From b246f06e6d63f708f3f5030c77295d3b964f368c Mon Sep 17 00:00:00 2001 From: Charles N Wyble Date: Wed, 21 Jan 2026 09:20:39 -0500 Subject: [PATCH] docs: update spec with Debian 13.3.0 details - Update base image to Debian 13.3.0 (Trixie) stable release - Clarify all packages must be pre-included in ISO (no internet downloads) - Update USB mount requirements to include pre-installed utilities - Specify exact ISO: debian-13.3.0-amd64-netinst.iso --- football-spec.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/football-spec.md b/football-spec.md index 3909c3c..3d911c0 100644 --- a/football-spec.md +++ b/football-spec.md @@ -38,8 +38,9 @@ This project aims to build a highly secure, compliant Debian 13 (Trixie) install #### Network Restrictions - **WiFi**: Permanently disabled via kernel module blacklist - **Bluetooth**: Permanently disabled via kernel module blacklist -- **General Internet**: Disabled by default +- **General Internet**: Disabled by default - all packages must be included in ISO - **Allowed Traffic**: WireGuard tunnel traffic only +- **Package Sources**: All required packages pre-included in ISO, no external downloads during or after installation #### Firewall Configuration - **Default Policy**: Deny all inbound and outbound traffic @@ -58,6 +59,7 @@ This project aims to build a highly secure, compliant Debian 13 (Trixie) install - Automatic detection and mounting of USB storage devices - Support for common filesystems (ext4, FAT32, NTFS) - Proper permissions for configuration file copying +- All required filesystem utilities pre-installed in ISO #### Desktop Shortcuts 1. **WireGuard Configuration Editor** @@ -74,7 +76,8 @@ This project aims to build a highly secure, compliant Debian 13 (Trixie) install ### Build Process - **Tool**: `live-build` for ISO generation -- **Base Image**: Debian 13 (Trixie) netinst +- **Base Image**: Debian 13.3.0 (Trixie) netinst +- **Specific ISO**: debian-13.3.0-amd64-netinst.iso from official Debian mirrors - **Customization**: Config hooks for security hardening ### Preseed Configuration @@ -286,7 +289,7 @@ main "$@" # Multi-stage build for security hardening # Base stage -FROM debian:trixie-slim AS base +FROM debian:13.3-slim AS base # Set environment variables ENV DEBIAN_FRONTEND=noninteractive