Reproducible builds and info leakage about the builder in binaries

[bunnie]

Our build system is Rust's default build system, which by default includes things like the full path of the code (including the username) inside the binaries (for panic messages, strings, etc.).

This makes the builds un-reproducible, and would also lead to compromise of users' identities if they are building their own binaries and loading it onto their devices.

There are some things that could be done to improve this:

• How can I stop rustc including system specific information such as absolute file paths of the source it's compiled from in the binaries it generates? rust-lang/rust#40374 (How can I stop rustc including system specific information such as absolute file paths of the source it's compiled from in the binaries it generates?)
• Enable --remap-path-prefix for absolute paths by default rust-lang/rust#40552 (Enable --remap-path-prefix for absolute paths by default)
• no way to not ship panic strings inside the compiled binary  rust-lang/rust#60105 (no way to not ship panic strings inside the compiled binary)
• Reproducible builds: Automatically remap $CARGO_HOME and $PWD rust-lang/cargo#5505 (Reproducible builds: Automatically remap $CARGO_HOME and $PWD)
• Cargo registry paths are leaked in compiled binary rust-lang/rust#75799 (Cargo registry paths are leaked in compiled binary)

We'd love some help from someone who is more skilled in reproducible builds than us to rework our methodology to address this problem.

[eupn]

Nix with cargo2nix may help.

[jeandudey]

Also adding to this, GNU Guix is another option for reproducibility.