search
WebsiteBlogJoin The Community

Reproducible Builds

This guide shows how to build Clementine CLI reproducibly using Nixarrow-up-right and verify your build matches the official release.

Reproducible builds ensure bit-for-bit identical binaries, allowing you to verify that published binaries match the source code exactly.

hashtag
Platform Support

4 platforms are fully supported and reproducible:

Platform
Architecture

Linux

x86_64, ARM64

Windows

x86_64

macOS

Apple Silicon

hashtag
What You Can Build

Your System
Can Build For

Linux (x86_64)

Linux x86_64, Windows

Linux (ARM64)

Linux ARM64

macOS (Apple Silicon)

macOS Apple Silicon

circle-info

Cross-compilation is supported for Windows from Linux x86_64. For reproducibility, Linux ARM64 and macOS Apple Silicon must be built on their native architecture; cross-compilation is not supported for these.

hashtag
Install Nix

sh <(curl -L https://nixos.org/nix/install) --daemon

Enable flakes (required):

mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

# Restart Nix daemon
# Linux:
sudo systemctl restart nix-daemon

# macOS:
sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist

hashtag
Build

circle-info

First build? Expect 10-20 minutes as Nix builds ~500 dependencies. Subsequent builds take 1-2 minutes.

hashtag
Supported Platforms

hashtag
Working Platforms

Build commands for all working platforms:

Binary location: ./result/bin/clementine-cli (or .exe for Windows)

hashtag
Platform-Specific Build Instructions

hashtag
From Linux

Linux can build for its native architecture and Windows (from x86_64):

hashtag
From macOS

Apple Silicon Macs can build for their native platform. macOS Intel builds are not supported by the current flake targets.

circle-info

macOS Intel builds are not supported by the current Nix flake targets.

circle-info

We assume that /usr/lib/libiconv.2.dylib is present on target macOS systems; if it is not available or you experience issues related to this adjustment, please open an issue on this repository so the maintainers can assist.

circle-info

For Linux and Windows builds, use a Linux system.

hashtag
Development Environment

Enter a development shell with all dependencies:

This provides a shell with Rust 1.89.0 and all required build dependencies.

hashtag
Verifying Reproducibility

hashtag
Quick Test

circle-check

Use --rebuild flag to force a rebuild even if the output already exists in the store. This is helpful for debugging and testing reproducibility without clearing the result directory.

hashtag
Full Verification (recommended for release verification)

Test with a completely clean Nix store to ensure no cached artifacts affect the build:

hashtag
Cross-Machine Verification

To verify your build matches another developer's:

  1. Ensure identical source: Both machines must be on the same git commit/tag

  2. Build the binary: Run nix build .#<platform>

  3. Compare hashes: Both should produce identical nix hash path ./result and sha256sum ./result/bin/clementine-cli output.

If hashes don't match, verify:

  • Same git commit/tag: git rev-parse HEAD

  • Same Nix version: nix --version (recommended: 2.32.1)

  • Clean build if needed: nix store gc --max 0 before rebuilding

circle-info

Hashes change when source code, dependencies (Cargo.lock), or build configuration (flake.nix) are modified. Always compare builds from the exact same commit.

hashtag
Verifying Downloaded Binaries

If you downloaded a pre-built binary from GitHub Releases, you can verify it matches the source code by building it yourself and comparing hashes.

hashtag
Step 1: Check the Release Tag

hashtag
Step 2: Build the Binary

hashtag
Step 3: Compare Binaries

If the SHA256 hashes match, your downloaded binary is bit-for-bit identical to what the source code produces. This proves:

  • The binary matches the published source code exactly

  • No modifications were made between building and distribution

  • The build process is reproducible

circle-check

If hashes don't match, ensure you're using the exact same release tag and building for the correct platform.

hashtag
Troubleshooting

hashtag
Hash Doesn't Match

If your hash doesn't match the expected value:

  • Ensure you're on the same git commit/tag

  • Check your Nix version: nix --version

  • Force a rebuild: nix build .#<platform> --rebuild

  • Try a clean build: nix store gc --max 0 then rebuild (takes 10-20 min)

hashtag
Common Issues

Issue
Solution

"experimental-features not enabled"

Add experimental-features = nix-command flakes to ~/.config/nix/nix.conf and restart Nix daemon

Slow first build

Normal - ~500 packages built (10-20 min). Subsequent builds are cached (1-2 min)

Out of disk space

Run nix store gc for cleanup or nix store gc --max 0 for full cleanup (~36GB freed)

Windows build fails from macOS

Not supported - use Linux x86_64 to build Windows binaries

Linux ARM64 build fails from macOS

Not supported - use Linux ARM64 to build Linux ARM64 binaries

hashtag
Cleaning Build Cache

circle-exclamation

Next build after full cleanup will take 10-20 minutes.

Use full cleanup when:

  • Testing reproducibility with a clean slate

  • Freeing disk space

  • Resolving cache issues

hashtag
Additional Resources

PreviousAdvanced UsageNextFee Model

Last updated

Was this helpful?