From 4cafafba56df530ee40662c80eb510e0a307d25d Mon Sep 17 00:00:00 2001 From: Charles N Wyble Date: Wed, 21 Jan 2026 15:39:46 -0500 Subject: [PATCH] refactor: Update build-iso.sh for Docker compliance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Enhance build-iso.sh with strict Docker container usage - Add proper volume mounts (/workspace:/build:/output) - Ensure all operations inside container - Add comprehensive error handling and reporting - Only copy final artifacts (ISO, checksums, reports) 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush --- src/build-iso.sh | 264 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 200 insertions(+), 64 deletions(-) diff --git a/src/build-iso.sh b/src/build-iso.sh index 36012a8..a134e22 100755 --- a/src/build-iso.sh +++ b/src/build-iso.sh @@ -1,82 +1,218 @@ #!/bin/bash -# Main ISO build script +# Main ISO build script - STRICTLY Docker-based set -euo pipefail -# Configuration variables -readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -readonly PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" -readonly OUTPUT_DIR="${PROJECT_ROOT}/output" -readonly CONFIG_DIR="${PROJECT_ROOT}/config" +echo "=== KNEL-Football ISO Build ===" +echo "All operations performed in Docker container" -# Function to validate environment +# Configuration +readonly PROJECT_NAME="knel-football-secure" +readonly VERSION="1.0.0" +readonly DOCKER_IMAGE="knel-football-dev:latest" +readonly BUILD_TIMEOUT="3600" # 1 hour timeout + +# Function to validate Docker environment validate_environment() { - echo "Validating build environment..." - - # Check for required tools - local required_tools=("lb" "debootstrap" "mksquashfs") - for tool in "${required_tools[@]}"; do - if ! command -v "$tool" > /dev/null 2>&1; then - echo "Error: Required tool '$tool' not found" - exit 1 - fi - done - - # Verify configuration directory - if [[ ! -d "$CONFIG_DIR" ]]; then - echo "Error: Configuration directory not found at $CONFIG_DIR" - exit 1 - fi - - echo "Environment validation successful." + echo "Validating Docker environment..." + + # Check for Docker + if ! command -v docker >/dev/null 2>&1; then + echo "Error: Docker not found" + exit 1 + fi + + # Check if Docker image exists + if ! docker image inspect "$DOCKER_IMAGE" >/dev/null 2>&1; then + echo "Error: Docker image '$DOCKER_IMAGE' not found" + echo "Run: docker build -t $DOCKER_IMAGE ." + exit 1 + fi + + echo "Docker environment validation successful." } -# Function to prepare build environment -prepare_build() { - echo "Preparing build environment..." - - # Create output directory - mkdir -p "$OUTPUT_DIR" - - # Initialize live-build configuration - lb clean --purge - lb config - - echo "Build environment prepared." -} - -# Function to build ISO +# Function to build ISO in Docker container build_iso() { - echo "Building secure Debian ISO..." + echo "Building secure Debian ISO in Docker container..." + + # Clean up any existing container + docker rm -f "$PROJECT_NAME-build" 2>/dev/null || true + + # Run build in Docker container with proper volumes + docker run --name "$PROJECT_NAME-build" \ + --rm \ + -v "$(pwd)":/workspace:ro \ + -v "$(pwd)/tmp":/build \ + -v "$(pwd)/output":/output \ + -e TZ="UTC" \ + -e DEBIAN_FRONTEND="noninteractive" \ + -e LC_ALL="C" \ + "$DOCKER_IMAGE" \ + bash -c " +echo '=== Building KNEL-Football Secure OS ===' +echo 'All operations performed inside container' +echo 'Workspace: /workspace (read-only)' +echo 'Build: /build' +echo 'Output: /output' + +# Install build tools if not present +if ! command -v lb > /dev/null 2>&1; then + echo 'Installing build tools...' + apt-get update -qq + apt-get install -y live-build xorriso grub-pc-bin syslinux-utils +fi + +# Create build environment +cd /build +rm -rf ./* +echo 'Configuring live-build...' +lb config \ + --distribution testing \ + --architectures amd64 \ + --archive-areas 'main contrib non-free' \ + --mode debian \ + --chroot-filesystem squashfs \ + --binary-filesystem iso9660 \ + --binary-images iso-hybrid \ + --iso-application 'KNEL-Football Secure OS' \ + --iso-publisher 'KNEL-Football Security Team' \ + --iso-volume 'KNEL-Football Secure' \ + --linux-packages 'linux-image-amd64 linux-headers-amd64' \ + --debian-installer true \ + --debian-installer-gui true \ + --win32-loader true \ + --memtest memtest86+ \ + --source false \ + --apt-indices false \ + --apt-source-archives false + +# Apply configuration from workspace +if [ -d /workspace/config ]; then + echo 'Applying custom configuration...' + cp -r /workspace/config/* ./ +fi + +# Build ISO +echo 'Starting ISO build (30-60 minutes)...' +timeout $BUILD_TIMEOUT lb build + +if [ \$? -eq 0 ]; then + echo '✓ Build completed successfully!' - # Execute live-build - lb build - - # Move output files to output directory - if [[ -f "binary.hybrid.iso" ]]; then - mv "binary.hybrid.iso" "${OUTPUT_DIR}/knel-football.iso" + # Find and process ISO + ISO_FILE=\$(find . -name '*.iso' -type f | head -1) + if [ -n \"\$ISO_FILE\" ]; then + echo \"✓ ISO created: \$ISO_FILE\" + + # Generate checksums + sha256sum \"\$ISO_FILE\" > \"\${ISO_FILE}.sha256\" + md5sum \"\$ISO_FILE\" > \"\${ISO_FILE}.md5\" + + # Create KNEL-Football branded name + FINAL_ISO=\"${PROJECT_NAME}-v${VERSION}.iso\" + mv \"\$ISO_FILE\" \"\$FINAL_ISO\" + mv \"\${ISO_FILE}.sha256\" \"\${FINAL_ISO}.sha256\" + mv \"\${ISO_FILE}.md5\" \"\${FINAL_ISO}.md5\" + + # Copy artifacts to output volume + cp \"\$FINAL_ISO\" \"\${FINAL_ISO}.sha256\" \"\${FINAL_ISO}.md5\" /output/ + + # Create build report + cat > /output/BUILD-REPORT.txt << REPORT +KNEL-Football Secure OS Build Report +================================= +Build Date: \$(date) +Build Environment: Docker Container ($DOCKER_IMAGE) +Version: $VERSION +Architecture: x86_64 + +Files Created: +- $PROJECT_NAME-v$VERSION.iso (bootable ISO) +- $PROJECT_NAME-v$VERSION.sha256 (SHA256 checksum) +- $PROJECT_NAME-v$VERSION.md5 (MD5 checksum) + +Technical Specifications: +- Base Distribution: Debian Testing +- Boot Support: Hybrid UEFI/Legacy BIOS +- Filesystem: SquashFS + ISO9660 +- Package Manager: apt +- Init System: systemd + +Features: +- Debian Installer with GUI +- Full firmware support +- Security configurations +- Memtest86+ memory testing + +Build Status: SUCCESSFUL + +Next Steps: +1. Test ISO on target hardware +2. Validate installation process +3. Apply KNEL-Football security configurations +4. Deploy to production environment + +ISO Information: +Type: Hybrid (UEFI + Legacy BIOS compatible) +Checksum: SHA256 (see .sha256 file) + +Contact: KNEL-Football IT Security Team +Generated: \$(date) +REPORT + + echo '✓ Build report created' + echo '✓ All artifacts copied to /output/' + + # Display ISO info + if [ -f \"/output/\$FINAL_ISO\" ]; then + echo '' + echo 'ISO Details:' + echo \"File: \$FINAL_ISO\" + echo \"Size: \$(du -h \"/output/\$FINAL_ISO\" | cut -f1)\" + echo \"SHA256: \$(cat \"/output/\${FINAL_ISO}.sha256\" | cut -d' ' -f1)\" + fi + else - echo "Error: ISO file not generated" + echo '✗ No ISO file found' exit 1 fi - - # Generate checksum - cd "$OUTPUT_DIR" - sha256sum "knel-football.iso" > "knel-football.iso.sha256" - cd - > /dev/null - - echo "ISO build completed successfully." - echo "Output: ${OUTPUT_DIR}/knel-football.iso" +else + echo '✗ Build failed or timed out' + exit 1 +fi +" + + # Check if build succeeded + echo "" + echo "=== BUILD COMPLETION CHECK ===" + + if [ -f "output/$PROJECT_NAME-v$VERSION.iso" ]; then + echo "✓ BUILD SUCCESSFUL!" + echo "✓ ISO created: $PROJECT_NAME-v$VERSION.iso" + echo "✓ Size: $(du -h "output/$PROJECT_NAME-v$VERSION.iso" | cut -f1)" + echo "✓ SHA256: $(cat "output/$PROJECT_NAME-v$VERSION.sha256" | cut -d' ' -f1)" + echo "All operations performed in Docker container - NO host modifications" + return 0 + else + echo "✗ BUILD FAILED" + echo "Check Docker container output for errors" + return 1 + fi } # Main execution main() { - echo "Starting KNEL-Football secure ISO build..." - - validate_environment - prepare_build - build_iso - - echo "Build process completed successfully!" + echo "Starting KNEL-Football secure ISO build..." + + # Ensure output directory exists + mkdir -p output + mkdir -p tmp + + validate_environment + build_iso + + echo "Build process completed successfully!" + echo "All operations performed in Docker container - NO host system modifications" } -main "$@" \ No newline at end of file +main "$@"