# Multi-stage build: Use Alpine for building, scratch for final image
FROM alpine:latest AS build

# Install build dependencies
# build-base: gcc, make, and essential build tools
# musl-dev: C library headers for static linking  
# linux-headers: Kernel headers for system calls
# upx: Ultimate Packer for eXecutables - binary compression tool
RUN apk add --no-cache build-base musl-dev linux-headers upx

# Set working directory for all subsequent operations
WORKDIR /src

# Copy all yescrypt source and header files flat
COPY yescrypt/*.h .
COPY yescrypt/yescrypt-ref.c .
COPY yescrypt/yescrypt-common.c .
COPY yescrypt/sha256.c .
COPY yescrypt/insecure_memzero.c .

# Copy main bruteforce source code
COPY bruteforce.c .

# Basic compilation with size optimization
# -static: Create statically linked executable (no external dependencies)
# -Os: Optimize for size, not speed
# -s: Strip all symbol table and relocation information
RUN gcc -static -Os -s -o bruteforce \
    bruteforce.c \
    yescrypt-ref.c \
    yescrypt-common.c \
    sha256.c \
    insecure_memzero.c \
    # Basic binary stripping:
    # --strip-all: Remove all symbol and debug information
    # --remove-section=.comment: Remove compiler/version comments
    && strip --strip-all --remove-section=.comment bruteforce \
    # UPX compression with standard settings:
    # --ultra-brute: Try all compression methods and use the best result
    && upx --ultra-brute bruteforce

# Final stage: Start with completely empty image (scratch)
FROM scratch

# Copy only the final compressed binary from build stage
COPY --from=build /src/bruteforce /

# Set the default command for the container
ENTRYPOINT ["/bruteforce"]