search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.45k stars 13.65k forks source link

samba: not reproducible #303436

Closed raboof closed 5 months ago

raboof commented 5 months ago

Building this package multiple times does not yield bit-by-bit identical results, complicating the detection of Continuous Integration (CI) breaches. For more information on this issue, visit reproducible-builds.org.

Fixing bit-by-bit reproducibility also has additional advantages, such as avoiding hard-to-reproduce bugs, making content-addressed storage more effective and reducing rebuilds in such systems.

Steps To Reproduce

1. Build the package

This step will build the package. Specific arguments are passed to the command to keep the build artifacts so we can compare them in case of differences.

Execute the following command:

nix-build '<nixpkgs>' -A samba && nix-build '<nixpkgs>' -A samba --check --keep-failed

Or using the new command line style:

nix build nixpkgs#samba && nix build nixpkgs#samba --rebuild --keep-failed

2. Compare the build artifacts

If the previous command completes successfully, no differences were found and there's nothing to do, builds are reproducible. If it terminates with the error message error: derivation '<X>' may not be deterministic: output '<Y>' differs from '<Z>', use diffoscope to investigate the discrepancies between the two build outputs. You may need to add the --exclude-directory-metadata recursive option to ignore files and directories metadata (e.g. timestamp) differences.

nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z>

3. Examine the build log

To examine the build log, use:

nix-store --read-log $(nix-instantiate '<nixpkgs>' -A samba)

Or with the new command line style:

nix log $(nix path-info --derivation nixpkgs#samba)

Additional context

It seems some of the error messages in samba/dcerpc/smbXsrv.cpython-311-x86_64-linux-gnu.so refer to build-time memory addresses:

--- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0
+++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check
│   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib
├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib
│ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11
│ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11
│ │ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11/site-packages
│ │ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11/site-packages
│ │ │ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11/site-packages/samba
│ │ │ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11/site-packages/samba
│ │ │ │ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11/site-packages/samba/dcerpc
│ │ │ │ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11/site-packages/samba/dcerpc
│ │ │ │ │ │   --- /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0/lib/python3.11/site-packages/samba/dcerpc/smbXsrv.cpython-311-x86_64-linux-gnu.so
│ │ │ │ │ ├── +++ /nix/store/7mi0vy6d8p7ga88ig0hg8f97ivglgv0k-samba-4.20.0.check/lib/python3.11/site-packages/samba/dcerpc/smbXsrv.cpython-311-x86_64-linux-gnu.so
│ │ │ │ │ │ ├── strings --all --bytes=8 {}
│ │ │ │ │ │ │ @@ -337,38 +337,38 @@
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->preauth
│ │ │ │ │ │ │  Can not convert C Type struct smbXsrv_preauth from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->gensec
│ │ │ │ │ │ │  Can not convert C Type struct gensec_security from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->connection
│ │ │ │ │ │ │  Can not convert C Type struct smbXsrv_connection from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->tcon_table
│ │ │ │ │ │ │ +Can not convert C Type struct HASH(0x8fa620) from Python
│ │ │ │ │ │ │ -Can not convert C Type struct HASH(0x9ce738) from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->signing_key
│ │ │ │ │ │ │  Can not convert C Type struct smb2_signing_key from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->application_key
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->decryption_key
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->encryption_key
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->pending_breaks
│ │ │ │ │ │ │ +Can not convert C Type struct HASH(0x92e620) from Python
│ │ │ │ │ │ │ -Can not convert C Type struct HASH(0x9a6510) from Python
│ │ │ │ │ │ │  Cannot delete NDR object: struct object->connection_drop_subreq
│ │ │ │ │ │ │ +Can not convert C Type struct HASH(0x903c08) from Python
│ │ │ │ │ │ │ -Can not convert C Type struct HASH(0xa01f00) from Python

It seems Arch linux is seeing the same thing: https://reproducible.archlinux.org/api/v0/builds/604350/diffoscope

Add a :+1: reaction to issues you find important.

raboof commented 5 months ago

This problem appears to have been introduced with https://gitlab.com/samba-team/samba/-/commit/8e850685a1052a16bea402df3e8057218080c373

raboof commented 5 months ago

Filed upstream as https://bugzilla.samba.org/show_bug.cgi?id=15632