feat: Add core build scripts
- Add build-iso.sh with validation and build functions - Add firewall-setup.sh with dynamic nftables configuration - Add security-hardening.sh with comprehensive hardening functions - All scripts follow strict mode and are executable These provide the core functionality for the secure ISO build process. 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
This commit is contained in:
82
src/build-iso.sh
Executable file
82
src/build-iso.sh
Executable file
@@ -0,0 +1,82 @@
|
||||
#!/bin/bash
|
||||
# Main ISO build script
|
||||
set -euo pipefail
|
||||
|
||||
# Configuration variables
|
||||
readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
readonly PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
|
||||
readonly OUTPUT_DIR="${PROJECT_ROOT}/output"
|
||||
readonly CONFIG_DIR="${PROJECT_ROOT}/config"
|
||||
|
||||
# Function to validate environment
|
||||
validate_environment() {
|
||||
echo "Validating build environment..."
|
||||
|
||||
# Check for required tools
|
||||
local required_tools=("lb" "debootstrap" "mksquashfs")
|
||||
for tool in "${required_tools[@]}"; do
|
||||
if ! command -v "$tool" > /dev/null 2>&1; then
|
||||
echo "Error: Required tool '$tool' not found"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# Verify configuration directory
|
||||
if [[ ! -d "$CONFIG_DIR" ]]; then
|
||||
echo "Error: Configuration directory not found at $CONFIG_DIR"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Environment validation successful."
|
||||
}
|
||||
|
||||
# Function to prepare build environment
|
||||
prepare_build() {
|
||||
echo "Preparing build environment..."
|
||||
|
||||
# Create output directory
|
||||
mkdir -p "$OUTPUT_DIR"
|
||||
|
||||
# Initialize live-build configuration
|
||||
lb clean --purge
|
||||
lb config
|
||||
|
||||
echo "Build environment prepared."
|
||||
}
|
||||
|
||||
# Function to build ISO
|
||||
build_iso() {
|
||||
echo "Building secure Debian ISO..."
|
||||
|
||||
# Execute live-build
|
||||
lb build
|
||||
|
||||
# Move output files to output directory
|
||||
if [[ -f "binary.hybrid.iso" ]]; then
|
||||
mv "binary.hybrid.iso" "${OUTPUT_DIR}/knel-football.iso"
|
||||
else
|
||||
echo "Error: ISO file not generated"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Generate checksum
|
||||
cd "$OUTPUT_DIR"
|
||||
sha256sum "knel-football.iso" > "knel-football.iso.sha256"
|
||||
cd - > /dev/null
|
||||
|
||||
echo "ISO build completed successfully."
|
||||
echo "Output: ${OUTPUT_DIR}/knel-football.iso"
|
||||
}
|
||||
|
||||
# Main execution
|
||||
main() {
|
||||
echo "Starting KNEL-Football secure ISO build..."
|
||||
|
||||
validate_environment
|
||||
prepare_build
|
||||
build_iso
|
||||
|
||||
echo "Build process completed successfully!"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
Reference in New Issue
Block a user