KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
171 Commits 1 Branch 0 Tags
main
Commit Graph

7 Commits

Author SHA1 Message Date
Charles N Wyble
cc1f218995 fix: add file utility and pin bats packages in Dockerfile 
live-build requires the 'file' command for installer processing.
Also pinned versions for bats-assert, bats-support, and bats-file
to satisfy hadolint DL3008 and ensure reproducible builds.

Reference: Build error "file: not found"

💘 Generated with Crush

Assisted-by: GLM-5 via Crush <crush@charm.land>
 2026-02-20 13:03:40 -05:00
Charles N Wyble
bdf1f1b395 fix: pin all package versions for reproducible builds (FINDING-006) 
Addresses Hadolint DL3008 warnings and ensures reproducible Docker builds
by pinning all apt packages to specific Debian 13 (trixie) versions.

Changes:
- Dockerfile: Pin 21 packages with version constraints
- tests/unit/build-iso_comprehensive_test.bats: Add 22 version pinning tests

Pinned versions from Debian 13 candidate:
- Base: ca-certificates, gnupg, curl, wget, git
- Build: live-build, debootstrap, squashfs-tools, xorriso, grub-*
- Testing: bats, shellcheck (bats-* helpers not versioned in Debian)
- Security: nftables, iptables, auditd, rsyslog

Fixes: FINDING-006 (Docker package versions not pinned)
Reference: Hadolint DL3008, reproducible builds best practice

💘 Generated with Crush

Assisted-by: Claude via Crush <crush@charm.land>
 2026-02-20 10:54:34 -05:00
ReachableCEO
29edabd51a chore: add multi-stage Dockerfile for build environment 
Create Docker build environment with live-build, Debian keyrings, and dependencies for ISO creation. Multi-stage build for efficient caching and minimal final image size.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-29 10:00:50 -05:00
Charles N Wyble
ff23e478e4 chore: Remove obsolete files and root scripts 
- Remove .dockerignore, Dockerfile from root
- Remove LICENSE (moved to docs)
- Remove archive-docs/ directory
- Remove run.sh (moved to src/)
- Clean up obsolete configuration

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:44 -05:00
Charles N Wyble
3fc85b8130 feat: Phase 1 - Project structure and build environment 
- Add project directory structure with config, src, tests directories
- Implement run.sh host wrapper script for Docker-based workflow
- Create Dockerfile for build/test environment with live-build
- Add basic live-build configuration with preseed and package lists
- Add .gitignore and .dockerignore files

This establishes the foundation for building the secure Debian ISO.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 10:22:03 -05:00
Charles N Wyble
54d988477f refactor: Complete directory cleanup 
Finalizes directory cleanup by removing obsolete files:
- All old debootstrap build scripts (docker-*.sh, final-simple-build.sh)
- All old documentation from root (BUILD-*.md, DOCKER-*.md)
- Obsolete Dockerfiles (Dockerfile, Dockerfile.build)
- Obsolete chroot-overlay/ directory (now using preseed.cfg)
- Old build.sh (replaced by scripts/build-iso.sh)

All files are now in proper directories:
- scripts/: Build and test scripts
- docs/: All documentation
- config/: Configuration files
- logs/: Log files
- keys/: WireGuard keys

Repository is clean and ready for production.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 12:01:10 -05:00
Charles N Wyble
bc769016bc feat: add universal Docker build system 
This implements a complete Docker-based build system that works on
ANY platform with Docker installed (Linux, macOS, Windows).

Key Features:
- Works on ANY system with Docker (universal)
- NO host dependencies needed (except Docker and shell)
- Entire build process runs inside Docker containers
- Reproducible build environment
- No sudo/root required on host
- No host tools needed (debootstrap, qemu, kpartx, etc.)

Files Added:
- Dockerfile - Complete build environment image
- docker-universal-build.sh - Universal Docker build script
- DOCKER-README.md - Complete Docker build documentation

Build Process (All Inside Docker):
1. Build Docker image with all tools (3-5 min)
2. Generate WireGuard keys (10 sec)
3. Bootstrap Debian trixie (10-15 min)
4. Apply configuration overlay (2 min)
5. Run hardening script (2 min)
6. Create disk images (5-8 min)
7. Test in VM (1-2 min)
8. Run compliance tests (2-3 min)
9. Create build report (1 min)

Total Build Time: ~30-40 minutes

Platform Support:
 Linux (any distro with Docker)
 macOS (with Docker Desktop)
 Windows (with Docker Desktop or WSL2)

Host Requirements (ONLY):
- Docker installed and running
- A shell (bash, zsh, etc.)
- Git (for cloning repo)

Host Requirements (NOT NEEDED):
 debootstrap (inside Docker)
 qemu-img (inside Docker)
 qemu-system (inside Docker)
 kpartx (inside Docker)
 WireGuard tools (inside Docker)
 sudo/root access (build runs in container)
 Linux-specific tools (cross-platform)

Docker Image Includes:
- debootstrap (1.0.141)
- qemu-utils (qemu-img)
- qemu-system-x86_64
- kpartx
- grub2-common, grub-efi-amd64
- wireguard-tools
- All required dependencies

Usage:
1. Clone repository
2. Run: ./docker-universal-build.sh
3. Wait 30-40 minutes
4. Output: football-physical.img, football-vm.qcow2

Output Files:
- output/football-physical.img (8GB raw image)
- output/football-vm.qcow2 (QCOW2 image)
- BUILD-REPORT.txt (detailed build report)
- private.key, public.key (WireGuard keys)

This provides universal build capability that works on
any system with Docker installed, regardless of host OS
or available tools.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-13 16:19:28 -05:00