msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V9.14.008.2026.06.04
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Has been cancelled
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2026-06-04 18:19:09 +01:00
parent c80b45417f
commit ec3aca7fc8
119 changed files with 931 additions and 392 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/CODING_CONVENTION.md
+15 -11
View File
@@ -10,23 +10,27 @@ include_toc: true
# 2. Purpose
This document defines the coding and review conventions for this repository.
This document defines the coding and review conventions for this repository. This file is the detailed engineering convention.
The project builds Debian-based live and installer infrastructure. Treat every change as security-sensitive and
boot-chain-sensitive, especially changes that affect initramfs behavior, encrypted SquashFS handling, LUKS, Dropbear, GRUB,
checksums, signatures, package sources, hardening settings, or network exposure.
`AGENTS.md` is the short operational guide for Codex.
`code_review.md` is used for review tasks and final self-review.
# 3. Change discipline
* Keep changes small, local, and reviewable.
* Make one functional change per pull request or patch set.
* Preserve existing architecture, naming style, error handling, formatting, and security posture.
* Do not introduce Ubuntu-specific assumptions. The default target distribution is Debian 13 Trixie.
* Do not invent live-build, live-boot, initramfs, cryptsetup, GRUB, systemd, or Debian package behavior. Verify against existing
code or authoritative Debian/upstream documentation.
* Do not weaken cryptography, authentication, sandboxing, permission checks, TLS verification, signature verification, checksum
verification, or input validation unless the task explicitly requires it and the risk is documented.
* Prefer simple, inspectable Bash over clever abstractions.
* Keep changes small, local, and reviewable.
* Make one functional change per patch set.
* Preserve existing architecture, naming style, error handling, formatting, and security posture.
* Do not introduce Ubuntu-specific assumptions.
* Target Debian 13 Trixie unless explicitly instructed otherwise.
* Do not invent live-build, live-boot, initramfs, cryptsetup, GRUB, systemd, Debian package, or upstream tool behavior.
* Verify uncertain behavior against repository code or authoritative upstream documentation.
* Do not weaken cryptography, authentication, sandboxing, permission checks, TLS verification, signature verification, checksum verification, provenance verification, or input validation unless explicitly requested and documented.
* Prefer simple, inspectable Bash over clever abstractions.
* Do not perform unrelated cleanup or formatting churn.
# 4. Boot and build phases
@@ -123,7 +127,7 @@ Run the narrowest checks that prove the change:
* Live-build, initramfs, or ISO behavior changes: document the required Debian Trixie build validation command, normally
`make live` or the equivalent `./ciss_live_builder.sh ...` invocation.
If a relevant check cannot be run in the current environment, state the exact reason and the command that should be run locally.
If a relevant check cannot be run in the current environment, state the exact reason, and the command that should be run locally.
# 12. Code review