item"> <a class="nav-link" href="/resources/">Talks</a> </li> <li class="nav-item"> <a class="nav-link" href="/events/">Events</a> </li> <li class="nav-item"> <a class="nav-link" href="/citests/">CI tests</a> </li> <li class="nav-item"> <a class="nav-link" href="/contribute/">Contribute</a> </li> </ul> </div> </nav> <div class="container"> <main role="main" class="content-scroll p-3"> <div class="hero mb-4"> <div class="container text-center"> <div class="col-sm-8 offset-sm-2"> <a href="/"> <img class="mb-4 img-fluid" src="/assets/images/logo-text-white.png" alt="Reproducible Builds" /> </a> <p class="lead mt-5 pt-5 pb-5"> <strong>Reproducible builds</strong> are a set of software development practices that create an independently-verifiable path from source to binary&nbsp;code. <small class="d-none d-sm-inline"> (<a href="/docs/definition/">Find out more</a>) </small> </p> </div> </div> </div> <div class="row justify-content-center"> <h2 class="text-center mb-4">Why Reproducible Builds Matter</h2> <p class="mb-4"><strong>In short: </strong>Reproducible Builds provide certainty that software is genuine and has not been tampered with.</p> <div class="row justify-content-center"> <div class="col-lg-4 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <div class="d-flex justify-content-center align-items-center p-3 rounded-circle mx-auto tinted-icon"> 🔒 </div> <h3 class="card-title mt-3">Security &amp; Trust</h3> <p class="card-text text-left"><p>Reproducible Builds let third parties make sure that software hasn’t been altered, increasing <strong>safety and reliability</strong>.</p> </p> </div> </div> </div> <div class="col-lg-4 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <div class="d-flex justify-content-center align-items-center p-3 rounded-circle mx-auto tinted-icon"> 🔬 </div> <h3 class="card-title mt-3">Transparency in Development</h3> <p class="card-text text-left"><p>Reproducible Builds make sure that developers’ code always works the same way, which makes the software more <strong>consistent and trustworthy</strong>.</p> </p> </div> </div> </div> <div class="col-lg-4 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <div class="d-flex justify-content-center align-items-center p-3 rounded-circle mx-auto tinted-icon"> 🏰 </div> <h3 class="card-title mt-3">Protection of Build Infrastructure</h3> <p class="card-text text-left"><p>Attacks on build systems and supply chains can affect many users. Reproducible builds <strong>detect unauthorized changes</strong> to the build process early.</p> </p> </div> </div> </div> <div class="col-lg-4 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <div class="d-flex justify-content-center align-items-center p-3 rounded-circle mx-auto tinted-icon"> 📜 </div> <h3 class="card-title mt-3">Regulatory Compliance &amp; Licensing</h3> <p class="card-text text-left"><p>Reproducible Builds <strong>ensure software complies with licenses</strong> and industry standards by proving that binaries match their source code.</p> </p> </div> </div> </div> <div class="col-lg-4 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <div class="d-flex justify-content-center align-items-center p-3 rounded-circle mx-auto tinted-icon"> 🛡️ </div> <h3 class="card-title mt-3">Increased Resilience Against Attacks</h3> <p class="card-text text-left"><p>Reproducible Builds <strong>protect developers from targeted attacks</strong> by allowing third-party verification of their software, preventing your projects from being compromised.</p> </p> </div> </div> </div> </div> </div> <div class="row justify-content-center"> <h2 class="text-center mb-5">Reproducible Builds and You</h2> <div class="row justify-content-start offset-boxes"> <div class="col-lg-6 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <h3 class="card-title mt-0">End User</h3> <p class="card-text text-left"><p><strong>Reproducible Builds</strong> ensure that the software you trust is both safe and verifiable. They do this by verifying that the binaries that you download match the original, untampered source code. For security-related tools, this means high confidence that your data and communications are protected against hidden backdoors or vulnerabilities.</p> </p> <p class="card-text text-left"><strong><p>When choosing the software for your critical tasks, opt for projects that advertise their builds as reproducible. You can see which technologies are using deterministic builds in our <a href="https://reproducible-builds.org/success-stories/">success stories</a></p> </strong></p> </div> </div> </div> <div class="col-lg-6 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <h3 class="card-title mt-0">Software Developer</h3> <p class="card-text text-left"><p><strong>Reproducible Builds</strong> elevate deterministic builds by making the build process independently verifiable by anyone. This means others can confirm your binaries match the source code exactly, fostering trust, improving debugging, speeding up builds, and demonstrating your commitment to high standards. It also allows the development of extremely concise and easily verifiable patches for any version of your software, eg. for customers that have high security requirements and need to audit every release they make.</p> </p> <p class="card-text text-left"><strong><p><a href="https://reproducible-builds.org/docs/commandments/">The Commandments of Reproducible Builds</a> are a good place to start your journey.</p> </strong></p> </div> </div> </div> <div class="col-lg-6 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <h3 class="card-title mt-0">Tech CTO / Project Lead</h3> <p class="card-text text-left"><p><strong>Reproducible Builds</strong> add a strong layer of security to your build pipelines, enabling independent audits and ensuring every binary matches the source code. They’re a powerful tool for mitigating risks in your software supply chain, simplifying regulatory and license compliance, verifying SBOMs, and aligning your engineering practices with the highest standards. For a CTO, it’s an investment in resilience and trust.</p> </p> <p class="card-text text-left"><strong><p>Read on to learn about <a href="https://reproducible-builds.org/docs/plans/">planning to make your builds reproducible</a></p> </strong></p> </div> </div> </div> <div class="col-lg-6 col-md-6 col-sm-12 mb-4 d-flex"> <div class="card h-100 shadow-sm"> <div class="card-body"> <h3 class="card-title mt-0">Tech CEO / Project Owner</h3> <p class="card-text text-left"><p><strong>Reproducible Builds</strong> demonstrate your company’s commitment to best-in-class processes and trustworthiness by guaranteeing the integrity of your software. Your software is enhanced with verifiable proof of consistency, giving customers confidence that your product is secure and transparent. Your supply chain and your developers are much better protected against a variety of attacks. This positions your company at the leading edge of accountability, setting you apart in competitive markets and building lasting relationships with users and stakeholders.</p> </p> <p class="card-text text-left"><strong><p>Find out more about <a href="https://reproducible-builds.org/docs/buy-in/">the high-level benefits of Reproducible Builds</a></p> </strong></p> </div> </div> </div> </div> <a href="/docs/which-problems-do-reproducible-builds-solve/" class="big-cta card"> <div class="card-body"> <div class="cta-text"><strong>Protect developers, safeguard privacy, and ensure trust in software.</strong>Discover how Reproducible Builds help you defend against threats and empower secure collaboration.</div> <div class="point"></div> </div> </a> </div> <div class="container my-5"> <div class="row"> <!-- How section --> <div class="col-md-8"> <h2 class="mb-4">How does it work?</h2> <p> First, the <strong>build system</strong> needs to be made entirely deterministic: transforming a given source must always create the same result. For example, the current date and time must not be recorded and output always has to be written in the same order. </p> <p> Second, the set of tools used to perform the build and more generally the <strong>build environment</strong> should either be recorded or pre-defined. </p> <p> Third, users should be given a way to recreate a close enough build environment, perform the build process, and <strong>validate</strong> that the output matches the original build. </p> <a href="/docs">Learn more about how to make your software build reproducibly…</a> </div> <!-- Sidebar: Recent Reports and News --> <div class="col-md-4"> <div class="p-4 bg-light rounded"> <h3 class="mb-3">Recent Monthly Reports</h3> <ul class="list-unstyled mb-4"> <li class="mb-2"> <span class="text-muted">Feb 5, 2025</span>: <a href="/reports/2025-01/">Reproducible Builds in January 2025</a> </li> <li class="mb-2"> <span class="text-muted">Jan 9, 2025</span>: <a href="/reports/2024-12/">Reproducible Builds in December 2024</a> </li> <li class="mb-2"> <span class="text-muted">Dec 5, 2024</span>: <a href="/reports/2024-11/">Reproducible Builds in November 2024</a> </li> </ul> <a href="/news/" class="btn btn-outline-primary btn-sm">See all reports</a> </div> <div class="p-4 bg-light rounded mt-4"> <h3 class="mb-3">Recent News</h3> <ul class="list-unstyled mb-4"> <li class="mb-2"> <span class="text-muted">Nov 14, 2024</span>: <a href="/news/2024/11/14/reproducible-builds-mourns-the-passing-of-lunar/">Reproducible Builds mourns the passing of Lunar</a> </li> <li class="mb-2"> <span class="text-muted">Sep 29, 2024</span>: <a href="/news/2024/09/29/supporter-spotlight-kees-cook/">Supporter spotlight: Kees Cook on Linux kernel security</a> </li> <li class="mb-2"> <span class="text-muted">Feb 8, 2024</span>: <a href="/news/2024/02/08/reproducible-builds-at-fosdem-2024/">Reproducible Builds at FOSDEM 2024</a> </li> </ul> <a href="/news/" class="btn btn-outline-primary btn-sm">See all news</a> </div> </div> </div> </div> <h2 id="sponsors">Sponsors</h2> <p>We are proud to be <a href="/sponsors/">sponsored by</a>:</p> <div class="row bg-light p-md-4 p-sm-2 pt-5 pb-5"> <div class="col-xs-12 col-sm-6 mb-6 mx-auto"> <div class="card h-100 text-center justify-content-center"> <a href="https://www.opentech.fund/" name="Open Technology Fund"> <img class="p-5 w-100 sponsor-img-platinum" src="/assets/images/sponsors/opentechfund.svg" alt="Open Technology Fund" /> </a> </div> </div> <div class="col-xs-12 col-sm-6 mb-6 mx-auto"> <div class="card h-100 text-center justify-content-center"> <a href="https://sovereigntechfund.de/" name="Sovereign Tech Found"> <img class="p-5 w-100 sponsor-img-platinum" src="/assets/images/sponsors/STF-black.svg" alt="Sovereign Tech Found" /> </a> </div> </div> </div> </main> </div> <div class="row footer mb-5 mx-4"> <div class="col-lg-3 px-lg-5 col-md-12 d-none d-sm-block"> <p class="text-muted small"> We are proud to be <a href="/sponsors/">sponsored by</a> </p> <div class="d-flex justify-content-between align-items-center flex-row flex-lg-column flex-xl-row"> <a href="https://www.opentech.fund/" name="Open Technology Fund"> <img class="pt-lg-2" src="/assets/images/sponsors/opentechfund.svg" height="auto" width="100" alt="Open Technology Fund"/> </a> <a href="https://sovereigntechfund.de/" name="Sovereign Tech Found"> <img class="pt-lg-2" src="/assets/images/sponsors/STF-black.svg" height="auto" width="100" alt="Sovereign Tech Found"/> </a> </div> </div> <div class="col-lg-6 col-md-12 py-3 py-lg-0"> <span class="text-muted small d-none d-sm-inline align-bottom"> Follow us on Twitter <a href="https://twitter.com/ReproBuilds">@ReproBuilds</a>, Mastodon <a href="https://fosstodon.org/@reproducible_builds">@reproducible_builds@fosstodon.org</a> &amp; <a href="https://reddit.com/r/reproduciblebuilds">Reddit</a> and please consider <a href="/sponsor/">making a donation</a>. &bull; Content licensed under <a href="https://creativecommons.org/licenses/by-sa/4.0/" class="rb-link" target="_blank">CC BY-SA 4.0</a>, style licensed under <a href="https://opensource.org/licenses/MIT" class="rb-link" title="MIT" target="_blank">MIT</a>. Templates and styles based on the <a href="https://styleguide.torproject.org/" target="_blank">Tor Styleguide</a>. Logos and trademarks belong to their respective owners. &bull; Patches for this website welcome <a href="https://salsa.debian.org/reproducible-builds/reproducible-website">via our Git repository</a> (<a href="/contribute/salsa/">instructions</a>) or via <a href="https://lists.reproducible-builds.org/listinfo/rb-general">our mailing list</a>. &bull; <a href="/who/">Full contact info</a> </span> </div> <div class="col-lg-3 px-lg-5 col-md-12 d-flex justify-content-between align-items-center flex-row flex-lg-column flex-xl-row"> <a href="https://sfconservancy.org"> <img src="/assets/images/footer/conservancy.png" height="45" width="auto" alt="software freedom conservancy"/> </a> <a href="/"> <img src="/images/logos/rb.svg" height="45" width="auto" alt="Reproducible Builds"/> </a> </div> </div> <script src="/assets/javascript/jquery-3.3.1.slim.min.js"></script> <script src="/assets/javascript/bootstrap.min.js"></script> <script type="text/javascript" src="/assets/javascript/index.js"></script> </body> </html>