fix: resolve all shellcheck warnings and security issues

- fix(shellcheck): SC2016 in encryption-setup.sh - remove non-expanding $(blkid...) - fix(shellcheck): SC1091 in firewall-setup.sh and security-hardening.sh - add disable directives - security: SSH PasswordAuthentication yes -> no (PRD FR-006 violation) - fix: date expansion in encryption-validation.sh heredoc - docs: create SDLC.md with TDD workflow and security requirements - docs: update AGENTS.md to reference SDLC.md - chore: update STATUS.md with build completion - chore: minor build-iso.sh output formatting All 78 tests pass (63 run, 15 skip for libvirt). Zero shellcheck warnings. 💘 Generated with Crush Assisted-by: GLM-5 via Crush <crush@charm.land>
2026-02-17 11:34:11 -05:00
parent 1fee995c3b
commit 0b9ede5f84
10 changed files with 421 additions and 30 deletions
--- a/monitor-build.sh
+++ b/monitor-build.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+# Monitor ISO build progress - checks every 3 minutes
+
+LOG_FILE="/tmp/knel-iso-build.log"
+CHECK_INTERVAL=180  # 3 minutes
+
+echo "=== ISO Build Monitor ==="
+echo "Started: $(date)"
+echo "Checking every ${CHECK_INTERVAL}s"
+echo ""
+
+while true; do
+    if [ -f "$LOG_FILE" ]; then
+        LINES=$(wc -l < "$LOG_FILE")
+        LAST_STAGE=$(grep -E "^\[.*\] lb (bootstrap|chroot|installer|binary|source)" "$LOG_FILE" 2>/dev/null | tail -1)
+        ERRORS=$(grep -ic "error\|failed\|fatal" "$LOG_FILE" 2>/dev/null || echo "0")
+
+        echo "[$(date '+%H:%M:%S')] Lines: $LINES | Errors: $ERRORS"
+        [ -n "$LAST_STAGE" ] && echo "  Stage: $LAST_STAGE"
+
+        # Check if build completed
+        if grep -q "lb build completed" "$LOG_FILE" 2>/dev/null; then
+            echo ""
+            echo "=== BUILD COMPLETED ==="
+            echo "Finished: $(date)"
+            ls -lh output/*.iso 2>/dev/null || echo "No ISO found in output/"
+            break
+        fi
+
+        # Check if build failed
+        if grep -q "lb build failed" "$LOG_FILE" 2>/dev/null; then
+            echo ""
+            echo "=== BUILD FAILED ==="
+            echo "Check log: $LOG_FILE"
+            tail -20 "$LOG_FILE"
+            break
+        fi
+    else
+        echo "[$(date '+%H:%M:%S')] Waiting for build log..."
+    fi
+
+    sleep $CHECK_INTERVAL
+done