#FROM gentoo/stage3
FROM gentoo/stage3:amd64-hardened-openrc

# Disable bits which don't work within Docker.
RUN echo 'FEATURES="-ipc-sandbox -pid-sandbox -network-sandbox -usersandbox -mount-sandbox -sandbox"' | cat >> /etc/portage/make.conf
# Speed things up a bit.
RUN echo 'FEATURES="${FEATURES} parallel-install parallel-fetch -merge-sync"' | cat >> /etc/portage/make.conf
RUN echo 'EMERGE_DEFAULT_OPTS="--binpkg-respect-use=y --getbinpkg=y --autounmask-write --autounmask-continue --autounmask-keep-keywords=y --autounmask-use=y"' | cat >> /etc/portage/make.conf

RUN emerge-webrsync --quiet
# We need to sync from git to get the very latest repo state
RUN getuto
RUN emerge --oneshot --quiet --quiet-build --jobs=$(nproc) dev-vcs/git app-eselect/eselect-repository
RUN eselect repository enable gentoo
RUN rm -rf /var/db/repos/gentoo
RUN emerge --sync --quiet

RUN emerge --oneshot --quiet --quiet-build dev-debug/gdb dev-debug/strace
# xz-5.6.0 is only in ~arch
RUN echo "app-arch/xz-utils" >> /etc/portage/package.accept_keywords/xz

CMD CFLAGS="-O2 -fcf-protection=none -march=x86-64-v3 -ggdb3" LDFLAGS="-Wl,-O1 -Wl,--as-needed" CC=gcc-13 USE=pgo emerge --verbose --oneshot app-arch/xz-utils