# Supply-chain hardening: deterministic builds
#
# Path remapping eliminates local filesystem paths from binaries.
# CI sets RUSTFLAGS env var which OVERRIDES build.rustflags below.
# SOURCE_DATE_EPOCH=0 ensures no build timestamps leak.
#
# NOTE: Local dev builds use build.rustflags for path remapping.
# CI builds use the RUSTFLAGS env var instead (takes precedence).
# This means local builds get local remapping, CI gets CI remapping.

[env]
SOURCE_DATE_EPOCH = "0"

# [build]
# Path remapping for local dev builds is optional.
# CI RUSTFLAGS override build.rustflags entirely.
# strip = true in profile.release removes debug paths from binaries.
# Uncomment and adjust for your system if you want local path remapping:
# rustflags = [
#   "--remap-path-prefix", "/home/YOU/.cargo/registry/src=crate",
#   "--remap-path-prefix", "/home/YOU/Projects/Karapace=src",
# ]