KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
143 Commits 1 Branch 0 Tags
89fd6b7dfb457ebae6ee1076488eeeac70dfa60a
Commit Graph

9 Commits

Author SHA1 Message Date
Charles N Wyble
bed3b07b81 fix: correct security-hardening.sh hook function calls 
- Fix function name: configure_ssh → configure_ssh_client (matches src/)
- Add missing configure_fim call for AIDE File Integrity Monitoring

These functions exist in src/security-hardening.sh but the hook was
calling the wrong name or missing the FIM call entirely.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-02-19 09:11:43 -05:00
Charles N Wyble
0b9ede5f84 fix: resolve all shellcheck warnings and security issues 
- fix(shellcheck): SC2016 in encryption-setup.sh - remove non-expanding $(blkid...)
- fix(shellcheck): SC1091 in firewall-setup.sh and security-hardening.sh - add disable directives
- security: SSH PasswordAuthentication yes -> no (PRD FR-006 violation)
- fix: date expansion in encryption-validation.sh heredoc
- docs: create SDLC.md with TDD workflow and security requirements
- docs: update AGENTS.md to reference SDLC.md
- chore: update STATUS.md with build completion
- chore: minor build-iso.sh output formatting

All 78 tests pass (63 run, 15 skip for libvirt).
Zero shellcheck warnings.

💘 Generated with Crush

Assisted-by: GLM-5 via Crush <crush@charm.land>
 2026-02-17 11:34:11 -05:00
Charles N Wyble
d00f3c9f02 fix: resolve shellcheck warnings in shell scripts 
Improve code quality by addressing shellcheck warnings
across security-critical scripts.

src/security-hardening.sh:
- Add shellcheck directive for SC2120/SC2119
- Function configure_password_policy() accepts optional args
- Directive documents intentional usage pattern

src/firewall-setup.sh:
- Fix function argument passing in main()
- Properly pass arguments to configure_firewall()

config/hooks/installed/encryption-setup.sh:
- Consolidate echo commands to fix SC2129
- Use single redirect for multiple writes

Remaining warnings are non-critical:
- SC1091: Source files exist at runtime in Docker container
- SC2016: Intentional single quotes for sed pattern

No functional changes - purely code quality improvements.

💘 Generated with Crush

Assisted-by: GLM-5 via Crush <crush@charm.land>
 2026-02-17 10:12:01 -05:00
ReachableCEO
2ab8040bdf feat: add encryption validation and user notification hook 
Validate LUKS2 encryption configuration, create user-facing reminder files, MOTD messages, and first-boot check script to ensure encryption requirements are met and users are informed.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-29 10:00:05 -05:00
ReachableCEO
5cfa68be97 feat: add LUKS2 encryption setup hook 
Configure LUKS2 with AES-256-XTS encryption, cryptsetup-initramfs, initramfs modules, key management scripts, and encryption status systemd service for automated encryption setup during installation.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-29 09:59:58 -05:00
Charles N Wyble
6f038c3888 refactor: Update installed hooks and package lists 
- Update disable-package-management.sh with immutable permissions
- Update install-scripts.sh with proper path handling
- Add knel-football.list.chroot package list
- Add desktop shortcuts for VPN configuration
- Add USB automount support

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:27 -05:00
Charles N Wyble
1edf8665e9 refactor: Update live hooks for Docker compliance 
- Update firewall-setup.sh with proper volume path sourcing
- Update security-hardening.sh with modular function calls
- Update qr-code-import.sh with enhanced QR scanning
- Update install-scripts.sh with desktop shortcuts
- Add proper permission handling

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:21 -05:00
Charles N Wyble
70bdba52da chore: Update .gitignore for KNEL-Football project 
- Update to ignore KNEL-Football specific build artifacts
- Remove blanket config/ directory ignore
- Add build directories and temporary files
- Add ISO artifacts and checksum patterns
- Add security exclusions for keys and secrets

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:08 -05:00
Charles N Wyble
6cd53bc7ba feat: Add live-build hooks 
- Add security-hardening.sh for system hardening
- Add firewall-setup.sh for nftables configuration
- Add qr-code-import.sh for WireGuard QR scanning
- Add disable-package-management.sh to secure package tools
- Add install-scripts.sh to install source utilities

These hooks implement core security and functionality requirements.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 10:25:16 -05:00