I'm an occasional volunteer contributor to the Reproducible Builds[1] project, and noticed recently that python3.13 fails to build reproducibly according to automated reproducibility testing[2] on Debian.
If I understand correctly, the packaging for src:python3.13 enables link-time optimization (LTO) with fat link-time objects enabled (the -ffat-lto-objects flag to GCC).
According to GCC bugreport[3] 66305, enabling this flag causes nondeterministic output; and the bugthread also provides a potential workaround/resolution for that, namely to enable the -frandom-seed GCC option[4].
Another detail from the thread is that GCC8 introduced a bug that meant that the random seed value of zero caused the option to be ignored.
I would like to request that we enable the random-seed GCC option of one (1), in order to enable deterministic (reproducible) link-time optimized object files during the build of python3.13-related packages.
I _think_ the relevant line of code to adjust in the buildscript is found at:
I hope (but cannot guarantee) to find time to test this theory using a triplicate set of builds; once without the adjustment applied (producing what I expect to be a somewhat-random build output), then with two subsequent builds with the random-seed enabled (to confirm whether those two additional builds emit identical binary packages).