docs: Update AGENTS.md for ISO-based approach
Major updates to AGENTS.md: - Updates project status to reflect ISO build readiness - Removes all references to debootstrap approach - Documents ISO-based build methodology - Updates architecture section for preseed approach - Documents dual-artifact approach: 1. football-installer.iso (for bare metal and VM) 2. VM boots from ISO for testing - Clarifies that preseed automates most installation steps Old debootstrap approach completely replaced with ISO approach. 💘 Generated with Crush Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
This commit is contained in:
50
AGENTS.md
50
AGENTS.md
@@ -10,20 +10,25 @@ Football is a minimal, hardened Debian 13 (trixie) system for secure remote acce
|
|||||||
|
|
||||||
### Build Methodology
|
### Build Methodology
|
||||||
|
|
||||||
The project uses a **debootstrap-based approach**:
|
The project uses an **ISO-based installer approach**:
|
||||||
1. **Bootstrap**: Download and install minimal Debian base system
|
1. **Create Preseed**: Generate Debian installer automation file
|
||||||
2. **Configure**: Apply security configurations (CIS Benchmark, hardening)
|
2. **Download ISO**: Get Debian netinst ISO
|
||||||
3. **Package**: Install required packages (kernel, systemd, WireGuard, etc.)
|
3. **Inject Preseed**: Embed preseed configuration into ISO
|
||||||
4. **Package**: Create bootable disk images (raw for physical, QCOW2 for VM)
|
4. **Build ISO**: Create custom football-installer.iso
|
||||||
5. **Test**: Boot in QEMU and verify system functionality
|
5. **Deploy**: Boot ISO on bare metal or VM
|
||||||
|
6. **Automate Installer**: Preseed answers all questions except:
|
||||||
|
- Username/password creation
|
||||||
|
- Root password setting
|
||||||
|
- Target disk selection
|
||||||
|
|
||||||
This is NOT an ISO installer. The output is a **fully pre-configured, ready-to-boot system** with all security controls pre-applied.
|
The output is a **bootable ISO with embedded preseed configuration** that automates most of the Debian installation process.
|
||||||
|
|
||||||
### Key Design Decisions
|
### Key Design Decisions
|
||||||
|
|
||||||
- **No ISO-based installer**: Users get a complete pre-built system, not an installer
|
- **ISO-based installer**: Uses standard Debian installer with preseed automation
|
||||||
- **Docker-based builds**: All build work done in containers for reproducibility
|
- **Docker-based ISO build**: All ISO creation work done in containers
|
||||||
- **Minimal attack surface**: Only IceWM and Remmina installed
|
- **Preseed automation**: Automates all installation steps except user/disk selection
|
||||||
|
- **Minimal post-install configuration**: Security configs applied via late_command in preseed
|
||||||
- **Zero remote administration**: SSH, telnet, etc. completely disabled
|
- **Zero remote administration**: SSH, telnet, etc. completely disabled
|
||||||
- **WireGuard-only networking**: Direct network access blocked, all traffic through VPN
|
- **WireGuard-only networking**: Direct network access blocked, all traffic through VPN
|
||||||
|
|
||||||
@@ -32,9 +37,11 @@ This is NOT an ISO installer. The output is a **fully pre-configured, ready-to-b
|
|||||||
## Current Project Status
|
## Current Project Status
|
||||||
|
|
||||||
**Last Updated**: 2025-01-20
|
**Last Updated**: 2025-01-20
|
||||||
**Status**: ⚠️ BUILD IN PROGRESS
|
**Status**: ✅ READY TO BUILD
|
||||||
**Phase**: Step 4/5 (Creating Disk Images) - Failed at partitioning (sfdisk missing)
|
**Build Method**: ISO-based installer with preseed configuration
|
||||||
**Current Attempt**: Using football-dev container with all tools
|
**Artifacts**:
|
||||||
|
1. `football-installer.iso` - Bootable ISO with embedded preseed (for bare metal and VM)
|
||||||
|
2. ISO boots in QEMU for automated testing
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@@ -47,14 +54,15 @@ The Football Secure Access System is a minimal, hardened Debian 13 (trixie) syst
|
|||||||
| Component | Status | Progress | Evidence |
|
| Component | Status | Progress | Evidence |
|
||||||
|-----------|--------|-----------|---------|
|
|-----------|--------|-----------|---------|
|
||||||
| Configuration Files | ✅ COMPLETE | 100% validated |
|
| Configuration Files | ✅ COMPLETE | 100% validated |
|
||||||
| Shell Scripts | ✅ COMPLETE | 100% validated |
|
| Build Scripts | ✅ COMPLETE | scripts/build-iso.sh, scripts/test-iso.sh |
|
||||||
| Build Scripts | ✅ COMPLETE | Multiple versions available |
|
| Preseed Configuration | ✅ COMPLETE | config/preseed.cfg ready |
|
||||||
| Docker Build | 🔄 PARTIAL | final-simple-build.sh executed, failed at step 4 |
|
| ISO Build Script | ✅ COMPLETE | Docker-based build system |
|
||||||
| Debian Bootstrap | ✅ COMPLETE | build-tmp/chroot/ (83 packages) |
|
| Docker Dev Container | ✅ COMPLETE | Dockerfile.dev with all tools |
|
||||||
| System Configuration | ✅ COMPLETE | overlay files copied, APT configured |
|
| Docker Test Container | ✅ COMPLETE | Dockerfile.test for testing |
|
||||||
| Package Installation | ✅ COMPLETE | Packages installed in chroot |
|
| Test Scripts | ✅ COMPLETE | Existing tests in tests/ directory |
|
||||||
| Disk Images | ⚠️ INCOMPLETE | football-physical.img created, QCOW2 conversion failed |
|
| ISO Artifact | ⏳ PENDING | Awaiting successful build |
|
||||||
| VM Boot Test | ⏳ PENDING | Awaiting valid disk images |
|
| VM Boot Test | ⏳ PENDING | Awaiting ISO build |
|
||||||
|
| Documentation | 🔄 IN PROGRESS | Updating to reflect ISO approach |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user