Stable order for outputs

Data structures such as Perl hashes, Python dictionaries and sets, or Ruby Hash objects will list their keys in a different order on every run to limit algorithmic complexity attacks.

Perl

The following Perl code will output the list in a different order on every run:

foreach my $package (keys %deps) {
    print MANIFEST, "$package: $deps[$packages]";
}

To get a deterministic output, the easiest way is to explicitly sort the keys:

foreach my $package (sort keys %deps) {
    print MANIFEST, "$package: $deps[$packages]";
}

For Perl, it is possible to set PERL_HASH_SEED=0 in the environment. This will result in hash keys always being in the same order. See perlrun(1) for more information.

Python

Python users can similarly set the environment variable PYTHONHASHSEED. When set to a given integer value, orders in dictionaries and sets will be the same on every run.

General

Beware that the locale settings might affect the output of some sorting functions or the sort command.

← Documentation index

Documentation home

Introduction

• Definitions
• History
• Buy-in
• Making plans
• Academic publications

Achieve deterministic builds

• Commandments of reproducible builds
• Variations in the build environment
• SOURCE_DATE_EPOCH
• Deterministic build systems
• Volatile inputs can disappear
• Stable order for inputs
• Stripping of unreproducible information
• Value initialization
• Version information
• Timestamps
• Timezones
• Locales
• Archive metadata
• Stable order for outputs
• Randomness
• Build path
• System images
• JVM

Define a build environment

• What's in a build environment?
• Recording the build environment
• Definition strategies
• Proprietary operating systems

Distribute the environment

• Building from source
• Virtual machine drivers
• Formal definition

Verification

• Cryptographic checksums
• Embedded signatures
• Sharing certifications

Specifications

• SOURCE_DATE_EPOCH
• BUILD_PATH_PREFIX_MAP (WIP)