I have begun automatically hashing all of my binaries on publish and tracking them in version control. This way, anyone who builds from my source can verify that their output is identical to what I got during development.
While all of my other build artifacts are deterministic, the hash of the NSIS installer changes on each publish. Thus, I don't get identical outputs for identical inputs.
There is likely some timestamping or other such meta data happening. Are there any options or switches that can ensure deterministic reproducible builds of NSIS installer packages?
If you are building NSIS from source, pass SOURCE_DATE_EPOCH to SCons.
Thanks. I usually just use the published binaries.
example1.nsi produces the same output every time IIRC.