Just strip the signature before comparing the rebuilt artifacts?

Not just that, but the consumers cannot take detached signatures, neither for the EFI binariers case nor the kmods case. Which means you need a post-install step to reattach them, which means there's extra work to do on every node, which means it's extra things that can (and will) go wrong, and another step back from being able to get rid of maintainer scripts in packages, which _reduce_ reproducibility of the system as a whole as they need to run on the targets rather than on the build systems, so there will invariably be differences in behaviours and results.

Tools like diffoscope already deep dive into binaries being inspected, it shouldn't be hard to make them ignore difference in signatures. There is no point whatsoever in comparing signature data when comparing binaries anyway, it's completely pointless and doesn't provide any useful information or data. In fact, being forced to do so downgrades security of the target systems, as you are no longer able to, for example, use ephemeral keys for kernel modules, which is much better and safer (generate key at beginning of the build, throw it away at the end, no way for attackers to use it).