docs: create PreFlightDiscussion-03.md for final clarification
- Need clarification on package management implementation approach - All other items resolved from PreFlightDiscussion-02.md - Options: live hooks vs installed hooks, remove vs disable - Ready to update specification once this final item is resolved
This commit is contained in:
60
PreFlightDiscussion-03.md
Normal file
60
PreFlightDiscussion-03.md
Normal file
@@ -0,0 +1,60 @@
|
||||
# Pre-Flight Discussion - Round 3
|
||||
|
||||
## Final Clarification Needed:
|
||||
|
||||
### Package Management Implementation Details
|
||||
- **Your Feedback**: Remove apt execution permissions, use chattr +i, concerned about core system packages
|
||||
- **Question**: How should we handle this in the live-build hooks?
|
||||
|
||||
**Implementation Options:**
|
||||
1. **In `config/hooks/live/`** - Modify the live system during build
|
||||
2. **In `config/hooks/installed/`** - Modify after installation but before reboot
|
||||
3. **Both** - Ensure comprehensive removal/disable
|
||||
|
||||
**Specific Questions:**
|
||||
- Should we attempt to remove `apt` and `dpkg` entirely (if possible)?
|
||||
- Or just remove execute permissions and make immutable with `chattr +i`?
|
||||
- What about package management metadata in `/var/lib/apt/` and `/var/lib/dpkg/`?
|
||||
- Should we also remove package management tools like `aptitude`, `synaptic`, etc.?
|
||||
|
||||
## All Other Items ✅ RESOLVED:
|
||||
|
||||
### Compliance Framework
|
||||
- ✅ CMMC Level 3
|
||||
- ✅ CIS Benchmark for Debian Linux + Debian STIG (last for Debian 11)
|
||||
- ✅ Adapt Debian 11 STIG for Debian 13
|
||||
|
||||
### QR Code Implementation
|
||||
- ✅ zbar for scanning (no generation needed)
|
||||
- ✅ Shell script for scan and config update
|
||||
- ✅ Standard WireGuard QR format
|
||||
|
||||
### Testing Strategy
|
||||
- ✅ Include test suite in ISO
|
||||
- ✅ Command line execution
|
||||
|
||||
### Package Management
|
||||
- ✅ Remove execute permissions
|
||||
- ✅ Use `chattr +i` for immutability
|
||||
- ? Need clarification on implementation approach
|
||||
|
||||
### Preseed Configuration
|
||||
- ✅ Timezone: US/Chicago
|
||||
- ✅ Keyboard: Standard US English
|
||||
- ✅ Password complexity in preseed
|
||||
|
||||
### Secure Boot
|
||||
- ✅ Include secure boot keys in ISO
|
||||
- ✅ UEFI only (no Legacy BIOS)
|
||||
- ✅ Measured boot
|
||||
|
||||
### Documentation
|
||||
- ✅ No user guides in ISO
|
||||
- ✅ No inline help for shortcuts
|
||||
- ✅ Technical documentation in repo only
|
||||
|
||||
---
|
||||
|
||||
**Status**: Waiting for final clarification on package management implementation
|
||||
**Next Action**: Update specification with all decisions and begin implementation
|
||||
**Ready for Implementation**: Almost there - need this final detail
|
||||
Reference in New Issue
Block a user