NixOS Reproducible Builds: minimal installation ISO successfully independently rebuilt
We have successfully created an independent, bit-by-bit-identical rebuild of the nixos-minimal ISO published by Hydra :tada: Why is this useful?
While there are a number of ‘side-benefits’, the main point of Reproducible Builds is that it gives us a reliable way to verify the binaries we ship are faithful to their sources, and have not been tampered with anywhere in the build pipeline (e.g. on Hydra).
For general information on Reproducible Builds see: reproducible-builds.org
What exactly was reproduced?
This means we now have successfully reproduced:
<span style="color:#323232;">All packages that make it into the ISO
</span><span style="color:#323232;">The building of the ISO itself
</span>
The rebuild also built the packages that were needed to build the ISO (but aren’t included in it), rather than relying on cached binaries.
![](https://kbin.life/media/cache/resolve/entry_thumb/7e/48/7e48e8082927fada308c00f122ced40f95ec66083968e96925fae9586b5a9701.png)