# ── Stage 1 : build PackageKit 1.3.4 from source (vulnerable version) ────────
FROM ubuntu:24.04 AS builder

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
        git meson ninja-build pkg-config gcc gettext \
        libglib2.0-dev libpolkit-gobject-1-dev \
        libsqlite3-dev libapt-pkg-dev libarchive-dev libjansson-dev \
        libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libappstream-dev \
        python3-gi gobject-introspection libgirepository-1.0-dev \
        gir1.2-glib-2.0 valac \
    && rm -rf /var/lib/apt/lists/*

# Last vulnerable commit (just before fix 76cfb675)
RUN git clone --quiet https://github.com/PackageKit/PackageKit.git /pk \
    && cd /pk && git checkout 2149735 \
    && sed -i 's/g_assert (!transaction->emitted_finished);/if (transaction->emitted_finished) return;/' \
            src/pk-transaction.c

WORKDIR /pk
RUN meson setup _build \
        --prefix=/usr \
        --sysconfdir=/etc \
        --localstatedir=/var \
        -Dsystemd=false \
        -Dman_pages=false \
        -Doffline_update=false \
        -Dbash_completion=false \
        -Dgtk_doc=false \
        -Dpackaging_backend=apt \
        -Dgstreamer_plugin=false \
        -Dgtk_module=false \
    && ninja -C _build \
    && DESTDIR=/pk-install ninja -C _build install

# ── Stage 2 : runtime image ──────────────────────────────────────────────────
FROM ubuntu:24.04

ENV DEBIAN_FRONTEND=noninteractive

# Runtime dependencies only
RUN apt-get update && apt-get install -y \
        libglib2.0-0t64 libpolkit-gobject-1-0 \
        libsqlite3-0 libapt-pkg6.0t64 libarchive13t64 \
        libjansson4 libappstream5 \
        libgstreamer1.0-0 libgstreamer-plugins-base1.0-0 \
        python3-gi gir1.2-glib-2.0 \
        dbus polkitd \
        libglib2.0-dev gcc make \
    && rm -rf /var/lib/apt/lists/* \
    && truncate -s 0 /etc/apt/sources.list.d/ubuntu.sources

# Install the vulnerable PackageKit (overrides any patched package)
COPY --from=builder /pk-install/ /

# Ensure required directories exist
RUN mkdir -p /usr/share/dbus-1/system-services \
             /usr/share/polkit-1/actions \
             /etc/polkit-1/rules.d \
             /var/cache/PackageKit/downloads \
             /var/lib/PackageKit

# Non-root user for the exploit
RUN useradd -m -s /bin/bash victim

# Build exploit
WORKDIR /home/victim
COPY Makefile ./
COPY src/cve-2026-41651.c src/
RUN chown victim:victim Makefile src/cve-2026-41651.c \
    && su victim -c "make -s"

COPY src/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]
