Skip to content

Add reproducible build verification to bootstrap #144669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add reproducible build verification to bootstrap #144669

wants to merge 1 commit into from

Conversation

sunildora1988
Copy link

This change introduces a new --reproducible flag and build.reproducible config option that performs a verification of build reproducibility by:

  1. Building the compiler twice in separate directories
  2. Comparing critical artifacts (binaries, shared libraries, RLIBs)
  3. Reporting any differences found

Key features:

  • Can be enabled via CLI flag or config file
  • Generates a detailed HTML report with --html flag
  • Only runs for actual build commands (not help/other commands)
  • Focuses on comparing critical compiler artifacts
  • Provides clear success/failure output

The verification helps ensure the compiler produces identical outputs across builds, which is important for security and deterministic builds.

@windsunil
Add reproducible build verification to bootstrap
27eb1d6 
This change introduces a new `--reproducible` flag and `build.reproducible` config option
that performs a verification of build reproducibility by:

1. Building the compiler twice in separate directories
2. Comparing critical artifacts (binaries, shared libraries, RLIBs)
3. Reporting any differences found

Key features:
- Can be enabled via CLI flag or config file
- Generates a detailed HTML report with `--html` flag
- Only runs for actual build commands (not help/other commands)
- Focuses on comparing critical compiler artifacts
- Provides clear success/failure output

The verification helps ensure the compiler produces identical outputs
across builds, which is important for security and deterministic builds.

Signed-off-by: Sunil Dora <[email protected]>
@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) labels Jul 30, 2025
@rust-log-analyzer
Copy link
Collaborator

The job tidy failed! Check out the build log: (web) (plain enhanced) (plain)

Click to see the possible cause of the failure (guessed by this bot) 
tidy check
Checking tidy rustdoc_json...
No error code explanation was removed!
tidy: Skipping binary file check, read-only filesystem
##[error]tidy error: /checkout/src/bootstrap/bootstrap.py:1260: line longer than 100 chars
##[error]tidy error: /checkout/src/bootstrap/bootstrap.py:1663: line longer than 100 chars
removing old virtual environment
creating virtual environment at '/checkout/obj/build/venv' using 'python3.10' and 'venv'
creating virtual environment at '/checkout/obj/build/venv' using 'python3.10' and 'virtualenv'
Requirement already satisfied: pip in ./build/venv/lib/python3.10/site-packages (25.1.1)
linting python files
/checkout/src/bootstrap/bootstrap.py:16:20: F401 [*] `shutil.copytree` imported but unused
/checkout/src/bootstrap/bootstrap.py:16:30: F401 [*] `shutil.rmtree` imported but unused
/checkout/src/bootstrap/bootstrap.py:1373:19: F541 [*] f-string without any placeholders
Found 3 errors.
[*] 3 fixable with the `--fix` option.

python linting failed! Printing diff suggestions:
--- /checkout/src/bootstrap/bootstrap.py
+++ /checkout/src/bootstrap/bootstrap.py
@@ -13,7 +13,6 @@
---
 from typing import Optional
 
 from time import time
@@ -1370,7 +1369,7 @@
                 config = toml.load(f)
             print(f"Loaded configuration from {config_path}")
         except ImportError:
-            print(f"Warning: toml module not available, cannot parse bootstrap.toml")
+            print("Warning: toml module not available, cannot parse bootstrap.toml")
         except Exception as e:
             print(f"Warning: Failed to parse bootstrap.toml: {e}")
     return config

Would fix 3 errors.
tidy error: checks with external tool 'ruff' failed
some tidy checks failed
Command has failed. Rerun with -v to see more details.
Build completed unsuccessfully in 0:01:12
  local time: Wed Jul 30 04:50:45 UTC 2025
  network time: Wed, 30 Jul 2025 04:50:45 GMT
##[error]Process completed with exit code 1.
Post job cleanup.

@Kobzol
Copy link
Member

Kobzol commented Jul 30, 2025

Hi, thanks for the PR. I don't think that we want to check reproducibility in this way. Definitely not in Python; we want to avoid modifications to the Python code in bootstrap, instead we want to eventually remove that code (once we finally get to it).

I think that the reproducibility check shouldn't live inside bootstrap, because for the reproducibility check it will be necessary to invoke bootstrap multiple times. Also in bootstrap (the Rust part) itself we aggressively cache build steps, so running something twice is not at all trivial. I think that it would make sense to create a reproducibility checker as a separate (Rust) tool living inside of src/tools, which would invoke bootstrap multiple times (similar to e.g. what opt-dist does), build something into different build directories and then check that the result is exactly the same.

Please also examine the discussion in #139793, where we talked about the CI aspects of checking reproducibility of rustc builds.

bjorn3
bjorn3 reviewed Jul 30, 2025
View reviewed changes
bootstrap.example.toml
# Optionally, you can generate a detailed HTML report using the CLI:
# ./x.py build --reproducible --html report.html
# The report is saved to the specified path, and a copy is placed in the Rust source directory.
#build.reproducible = false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe call this test-reproducible instead? This option doesn't change anything that causes the build to be reproducible when it otherwise would not be.

bjorn3
bjorn3 reviewed Jul 30, 2025
View reviewed changes
bjorn3
bjorn3 reviewed Jul 30, 2025
View reviewed changes
src/bootstrap/bootstrap.py

differences.extend(compare_shared_libraries(dir1, dir2))

differences.extend(compare_rlibs(dir1, dir2))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Diffing all files in the sysroot would be better, right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjorn3 bjorn3 bjorn3 left review comments

Assignees
No one assigned
Labels
S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@sunildora1988 @rust-log-analyzer @Kobzol @bjorn3 @rustbot @windsunil