diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..69dc4014
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: 2024 Lance Vick <lance@vick.house>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+!target
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..4742fdba
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2024 Lance Vick <lance@vick.house>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+FROM scratch as build
+ADD target/ /
+RUN ["/bootstrap-seeds/POSIX/x86/kaem-optional-seed"]
+
+FROM build as install
+ENV PATH=/bin:/usr/sbin:/usr/bin
+RUN set -eux; \
+    rm -rf /usr/lib/python*/__pycache__; \
+    mkdir -p /rootfs/etc /rootfs/home/user; \
+    cp -R $(ls -d /etc/* | grep -v '\(resolv.conf\|hosts\)') /rootfs/etc/; \
+    cp -R lib usr bin var /rootfs/; \
+    echo "user:x:1000:" > /rootfs/etc/group; \
+    echo "user:x:1000:1000::/home/user:/bin/bash" > /rootfs/etc/passwd; \
+    find /rootfs -exec touch -hcd "@0" "{}" +
+
+FROM scratch as package
+COPY --from=install /rootfs /
+USER 1000:1000
+ENTRYPOINT ["/bin/bash"]
+ENV TZ=UTC
+ENV LANG=C.UTF-8
+ENV SOURCE_DATE_EPOCH=1
+ENV KCONFIG_NOTIMESTAMP=1
+ENV PS1="bootstrap$ "
diff --git a/rootfs.py b/rootfs.py
index 6f4faf0c..fcb1536c 100755
--- a/rootfs.py
+++ b/rootfs.py
@@ -13,6 +13,7 @@ you can run bootstap inside chroot.
 # SPDX-FileCopyrightText: 2021 Melg Eight <public.melg8@gmail.com>
 # SPDX-FileCopyrightText: 2021-23 fosslinux <fosslinux@aussies.space>
 # SPDX-FileCopyrightText: 2023-24 Gábor Stefanik <netrolller.3d@gmail.com>
+# SPDX-FileCopyrightText: 2024 Lance Vick <lance@vick.house>
 
 import argparse
 import os
@@ -31,7 +32,7 @@ def create_configuration_file(args):
         config.write(f"ARCH={args.arch}\n")
         config.write(f"ARCH_DIR={stage0_arch_map.get(args.arch, args.arch)}\n")
         config.write(f"FORCE_TIMESTAMPS={args.force_timestamps}\n")
-        config.write(f"CHROOT={args.chroot or args.bwrap}\n")
+        config.write(f"CHROOT={args.chroot or args.bwrap or args.docker}\n")
         config.write(f"UPDATE_CHECKSUMS={args.update_checksums}\n")
         config.write(f"JOBS={args.cores}\n")
         config.write(f"SWAP_SIZE={args.swap}\n")
@@ -39,6 +40,7 @@ def create_configuration_file(args):
         config.write(f"INTERNAL_CI={args.internal_ci or False}\n")
         config.write(f"INTERACTIVE={args.interactive}\n")
         config.write(f"BARE_METAL={args.bare_metal}\n")
+        config.write(f"EXTERNAL_SOURCES={args.external_sources}\n")
         if (args.bare_metal or args.qemu) and not args.kernel:
             if args.repo or args.external_sources:
                 config.write("DISK=sdb1\n")
@@ -64,6 +66,8 @@ def main():
                         action="store_true")
     parser.add_argument("-bw", "--bwrap", help="Run inside a bwrap sandbox",
                         action="store_true")
+    parser.add_argument("-do", "--docker", help="Run inside a docker build",
+                        action="store_true")
     parser.add_argument("-t", "--target", help="Target directory",
                         default="target")
     parser.add_argument("--tmpfs", help="Use a tmpfs on target",
@@ -123,15 +127,17 @@ def main():
             count += 1
         if args.bwrap:
             count += 1
+        if args.docker:
+            count += 1
         if args.bare_metal:
             count += 1
         return count
 
     if check_types() > 1:
-        raise ValueError("No more than one of qemu, chroot, bwrap, bare metal"
+        raise ValueError("No more than one of qemu, chroot, bwrap, docker, bare metal"
                          "may be used.")
     if check_types() == 0:
-        raise ValueError("One of qemu, chroot, bwrap, or bare metal must be selected.")
+        raise ValueError("One of qemu, chroot, bwrap, docker, or bare metal must be selected.")
 
     # Arch validation
     if args.arch != "x86":
@@ -154,6 +160,9 @@ def main():
     else:
         args.target_size = 0
 
+    if args.docker:
+        args.external_sources = True
+
     # Swap file size validation
     if args.qemu or args.bare_metal:
         args.swap = (int(str(args.swap).rstrip('gGmM')) *
@@ -204,6 +213,20 @@ print(shutil.which('chroot'))
         init = os.path.join(os.sep, 'bootstrap-seeds', 'POSIX', arch, 'kaem-optional-seed')
         run_as_root('env', '-i', 'PATH=/bin', chroot_binary, generator.target_dir, init)
 
+    elif args.docker:
+        generator.prepare(target, using_kernel=False)
+        arch = stage0_arch_map.get(args.arch, args.arch)
+        init = os.path.join(os.sep, 'bootstrap-seeds', 'POSIX', arch, 'kaem-optional-seed')
+        print(generator.target_dir, init)
+        run('env', '-i', 'DOCKER_BUILDKIT=1', 'SOURCE_DATE_EPOCH=1',
+                                                 'docker', 'build',
+                                                 '--build-arg=SOURCE_DATE_EPOCH=1',
+                                                 '--progress=plain',
+                                                 '--platform=linux/amd64',
+                                                 '--target=package',
+                                                 '--tag', 'local/live-bootstrap',
+                                                 '.')
+
     elif args.bwrap:
         init = '/init'
         if not args.internal_ci or args.internal_ci == "pass1":