KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c1d8c5def65fd114dee8166dfd052a75c5bc008a
football/plan/PreFlightDiscussion-03.md
Charles N Wyble 3fc85b8130 feat: Phase 1 - Project structure and build environment 
- Add project directory structure with config, src, tests directories
- Implement run.sh host wrapper script for Docker-based workflow
- Create Dockerfile for build/test environment with live-build
- Add basic live-build configuration with preseed and package lists
- Add .gitignore and .dockerignore files

This establishes the foundation for building the secure Debian ISO.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 10:22:03 -05:00

73 lines
2.5 KiB
Markdown
Raw Blame History

# Pre-Flight Discussion - Round 3
## Final Clarification Needed:
### Package Management Implementation Details
- **Your Feedback**: Remove apt execution permissions, use chattr +i, concerned about core system packages
- **Question**: How should we handle this in the live-build hooks?
**Implementation Options:**
1. **In `config/hooks/live/`** - Modify the live system during build
2. **In `config/hooks/installed/`** - Modify after installation but before reboot
3. **Both** - Ensure comprehensive removal/disable
**Specific Questions:**
- Should we attempt to remove `apt` and `dpkg` entirely (if possible)?
- Or just remove execute permissions and make immutable with `chattr +i`?
- What about package management metadata in `/var/lib/apt/` and `/var/lib/dpkg/`?
- Should we also remove package management tools like `aptitude`, `synaptic`, etc.?
Lets remove the permissions and make immutable after install before reboot.
Yes remove synaptic aptitude etc (or better yet dont install them at all)
## All Other Items ✅ RESOLVED:
### Compliance Framework
- ✅ CMMC Level 3
- ✅ CIS Benchmark for Debian Linux + Debian STIG (last for Debian 11)
- ✅ Adapt Debian 11 STIG for Debian 13
### QR Code Implementation
- ✅ zbar for scanning (no generation needed)
- ✅ Shell script for scan and config update
- ✅ Standard WireGuard QR format
### Testing Strategy
- ✅ Include test suite in ISO
- ✅ Command line execution
### Package Management
- ✅ Remove execute permissions
- ✅ Use `chattr +i` for immutability
- ? Need clarification on implementation approach
### Preseed Configuration
- ✅ Timezone: US/Chicago
- ✅ Keyboard: Standard US English
- ✅ Password complexity in preseed
### Secure Boot
- ✅ Include secure boot keys in ISO
- ✅ UEFI only (no Legacy BIOS)
- ✅ Measured boot
### Documentation
- ✅ No user guides in ISO
- ✅ No inline help for shortcuts
- ✅ Technical documentation in repo only
---
### Package Management Implementation ✅ RESOLVED
- ✅ Use `config/hooks/installed/` - modify after installation before reboot
- ✅ Remove execute permissions from apt, dpkg, and package management tools
- ✅ Make immutable with `chattr +i`
- ✅ Don't install synaptic, aptitude, etc. in the first place
- ✅ Handle package management metadata in `/var/lib/apt/` and `/var/lib/dpkg/`
---
**Status**: All items resolved - ready to update specification
**Next Action**: Update football-spec.md with all decisions from pre-flight discussions
**Ready for Implementation**: YES - all questions and concerns resolved
Reference in New Issue View Git Blame Copy Permalink