Description
The goal is that ports produce packages with the consistent checksums, when built at different times and/or on different hosts, assuming they are built with the same version of the ports tree and the same version of the base FreeBSD OS (binaries the same). This project is inspired by Debian's Reproducible Builds Project.
Status
An initial patch is available which has been tested on multiple poudriere bulk -a on the same host. Of the 23599 packages which were built in both runs, 15164 have the same checksum when using the previously mentioned patch, giving 64.25% reproducible packages. This was done using ports r380062 and a 10.1 jail. Full results can be seen here. This is great initial progress but there is of course a great deal more to do.
TIMESTAMP's were added to ports distinfo files in D6031. As an example, the devel/bazel port uses it to pass a deterministic date to the softwares build system.
Helping out
It boils down to building packages and comparing them, finding out why they aren't reproducible and fixing that. Many reproducibility issues may be solved by borrowing patches from Debian. One can easily test by applying the patch and running poudriere bulk -C category/port for a given port twice, comparing the packages produced. There is another patch by mat which should help with making Perl ports reproducible.