# Inspiration:
# * https://github.com/ungoogled-software/ungoogled-chromium-archlinux/blob/master/.github/workflows/build/Dockerfile
# * https://github.com/WhyNotHugo/docker-makepkg/blob/main/Dockerfile

FROM archlinux:base-devel

# Add de-p1st mirror ...
RUN printf '\n[de-p1st]\nSigLevel = Optional TrustAll\nServer = https://arch.p1st.de\n' >> /etc/pacman.conf
# ... and update mirrors + packages
RUN pacman -Syu --noconfirm && \
    pacman -S   --noconfirm archiso openssh

# Set packager
RUN sed --in-place 's|^#PACKAGER=.*$|PACKAGER="Daniel Langbein <daniel@systemli.org>"|' /etc/makepkg.conf
# Store built packages in /out/
RUN sed --in-place 's|^#PKGDEST=.*$|PKGDEST=/out|' /etc/makepkg.conf

# Create a normal user to build the ISO
RUN useradd --create-home build
RUN echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

# Create output directory
RUN mkdir -p /out

# Continue execution (and CMD) as notroot:
USER build
WORKDIR /home/build

# Auto-fetch GPG keys (to check signatures):
RUN mkdir .gnupg && \
    echo "keyserver-options auto-key-retrieve" > .gnupg/gpg.conf

COPY run.sh /home/build/run.sh
ENTRYPOINT [ "/bin/bash", "/home/build/run.sh" ]
# Default arguments passed to /run.sh
# CMD [ "clean" ]