[darth_skywalker]

>> As usual when preparing Tor Browser releases, we verified that the build is bit-for-bit reproducible. While we managed to get two matching builds, we found that in some occasions the builds differ (we found this happening on the Linux i686 and macOS bundles). We are still investigating the cause of this issue to fix it.

I find this quite fascinating. Does anyone have any ideas for how this could happen? My understanding was that if you run the same compiler on the same code, you get the same executables. What could be going on?

[esotericn]

https://reproducible-builds.org is a good resource on this.

There are many, many reasons why a build process may not produce reproducible output. Timestamps and unordered maps are two of the more trivial examples.

[cjbprime]

Another common one: (temporary) directory paths in debug symbols.

[johnsoft]

This is a good primer:

https://blog.conan.io/2019/09/02/Deterministic-builds-with-C...

[rptr_87]

Chromium browser has a master bug to track this:

https://bugs.chromium.org/p/chromium/issues/detail?id=314403

https://www.chromium.org/developers/testing/isolated-testing...

[Thorrez]

Another reason I've heard is that when you have a multithreaded compiler, the order the threads execute could change, and that could cause the output code to be different.