FROM quay.io/fedora/fedora-silverblue:44

COPY gpg-keys/* /keys/

RUN wget -O /etc/udev/rules.d/42-logitech-unify-permissions.rules https://raw.githubusercontent.com/pwr-Solaar/Solaar/refs/heads/master/rules.d-uinput/42-logitech-unify-permissions.rules

RUN rpm --import \
      /keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020 \
      /keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 \
      /keys/brave-core.asc \
      /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-44-x86_64 && \
    rm -rf /keys && \
    dnf5 install -y https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
      https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm  && \
    curl -fsSLo /etc/yum.repos.d/brave-browser.repo https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo && \
    mkdir /var/opt /usr/brave.com && \
    ln -s /usr/brave.com /var/opt/brave.com && \
    echo "L /var/opt/brave.com - - - - /usr/brave.com" >> /usr/lib/tmpfiles.d/brave.conf && \
    dnf5 install -y \
      brave-browser \
      geany \
      gnome-extensions-app \
      gnome-shell-extension-dash-to-panel \
      gnome-terminal \
      gnome-tweaks \
      vim && \
    dnf5 swap -y ffmpeg-free ffmpeg --allowerasing && \
    dnf5 clean all

# The first check makes sure that we have exactly 9 gpg pubkeys trusted in the rpmdb (the ones manually imported above) (Brave adds 6, apparently?).
# Any more than that means that dnf automatically added a new one, which is shady!
# Then: cleanup image for linting
# Finally: verify image is good
# FIXME - remove the `--skip nonempty-run-tmp` when it's no longer needed
RUN rpm -qa gpg-pubkey*
RUN [[ 9 -eq $(rpm -qa gpg-pubkey* | wc -l) ]] && \
    rm -rf /var /boot && mkdir /var /boot && \
    bootc container lint --fatal-warnings --skip nonempty-run-tmp