KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
171 Commits 1 Branch 0 Tags
main
Commit Graph

8 Commits

Author SHA1 Message Date
Charles N Wyble
9b3e282d20 feat: add shared git hooks with setup script 
Git hooks were only in .git/hooks/ which isn't tracked by git.
Created a shared githooks/ directory so all contributors get
the pre-commit hook that enforces SDLC requirements.

Changes:
- githooks/pre-commit: Pre-commit hook enforcing SDLC (lint, tests, docs)
- scripts/setup-githooks.sh: Script to configure git core.hooksPath
- README.md: Added first-time setup instructions
- AGENTS.md: Updated startup steps and project structure

Users/agents run ./scripts/setup-githooks.sh after cloning to enable hooks.

Reference: docs/SDLC.md

💘 Generated with Crush

Assisted-by: GLM-5 via Crush <crush@charm.land>
 2026-02-20 12:11:28 -05:00
Charles N Wyble
69d6c81e1c feat: Complete repository reset for fresh start 
- Remove all project files and directories
- Keep git history intact
- Archive documentation in archive-docs/ directory

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 08:56:22 -05:00
Charles N Wyble
1339705f9d progress snapshot 2026-01-21 08:33:09 -05:00
Charles N Wyble
6c96f3c549 feat: Add VM control script with libvirt support 
Added comprehensive VM management script for testing Football ISO
using libvirt/virsh instead of direct QEMU commands.

1. **VM Control Script** (scripts/qvm.sh):
   - Define VM in libvirt with proper XML
   - Start/stop VM with virsh commands
   - Reboot VM with virsh
   - Check VM status
   - Open VNC console viewer
   - Delete VM, disk, and ISO

2. **VM Configuration**:
   - Name: football-test
   - Memory: 2GB RAM
   - CPUs: 2
   - Disk: 8GB qcow2
   - Display: VNC (auto-port, localhost)
   - Network: user (NAT)
   - Boot: ISO (Football installer)
   - OS: Debian 13 (Trixie)

3. **Integration with virt-manager**:
   - VM shows in virsh list
   - Manageable via virt-manager GUI
   - VNC connection: localhost:5900
   - Standard libvirt XML definition

4. **Usage**:
   ./scripts/qvm.sh define   - Define VM in libvirt
   ./scripts/qvm.sh start    - Start VM
   ./scripts/qvm.sh stop     - Stop VM
   ./scripts/qvm.sh status   - Check status
   ./scripts/qvm.sh console  - Open VNC viewer
   ./scripts/qvm.sh delete   - Delete VM and files

Files Added:
- scripts/qvm.sh (VM control script with libvirt support)

Files Created (by VM definition):
- output/football-vm-disk.qcow2 (8GB VM disk)
- output/football-test.xml (libvirt VM definition)

Output:
- output/football-installer.iso (940MB, bootable Football ISO)

VM Status:
- Running in libvirt
- Visible in: virsh list
- VNC: localhost:5900
- Disk: 8GB qcow2

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-20 14:47:19 -05:00
Charles N Wyble
40f01e7814 chore: Rewrite build-iso.sh to use Docker-only 
Complete rewrite of build script to do ALL operations inside Docker
container, not on host system. This resolves permission issues and
ensures all work is containerized per AGENTS.md specification.

1. **Single Docker Container**:
   - All build steps now run in ONE Docker container
   - No directory operations on host system
   - No cleanup operations on host system
   - All temporary files created and cleaned inside container

2. **Fixed Directory Paths**:
   - ISO_DIR changed from scripts/iso-tmp to iso-tmp
   - Matches Docker volume mount (/build)
   - Resolves "No such directory" errors

3. **Added Missing Package**:
   - Added isolinux package to fix hybrid boot creation
   - Provides /usr/lib/ISOLINUX/isohdpfx.bin

4. **Docker-only Workflow**:
   - Host: Only creates output/ directory
   - Docker: Download, extract, inject, create ISO, cleanup
   - Output: ISO written to mounted volume

5. **Build Process**:
   Step 1: Download Debian ISO (inside Docker)
   Step 2: Extract ISO (inside Docker)
   Step 3: Inject preseed and scripts (inside Docker)
   Step 4: Create new ISO (inside Docker)
   Step 5: Verify ISO (inside Docker)
   Cleanup: Remove temporary directories (inside Docker)

Files Updated:
- scripts/build-iso.sh (complete rewrite, Docker-only)

Output:
- output/football-installer.iso (940MB, bootable)

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-20 14:39:05 -05:00
Charles N Wyble
d67a8d38b0 chore: Update build paths after cleanup 
Updated BUILD_DIR path to parent directory and adjusted ISO_DIR
location in build-iso.sh script.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-20 13:52:40 -05:00
Charles N Wyble
471ac78a4c feat: Complete ISO build system with security features 
Major updates for production-ready ISO:

1. **Debian Version**:
   - Updated to Debian 13.3.0 stable (released)
   - No longer using testing/sid
   - Using debian:stable Docker image

2. **Password Complexity Enforcement**:
   - Added libpam-pwquality and libpwquality packages
   - Password complexity enforced during install via PAM
   - Configured in security-config.sh:
     * Minimum 12 characters
     * Mixed case required
     * At least one digit
     * At least one special character
     * 3 character classes required
   - Preseed enforces password checks during installer

3. **Auto-Lock After 1 Minute**:
   - Added xautolock and xscreensaver packages
   - Configured in .xinitrc for auto-lock after 1 minute idle
   - Uses xscreensaver-command -lock for screen locking

4. **USB Drive Mounting**:
   - Added udisks2, gvfs-backends, gvfs-fuse packages
   - Created polkit rules for USB mounting
   - User added to plugdev and cdrom groups
   - USB drives mountable via file manager

5. **WiFi and Bluetooth Disabling**:
   - Created config/disable-wifi-bt.sh script
   - Blacklists all WiFi kernel modules
   - Blacklists all Bluetooth kernel modules
   - Masks bluetooth service
   - Removes bluez packages

6. **First-Boot Verification**:
   - Created scripts/verify-system.sh
   - Created config/football-first-boot.service
   - Verifies all functional requirements
   - Runs once on first boot
   - Prevents re-running via status file

7. **ISO Build System**:
   - Updated to use Debian 13.3.0 stable ISO
   - Scripts and config baked into ISO
   - Docker-based build process
   - Corrected ISO filename throughout

8. **Preseed Configuration**:
   - Manual user creation (not automated)
   - Manual password prompts (enforced via PAM)
   - Late_command applies all security configs
   - Copies verification script to target
   - Enables first-boot verification service

Files Added:
- config/disable-wifi-bt.sh (WiFi/BT disabling)
- config/security-config.sh (password complexity, auto-lock, USB mounting)
- config/football-first-boot.service (first-boot verification systemd service)
- scripts/verify-system.sh (comprehensive verification script)

Files Updated:
- config/preseed.cfg (password enforcement, security packages, late_command)
- scripts/build-iso.sh (Debian 13.3.0, correct filenames)
- docs/FUNCTIONAL-REQUIREMENTS.md (verification strategy)
- AGENTS.md (documentation references)
- README.md (documentation references)

All requirements from this session implemented:
✓ Password complexity enforced during install
✓ Auto-lock after 1 minute idle
✓ USB drive mounting enabled
✓ WiFi/Bluetooth disabled
✓ First-boot verification
✓ Scripts baked into ISO (no internet needed)
✓ All packages in ISO
✓ Debian 13.3.0 stable

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 12:33:49 -05:00
Charles N Wyble
7d286f8f2c refactor: Move active scripts to scripts/ directory 
Moves current active scripts to scripts/ directory:
- build-iso.sh: Creates Debian ISO with preseed
- test-iso.sh: Tests ISO in QEMU VM

Keeps root directory clean and organized.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:46:53 -05:00