newlib build paths included, causing loss of build reproducibility across build OSs (IDFGH-13355)

[bryghtlabs-richard]

Answers checklist.

• [X] I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
• [X] I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
• [X] I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

v5.1.2

Operating System used.

Windows

How did you build your project?

Command line with idf.py

If you are using Windows, please specify command line type.

CMD

What is the expected behavior?

When building same application with same sources and same tool versions, output binaries should match, even if the build OS is different.

What is the actual behavior?

Some paths seem to be captured when building newlib, which will then be present in the application's .bin file.

Steps to reproduce.

1. Enable CONFIG_APP_REPRODUCIBLE_BUILD
2. Confirm tool versions match across operating systems
3. Build same application on Windows 11 and WSL2 with idf.py build
4. Compare app .bin files from both builds
5. Identify most common difference: newlib build path

Build or installation Logs.

No response

More Information.

I saw the documentation stated "Versions of the build tools (CMake, Ninja) and the cross-compiler" may cause differences, but this seems unrelated to that. Here is the first difference in HXD:

[igrr]

Thanks for bringing up the issue, and sorry that we didn't explicitly mention the OS in the list of things that may still cause the builds to be non-reproducible. But yes, this specific issue was assumed to be part of "Versions of the build tools (CMake, Ninja) and the cross-compiler".

We can try to substitute these paths in a future toolchain release, however I'm afraid that we won't be creating a patch release of the toolchains used in v5.1.x.

[bryghtlabs-richard]

No worries about a fix for v5.1.x, it's just the version I was using. Remapping those paths would be certainly be helpful, and may be the only thing left across different OSs with the same tool versions - I've only seen differences in those strings and differences in pointers that may have been offset due to those strings changing length.