#!/bin/bash # KNEL-Football ISO Builder - Host Wrapper # This script orchestrates Docker-based build process # Copyright © 2026 Known Element Enterprises LLC # License: GNU Affero General Public License v3.0 only set -euo pipefail # Configuration variables SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" readonly SCRIPT_DIR readonly DOCKER_IMAGE="knel-football-dev:latest" readonly OUTPUT_DIR="${SCRIPT_DIR}/output" readonly BUILD_DIR="${SCRIPT_DIR}/tmp" # Create output and build directories if they don't exist mkdir -p "${OUTPUT_DIR}" "${BUILD_DIR}" # Function to show usage usage() { echo "Usage: $0 [command]" echo "Commands:" echo " build Build Docker image" echo " test Run all tests" echo " lint Run linting checks" echo " clean Clean build artifacts" echo " shell Interactive shell in build container" echo " iso Build ISO (30-60 minutes)" echo " help Show this help message" exit 1 } # Main execution logic main() { local command="${1:-help}" case "${command}" in build) echo "Building KNEL-Football Docker image..." docker build -t "${DOCKER_IMAGE}" "${SCRIPT_DIR}" ;; test) echo "Running KNEL-Football test suite..." docker run --rm \ -v "${SCRIPT_DIR}:/workspace:ro" \ -v "${BUILD_DIR}:/build" \ -e BATS_TMPDIR=/build/tmp \ "${DOCKER_IMAGE}" \ bats -r /workspace/tests/ ;; lint) echo "Running linting checks..." docker run --rm \ -v "${SCRIPT_DIR}:/workspace:ro" \ "${DOCKER_IMAGE}" \ bash -c "find /workspace -name '*.sh' -print0 | xargs -0 shellcheck" ;; clean) echo "Cleaning build artifacts..." rm -rf "${OUTPUT_DIR:?}"/* rm -rf "${BUILD_DIR:?}"/* ;; shell) echo "Starting interactive shell..." docker run --rm -it \ -v "${SCRIPT_DIR}:/workspace:ro" \ -v "${OUTPUT_DIR}:/output" \ -v "${BUILD_DIR}:/build" \ -u "$(id -u):$(id -g)" \ -e TZ="America/Chicago" \ -e DEBIAN_FRONTEND="noninteractive" \ -e LC_ALL="C" \ "${DOCKER_IMAGE}" \ bash ;; iso) echo "Building KNEL-Football secure ISO..." echo "ALL operations run inside Docker container" echo "Timezone: America/Chicago" echo "Mandatory: Full disk encryption with LUKS2" docker run --rm \ --privileged \ --user root \ -v "${SCRIPT_DIR}:/workspace:ro" \ -v "${OUTPUT_DIR}:/output" \ -e TZ="America/Chicago" \ -e DEBIAN_FRONTEND="noninteractive" \ -e LC_ALL="C" \ -e USER_UID="$(id -u)" \ -e USER_GID="$(id -g)" \ "${DOCKER_IMAGE}" \ bash -c ' cd /tmp && rm -rf ./* && echo "Configuring live-build..." && lb config \ --distribution testing \ --architectures amd64 \ --archive-areas "main contrib non-free" \ --mode debian \ --chroot-filesystem squashfs \ --binary-images iso-hybrid \ --iso-application "KNEL-Football Secure OS" \ --iso-publisher "KNEL-Football Security Team" \ --iso-volume "KNEL-Football Secure" \ --debian-installer netinst \ --debian-installer-gui true \ --source false \ --apt-indices false \ --apt-source-archives false && if [ -d /workspace/config ]; then echo "Applying custom configuration..." cp -r /workspace/config/* ./ fi && echo "Starting ISO build..." && timeout 3600 lb build && ISO_FILE=$(find . -name "*.iso" -type f | head -1) && if [ -n "$ISO_FILE" ]; then echo "ISO created: $ISO_FILE" sha256sum "$ISO_FILE" > "${ISO_FILE}.sha256" md5sum "$ISO_FILE" > "${ISO_FILE}.md5" FINAL_ISO="knel-football-secure-v1.0.0.iso" mv "$ISO_FILE" "$FINAL_ISO" mv "${ISO_FILE}.sha256" "${FINAL_ISO}.sha256" mv "${ISO_FILE}.md5" "${FINAL_ISO}.md5" USER_UID=${USER_UID:-1000} USER_GID=${USER_GID:-1000} chown "$USER_UID:$USER_GID" "$FINAL_ISO" "${FINAL_ISO}.sha256" "${FINAL_ISO}.md5" cp "$FINAL_ISO" "${FINAL_ISO}.sha256" "${FINAL_ISO}.md5" /output/ chown "$USER_UID:$USER_GID" /output/"$FINAL_ISO" /output/"${FINAL_ISO}.sha256" /output/"${FINAL_ISO}.md5" echo "ISO build completed" ls -lh /output/ else echo "ISO build failed" exit 1 fi ' 2>&1 | tee /tmp/knel-iso-build.log ;; help|*) usage ;; esac } main "$@"