FROM debian:jessie-backports

MAINTAINER LEAP Encryption Access Project <info@leap.se>
LABEL Description="Bare debian jessie baseimage with few customisation" Vendor="LEAP" Version="1.x"

RUN echo "deb http://deb.leap.se/testing-platform jessie main" > /etc/apt/sources.list.d/leap.list && \
    # LEAP experimental archive signing key
    apt-key adv --keyserver pool.sks-keyservers.net --recv-keys CE433F407BAB443AFEA196C1837C1AD5367429D9 && \
    # LEAP archive signing key
    apt-key adv --keyserver pool.sks-keyservers.net --recv-keys 1E453B2CE87BEE2F7DFE99661E34A1828E207901

RUN sed -i 's/httpredir/deb/' /etc/apt/sources.list
RUN apt-get update \
  && apt-get -y dist-upgrade \
  && apt-get install -y --no-install-recommends \
    git \
    leap-keyring \
    locales \
    sudo && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

RUN localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
ENV LANG en_US.utf8

RUN useradd -ms /bin/bash -G sudo cirunner

# allow all members of sudo group to execute any command without password
RUN sed -i 's/^%sudo.*/%sudo ALL=(ALL) NOPASSWD:ALL/' /etc/sudoers