gnu: icedtea-8: Build "out" reproducibly.

Partially fixes <https://bugs.gnu.org/30730>. * gnu/packages/java.scm (icedtea-8)[arguments]: Add phases "patch-keystore" and "strip-jar-timestamps". [source]: Also patch DIST_ID in "configure" script.
2018-03-10 18:35:31 +01:00 · 2018-03-10 18:35:31 +01:00 · f2785bd657
parent 387428def1
commit f2785bd657
1 changed files with 86 additions and 60 deletions
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@ -1591,7 +1591,8 @@ IcedTea build harness.")
                (modules '((guix build utils)))
                (snippet
                 '(begin
-                    (substitute* "acinclude.m4"
+                    (substitute* '("configure"
+                                   "acinclude.m4")
                      ;; Do not embed build time
                      (("(DIST_ID=\"Custom build).*$" _ prefix)
                       (string-append prefix "\"\n"))
@ -1600,10 +1601,22 @@ IcedTea build harness.")
                       "DIST_NAME=\"guix\""))
                    #t))))
      (arguments
-       (substitute-keyword-arguments (package-arguments icedtea-7)
+       `(#:imported-modules
+         ((guix build ant-build-system)
+          (guix build syscalls)
+          ,@%gnu-build-system-modules)
+         ,@(substitute-keyword-arguments (package-arguments icedtea-7)
+             ((#:modules modules)
+              `((guix build utils)
+                (guix build gnu-build-system)
+                ((guix build ant-build-system) #:prefix ant:)
+                (ice-9 match)
+                (ice-9 popen)
+                (srfi srfi-19)
+                (srfi srfi-26)))
             ((#:configure-flags flags)
              `(let ((jdk (assoc-ref %build-inputs "jdk")))
-             `(;;"--disable-bootstrap"
+                 `( ;;"--disable-bootstrap"
                   "--enable-bootstrap"
                   "--enable-nss"
                   "--disable-downloading"
@ -1618,6 +1631,17 @@ IcedTea build harness.")
                 (delete 'patch-paths)
                 (delete 'set-additional-paths)
                 (delete 'patch-patches)
+                 ;; Prevent the keytool from recording the current time when
+                 ;; adding certificates at build time.
+                 (add-after 'unpack 'patch-keystore
+                   (lambda _
+                     (substitute* "openjdk.src/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java"
+                       (("date = new Date\\(\\);")
+                        "\
+date = (System.getenv(\"SOURCE_DATE_EPOCH\") != null) ?\
+new Date(Long.parseLong(System.getenv(\"SOURCE_DATE_EPOCH\"))) :\
+new Date();"))
+                     #t))
                 (add-after 'unpack 'patch-jni-libs
                   ;; Hardcode dynamically loaded libraries.
                   (lambda _
@ -1658,7 +1682,9 @@ IcedTea build harness.")
                       ;; support via NSS.
                       (copy-file (string-append jdk "/jre/lib/security/nss.cfg")
                                  (string-append jre "/lib/security/nss.cfg"))
-                   #t)))))))
+                       #t)))
+                 (add-after 'install 'strip-jar-timestamps
+                   (assoc-ref ant:%standard-phases 'strip-jar-timestamps)))))))
      (native-inputs
       `(("jdk" ,icedtea-7 "jdk")
         ("openjdk-src"