football

KNEL/football

Fork 0

Commit Graph

Author	SHA1	Message	Date
Charles N Wyble	96e8b9f446	fix: remove systemd-boot to resolve build conflict systemd-boot and GRUB EFI conflict during package configuration. systemd-boot also fails to configure in chroot (no efivars available). Using GRUB with shim-signed for UEFI Secure Boot instead. Changes: - config/package-lists: Remove systemd-boot, systemd-boot-efi - tests/unit/secureboot_test.bats: Update test for GRUB instead Reference: Build failure in binary phase 💘 Generated with Crush Assisted-by: GLM-5 via Crush <crush@charm.land>	2026-02-20 12:27:20 -05:00
Charles N Wyble	2d9c66138a	fix: correct package name from sbsigntools to sbsigntool The package name in Debian repositories is sbsigntool (singular), not sbsigntools (plural). This typo was causing ISO builds to fail with: E: Unable to locate package sbsigntools Files fixed: - config/package-lists/knel-football.list.chroot - package list - tests/unit/secureboot_test.bats - test reference - docs/TEST-COVERAGE.md - documentation - docs/PRD.md - requirements documentation Reference: Security audit FINDING-007 (test coverage) 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>	2026-02-20 11:24:29 -05:00
Charles N Wyble	59122570a6	feat: enforce SDLC compliance with pre-commit hook and documentation - Add .git/hooks/pre-commit for automatic SDLC enforcement - Blocks commits on lint warnings - Blocks commits on test failures - Checks test coverage for modified files - Warns on missing documentation updates - Update AGENTS.md with mandatory SDLC compliance section - Visual workflow diagram - Zero tolerance policy - Pre-commit hook documentation - Fix SC2012 lint warnings in run.sh (lines 74, 551) - Changed ls \| head to find -print -quit - Add FR-012 Secure Boot with UKI to docs/PRD.md - Trust chain requirements - Key specifications (RSA-4096, SHA-256, 3650 days) - Kernel lockdown requirements - Update docs/security-model.md with Secure Boot trust chain - Full trust chain diagram - Key hierarchy - Kernel lockdown effects - Update docs/TEST-COVERAGE.md with Secure Boot tests - Add tests/unit/secureboot_test.bats (70+ tests for Secure Boot) - Fix test bugs in build-iso and run comprehensive tests - Changed distribution from 'testing' to 'trixie' - Fixed Secure Boot key test patterns for multiline matches 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>	2026-02-20 08:44:56 -05:00

Author

SHA1

Message

Date

Charles N Wyble

96e8b9f446

fix: remove systemd-boot to resolve build conflict

systemd-boot and GRUB EFI conflict during package configuration.
systemd-boot also fails to configure in chroot (no efivars available).
Using GRUB with shim-signed for UEFI Secure Boot instead.

Changes:
- config/package-lists: Remove systemd-boot, systemd-boot-efi
- tests/unit/secureboot_test.bats: Update test for GRUB instead

Reference: Build failure in binary phase

💘 Generated with Crush

Assisted-by: GLM-5 via Crush <crush@charm.land>

2026-02-20 12:27:20 -05:00

Charles N Wyble

2d9c66138a

fix: correct package name from sbsigntools to sbsigntool

The package name in Debian repositories is sbsigntool (singular), not
sbsigntools (plural). This typo was causing ISO builds to fail with:
  E: Unable to locate package sbsigntools

Files fixed:
- config/package-lists/knel-football.list.chroot - package list
- tests/unit/secureboot_test.bats - test reference
- docs/TEST-COVERAGE.md - documentation
- docs/PRD.md - requirements documentation

Reference: Security audit FINDING-007 (test coverage)

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

2026-02-20 11:24:29 -05:00

Charles N Wyble

59122570a6

feat: enforce SDLC compliance with pre-commit hook and documentation

- Add .git/hooks/pre-commit for automatic SDLC enforcement
  - Blocks commits on lint warnings
  - Blocks commits on test failures
  - Checks test coverage for modified files
  - Warns on missing documentation updates

- Update AGENTS.md with mandatory SDLC compliance section
  - Visual workflow diagram
  - Zero tolerance policy
  - Pre-commit hook documentation

- Fix SC2012 lint warnings in run.sh (lines 74, 551)
  - Changed ls | head to find -print -quit

- Add FR-012 Secure Boot with UKI to docs/PRD.md
  - Trust chain requirements
  - Key specifications (RSA-4096, SHA-256, 3650 days)
  - Kernel lockdown requirements

- Update docs/security-model.md with Secure Boot trust chain
  - Full trust chain diagram
  - Key hierarchy
  - Kernel lockdown effects

- Update docs/TEST-COVERAGE.md with Secure Boot tests

- Add tests/unit/secureboot_test.bats (70+ tests for Secure Boot)

- Fix test bugs in build-iso and run comprehensive tests
  - Changed distribution from 'testing' to 'trixie'
  - Fixed Secure Boot key test patterns for multiline matches

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

2026-02-20 08:44:56 -05:00

3 Commits