# Given that this is security software, you might want to consider
# generating your own debian:stretch base image using debbootstrap
# rather than trusting Dockerhub, see "base" target in the Makefile.

ARG  DIST=debian
ARG  CODE=stretch
FROM $DIST:$CODE

# Prerequisites.  Current version of python-django is a bit too recent
# for the rpki-ca GUI, but rpki-rp only uses the ORM, which hasn't
# broken backwards compatability (yet?).

RUN apt-get --yes update && apt-get --yes install --no-install-recommends \
    apache2 \
    bsdmainutils \
    ca-certificates \
    cron \
    postgresql \
    postgresql-client \
    python \
    python-django \
    python-lxml \
    python-psycopg2 \
    python-pycurl \
    python-tornado \
    rrdtool \
    rsyslog \
    rsync \
    ssl-cert \
    sudo \
    xinetd

# Install rpki-rp package downloaded by makefile, but defer
# configuration until the container comes up.

COPY startup.sh rpki-rp_*.deb /root/
RUN  dpkg --unpack /root/rpki-rp_*.deb &&  rm -f /root/rpki-rp_*.deb

# Container startup, execs cron on top of itself when done

CMD [ "/root/startup.sh" ]

# Expose web and rpki-rtr ports.  The HTTPS port is probably not very
# useful unless you stuff a valid certificate into the image.

EXPOSE 80 443 323