FROM gerritcodereview/gerrit:3.8.0

COPY --from=sourcearcade-nginx /etc/ssl/certs/sa-selfsigned.crt /var/gerrit/etc/
RUN \
	keytool -importcert -alias sa-selfsigned -file /var/gerrit/etc/sa-selfsigned.crt \
		-keystore /var/gerrit/truststore -storepass uiaeuiae -noprompt && \
	rm /var/gerrit/etc/sa-selfsigned.crt
RUN \
	echo | keytool -importkeystore \
		-srckeystore /usr/lib/jvm/java-*/lib/security/cacerts \
		-destkeystore /var/gerrit/truststore \
		-deststorepass uiaeuiae -noprompt

USER root
RUN \
	printf 'JAVA_OPTIONS="%s %s"\n' \
		-Djavax.net.ssl.trustStore=/var/gerrit/truststore \
		-Djavax.net.ssl.trustStorePassword=uiaeuiae >>/etc/default/gerritcodereview

COPY gerrit/Dockerfile.entrypoint /privileged.sh
RUN chmod 544 /privileged.sh
COPY gerrit/Dockerfile.entrypoint-unprivileged /unprivileged.sh
RUN chmod 555 /unprivileged.sh

ENTRYPOINT ["/bin/sh", "/privileged.sh"]