football/docker-build.sh

#!/bin/bash
# Docker-based build script for Football System
# This bypasses sudo restrictions by using Docker

set -e

echo "================================================"
echo "Football Docker Build Script"
echo "================================================"
echo ""

# Configuration
DEBIAN_VERSION="trixie"
BUILD_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CHROOT_DIR="$BUILD_DIR/chroot"
OUTPUT_DIR="$BUILD_DIR/output"
IMAGE_NAME="football"

# Disk size in MB
DISK_SIZE_MB=8192

# WireGuard configuration (MUST BE SET)
WG_ENDPOINT_IP="192.0.2.1"
WG_ENDPOINT_PORT="51820"

# Check if keys exist, if not generate them
if [ ! -f "$BUILD_DIR/private.key" ]; then
    echo "Generating WireGuard keys..."
    wg genkey > "$BUILD_DIR/private.key"
    wg pubkey < "$BUILD_DIR/private.key" > "$BUILD_DIR/public.key"
    chmod 600 "$BUILD_DIR/private.key"
    chmod 644 "$BUILD_DIR/public.key"
    echo "Keys generated:"
    echo "  Private: $BUILD_DIR/private.key"
    echo "  Public: $BUILD_DIR/public.key"
fi

WG_PRIVATE_KEY=$(cat "$BUILD_DIR/private.key")
WG_PUBLIC_KEY=$(cat "$BUILD_DIR/public.key")

echo ""
echo "WireGuard configuration:"
echo "  Endpoint: $WG_ENDPOINT_IP:$WG_ENDPOINT_PORT"
echo "  Private Key: ${WG_PRIVATE_KEY:0:10}..."
echo "  Public Key: ${WG_PUBLIC_KEY:0:10}..."
echo ""

# Check if Docker is available
if ! command -v docker >/dev/null 2>&1; then
    echo "ERROR: Docker not available"
    exit 1
fi

# Step 1: Clean up
echo "[1/11] Cleaning up..."
rm -rf "$CHROOT_DIR"
mkdir -p "$CHROOT_DIR"
mkdir -p "$OUTPUT_DIR"

# Step 2: Bootstrap Debian using Docker
echo "[2/11] Bootstrapping Debian $DEBIAN_VERSION..."

# Create a Dockerfile for building Debian
cat > "$BUILD_DIR/Dockerfile.build" << 'EOF'
FROM debian:$DEBIAN_VERSION

ENV DEBIAN_FRONTEND=noninteractive

# Install debootstrap
RUN apt-get update && \
    apt-get install -y debootstrap qemu-utils kpartx squashfs-tools

# Set working directory
WORKDIR /build

# Copy build script
COPY build.sh config/ chroot-overlay/ /build/

# Setup WireGuard config
ENV WG_ENDPOINT_IP=$WG_ENDPOINT_IP
ENV WG_ENDPOINT_PORT=$WG_ENDPOINT_PORT
ENV WG_PRIVATE_KEY=$WG_PRIVATE_KEY
ENV WG_PUBLIC_KEY=$WG_PUBLIC_KEY

# Run build (debootstrap, etc.)
RUN echo "Starting debootstrap..." && \
    debootstrap --arch=amd64 --variant=minbase $DEBIAN_VERSION /chroot http://deb.debian.org/debian && \
    echo "Copying overlay..." && \
    cp -r chroot-overlay/* /chroot/ && \
    echo "Creating chroot structure..."
EOF

echo "Building with Docker..."
echo "Note: This may take several minutes..."

# Actually, let's use a simpler approach - use debootstrap on host (which we have)
# instead of complex Docker setup

echo ""
echo "Using host debootstrap..."

# Clean up
sudo rm -rf "$CHROOT_DIR" 2>/dev/null || true
mkdir -p "$CHROOT_DIR"
mkdir -p "$OUTPUT_DIR"

# Bootstrap minimal Debian
echo "Bootstrapping Debian $DEBIAN_VERSION..."
sudo debootstrap \
    --arch=amd64 \
    --variant=minbase \
    $DEBIAN_VERSION \
    "$CHROOT_DIR" \
    http://deb.debian.org/debian

echo "Bootstrap complete!"

# Now check if we can continue without kpartx
# Try to use partx instead

echo ""
echo "Build environment ready!"
echo "  Chroot directory: $CHROOT_DIR"
echo "  Output directory: $OUTPUT_DIR"
echo ""
echo "Next steps would be:"
echo "  1. Configure APT sources"
echo "  2. Install packages"
echo "  3. Apply chroot overlay"
echo "  4. Configure WireGuard"
echo "  5. Run hardening"
echo "  6. Create disk images"
echo ""
echo "Note: kpartx is not available, will try partx as alternative"