diff --git a/Dockerfile b/Dockerfile
index 736a2c694c..4453d9abf3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -36,7 +36,7 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN make clean
 RUN make frontend
 RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini
-RUN make RELEASE_VERSION=$RELEASE_VERSION go-check generate-backend static-executable && xx-verify gitea
+RUN make RELEASE_VERSION=$RELEASE_VERSION GOFLAGS="-trimpath" LDFLAGS="-buildid=" go-check generate-backend static-executable && xx-verify gitea
 
 # Copy local files
 COPY docker/root /tmp/local
diff --git a/Makefile b/Makefile
index e3ae021b27..26c53d733c 100644
--- a/Makefile
+++ b/Makefile
@@ -268,6 +268,7 @@ help:
 	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]         run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
+	@echo " - reproduce-build\#version         build a reproducible binary for the specified release version"
 
 ###
 # Check system and environment requirements
@@ -890,6 +891,26 @@ release-sources: | $(DIST_DIRS)
 release-docs: | $(DIST_DIRS) docs
 	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs .
 
+.PHONY: reproduce-build
+reproduce-build:
+# Start building the Dockerfile with the RELEASE_VERSION tag set. GOPROXY is set
+# for convience, because the default of the Dockerfile is `direct` which can be
+# quite slow.
+	@docker build --build-arg="RELEASE_VERSION=$(RELEASE_VERSION)" --build-arg="GOPROXY=$(shell $(GO) env GOPROXY)" --tag "forgejo-reproducibility" .
+	@id=$$(docker create forgejo-reproducibility); \
+	docker cp $$id:/app/gitea/gitea ./forgejo; \
+	docker rm -v $$id; \
+	docker image rm forgejo-reproducibility:latest
+
+.PHONY: reproduce-build\#%
+reproduce-build\#%:
+	@git switch -d "$*"
+# All the current variables are based on information before the git checkout happened.
+# Call the makefile again, so these variables are correct and can be used for building
+# a reproducible binary. Always execute git switch -, to go back to the previous branch.
+	@make reproduce-build; \
+	(code=$$?; git switch -; exit $${code})
+
 ###
 # Dependency management
 ###