We have successfully created an independent, bit-by-bit-identical rebuild of the nixos-minimal ISO published by Hydra 🎉 Why is this useful? While there are a number of ‘side-benefits’, the main point of Reproducible Builds is that it gives us a reliable way to verify the binaries we ship are faithful to their sources, and have not been tampered with anywhere in the build pipeline (e.g. on Hydra). For general information on Reproducible Builds see: What exactly was reproduced? This me...
There are different “levels” to reproducibility and there’s also a distinction between Nix/Nixpkgs and NixOS.
You can talk about r13y in terms of functional r13y (same behaviour, though even here you can differentiate between “roughly same behaviour” and “exact same behaviour”) and binary bit-for-bit r13y.
Nix/Nixpkgs are about producing individual binaries reproducibly. Functional r13y is the most important but binary r13y is a great boon for security testing as it makes verification simple and simplicity trumps when it comes to security.
NixOS is about building functionally reproducible OS configuration. Because it uses Nixpkgs, the binaries contained in the OS inherit Nixpkgs’ binary r13y. As Nixpkgs becomes more binary-reprodicible, so does NixOS and here we can see the point where binary r13y of the packages in the minimal ISO has reached a point where it’s thought to be fully reproducible.
The real meat of NixOS is functional r13y though; both kinds: You can reproduce a system with the exact same behaviour from a given Nixpkgs and NixOS config and you can use the same NixOS config with different revisions of Nixpkgs to produce systems which produce roughly the same behaviour.