It's worth pointing out that reproducible builds aren't always guaranteed if software developers aren't specifically programming with them in mind.

imagine a program that inserts randomness during compile time for seeds. Reach build would generate a different seed even from the same source code, and would fail being diffed against the actual release.

Or maybe the developer inserts information about the build environment for debugging such as the build time and exact OS version. This would cause verification builds to differ.

Rust (the programing language) has had a long history of working towards reproducible builds for software written in the language, for instance.