fix timezone

GoogleContainerTools · Nov 30, 2023 · 3662841 · 3662841
1 parent af39150
commit 3662841
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 17 deletions.
diff --git a/.bazelrc b/.bazelrc
@@ -10,6 +10,10 @@ common --enable_bzlmod
 # https://bazelbuild.slack.com/archives/C014RARENH0/p1691158021917459?thread_ts=1691156601.420349&cid=C014RARENH0
 common --check_direct_dependencies=off
 
+
+# Use a hermetic Java version
+build --java_runtime_version=remotejdk_17
+
 # Load any settings specific to the current user.
 # .bazelrc.user should appear in .gitignore so that settings are not shared with team members
 # This needs to be last statement in this

diff --git a/distroless/private/java_keystore.bzl b/distroless/private/java_keystore.bzl
@@ -7,17 +7,17 @@ _DOC = """Create a java keystore (database) of cryptographic keys, X.509 certifi
 Currently only public  X.509 are supported as part of the PUBLIC API contract.
 """
 
-def _find_keytool(java_runtime):
-    for f in java_runtime.files.to_list():
+def _find_keytool(java):
+    for f in java.java_runtime.files.to_list():
         if f.basename == "keytool":
             return f
     fail("java toolchain does not contain `keytool`.")
 
 def _java_keystore_impl(ctx):
-    jdk = ctx.toolchains["@bazel_tools//tools/jdk:runtime_toolchain_type"]
+    jdk = ctx.toolchains["@bazel_tools//tools/jdk:toolchain_type"]
     coreutils = ctx.toolchains["@aspect_bazel_lib//lib:coreutils_toolchain_type"]
     bsdtar = ctx.toolchains[tar_lib.TOOLCHAIN_TYPE]
-    keytool = _find_keytool(jdk.java_runtime)
+    keytool = _find_keytool(jdk.java)
 
     jks = ctx.actions.declare_file(ctx.attr.name + ".jks")
 
@@ -70,7 +70,7 @@ java_keystore = rule(
     implementation = _java_keystore_impl,
     toolchains = [
         tar_lib.TOOLCHAIN_TYPE,
-        "@bazel_tools//tools/jdk:runtime_toolchain_type",
+        "@bazel_tools//tools/jdk:toolchain_type",
         "@aspect_bazel_lib//lib:coreutils_toolchain_type",
     ],
 )
diff --git a/distroless/tests/asserts.bzl b/distroless/tests/asserts.bzl
@@ -44,7 +44,7 @@ def assert_jks_listing(name, actual, expected):
         cmd = """
 BINS=($(locations @rules_java//toolchains:current_java_runtime))
 KEYTOOL=$$(dirname $${BINS[1]})/keytool
-$$KEYTOOL -list -v -keystore $(location %s) -storepass changeit > $@
+TZ="UTC" $$KEYTOOL -list -v -keystore $(location %s) -storepass changeit > $@
 """ % actual,
     )
 

diff --git a/examples/java_keystore/BUILD.bazel b/examples/java_keystore/BUILD.bazel
@@ -32,6 +32,6 @@ assert_tar_listing(
 ./etc/ssl time=1672560000.0 mode=755 gid=0 uid=0 type=dir
 ./etc/ssl/certs time=1672560000.0 mode=755 gid=0 uid=0 type=dir
 ./etc/ssl/certs/java time=1672560000.0 mode=755 gid=0 uid=0 type=dir
-./etc/ssl/certs/java/cacerts nlink=0 time=1672560000.0 mode=755 gid=0 uid=0 type=file size=6230 cksum=2439835119 sha1digest=525ab823d4735763050000c0d85d00b401f6ce7f
+./etc/ssl/certs/java/cacerts nlink=0 time=1672560000.0 mode=755 gid=0 uid=0 type=file size=6230 cksum=1520748722 sha1digest=fa7c324a0b750e87dd8c8631be005184fb46e915
 """,
 )
diff --git a/examples/java_keystore/expected.jks.output b/examples/java_keystore/expected.jks.output
@@ -4,13 +4,13 @@ Keystore provider: SUN
 Your keystore contains 5 entries
 
 Alias name: /c=us/o=amazon/cn=amazonrootca1
-Creation date: Nov. 17, 2023
+Creation date: Nov. 30, 2023
 Entry type: trustedCertEntry
 
 Owner: CN=Amazon Root CA 1, O=Amazon, C=US
 Issuer: CN=Amazon Root CA 1, O=Amazon, C=US
 Serial number: 66c9fcf99bf8c0a39e2f0788a43e696365bca
-Valid from: Mon May 25 17:00:00 PDT 2015 until: Sat Jan 16 16:00:00 PST 2038
+Valid from: Tue May 26 00:00:00 UTC 2015 until: Sun Jan 17 00:00:00 UTC 2038
 Certificate fingerprints:
 	 SHA1: 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
 	 SHA256: 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
@@ -48,13 +48,13 @@ KeyIdentifier [
 
 
 Alias name: /c=us/o=digicertinc/ou=www.digicert.com/cn=digicertassuredidrootca
-Creation date: Nov. 17, 2023
+Creation date: Nov. 30, 2023
 Entry type: trustedCertEntry
 
 Owner: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
 Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
 Serial number: ce7e0e517d846fe8fe560fc1bf03039
-Valid from: Thu Nov 09 16:00:00 PST 2006 until: Sun Nov 09 16:00:00 PST 2031
+Valid from: Fri Nov 10 00:00:00 UTC 2006 until: Mon Nov 10 00:00:00 UTC 2031
 Certificate fingerprints:
 	 SHA1: 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
 	 SHA256: 3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C
@@ -100,13 +100,13 @@ KeyIdentifier [
 
 
 Alias name: /c=us/o=verisign,inc./ou=verisigntrustnetwork/ou=(c)2008verisign,inc.-forauthorizeduseonly/cn=verisignuniversalrootcertificationauthority
-Creation date: Nov. 17, 2023
+Creation date: Nov. 30, 2023
 Entry type: trustedCertEntry
 
 Owner: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
 Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
 Serial number: 401ac46421b31321030ebbe4121ac51d
-Valid from: Tue Apr 01 17:00:00 PDT 2008 until: Tue Dec 01 15:59:59 PST 2037
+Valid from: Wed Apr 02 00:00:00 UTC 2008 until: Tue Dec 01 23:59:59 UTC 2037
 Certificate fingerprints:
 	 SHA1: 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54
 	 SHA256: 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C
@@ -153,13 +153,13 @@ KeyIdentifier [
 
 
 Alias name: /ou=globalsignrootca-r2/o=globalsign/cn=globalsign
-Creation date: Nov. 17, 2023
+Creation date: Nov. 30, 2023
 Entry type: trustedCertEntry
 
 Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
 Serial number: 400000000010f8626e60d
-Valid from: Fri Dec 15 00:00:00 PST 2006 until: Wed Dec 15 00:00:00 PST 2021
+Valid from: Fri Dec 15 08:00:00 UTC 2006 until: Wed Dec 15 08:00:00 UTC 2021
 Certificate fingerprints:
 	 SHA1: 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
 	 SHA256: CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E
@@ -210,13 +210,13 @@ KeyIdentifier [
 
 
 Alias name: /ou=globalsignrootca-r3/o=globalsign/cn=globalsign
-Creation date: Nov. 17, 2023
+Creation date: Nov. 30, 2023
 Entry type: trustedCertEntry
 
 Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
 Serial number: 4000000000121585308a2
-Valid from: Wed Mar 18 03:00:00 PDT 2009 until: Sun Mar 18 03:00:00 PDT 2029
+Valid from: Wed Mar 18 10:00:00 UTC 2009 until: Sun Mar 18 10:00:00 UTC 2029
 Certificate fingerprints:
 	 SHA1: D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
 	 SHA256: CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B