KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c1d8c5def65fd114dee8166dfd052a75c5bc008a
football/plan/PreFlightDiscussion-03.md
Charles N Wyble 3fc85b8130 feat: Phase 1 - Project structure and build environment 
- Add project directory structure with config, src, tests directories
- Implement run.sh host wrapper script for Docker-based workflow
- Create Dockerfile for build/test environment with live-build
- Add basic live-build configuration with preseed and package lists
- Add .gitignore and .dockerignore files

This establishes the foundation for building the secure Debian ISO.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 10:22:03 -05:00

2.5 KiB
Raw Blame History

Pre-Flight Discussion - Round 3

Final Clarification Needed:

Package Management Implementation Details

  • Your Feedback: Remove apt execution permissions, use chattr +i, concerned about core system packages
  • Question: How should we handle this in the live-build hooks?

Implementation Options:

  1. In config/hooks/live/ - Modify the live system during build
  2. In config/hooks/installed/ - Modify after installation but before reboot
  3. Both - Ensure comprehensive removal/disable

Specific Questions:

  • Should we attempt to remove apt and dpkg entirely (if possible)?
  • Or just remove execute permissions and make immutable with chattr +i?
  • What about package management metadata in /var/lib/apt/ and /var/lib/dpkg/?
  • Should we also remove package management tools like aptitude, synaptic, etc.?

Lets remove the permissions and make immutable after install before reboot. Yes remove synaptic aptitude etc (or better yet dont install them at all)

All Other Items RESOLVED:

Compliance Framework

  • CMMC Level 3
  • CIS Benchmark for Debian Linux + Debian STIG (last for Debian 11)
  • Adapt Debian 11 STIG for Debian 13

QR Code Implementation

  • zbar for scanning (no generation needed)
  • Shell script for scan and config update
  • Standard WireGuard QR format

Testing Strategy

  • Include test suite in ISO
  • Command line execution

Package Management

  • Remove execute permissions
  • Use chattr +i for immutability
  • ? Need clarification on implementation approach

Preseed Configuration

  • Timezone: US/Chicago
  • Keyboard: Standard US English
  • Password complexity in preseed

Secure Boot

  • Include secure boot keys in ISO
  • UEFI only (no Legacy BIOS)
  • Measured boot

Documentation

  • No user guides in ISO
  • No inline help for shortcuts
  • Technical documentation in repo only

Package Management Implementation RESOLVED

  • Use config/hooks/installed/ - modify after installation before reboot
  • Remove execute permissions from apt, dpkg, and package management tools
  • Make immutable with chattr +i
  • Don't install synaptic, aptitude, etc. in the first place
  • Handle package management metadata in /var/lib/apt/ and /var/lib/dpkg/

Status: All items resolved - ready to update specification Next Action: Update football-spec.md with all decisions from pre-flight discussions Ready for Implementation: YES - all questions and concerns resolved

Reference in New Issue View Git Blame Copy Permalink