Configure Rust reproducible builds

[binadamu-isiyoonekana]

Aim

The objective of this task is to deploy a tool to ensure reproducible/deterministic builds of Rust binaries and packages.

Reproducible builds, is a process for deterministically compiling software which ensures the resulting binary code can be reproduced. Source code compiled using deterministic compilation will always output the same binary Wikipedia.

The Nix tool is a serious candidate for this task, that must be part of the testbed for making our choice on the tool to use.

Another tool that can be considered is Guix, that is used in the Bitcoin project, for instance.

The reproducible building process is for Rust and is executed on a Linux flavor (e.g. Ubuntu LTS flavor).

Assumption

• Rust compiler (now stable version being 1.67.0) and Cargo builder do not provide support for reproducible builds.
• Builds only target x86_64-linux CPU architecture

Acceptance criteria

• Select the right tool for implementing a strategy for deterministic and reproducible builds of packages and binaries. Two options are at least to be considered, namely, Nix and Guix
• Add the deterministic and reproducible building process to the continuous integration pipeline, as part of a GitHub Actions workflow
• Support only x86_64 CPU architecture

Risks

• None that would prevent the achievement of this task

Dependencies

• None that would prevent the achievement of this task

References

• NixOS
• NixOS containers
• Guix
• Deterministic and reproducible builds
• Reproducible builds with Rust
• Make Rust reproducible !
• Running reproducible Rust: A Fly and Nix love story