Any documentation on how the official packages are being built?


if I wanted to reproduce the official build, for example in order to get
a code-signed Windows build [1], to which documentation can I turn to
find out about the steps and tools (and their versions) used?

That is, I am interested in the steps done by the respective maintainers
which yield the packages at

Thanks and with best regards,


[1] I realize that the PGP signatures already provide a decent way to
verify the download, but when using AppLocker rules, for example, it's
more convenient to allow binaries signed by a particular entity.

Hi Oliver,

If you look at
that lists the tools and minimum version required.

There is some documentation for how to build a release:

For the official windows builds, Hans Wennborg provides the batch file used to create any given upload when he reports
on the release-testers list (e.g.

The steps for unix based are mostly encoded into the script in utils/release/. That script can be
invoked like " -release <version number as dotted form> -final -triple x86_64-linux-gnu-debian8 -j <number of jobs>".

As for the precise version of the tools used for a given release, that's a little trickery to answer, as it's the version
of clang that is being released is used to build that clang. The test-release script checks out the clang+llvm toolchain,
then uses the host compiler to perform a three stage recursive build. The final compiler is then compared with the 2nd
last, checked with the test-suites and packaged.


Hi Simon,

thanks a lot for the comprehensive answer. I'll look into all the
sources you referenced.

Also, quite interesting fact regarding that three stage recursive build.
I didn't know it was done this way for LLVM/Clang, although I heard that
this was one of the ways to sidestep potential compiler backdoors in the
host compiler.

With best regards,