Are Ubuntu builds deterministic? I assumed they are, that is, if I recreate the process of building Ubuntu installation media, I will get the same image, (bit-for-bit, with the same checksums) as the one on the Ubuntu mirrors.

Recent post by Joanna Rutkowska (lead developer of Qubes OS distro) suggests that it isn't so:

currently most projects, including all Linux distributions, do not build deterministically

Why not?


For starters, I don't think Rutkowska was talking about building installation media deterministically, but about packages (deb, rpm).

Debian is working on building packages reproducibly (https://wiki.debian.org/ReproducibleBuilds) but there are still lots of packages that don't build that way...

Building a whole distribution deterministically surely is even more of a challenge.

