strip-nondeterminism

Strip nondeterministic information from a file

$ strip-nondeterminism [path/to/file]

$ strip-nondeterminism --type [filetype] [path/to/file]

$ strip-nondeterminism --timestamp [unix_timestamp] [path/to/file]

strip-nondeterminism [OPTIONS] [FILE...]
COMMAND | strip-nondeterminism [OPTIONS]

--remove-timestamps
    Removes timestamps from supported file formats and archive members. This is a common and often default behavior.

--keep-timestamps
    Prevents the removal of timestamps. Useful when specific timestamps are intended to be preserved.

--sort-entries
    Sorts the entries within archives (e.g., tar, zip) to ensure consistent internal ordering.

--dont-sort-entries
    Prevents the sorting of entries within archives.

--remove-locale
    Removes locale-specific information that might vary between build environments.

--source-date-epoch=DATE
    Sets a fixed timestamp (DATE can be an epoch or a date string) for all affected elements, instead of removing them. This can be useful for versioning or auditing.

--list-options
    Displays a comprehensive list of all available options for removing/keeping specific types of non-determinism.

--help
    Shows a brief help message and exits.

--version
    Displays the version information and exits.

strip-nondeterminism is a utility designed to help achieve reproducible builds by removing elements from files and archives that can introduce variations between builds. These non-deterministic elements often include file timestamps, user/group IDs, locale information, and the internal ordering of entries within archives (like .zip, .tar, .deb, .rpm files). By standardizing or removing these varying attributes, the command ensures that the same source code processed by the same build tools produces identical binary outputs, regardless of when or where the build occurs. It's a crucial component of the reproducible builds initiative, particularly prominent in Debian and other Linux distributions, enabling verification that distributed binaries precisely match their source code. While it can be used directly on files, strip-nondeterminism is primarily invoked by build automation tools like dpkg-buildpackage to process package components before their final assembly.

strip-nondeterminism can modify files in-place, which can be irreversible. It is primarily intended for use within automated build processes rather than direct interactive use by end-users. Care must be taken when applying it to signed archives, as modifications will invalidate existing digital signatures.

This command is a foundational element in the effort to make software builds deterministic. Reproducible builds allow users to verify that the binaries they receive from a distribution were compiled directly from the published source code, without any hidden modifications or backdoors.

Although it can be run manually, strip-nondeterminism is most commonly invoked automatically by package build tools (e.g., dpkg-buildpackage for Debian) during the final stages of package creation, before signing and archiving.

strip-nondeterminism emerged as a key utility within the broader "Reproducible Builds" initiative, which gained significant traction in the Debian project around the mid-2010s. The goal was to ensure that any two people building the same source code with the same tools would produce bit-for-bit identical output binaries. This enhances trust, security, and verification. strip-nondeterminism was developed to address common sources of non-determinism, particularly timestamps and archive entry order, which often varied due to build time or system specifics. It is now widely integrated into Debian's package building tools.

dpkg-deb(1), reprotest(1), fakeroot(1), find(1)