What is the current position of the CMake team regarding hermetic/reproducible builds? Obviously, I’m drawing comparisons to Bazel. Do you think that it brings no benefit to CMake? Or it might bring speed improvements if implemented in CMake? And you think that introducing hermeticity can be introduced gradually to CMake? Or should it be completely implemented before we would see any benefits?
Do you mean Deterministic build systems
I think some people are already doing reproducible builds with CMake. We support SOURCE_DATE_EPOCH in several places.
Thank you @ClausKlein and @brad.king for the useful info. I still think that these are not enough to bring all the hermeticity benefits claimed by Bazel for example. For example, tracking all the parameters required to identify whether a sub-target is not changed in addition to being compatible with the current target means opens the door to some great features like distributed builds, remote caching (at least for targets), and correct detection of which targets need to be flushed and/or rebuilt (I think that by now it is well known that for any non-trivial project resetting the CMake cache or even deleting the output directory is done fairly frequently. For example, I frequently build Qt from source and I do remember reading somewhere in the build instructions that when the source files are updated I would most probably have to delete the whole source and build folders, re-clone with submodules, and then rebuild. And that was my experience indeed when the changes to the source code are “large” (I don’t even know about all the cases that require resetting the cache).
Now of course we might think that this is an overwhelming task, but we can take vcpkg’s binary caching as a starting. I think that that would be a good starting point for resolving all the three issues above.
From there, we might branch to things like action caching etc… but for sure the steps can be prioritized according to the cost benefit and added to a long-term roadmap.
Reproducible builds should be possible to do with CMake (in that CMake doesn’t fundamentally interfere with doing so). Hermetic builds, on the other hand, are very difficult to do with CMake’s current design (add_custom_command would have to go for one thing). I’m not sure CMake can really do it without external coordinating infrastructure like Nix or Spack basically providing an entire sysroot to the toolchain (and even there, the “ambient system” can still leak through, potentially by design).