diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c8f0aa629c14bce4c4a653150b68c0cd3d55a233..b78a33ab63a13a43161695c3ab3cb265d31c5a75 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,4 +18,15 @@ build-bullseye:
     entrypoint: [""]
   script:
     - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.bullseye --destination $CI_REGISTRY_IMAGE/bullseye:$CI_COMMIT_TAG
\ No newline at end of file
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.bullseye --destination $CI_REGISTRY_IMAGE/bullseye:$CI_COMMIT_TAG
+
+build-bookworm:
+  only:
+    - master
+  stage: build
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
+  script:
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
+    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.bookworm --destination $CI_REGISTRY_IMAGE/bookworm:$CI_COMMIT_TAG
diff --git a/Dockerfile.bookworm b/Dockerfile.bookworm
new file mode 100644
index 0000000000000000000000000000000000000000..6ac19b07b7b9ed9cf8d3f778f675e9fbb59a494d
--- /dev/null
+++ b/Dockerfile.bookworm
@@ -0,0 +1,19 @@
+FROM debian:bookworm AS uffd-base
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN dpkg-divert --divert /usr/lib/python3.11/EXTERNALLY-MANAGED.diverted --rename /usr/lib/python3.11/EXTERNALLY-MANAGED && \
+    apt-get -qq update && \
+    apt-get -qq dist-upgrade && \
+    apt-get -qq install \
+        lsb-release openjdk-17-jre-headless curl ca-certificates \
+        sqlite3 locales-all git \
+        python3 python3-venv python3-coverage python3-ldap3 python3-flask python3-flask-sqlalchemy python3-flask-migrate \
+        python3-pip python3-qrcode python3-fido2 python3-oauthlib python3-flask-babel python3-argon2 python3-pytest python3-all python3-pip \
+        git-buildpackage debhelper dh-python mariadb-server python3-mysqldb python3-requests-oauthlib python3-git python3-prometheus-client libffi-dev \
+        redis-server && \
+    pip3 install pylint html5validator twine build --upgrade && \
+    apt-get -qq clean
+
+COPY cccv-archive-key.gpg /etc/apt/trusted.gpg.d/
+COPY cccv-archive-bookworm.list /etc/apt/sources.list.d/
diff --git a/cccv-archive-bookworm.list b/cccv-archive-bookworm.list
new file mode 100644
index 0000000000000000000000000000000000000000..788c9a364471f1d618605bc2f6c930366e7c327f
--- /dev/null
+++ b/cccv-archive-bookworm.list
@@ -0,0 +1 @@
+deb https://packages.cccv.de/uffd bookworm main
diff --git a/cccv-archive-key.gpg b/cccv-archive-key.gpg
index b0ac4de43a0786a52060bade75c5150ac552ade7..1dc342324676b612d82f99768e4dc0514d2c3fee 100644
Binary files a/cccv-archive-key.gpg and b/cccv-archive-key.gpg differ