# Stage 1: Build the base system
FROM busybox:1.37.0 AS builder

# Set working directory
WORKDIR /build

# Define build arguments
ARG BASE_FILES_VERSION=13.7
ARG CACERTIFICATES_VERSION=20241223
ARG LIBGCC_VERSION=14.2.0-19
ARG GLIBC_VERSION=2.41-6
ARG TZDATA_VERSION=2025b-1

# Download required Debian packages
RUN wget -q \
    https://ftp.debian.org/debian/pool/main/b/base-files/base-files_${BASE_FILES_VERSION}_amd64.deb \
    https://ftp.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_${CACERTIFICATES_VERSION}_all.deb \
    https://ftp.debian.org/debian/pool/main/g/gcc-14/libgcc-s1_${LIBGCC_VERSION}_amd64.deb \
    https://ftp.debian.org/debian/pool/main/g/glibc/libc6_${GLIBC_VERSION}_amd64.deb \
    https://ftp.debian.org/debian/pool/main/g/glibc/libc-bin_${GLIBC_VERSION}_amd64.deb \
    https://ftp.debian.org/debian/pool/main/t/tzdata/tzdata_${TZDATA_VERSION}_all.deb

# Extract and clean up the downloaded packages
RUN mkdir -p var/lib/dpkg && \
    for deb in *.deb; do \
        echo "Processing $deb" && \
        ar x $deb control.tar.xz data.tar.xz && \
        tar xf data.tar.xz && tar xf control.tar.xz ./control && \
        (cat control; echo) >> var/lib/dpkg/status && \
        rm -f $deb control.tar.xz data.tar.xz control; \
    done && \
    # Generate certificates file and links
    find usr/share/ca-certificates -type f -name '*.crt' -exec sh -c 'ln -sf /$1 etc/ssl/certs/$(basename $1) && cat "$1" >> etc/ssl/certs/ca-certificates' sh {} \; && \
    # Create a non-root user directory
    mkdir -p /home/nonroot && \
    chown 65532:65532 /home/nonroot && \
    # Copy nsswitch.conf for proper name resolution
    cp usr/share/libc-bin/nsswitch.conf etc/nsswitch.conf && \
    # Remove unnecessary files to reduce image size
    rm -rf usr/bin usr/sbin usr/share/base-files usr/share/common-licenses usr/share/doc \
      usr/share/libc-bin usr/share/lintian usr/share/man usr/lib/x86_64-linux-gnu/gconv && \
    find usr/share/zoneinfo ! -name "Paris" ! -name "UTC" ! -name "New_York" -delete

# Stage 2: Temporary scratch image
FROM scratch AS tmp

# Copy root directory and extracted files from the builder stage
COPY rootdir/ /
COPY --from=builder /build/ /

# Stage 3: Final minimal image
FROM scratch

# Set environment variables
ENV LANG=C.utf8

# Copy everything from the temporary stage
COPY --from=tmp / /