39 lines
1.0 KiB
Bash
Executable File
39 lines
1.0 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
# /etc/ssl/certs/java/cacerts is a keystore
|
|
# When (re)generated, it embeds 'now' timestamps
|
|
|
|
# Don't run if ca-certificates-java is not installed
|
|
if [ ! -e /etc/ssl/certs/java/cacerts ];
|
|
then
|
|
exit 0
|
|
fi
|
|
|
|
# Use faketime to enforce a timestamp
|
|
# NB: hooks don't know about the apt/aptitude selection, so use 'apt-get'
|
|
export FAKETIME_ALREADY_INSTALLED=1
|
|
if [ ! -e /usr/bin/faketime ];
|
|
then
|
|
FAKETIME_ALREADY_INSTALLED=0
|
|
apt-get install faketime --yes -o Acquire::Check-Valid-Until=false
|
|
fi
|
|
|
|
# Remove the file
|
|
rm -f /etc/ssl/certs/java/cacerts
|
|
|
|
# Generate it again
|
|
touch /var/lib/ca-certificates-java/fresh
|
|
# Java uses timestamps with millisecond resolution
|
|
# -f is required, otherwise the milliseconds are non-zero (due to relative timestamps)
|
|
faketime -f "$(date --utc -d@${SOURCE_DATE_EPOCH} +'%Y-%m-%d %H:%M:%SZ')" dpkg-reconfigure ca-certificates-java
|
|
|
|
if [ ${FAKETIME_ALREADY_INSTALLED} -eq 0 ];
|
|
then
|
|
apt-get remove --purge --yes faketime
|
|
apt-get autoremove --yes
|
|
fi
|
|
|
|
echo "P: $(basename $0) Reproducible hook has been applied"
|
|
|