Bug#990839: marked as done (opentest4j: reproducible builds: timestamp embedded in shipped .jar file)

[Debian Bug Tracking System]

Your message dated Wed, 14 Jul 2021 04:34:40 +0000
with message-id <e1m3wby-000795...@fasolo.debian.org>
and subject line Bug#990839: fixed in opentest4j 1.2.0-3
has caused the Debian Bug report #990839,
regarding opentest4j: reproducible builds: timestamp embedded in shipped .jar 
file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
990839: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990839
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: opentest4j
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps timezone
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The shipped opentest4j-1.2.0.jar embeds the time, date and timezone in
the build:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/opentest4j.html

  ./usr/share/java/opentest4j-1.2.0.jar

  Build-Date:·2022-07-12\xd
  vs.
  Build-Date:·2021-06-09\xd
        
  Build-Time:·01:50:58.592-1200\xd
  vs.
  Build-Time:·21:32:48.944+1400\xd


The attached patch modifies build.gradle to set the timezone to UTC when
the SOURCE_DATE_EPOCH environment variable is defined, and use
SOURCE_DATE_EPOCH to set the timestamp.


With this patch applied, opentest4j should become reproducible in the
tests.reproducible-builds.org infrastructure.


Thanks for maintaining opentest4j!


live well,
  vagrant

From 851b4d88d014df82203851919906b0925b21bc1f Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagr...@reproducible-builds.org>
Date: Thu, 8 Jul 2021 23:38:36 +0000
Subject: [PATCH] debian/patches: Support reproducible timestamps in the .jar
 file.

Patch build.gradle to use SOURCE_DATE_EPOCH to avoid embedding
timestamp in .jar file.

https://reproducible-builds.org/docs/source-date-epoch/
---
 .../04-reproducible-builds-timestamp.patch    | 25 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 debian/patches/04-reproducible-builds-timestamp.patch

diff --git a/debian/patches/04-reproducible-builds-timestamp.patch b/debian/patches/04-reproducible-builds-timestamp.patch
new file mode 100644
index 0000000..e92cde4
--- /dev/null
+++ b/debian/patches/04-reproducible-builds-timestamp.patch
@@ -0,0 +1,25 @@
+Add support for SOURCE_DATE_EPOCH to avoid embedding timestamp in .jar
+file.
+
+https://reproducible-builds.org/docs/source-date-epoch/
+
+Index: opentest4j/build.gradle
+===================================================================
+--- opentest4j.orig/build.gradle
++++ opentest4j/build.gradle
+@@ -9,7 +9,14 @@ plugins {
+ 	id 'signing'
+ }
+ 
+-Date buildTimeAndDate = new Date()
++// https://reproducible-builds.org/docs/source-date-epoch/
++String source_date_epoch = System.getenv("SOURCE_DATE_EPOCH");
++if (source_date_epoch != null) {
++   TimeZone.setDefault(TimeZone.getTimeZone("UTC"))
++}
++Date buildTimeAndDate = source_date_epoch == null ?
++    new Date() :
++    new Date(1000 * Long.parseLong(source_date_epoch))
+ ext {
+ 	buildDate = new SimpleDateFormat('yyyy-MM-dd').format(buildTimeAndDate)
+ 	buildTime = new SimpleDateFormat('HH:mm:ss.SSSZ').format(buildTimeAndDate)
diff --git a/debian/patches/series b/debian/patches/series
index 856631a..cb3366e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 01-ignore-versioning-plugin.patch
 02-ignore-github-pages-plugin.patch
 03-ignore-spotless-plugin.patch
+04-reproducible-builds-timestamp.patch
-- 
2.32.0

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: opentest4j
Source-Version: 1.2.0-3
Done: tony mancill <tmanc...@debian.org>

We believe that the bug you reported is fixed in the latest version of
opentest4j, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 990...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill <tmanc...@debian.org> (supplier of updated opentest4j package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 13 Jul 2021 21:06:46 -0700
Source: opentest4j
Architecture: source
Version: 1.2.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: tony mancill <tmanc...@debian.org>
Closes: 990839
Changes:
 opentest4j (1.2.0-3) unstable; urgency=medium
 .
   * Team upload.
   * Apply patch for reproducible builds (Closes: #990839)
   * Use debhelper-compat 13
   * Bump Standards-Version to 4.5.1
   * Set Rules-Requires-Root: no in debian/control
   * Freshen debian/copyright
   * Add build-dep on junit4
   * Add debian/maven.rules to resolve junit4 dependency
   * Mark libopentest4j-java as Multi-Arch: foreign
Checksums-Sha1:
 132927f28e9efb3d2b4ea0db3aa3b0da1a157896 2042 opentest4j_1.2.0-3.dsc
 cc89d76ff609536b4c933a4f28da8302a8f2072b 3352 opentest4j_1.2.0-3.debian.tar.xz
 8cc0daabe44c013a209ddda544de69c8695ca9af 12086 
opentest4j_1.2.0-3_amd64.buildinfo
Checksums-Sha256:
 19cfc4d8fc234e712d5a76b69983426da37da50378088516e00b2396cce53bda 2042 
opentest4j_1.2.0-3.dsc
 56ff77d6e52c303b7997806b49ad5895b8ce551b2a534b42c902b8e485c5656d 3352 
opentest4j_1.2.0-3.debian.tar.xz
 a4370ee0344be6d621b3d571385333077e42ef9daeb74a3b459f1235288646ba 12086 
opentest4j_1.2.0-3_amd64.buildinfo
Files:
 88b1d498053a4c2ec3c64196492a9c14 2042 java optional opentest4j_1.2.0-3.dsc
 0c9c7a4c9618fb98762813c4fbf12f39 3352 java optional 
opentest4j_1.2.0-3.debian.tar.xz
 480ba7b003b769f6f8f66832871eec03 12086 java optional 
opentest4j_1.2.0-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmDuZogUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZZXRAAxEX2aFWFxxOLagUBIp3CJFRbmoS7
sVLytzMZFf6c64VaidaWHW8nMupx7ULcctmHtPsJjaX/Ce8cIR/RUiHpXyrU0/dX
AGNm7cPEfu4dYjiRENCDEem/YAddplU7K9FTUBONAoni5d3u2Cb13p2+6/c8tWFN
g7+anXqItTOlw8og+by9hu0tGQZ8mPLmZqqcFirFXHGqTifhzJ8j+3F+Pe+/qsKq
uMPvjDbswEFj9vlvjk6leE02Jl/+qPks6R1O0pRedUeKd6FQI9+eF/o1NGJW8UCX
qxAqxNxexyAt65w9X11UBHETOO13AOItV/Dbcu9YFzSJ0dI747Bmuv4YnkTV7fxp
4r8B6+ENzWLdKBWQL7rEcw6w3BHiUV8QiWq9eJrTbQ5yTsjSpbuTsApif/yFotg9
iximOVodbOuCW+w7Dq6oqIICy1FX1S1thwGs7VtNUsmDdr7UcQR8NmAIoFVROUQw
/CEYEvmg21Y1uXk2M3IJHOyMGmzcHB3ZEcyBF6Yh0kx4aSr0/NyGHQ+mT2+rOnUs
sYfYcta8ZTxH99Fqc7SnHCfbtoXioq0VOc0VnQqE7KbfnFwByziYuNHhNT4anlFt
s36Baqf/gtxOLm6FN9+Za3n/TVdxxyukXore835K3h0m0Nnx5OkV9P33KJ+jQH+d
WUr+ezIFcseUQqI=
=F1Al
-----END PGP SIGNATURE-----

--- End Message ---

__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
 Please use
debian-j...@lists.debian.org for discussions and questions.