How to verify if a given package is built in a reproducible way as an end user?

Let's I would like to verify if the package mksh can be built in a reproducible way. I am trying with apt build-dep mksh apt source mksh cd mksh; dpkg-buildpackage -uc -us cd ..; sha256sum If I now do apt download mksh and compare the checksum of the downloaded deb with the debian package I created locally, the checksum differs (expected as I did not sign the deb) How to make those checksums match ?