KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9459c84fbcc782d6da3e946bae4424df85c861db
football/src/build-iso.sh
reachableceo 7545a164e5 fix: resolve all shellcheck warnings in source scripts and hooks 
This commit addresses every shellcheck warning (severity: warning and
above) across the project's shell scripts. Only SC1091 info-level
notices remain (sourced files not available during static analysis),
which is expected and unavoidable in the Docker build workflow.

Changes by file:

src/build-iso.sh
- Replace Unicode checkmark/cross characters (✓, ✗) with ASCII
  equivalents (PASS:, FAIL:) to eliminate commitBuffer encoding errors
- Replace useless `cat | cut` pipeline with direct file redirect
  (`cut -d' ' -f1 < file`), resolving SC2002

src/security-hardening.sh
- Pass optional arguments through the function call chain in
  apply_security_hardening() to resolve SC2119/SC2120 (functions
  reference $1 but are called without arguments)

src/firewall-setup.sh
- Pass optional arguments through apply_firewall() in main() to
  resolve SC2119/SC2120

config/hooks/installed/encryption-setup.sh
- Consolidate four individual `echo >> file` redirects into a single
  `{ cmd1; cmd2; } >> file` block, resolving SC2129
- Add shellcheck disable directive for intentional SC2016 in sed
  command (single quotes are required by sed, not a mistake)

config/hooks/installed/encryption-validation.sh
- Replace remaining Unicode checkmark characters with ASCII

Verification:
  shellcheck --severity=warning src/*.sh config/hooks/**/*.sh
  => zero warnings, zero errors

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-04-27 13:09:39 -05:00

221 lines
6.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Main ISO build script - STRICTLY Docker-based
set -euo pipefail
echo "=== KNEL-Football ISO Build ==="
echo "All operations performed in Docker container"
# Configuration
readonly PROJECT_NAME="knel-football-secure"
readonly DOCKER_IMAGE="knel-football-dev:latest"
readonly BUILD_TIMEOUT="3600" # 1 hour timeout
# Function to validate Docker environment
validate_environment() {
echo "Validating Docker environment..."
# Check for Docker
if ! command -v docker >/dev/null 2>&1; then
echo "Error: Docker not found"
exit 1
fi
# Check if Docker image exists
if ! docker image inspect "$DOCKER_IMAGE" >/dev/null 2>&1; then
echo "Error: Docker image '$DOCKER_IMAGE' not found"
echo "Run: docker build -t $DOCKER_IMAGE ."
exit 1
fi
echo "Docker environment validation successful."
}
# Function to build ISO in Docker container
build_iso() {
echo "Building secure Debian ISO in Docker container..."
# Clean up any existing container
docker rm -f "$PROJECT_NAME-build" 2>/dev/null || true
# Run build in Docker container with proper volumes
docker run --name "$PROJECT_NAME-build" \
--rm \
-v "$(pwd)":/workspace:ro \
-v "$(pwd)/tmp":/build \
-v "$(pwd)/output":/output \
-e TZ="UTC" \
-e DEBIAN_FRONTEND="noninteractive" \
-e LC_ALL="C" \
"$DOCKER_IMAGE" \
bash -c "
echo '=== Building KNEL-Football Secure OS ==='
echo 'All operations performed inside container'
echo 'Workspace: /workspace (read-only)'
echo 'Build: /build'
echo 'Output: /output'
# Install build tools if not present
if ! command -v lb > /dev/null 2>&1; then
echo 'Installing build tools...'
apt-get update -qq
apt-get install -y live-build xorriso grub-pc-bin syslinux-utils
fi
# Create build environment
cd /build
rm -rf ./*
echo 'Configuring live-build...'
lb config \
--distribution testing \
--architectures amd64 \
--archive-areas 'main contrib non-free' \
--mode debian \
--chroot-filesystem squashfs \
--binary-filesystem iso9660 \
--binary-images iso-hybrid \
--iso-application 'KNEL-Football Secure OS' \
--iso-publisher 'KNEL-Football Security Team' \
--iso-volume 'KNEL-Football Secure' \
--linux-packages 'linux-image-amd64 linux-headers-amd64' \
--debian-installer true \
--debian-installer-gui true \
--win32-loader true \
--memtest memtest86+ \
--source false \
--apt-indices false \
--apt-source-archives false
# Apply configuration from workspace (copy into config/ directory created by lb config)
if [ -d /workspace/config ]; then
echo 'Applying custom configuration...'
cp -r /workspace/config/* ./config/
fi
# Build ISO
echo 'Starting ISO build (30-60 minutes)...'
timeout $BUILD_TIMEOUT lb build
if [ \$? -eq 0 ]; then
echo 'PASS: Build completed successfully!'
# Find and process ISO
ISO_FILE=\$(find . -name '*.iso' -type f | head -1)
if [ -n \"\$ISO_FILE\" ]; then
echo \"PASS: ISO created: \$ISO_FILE\"
# Generate checksums
sha256sum \"\$ISO_FILE\" > \"\${ISO_FILE}.sha256\"
md5sum \"\$ISO_FILE\" > \"\${ISO_FILE}.md5\"
# Create KNEL-Football branded name
FINAL_ISO=\"${PROJECT_NAME}.iso\"
mv \"\$ISO_FILE\" \"\$FINAL_ISO\"
mv \"\${ISO_FILE}.sha256\" \"\${FINAL_ISO}.sha256\"
mv \"\${ISO_FILE}.md5\" \"\${FINAL_ISO}.md5\"
# Copy artifacts to output volume
cp \"\$FINAL_ISO\" \"\${FINAL_ISO}.sha256\" \"\${FINAL_ISO}.md5\" /output/
# Create build report
cat > /output/BUILD-REPORT.txt << REPORT
KNEL-Football Secure OS Build Report
=================================
Build Date: \$(date)
Build Environment: Docker Container ($DOCKER_IMAGE)
Version: unversioned (latest build)
Architecture: x86_64
Files Created:
- $PROJECT_NAME.iso (bootable ISO)
- $PROJECT_NAME.iso.sha256 (SHA256 checksum)
- $PROJECT_NAME.iso.md5 (MD5 checksum)
Technical Specifications:
- Base Distribution: Debian Testing
- Boot Support: Hybrid UEFI/Legacy BIOS
- Filesystem: SquashFS + ISO9660
- Package Manager: apt
- Init System: systemd
Features:
- Debian Installer with GUI
- Full firmware support
- Security configurations
- Memtest86+ memory testing
Build Status: SUCCESSFUL
Next Steps:
1. Test ISO on target hardware
2. Validate installation process
3. Apply KNEL-Football security configurations
4. Deploy to production environment
ISO Information:
Type: Hybrid (UEFI + Legacy BIOS compatible)
Checksum: SHA256 (see .sha256 file)
Contact: KNEL-Football IT Security Team
Generated: \$(date)
REPORT
echo 'PASS: Build report created'
echo 'PASS: All artifacts copied to /output/'
# Display ISO info
if [ -f \"/output/\$FINAL_ISO\" ]; then
echo ''
echo 'ISO Details:'
echo \"File: \$FINAL_ISO\"
echo \"Size: \$(du -h \"/output/\$FINAL_ISO\" | cut -f1)\"
echo \"SHA256: \$(cut -d' ' -f1 < \"/output/\${FINAL_ISO}.sha256\")\"
fi
else
echo 'FAIL: No ISO file found'
exit 1
fi
else
echo 'FAIL: Build failed or timed out'
exit 1
fi
"
# Check if build succeeded
echo ""
echo "=== BUILD COMPLETION CHECK ==="
if [ -f "output/$PROJECT_NAME-v$VERSION.iso" ]; then
echo "PASS: BUILD SUCCESSFUL!"
echo "PASS: ISO created: $PROJECT_NAME-v$VERSION.iso"
echo "PASS: Size: $(du -h "output/$PROJECT_NAME-v$VERSION.iso" | cut -f1)"
echo "PASS: SHA256: $(cut -d' ' -f1 < "output/$PROJECT_NAME-v$VERSION.sha256")"
echo "All operations performed in Docker container - NO host modifications"
return 0
else
echo "FAIL: BUILD FAILED"
echo "Check Docker container output for errors"
return 1
fi
}
# Main execution
main() {
echo "Starting KNEL-Football secure ISO build..."
# Ensure output directory exists
mkdir -p output
mkdir -p tmp
validate_environment
build_iso
echo "Build process completed successfully!"
echo "All operations performed in Docker container - NO host system modifications"
}
# Only execute main if script is run directly (not sourced)
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi
Reference in New Issue View Git Blame Copy Permalink