football

Files

Charles N Wyble bdf1f1b395 fix: pin all package versions for reproducible builds (FINDING-006)

Addresses Hadolint DL3008 warnings and ensures reproducible Docker builds
by pinning all apt packages to specific Debian 13 (trixie) versions.

Changes:
- Dockerfile: Pin 21 packages with version constraints
- tests/unit/build-iso_comprehensive_test.bats: Add 22 version pinning tests

Pinned versions from Debian 13 candidate:
- Base: ca-certificates, gnupg, curl, wget, git
- Build: live-build, debootstrap, squashfs-tools, xorriso, grub-*
- Testing: bats, shellcheck (bats-* helpers not versioned in Debian)
- Security: nftables, iptables, auditd, rsyslog

Fixes: FINDING-006 (Docker package versions not pinned)
Reference: Hadolint DL3008, reproducible builds best practice

💘 Generated with Crush

Assisted-by: Claude via Crush <crush@charm.land>

2026-02-20 10:54:34 -05:00

build-iso_comprehensive_test.bats

fix: pin all package versions for reproducible builds (FINDING-006)

2026-02-20 10:54:34 -05:00

desktop-environment_test.bats

test: expand integration tests and add unit tests for hooks

2026-02-19 17:41:08 -05:00

encryption-setup_test.bats

docs: fix PRD consistency and align all docs with SSH client-only (FR-006)

2026-02-19 16:04:38 -05:00

encryption-validation_test.bats

fix: standardize username to 'football' in all hooks (FINDING-008)