#!/bin/sh
set -e

# /etc/ssl/certs/java/cacerts is a keystore
# When (re)generated, it embeds 'now' timestamps

# Don't run if ca-certificates-java is not installed
if [ ! -e /etc/ssl/certs/java/cacerts ];
then
  exit 0
fi

# Use faketime to enforce a timestamp
# NB: hooks don't know about the apt/aptitude selection, so use 'apt-get'
export FAKETIME_ALREADY_INSTALLED=1
if [ ! -e /usr/bin/faketime ];
then
  FAKETIME_ALREADY_INSTALLED=0
  apt-get install faketime --yes -o Acquire::Check-Valid-Until=false
fi

# Remove the file
rm -f /etc/ssl/certs/java/cacerts

# Generate it again
touch /var/lib/ca-certificates-java/fresh
# Java uses timestamps with millisecond resolution
# -f is required, otherwise the milliseconds are non-zero (due to relative timestamps)
faketime -f "$(date --utc -d@${SOURCE_DATE_EPOCH} +'%Y-%m-%d %H:%M:%SZ')" dpkg-reconfigure ca-certificates-java

if [ ${FAKETIME_ALREADY_INSTALLED} -eq 0 ];
then
  apt-get remove --purge --yes faketime
  apt-get autoremove --yes
fi

echo "P: $(basename $0) Reproducible hook has been applied"