samba: not reproducible

[raboof]

Building this package multiple times does not yield bit-by-bit identical
results, complicating the detection of Continuous Integration (CI) breaches. For
more information on this issue, visit
reproducible-builds.org.

Fixing bit-by-bit reproducibility also has additional advantages, such as
avoiding hard-to-reproduce bugs, making content-addressed storage more effective
and reducing rebuilds in such systems.

Steps To Reproduce

1. Build the package

This step will build the package. Specific arguments are passed to the command
to keep the build artifacts so we can compare them in case of differences.

Execute the following command:

nix-build '<nixpkgs>' -A samba && nix-build '<nixpkgs>' -A samba --check --keep-failed

Or using the new command line style:

nix build nixpkgs#samba && nix build nixpkgs#samba --rebuild --keep-failed

2. Compare the build artifacts

If the previous command completes successfully, no differences were found and
there's nothing to do, builds are reproducible.
If it terminates with the error message error: derivation '<X>' may not be deterministic: output '<Y>' differs from '<Z>', use diffoscope to investigate
the discrepancies between the two build outputs. You may need to add the
--exclude-directory-metadata recursive option to ignore files and directories
metadata (e.g. timestamp) differences.

nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z>

3. Examine the build log

To examine the build log, use:

nix-store --read-log $(nix-instantiate '<nixpkgs>' -A samba)

Or with the new command line style:

nix log $(nix path-info --derivation nixpkgs#samba)

Additional context

It seems some of the error messages in samba/dcerpc/smbXsrv.cpython-311-x86_64-linux-gnu.so refer to build-time memory addresses:

--- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0
+++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check
│   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib
├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib
│ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11
│ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11
│ │ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11/site-packages
│ │ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11/site-packages
│ │ │ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11/site-packages/samba
│ │ │ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11/site-packages/samba
│ │ │ │ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11/site-packages/samba/dcerpc
│ │ │ │ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11/site-packages/samba/dcerpc
│ │ │ │ │ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11/site-packages/samba/dcerpc/smbXsrv.cpython-311-x86_64-linux-gnu.so
│ │ │ │ │ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11/site-packages/samba/dcerpc/smbXsrv.cpython-311-x86_64-linux-gnu.so
│ │ │ │ │ │ ├── strings --all --bytes=8 {}
│ │ │ │ │ │ │ @@ -337,38 +337,38 @@
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->preauth
│ │ │ │ │ │ │  Can not convert C Type struct smbXsrv_preauth from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->gensec
│ │ │ │ │ │ │  Can not convert C Type struct gensec_security from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->connection
│ │ │ │ │ │ │  Can not convert C Type struct smbXsrv_connection from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->tcon_table
│ │ │ │ │ │ │ +Can not convert C Type struct HASH(0x8fa620) from Python
│ │ │ │ │ │ │ -Can not convert C Type struct HASH(0x9ce738) from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->signing_key
│ │ │ │ │ │ │  Can not convert C Type struct smb2_signing_key from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->application_key
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->decryption_key
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->encryption_key
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->pending_breaks
│ │ │ │ │ │ │ +Can not convert C Type struct HASH(0x92e620) from Python
│ │ │ │ │ │ │ -Can not convert C Type struct HASH(0x9a6510) from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->connection_drop_subreq
│ │ │ │ │ │ │ +Can not convert C Type struct HASH(0x903c08) from Python
│ │ │ │ │ │ │ -Can not convert C Type struct HASH(0xa01f00) from Python

It seems Arch linux is seeing the same thing: https://reproducible.archlinux.org/api/v0/builds/604350/diffoscope

---

Add a 👍 reaction to issues you find important.

[raboof]

This problem appears to have been introduced with https://gitlab.com/samba-team/samba/-/commit/8e850685a1052a16bea402df3e8057218080c373

[raboof]

Filed upstream as https://bugzilla.samba.org/show_bug.cgi?id=15632