KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Update build-iso.sh for Docker compliance

Browse Source 
- Enhance build-iso.sh with strict Docker container usage
- Add proper volume mounts (/workspace:/build:/output)
- Ensure all operations inside container
- Add comprehensive error handling and reporting
- Only copy final artifacts (ISO, checksums, reports)

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
2026-01-21 15:39:46 -05:00
parent 9b0cbc658d
commit 4cafafba56
1 changed files with 200 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

264
src/build-iso.sh
View File

@@ -1,82 +1,218 @@
#!/bin/bash
# Main ISO build script
# Main ISO build script - STRICTLY Docker-based
set -euo pipefail
# Configuration variables
readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
readonly PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
readonly OUTPUT_DIR="${PROJECT_ROOT}/output"
readonly CONFIG_DIR="${PROJECT_ROOT}/config"
echo "=== KNEL-Football ISO Build ==="
echo "All operations performed in Docker container"
# Function to validate environment
# Configuration
readonly PROJECT_NAME="knel-football-secure"
readonly VERSION="1.0.0"
readonly DOCKER_IMAGE="knel-football-dev:latest"
readonly BUILD_TIMEOUT="3600" # 1 hour timeout
# Function to validate Docker environment
validate_environment() {
echo "Validating build environment..."
# Check for required tools
local required_tools=("lb" "debootstrap" "mksquashfs")
for tool in "${required_tools[@]}"; do
if ! command -v "$tool" > /dev/null 2>&1; then
echo "Error: Required tool '$tool' not found"
exit 1
fi
done
# Verify configuration directory
if [[ ! -d "$CONFIG_DIR" ]]; then
echo "Error: Configuration directory not found at $CONFIG_DIR"
exit 1
fi
echo "Environment validation successful."
echo "Validating Docker environment..."
# Check for Docker
if ! command -v docker >/dev/null 2>&1; then
echo "Error: Docker not found"
exit 1
fi
# Check if Docker image exists
if ! docker image inspect "$DOCKER_IMAGE" >/dev/null 2>&1; then
echo "Error: Docker image '$DOCKER_IMAGE' not found"
echo "Run: docker build -t $DOCKER_IMAGE ."
exit 1
fi
echo "Docker environment validation successful."
}
# Function to prepare build environment
prepare_build() {
echo "Preparing build environment..."
# Create output directory
mkdir -p "$OUTPUT_DIR"
# Initialize live-build configuration
lb clean --purge
lb config
echo "Build environment prepared."
}
# Function to build ISO
# Function to build ISO in Docker container
build_iso() {
echo "Building secure Debian ISO..."
echo "Building secure Debian ISO in Docker container..."
# Clean up any existing container
docker rm -f "$PROJECT_NAME-build" 2>/dev/null || true
# Run build in Docker container with proper volumes
docker run --name "$PROJECT_NAME-build" \
--rm \
-v "$(pwd)":/workspace:ro \
-v "$(pwd)/tmp":/build \
-v "$(pwd)/output":/output \
-e TZ="UTC" \
-e DEBIAN_FRONTEND="noninteractive" \
-e LC_ALL="C" \
"$DOCKER_IMAGE" \
bash -c "
echo '=== Building KNEL-Football Secure OS ==='
echo 'All operations performed inside container'
echo 'Workspace: /workspace (read-only)'
echo 'Build: /build'
echo 'Output: /output'
# Install build tools if not present
if ! command -v lb > /dev/null 2>&1; then
echo 'Installing build tools...'
apt-get update -qq
apt-get install -y live-build xorriso grub-pc-bin syslinux-utils
fi
# Create build environment
cd /build
rm -rf ./*
echo 'Configuring live-build...'
lb config \
--distribution testing \
--architectures amd64 \
--archive-areas 'main contrib non-free' \
--mode debian \
--chroot-filesystem squashfs \
--binary-filesystem iso9660 \
--binary-images iso-hybrid \
--iso-application 'KNEL-Football Secure OS' \
--iso-publisher 'KNEL-Football Security Team' \
--iso-volume 'KNEL-Football Secure' \
--linux-packages 'linux-image-amd64 linux-headers-amd64' \
--debian-installer true \
--debian-installer-gui true \
--win32-loader true \
--memtest memtest86+ \
--source false \
--apt-indices false \
--apt-source-archives false
# Apply configuration from workspace
if [ -d /workspace/config ]; then
echo 'Applying custom configuration...'
cp -r /workspace/config/* ./
fi
# Build ISO
echo 'Starting ISO build (30-60 minutes)...'
timeout $BUILD_TIMEOUT lb build
if [ \$? -eq 0 ]; then
echo '✓ Build completed successfully!'
# Execute live-build
lb build
# Move output files to output directory
if [[ -f "binary.hybrid.iso" ]]; then
mv "binary.hybrid.iso" "${OUTPUT_DIR}/knel-football.iso"
# Find and process ISO
ISO_FILE=\$(find . -name '*.iso' -type f | head -1)
if [ -n \"\$ISO_FILE\" ]; then
echo \"✓ ISO created: \$ISO_FILE\"
# Generate checksums
sha256sum \"\$ISO_FILE\" > \"\${ISO_FILE}.sha256\"
md5sum \"\$ISO_FILE\" > \"\${ISO_FILE}.md5\"
# Create KNEL-Football branded name
FINAL_ISO=\"${PROJECT_NAME}-v${VERSION}.iso\"
mv \"\$ISO_FILE\" \"\$FINAL_ISO\"
mv \"\${ISO_FILE}.sha256\" \"\${FINAL_ISO}.sha256\"
mv \"\${ISO_FILE}.md5\" \"\${FINAL_ISO}.md5\"
# Copy artifacts to output volume
cp \"\$FINAL_ISO\" \"\${FINAL_ISO}.sha256\" \"\${FINAL_ISO}.md5\" /output/
# Create build report
cat > /output/BUILD-REPORT.txt << REPORT
KNEL-Football Secure OS Build Report
=================================
Build Date: \$(date)
Build Environment: Docker Container ($DOCKER_IMAGE)
Version: $VERSION
Architecture: x86_64
Files Created:
- $PROJECT_NAME-v$VERSION.iso (bootable ISO)
- $PROJECT_NAME-v$VERSION.sha256 (SHA256 checksum)
- $PROJECT_NAME-v$VERSION.md5 (MD5 checksum)
Technical Specifications:
- Base Distribution: Debian Testing
- Boot Support: Hybrid UEFI/Legacy BIOS
- Filesystem: SquashFS + ISO9660
- Package Manager: apt
- Init System: systemd
Features:
- Debian Installer with GUI
- Full firmware support
- Security configurations
- Memtest86+ memory testing
Build Status: SUCCESSFUL
Next Steps:
1. Test ISO on target hardware
2. Validate installation process
3. Apply KNEL-Football security configurations
4. Deploy to production environment
ISO Information:
Type: Hybrid (UEFI + Legacy BIOS compatible)
Checksum: SHA256 (see .sha256 file)
Contact: KNEL-Football IT Security Team
Generated: \$(date)
REPORT
echo '✓ Build report created'
echo '✓ All artifacts copied to /output/'
# Display ISO info
if [ -f \"/output/\$FINAL_ISO\" ]; then
echo ''
echo 'ISO Details:'
echo \"File: \$FINAL_ISO\"
echo \"Size: \$(du -h \"/output/\$FINAL_ISO\" | cut -f1)\"
echo \"SHA256: \$(cat \"/output/\${FINAL_ISO}.sha256\" | cut -d' ' -f1)\"
fi
else
echo "Error: ISO file not generated"
echo '✗ No ISO file found'
exit 1
fi
# Generate checksum
cd "$OUTPUT_DIR"
sha256sum "knel-football.iso" > "knel-football.iso.sha256"
cd - > /dev/null
echo "ISO build completed successfully."
echo "Output: ${OUTPUT_DIR}/knel-football.iso"
else
echo '✗ Build failed or timed out'
exit 1
fi
"
# Check if build succeeded
echo ""
echo "=== BUILD COMPLETION CHECK ==="
if [ -f "output/$PROJECT_NAME-v$VERSION.iso" ]; then
echo "✓ BUILD SUCCESSFUL!"
echo "✓ ISO created: $PROJECT_NAME-v$VERSION.iso"
echo "✓ Size: $(du -h "output/$PROJECT_NAME-v$VERSION.iso" | cut -f1)"
echo "✓ SHA256: $(cat "output/$PROJECT_NAME-v$VERSION.sha256" | cut -d' ' -f1)"
echo "All operations performed in Docker container - NO host modifications"
return 0
else
echo "✗ BUILD FAILED"
echo "Check Docker container output for errors"
return 1
fi
}
# Main execution
main() {
echo "Starting KNEL-Football secure ISO build..."
validate_environment
prepare_build
build_iso
echo "Build process completed successfully!"
echo "Starting KNEL-Football secure ISO build..."
# Ensure output directory exists
mkdir -p output
mkdir -p tmp
validate_environment
build_iso
echo "Build process completed successfully!"
echo "All operations performed in Docker container - NO host system modifications"
}
main "$@"
main "$@"