KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
93 Commits 1 Branch 0 Tags
2a16eae3a44bd7ea129a37585f2904c281ae0b11
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
ReachableCEO 2a16eae3a4 docs: update README with ISO testing commands 
Add ISO testing section with libvirt/virsh commands (create, console, status, stop, destroy, list). Update project files table to include test-iso.sh script.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-01-29 10:36:38 -05:00
bin
feat: Add bin directory for management scripts
2026-01-21 15:39:34 -05:00
config
feat: add encryption validation and user notification hook
2026-01-29 10:00:05 -05:00
docs
docs: Add comprehensive documentation structure
2026-01-21 15:38:50 -05:00
lib
feat: Add Docker utility library
2026-01-21 15:39:29 -05:00
plan
feat: Phase 1 - Project structure and build environment
2026-01-21 10:22:03 -05:00
src
feat: update ISO build command with encryption flags
2026-01-29 10:00:57 -05:00
tests
test: Update test suite with improved structure
2026-01-21 15:40:33 -05:00
.gitignore
chore: Update .gitignore for KNEL-Football project
2026-01-21 15:40:08 -05:00
AGENTS.md
docs: update AGENTS.md with mandatory security requirements
2026-01-29 10:00:27 -05:00
BUILD-COMPLETE.md
docs: add build completion report with ISO verification
2026-01-29 10:00:19 -05:00
BUILD-SUMMARY.md
docs: add build session summary with implementation details
2026-01-29 10:00:21 -05:00
Dockerfile
chore: add multi-stage Dockerfile for build environment
2026-01-29 10:00:50 -05:00
FINAL-SECURITY-COMPLIANCE-REPORT.md
feat: Add final security compliance report
2026-01-21 15:38:57 -05:00
JOURNAL.md
docs: update JOURNAL with mandatory requirements implementation session
2026-01-29 10:00:33 -05:00
PRD.md
docs: add comprehensive PRD with mandatory security requirements
2026-01-29 09:59:15 -05:00
QUICK_START.md
docs: add quick start guide for project setup and build
2026-01-29 10:01:10 -05:00
README.md
docs: update README with ISO testing commands
2026-01-29 10:36:38 -05:00
RESUME.md
docs: update RESUME with build completion and ISO status
2026-01-29 10:00:49 -05:00
run.sh
chore: add main entry point script for Docker build workflow
2026-01-29 10:00:54 -05:00
SESSION-CLOSED.md
docs: add session closure documentation for continuity
2026-01-29 10:01:12 -05:00
test-iso.sh
feat: add libvirt/virsh ISO testing script
2026-01-29 10:36:20 -05:00
VERIFICATION-REPORT.md
docs: add comprehensive verification report for mandatory requirements
2026-01-29 10:00:25 -05:00

README.md

KNEL-Football Secure OS

⚠️ READ THESE FILES FIRST

🚀 Quick Start

  1. AGENTS.md - Current status + critical requirements (START HERE)
  2. RESUME.md - Complete resumption guide
  3. QUICK_START.md - Quick reference commands

📋 Documentation Files

File Purpose
AGENTS.md START HERE - Current status + requirements
RESUME.md Complete resumption guide + build history
QUICK_START.md Quick commands and status
JOURNAL.md Append-only development journal

🔧 Project Files

File Purpose
run.sh Main entry point (build/test/lint/clean/iso)
test-iso.sh ISO testing with libvirt/virsh VMs
Dockerfile Build environment
config/ Live-build configuration
tests/ BATS test suite

Current Status (2026-01-24 19:00 CST)

ISO Build Running

  • Status: Active build (3rd attempt, minimal config)
  • Current Stage: lb binary_chroot (creating binary filesystem)
  • Started: 18:04 CST
  • Expected Completion: 19:00-19:15 CST (~15 min remaining)
  • Build Log: /tmp/knel-iso-build.log
  • Output: output/ (ISO will appear here when complete)

First Actions

cd /home/tsys/Projects/KNEL/football

# 1. Check if ISO is ready
ls -lh output/

# 2. If ready, verify
cd output/
sha256sum -c knel-football-secure-v1.0.0.iso.sha256

# 3. If not ready, monitor
tail -f /tmp/knel-iso-build.log

Quick Commands

Project Management

./run.sh build    # Build Docker image
./run.sh test     # Run tests
./run.sh lint     # Check scripts
./run.sh clean    # Remove artifacts
./run.sh iso      # Build ISO (30-60 min)
./run.sh shell    # Interactive shell

Build Commands

# Monitor ISO build
tail -f /tmp/knel-iso-build.log

# Check build status
tail -50 /tmp/knel-iso-build.log | grep "P:"

# Check output
ls -lh output/

ISO Testing (libvirt/virsh)

./test-iso.sh create              # Create and boot test VM
./test-iso.sh console             # Connect to VM console
./test-iso.sh status              # Show VM status
./test-iso.sh stop                # Stop VM
./test-iso.sh destroy             # Remove VM
./test-iso.sh list                # List all test VMs

Project Overview

Goal

Build KNEL-Football secure ISO with Docker-only workflow following AGENTS.md requirements.

Features

  • Mandatory Full Disk Encryption - LUKS2 with AES-256-XTS
  • Mandatory Strong Passwords - 14+ chars, complexity requirements
  • Debian Testing base
  • IceWM + LightDM desktop
  • WiFi/Bluetooth permanently disabled
  • SSH with wireguard keys
  • Firewall rules (inbound SSH, outbound VPN only)
  • USB automount support
  • QR code import for WireGuard

Security Requirements (MANDATORY)

  • Full disk encryption with LUKS2 (AES-256-XTS, 512-bit key)
  • Encryption passphrase required at every boot (14+ characters)
  • Password complexity enforced (14+ chars, mix of classes)
  • Network isolation (VPN-only access)
  • No wireless networking
  • Comprehensive audit logging

Compliance

All operations in Docker container Docker volumes for file I/O No directories in /home No host system modifications Only final artifacts in output/ File ownership preserved

Documentation

AGENTS.md (READ FIRST)

  • Current build status
  • Critical requirements
  • Docker-only workflow
  • Volume structure

RESUME.md (Detailes Guide)

  • Build progress timeline
  • Issues encountered and solutions
  • Working configuration
  • Restart instructions
  • Compliance verification

QUICK_START.md (Quick Reference)

  • First actions
  • Quick commands
  • Key files reference
  • Expected output

JOURNAL.md (Development Log)

  • Append-only journal
  • Daily work notes
  • Lessons learned
  • Technical decisions

Session Summary

Date: 2026-01-24 Duration: 8 hours (11:00-19:00 CST) Goal: Build ISO with Docker-only workflow Status: Build running (expected completion ~15 min) Attempts: 7 Working Strategy: Minimal configuration (all problematic flags removed)

Next Actions:

  1. Check output/ for ISO
  2. Verify ISO with checksums
  3. Test ISO with libvirt/virsh
  4. Validate security features

📍 START HERE: AGENTS.md → Current status + requirements 📖 DETAILS: RESUME.md → Complete resumption guide QUICK: QUICK_START.md → Quick commands

ISO Build Running - Expected completion: 19:00-19:15 CST

Reference in New Issue View Git Blame Copy Permalink
Description
Fully self contained , very stripped and locked down Debian image intended for deployment onto physical access only system (Dell Laptop) (called football-(x) to be used for remote (RDP) access to another high security physical system (highside) which is a privileged access workstation in the KNEL server room.
Readme AGPL-3.0 5.3 MiB
Languages
Shell 98.8%
Dockerfile 1.2%