FROM debian:stable
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends awscli ca-certificates curl efitools gettext git gnupg gnupg-pkcs11-scd libcurl4 libengine-pkcs11-openssl libjson-c5 make openssl python3 python3-venv uuid-runtime
RUN curl -sSLf "https://github.com/gardenlinux/aws-kms-pkcs11/releases/download/latest/aws_kms_pkcs11-$(dpkg --print-architecture).so" > "/usr/lib/$(uname -m)-linux-gnu/pkcs11/aws_kms_pkcs11.so"

# Prepare virtual environment
ENV VIRTUAL_ENV=/opt/venv
RUN python3 -m venv $VIRTUAL_ENV
ENV PATH="$VIRTUAL_ENV/bin:$PATH"

RUN pip install git+https://github.com/awslabs/python-uefivars
