# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu

# Version Master V8.13.440.2025.11.19

FROM debian:bookworm

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update -y \
    && apt-get upgrade -y \
    && apt-get install -y \
      apt-transport-https \
      apt-utils \
      bash \
      ca-certificates \
      gnupg \
      openssl \
      sudo \
    && apt-get update -y \
    && apt-get upgrade -y \
    && apt-get clean \
    && apt-get autoremove --purge -y \
    && rm -rf /var/lib/apt/lists/*

RUN mkdir -p /etc/apt/sources.list.d && touch /etc/apt/sources.list.d/bookworm-backports.list \
    && echo 'deb https://deb.debian.org/debian bookworm-backports main' >| /etc/apt/sources.list.d/bookworm-backports.list \
    && apt-get update -y \
    && apt-get upgrade -y \
    && apt-get install -y --no-install-recommends \
      autoconf \
      automake \
      build-essential \
      cryptsetup \
      curl \
      debootstrap \
      dosfstools \
      efibootmgr \
      gettext \
      git \
      haveged \
      libtool \
      live-build \
      parted \
      pkg-config \
      ssh \
      ssl-cert \
      texinfo \
      wget \
      whois \
    && apt-get clean \
    && apt-get autoremove --purge -y \
    && rm -rf /var/lib/apt/lists/*

RUN useradd --create-home --shell /bin/bash runner

WORKDIR /home/runner

USER runner

ENTRYPOINT ["bash"]
