Version Pinning and Reproducible Builds

May 30, 2026 | 5 min read

Why Reproducible Builds Matter

Reproducible builds ensure that the same source code always produces the same compiled artifact. This is critical for audit trails and security verification.

Version Pinning

Pin the Pyvorin compiler version in your requirements:

pyvorin==1.0.5
pyvorin-thin==1.0.5

Deterministic Compilation

  • Use fixed opt_level across environments.
  • Pin Python patch version (e.g. 3.12.3).
  • Use identical source code with no uncommitted changes.

Verifying Reproducibility

# Build twice and compare hashes
pyvorin compile main.py --function main --target linux_x86_64
sha256sum ~/.pyvorin/cache/*.so

pyvorin compile main.py --function main --target linux_x86_64
sha256sum ~/.pyvorin/cache/*.so