Add SOURCE_DATE_EPOCH support for reproducible builds

Implement support for the SOURCE_DATE_EPOCH environment variable as
specified by reproducible-builds.org. When set, this variable overrides
the current timestamp in the Release file's Date and Valid-Until fields,
enabling reproducible filesystem publishes.

- Read SOURCE_DATE_EPOCH environment variable in Publish()
- Use the epoch timestamp for both Date and Valid-Until fields
- Gracefully fallback to current time if unset or invalid
- Add comprehensive tests for valid and invalid SOURCE_DATE_EPOCH values

system/t06_publish/PublishRepo36Test_gold

@@ -0,0 +1,12 @@
+Loading packages...
+Generating metadata files and linking package files...
+Finalizing metadata files...
+
+Local repo local-repo has been successfully published.
+Please setup your webserver to serve directory '${HOME}/.aptly/public' with autoindexing.
+Now you can add following line to apt sources:
+  deb http://your-server/ maverick main
+  deb-src http://your-server/ maverick main
+Don't forget to add your GPG key to apt with apt-key.
+
+You can also use `aptly serve` to publish your repositories over HTTP quickly.

system/t06_publish/PublishRepo36Test_release

@@ -0,0 +1,12 @@
+Origin: . maverick
+Label: . maverick
+Suite: maverick
+Codename: maverick
+Date: Fri, 13 Feb 2009 23:31:30 UTC
+Architectures: i386
+Components: main
+Description: Generated by aptly
+MD5Sum:
+SHA1:
+SHA256:
+SHA512:

system/t06_publish/repo.py

@@ -9,6 +9,10 @@ def strip_processor(output):
     return "\n".join([l for l in output.split("\n") if not l.startswith(' ') and not l.startswith('Date:') and not l.startswith('Valid-Until:')])
 
 
+def strip_processor_keep_date(output):
+    return "\n".join([l for l in output.split("\n") if not l.startswith(' ')])
+
+
 class PublishRepo1Test(BaseTest):
     """
     publish repo: default
@@ -970,3 +974,34 @@ class PublishRepo35Test(BaseTest):
         # verify contents except of sums
         self.check_file_contents(
             'public/dists/maverick/Release', 'release', match_prepare=strip_processor)
+
+
+class PublishRepo36Test(BaseTest):
+    """
+    publish repo: SOURCE_DATE_EPOCH produces byte-identical output
+    """
+    fixtureCmds = [
+        "aptly repo create local-repo",
+        "aptly repo add local-repo ${files}",
+    ]
+    runCmd = "aptly publish repo -skip-signing -distribution=maverick local-repo"
+    gold_processor = BaseTest.expand_environ
+    environmentOverride = {"SOURCE_DATE_EPOCH": "1234567890"}
+
+    def check(self):
+        super(PublishRepo36Test, self).check()
+
+        # verify Release file includes the expected date from SOURCE_DATE_EPOCH
+        self.check_file_contents(
+            'public/dists/maverick/Release', 'release', match_prepare=strip_processor_keep_date)
+
+        # save Release file from first publish
+        first_release = self.read_file('public/dists/maverick/Release')
+
+        # drop and republish with same SOURCE_DATE_EPOCH
+        self.run_cmd("aptly publish drop maverick")
+        self.run_cmd("aptly publish repo -skip-signing -distribution=maverick local-repo")
+
+        # verify byte-identical output
+        second_release = self.read_file('public/dists/maverick/Release')
+        self.check_equal(first_release, second_release)