From 29edabd51a378c9fd96801746621b82af68d97fc Mon Sep 17 00:00:00 2001 From: ReachableCEO Date: Thu, 29 Jan 2026 10:00:50 -0500 Subject: [PATCH] chore: add multi-stage Dockerfile for build environment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Create Docker build environment with live-build, Debian keyrings, and dependencies for ISO creation. Multi-stage build for efficient caching and minimal final image size. 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush --- Dockerfile | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..59e075c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,78 @@ +# KNEL-Football ISO Builder - Dockerfile +# Multi-stage build for security hardening and reproducible builds +# Copyright © 2026 Known Element Enterprises LLC +# License: GNU Affero General Public License v3.0 only + +# Base stage - minimal Debian 13 base +FROM debian:13.3-slim AS base + +# Set environment variables for non-interactive installation +ENV DEBIAN_FRONTEND=noninteractive +ENV LANG=C.UTF-8 +ENV LC_ALL=C +ENV TZ=UTC + +# Install base dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + gnupg \ + curl \ + wget \ + git \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Builder stage - ISO build tools +FROM base AS builder + +# Install live-build and ISO creation tools +RUN apt-get update && apt-get install -y --no-install-recommends \ + live-build \ + debootstrap \ + squashfs-tools \ + xorriso \ + grub-pc-bin \ + grub-efi-amd64-bin \ + grub-efi-ia32-bin \ + mtools \ + dosfstools \ + syslinux-utils \ + isolinux \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Install testing framework +RUN apt-get update && apt-get install -y --no-install-recommends \ + bats \ + bats-assert \ + bats-support \ + bats-file \ + shellcheck \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Install security and system tools +RUN apt-get update && apt-get install -y --no-install-recommends \ + nftables \ + iptables \ + auditd \ + rsyslog \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Create workspace directories +RUN mkdir -p /workspace /build /tmp /output + +# Create non-root user for running builds +RUN groupadd -r builder && useradd -r -g builder builder \ + && mkdir -p /home/builder \ + && chown -R builder:builder /workspace /build /tmp /output /home/builder + +# Set working directory +WORKDIR /workspace + +# Switch to non-root user +USER builder + +# Default command +CMD ["/bin/bash"]