Deterministic compilation for Samba
With this, the only changes between ./configure && make -j
builds for me are
{/tmp/bin => bin}/default/.wafpickle-linux-50990320-20 | Bin 1816697 -> 1816697 bytes
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/bidi_table.c | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/bidi_table.h | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/combining_table.c | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/combining_table.h | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/errorlist_table.c | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/errorlist_table.h | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/map_table.c | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/map_table.h | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/normalize_table.c | 2 +-
{/tmp/bin => bin}/default/third_party/heimdal/lib/wind/normalize_table.h | 2 +-
11 files changed, 10 insertions(+), 10 deletions(-)
The .wafpickle
seems to be a waf database that isn't included in the build.
The lib/wind/*.[ch]
files have lines like /* Automatically generated at 2024-05-30T11:23:24.387458 */
but these don't affect the build. As you can see, there are no *.o
or *.so
changes.
If the SOURCE_DATE_EPOCH
environment variable is not set, we set it for winexe only to an arbitrary number that reflects the Samba version string, because .exe files have an embedded timestamp and checksum. It seems Microsoft now use a random number for the timestamp (https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705), so we can't get things too wrong by picking something arbitrary. In any case, it only seems to be checked in DLL files.
If SOURCE_DATE_EPOCH
is set, which is likely common for distros wanting reproducible builds, that value is used for winexe also.
The other significant change is to do with python bindings generated by pidl, where hash references were being treated as names.
We also turn off hash randomisation for pidl during build (as we already do for Python for waf), but I don't think that actually has any effect on the output.
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
(optional) This MR is just one part towards a larger feature. -
(optional, if backport required) Bugzilla bug filed and BUG:
tag added -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated -
CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)
Reviewer's checklist:
-
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code