Reproducibility for Java
Chris Lamb
chris at reproducible-builds.org
Wed Nov 13 14:25:24 UTC 2024
Roland Clobus wrote:
> After the regular postinst has run, I can run the postinst step again
> but then with faketime active.
Mm, that's likely the most elegant solution available. Even if it is,
alas, a solution specific to building live images. :(
Separate to that, I would file a bug against keytool and/or KeyStore
class so that the command-line keytool utility either:
a) obeys SOURCE_DATE_EPOCH internally to the tool
b) accepts a date on the command-line (as suggested explicitly by John)
c) there is some kind of -nodate option
As you mention, at least (a) and (b) would require a bunch of the
new Date() calls in the KeyStore class to be checked over, and likely
the KeyStore API needs to change as you imply so that a date can be
poked through to the right place. That's probably a design decision
best left to the maintainers of the KeyStore class and keytool utility,
however.
I don't think we need to propose that the entire JRE/JDK starts to
obey SOURCE_DATE_EPOCH …
Regards,
--
o
⬋ ⬊ Chris Lamb
o o reproducible-builds.org 💠
⬊ ⬋
o
More information about the rb-general
mailing list