Reproducible builds?

The dream is that typing ‘make’ at a given source version will produce byte-for-byte identical versions of all the build artifacts. I don’t think we’re there yet. So I guess this is a few questions:

(1) Are container builds deterministic? Will running ‘docker build’ on the dockerfile twice produce the same container? I think the answer used to be ‘yes’, but is now ‘no’, since some non-pinned dependencies have crept into the apt install line: https://github.com/apple/foundationdb/blob/master/build/Dockerfile#L5

(2) If container builds are non-deterministic, would the FDB team consider pushing an “official” FDB development container to some public docker registry?

(3) Given a container, are builds of the native code within that container deterministic? Is the GCC version we use in the cross-compiler modern enough for that to even be possible? Are there other blockers to it?

Thanks guys!

No. It hits the network and none of the files pulled down are checked for an etag.

AFAIK, deterministic container builds usually means that given a tagged container image, is the fdb build itself reproducible?