stdenv: add -frandom-seed to NIX_CFLAGS_COMPILE for reproducibility

This adds -frandom-seed to each compiler invocation in stdenv. The
object here is to make the compierl invocations produce the same output
every time they are called (for the same derivation). When the
-frandom-seed option is not set the compiler will use a combination of
random numbers (in GCC's case from /dev/urandom) and the durrent time to
produce a "random" input per file. This can (among other things) lead to
different ordering of symbols in the produced object files.

For reason of reproducibility we prefer having the same derivation
produce the exact same outputs. This is not a silver bullet but one way
to tame the compiler.

1 files changed, 4 insertions, 0 deletions

diff --git a/pkgs/build-support/setup-hooks/reproducible-builds.sh b/pkgs/build-support/setup-hooks/reproducible-builds.sh
new file mode 100644
index 000000000000..2d8db6ff7d3c
--- /dev/null
+++ b/pkgs/build-support/setup-hooks/reproducible-builds.sh
@@ -0,0 +1,4 @@
+# Use the last part of the out path as hash input for the build.
+# This should ensure that it is deterministic across rebuilds of the same
+# derivation and not easily collide with other builds.
+export NIX_CFLAGS_COMPILE+=" -frandom-seed=${out##*/}"