# SPDX-License-Identifier: MulanPSL-2.0+
# Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.

FROM openeuler/openeuler:22.03

ARG ARCH

COPY openEuler.repo /etc/yum.repos.d/
RUN yum -y update && \
    yum -y install gcc make openssl-devel gcc-c++ wget rpm-sign gnupg2 createrepo_c findutils ruby

RUN gem install bundle
COPY Gemfile /
RUN bundle install --gemfile=/Gemfile

# install tool for code sign: client
RUN if [ "$ARCH" = "aarch64" ]; \
then wget --no-check-certificate https://gitee.com/openeuler/signatrust/releases/download/v1.0.0-rc.3/client_linux_aarch64_musl.tar.gz -P / && \
     cd / && \
     tar xvf client_linux_aarch64_musl.tar.gz && \
     mv client /usr/bin && \
     rm client_linux_aarch64_musl.tar.gz; \
elif [ "$ARCH" = "x86_64" ]; \
then wget --no-check-certificate https://gitee.com/openeuler/signatrust/releases/download/v1.0.0-rc.2/client_linux_x86_64.tar.gz -P / && \
     cd / && \
     tar xvf client_linux_x86_64.tar.gz && \
     mv client /usr/bin && \
     rm client_linux_x86_64.tar.gz; \
fi

COPY cbs /c/cbs

# install file sign tool: pk12_rsasign
RUN cd /c/cbs/container/publisher/pk12_rsasign && make
RUN cp /c/cbs/container/publisher/pk12_rsasign/pk12_rsasign /bin/

COPY client.toml /etc/

RUN groupadd -g 1090 lkp && useradd -m -u 1090 -g 1090 lkp

RUN chown -R lkp:lkp /c/cbs && chmod -R 750 /c/cbs

RUN yum remove gcc cpp -y

USER lkp

WORKDIR /c/cbs/container/publisher
