commander/alfred-linux
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: commander:main
Branches Tags
commander:main
commander:master
...
pull from: commander:master
Branches Tags
commander:main
commander:master

No commits in common. "main" and "master" have entirely different histories.
main ... master

7 changed files with 327 additions and 164 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
build/
*.iso
node_modules/
.cache/

0
CONTRIBUTING.md
View File

164
README.md
View File

@ -1,164 +0,0 @@
# Alfred Linux
**AI-Native Operating System — Kernel 7.0 · 32 Security Modules · Zero Telemetry**
Alfred Linux is a Debian-based operating system where security, privacy, and AI are architectural decisions — not aftermarket add-ons. Custom-compiled kernel 7.0, 32 hardened security modules active from first boot, AI IDE and voice assistant preinstalled, zero telemetry by architecture.
Built by [GoSiteMe Inc.](https://gositeme.com) — not a weekend fork, not a reskin with a wallpaper change.
## Build History
| Build | Version | Base | Kernel | Status | ISO Size |
|-------|---------|------|--------|--------|----------|
| RC1 | 2.0 | Bookworm | 6.1.0-44 | ✅ Built | 2.4 GB |
| RC2 | 2.0 | Bookworm | 6.1.0-44 | ✅ Built | 2.4 GB |
| RC3 | 2.0 | Bookworm | 6.1.0-44 | ✅ Bootable | 2.5 GB |
| RC4 | 3.0 | Trixie | 6.12 | ✅ Built | 2.4 GB |
| RC5 | 3.0 | Trixie | 6.12 | ✅ Built | 2.4 GB |
| RC6 | 4.0 | Trixie | 6.12 | ✅ Built | 2.4 GB |
| RC7 | 4.0 | Trixie | 7.0.0-rc7 | ✅ Kernel 7 | 2.3 GB |
| RC8 | 4.0 | Trixie | 7.0.0-rc7 | ✅ Current | 2.4 GB |
**10 ISOs built. 3 kernel generations. Bookworm → Trixie rebase. First distro to ship kernel 7.0.**
## What Ships in the ISO
| Component | What it is | Hook code |
|-----------|-----------|-----------|
| **Kernel 7.0.0-rc7-alfred** | Custom-compiled from Linus Torvalds' mainline tree | — |
| **32 Security Modules** | AppArmor, auditd, fail2ban, ClamAV, rkhunter, chkrootkit, AIDE, nftables, LUKS2, MAC randomization, CIS L2 sysctl | 888 lines across 3 hooks |
| **Alfred IDE** | code-server + Commander extension (AI chat, voice, 500+ MCP tools) | 94 lines |
| **Alfred Voice** | Kokoro TTS engine + wake word (fully offline, no cloud) | 128 lines |
| **Alfred Search** | Meilisearch instant search (offline, local indexes) | 131 lines |
| **Alfred Browser** | Privacy-first Chromium fork | 91 lines |
| **Calamares Installer** | Graphical installer with FDE checkbox | 344 lines |
| **XFCE Desktop** | Lightweight, custom-branded desktop environment | 476 lines |
| **Post-quantum crypto** | Kyber-1024 (ML-KEM-1024) ready | included in security hook |
| **Zero telemetry** | No telemetry code exists — not disabled, never written | — |
## Repository Structure
```
alfred-linux/
├── README.md
├── scripts/
│ ├── build-unified.sh # 375 lines — main build orchestrator
│ └── build.sh # simplified build entry point
├── config/
│ ├── hooks/live/
│ │ ├── 0100-alfred-customize.hook.chroot # 476 lines — branding, desktop, Plymouth, GRUB
│ │ ├── 0160-alfred-security.hook.chroot # 570 lines — 32 security modules
│ │ ├── 0165-alfred-network-hardening.hook.chroot # 193 lines — nftables, sysctl, MAC randomization
│ │ ├── 0170-alfred-fde.hook.chroot # 125 lines — full disk encryption (LUKS2)
│ │ ├── 0200-alfred-browser.hook.chroot # 91 lines — Alfred Browser install
│ │ ├── 0300-alfred-ide.hook.chroot # 94 lines — code-server + Commander extension
│ │ ├── 0400-alfred-voice.hook.chroot # 128 lines — Kokoro TTS + PyTorch
│ │ ├── 0500-alfred-search.hook.chroot # 131 lines — Meilisearch engine
│ │ └── 0600-alfred-installer.hook.chroot # 344 lines — Calamares graphical installer
│ └── package-lists/
│ ├── alfred.list.chroot # core packages
│ └── alfred-b2.list.chroot # extended packages
└── docs/
├── ARM64_BUILD_INVESTIGATION.md # ARM64/Raspberry Pi port research
└── KERNEL_UPGRADE_ROADMAP.md # kernel upgrade planning
```
**Total: 2,527 lines of build code across 10 hooks + build scripts.**
This is not a config tweak. This is a build system.
## How the Build Works
```bash
# Requires: Debian 12+ host, live-build, root/sudo
cd scripts/
sudo ./build-unified.sh
```
`build-unified.sh` is the orchestrator. It:
1. Configures live-build for Debian Trixie (13) with XFCE
2. Drops all 10 hooks into the chroot build pipeline
3. Each hook runs in order (0100 → 0600) inside the chroot
4. Hooks install packages, write configs, enable services, apply hardening
5. Two kernel-naming hooks (9999) fix the UEFI/BIOS boot path
6. live-build produces the hybrid ISO (UEFI + BIOS bootable)
### The Critical Boot Fix (RC2→RC3)
Bootloader references `/live/vmlinuz` but live-build only creates versioned files (`vmlinuz-6.1.0-44-amd64`). Two hooks fix this:
- **Chroot hook (9999):** Creates generic kernel copies in `/boot/`
- **Binary hook (9999):** Creates generic copies in `binary/live/` after lb copies versioned files
Without both, the ISO boots to a kernel panic. This is the kind of real-world debugging that separates build systems from config generators.
## Security Architecture (570 lines, hook 0160)
The security hook alone is 570 lines. It doesn't just install packages — it installs and **configures** 32 modules:
- **Mandatory Access Control:** AppArmor enforced, custom profiles loaded
- **Intrusion Detection:** fail2ban with SSH/HTTP jails, auditd with CIS-aligned rules
- **File Integrity:** AIDE baseline database initialized at build time
- **Antivirus:** ClamAV with freshclam cron, rkhunter, chkrootkit
- **Firewall:** nftables with drop-by-default policy (not UFW — raw nftables)
- **Encryption:** LUKS2 full disk encryption via Calamares option
- **Network:** MAC address randomization (WiFi + Ethernet), DNS-over-TLS, sysctl hardening
- **Kernel:** 24 CPU mitigations including 3 kernel-7-exclusive (ITS, TSA, VMSCAPE)
- **Sysctl:** CIS Level 2 hardening — ICMP redirects disabled, SYN cookies enabled, IP forwarding off, core dumps disabled
For comparison: Ubuntu ships with UFW installed but **off**. Fedora ships with SELinux that users routinely **disable**. Arch ships with **nothing**.
## Build Server
ISOs are built on a dedicated EU build server:
- 8 cores, 32 GB RAM
- Debian Bookworm host (migrating to Trixie)
- Isolated build environment (clean chroot each run)
## Verification
```bash
# Download
wget https://alfredlinux.com/downloads/alfred-linux-4.0-rc8-amd64.iso
# Verify hash
sha256sum alfred-linux-4.0-rc8-amd64.iso
# Boot in QEMU (no install required)
qemu-system-x86_64 -m 4096 -cdrom alfred-linux-4.0-rc8-amd64.iso -boot d
# Once booted, verify:
uname -r # → 7.0.0-rc7-alfred
alfred-security-status # → 32 modules active
alfred-network-status # → nftables + MAC randomization
systemctl status fail2ban # → active (running)
systemctl status apparmor # → active (running)
```
## Progress — Turning Weaknesses Into Wins
| What We Admitted | What We Shipped |
| --- | --- |
| No community infrastructure | [Community hub](https://alfredlinux.com/community) with contribution workflows, all 8 repos public on [GoForge](https://alfredlinux.com/forge/explore/repos) |
| No hardware testing matrix | [Hardware Compatibility List](https://alfredlinux.com/hardware) — VMs, bare metal, mobile, known limitations |
| No LTS cadence | [Roadmap](https://alfredlinux.com/roadmap) with timeline, GA goals, and LTS planning tracked in [GoForge issues](https://alfredlinux.com/forge/commander/alfred-linux/issues) |
| Not on DistroWatch | Submitted — waiting list |
| No contribution guide | [CONTRIBUTING.md](CONTRIBUTING.md) — bug reports, code workflow, hardware test submissions, security reporting |
We'd rather ship 32 hardened security modules with zero community than ship zero security modules with a million users.
## License
AGPL-3.0
## Links
- **Website:** https://alfredlinux.com
- **Download:** https://alfredlinux.com/download
- **Community:** https://alfredlinux.com/community
- **Hardware Compatibility:** https://alfredlinux.com/hardware
- **Roadmap:** https://alfredlinux.com/roadmap
- **Compare:** https://alfredlinux.com/compare
- **Security:** https://alfredlinux.com/security
- **Apps:** https://alfredlinux.com/apps
- **All Repos:** https://alfredlinux.com/forge/explore/repos
- **Company:** https://gositeme.com (GoSiteMe Inc.)

BIN
assets/alfred-commander-1.0.1.tar.gz Normal file
View File

Binary file not shown.

176
config/hooks/live/0160-alfred-security.hook.chroot.bak Executable file
View File

@ -0,0 +1,176 @@
#!/bin/bash
# ═══════════════════════════════════════════════════════════════
# HOOK 0160: Alfred Linux — Kernel Security Hardening
# Applies comprehensive sysctl security, AppArmor enforcement,
# automatic security updates, and network-level DDoS protection.
# BUILD: v4.0+ (RC7+)
# ═══════════════════════════════════════════════════════════════
set -e
echo "╔═══════════════════════════════════════════════════╗"
echo "║ [0160] Alfred Linux — Security Hardening ║"
echo "╚═══════════════════════════════════════════════════╝"
# ── 1. KERNEL HARDENING (sysctl) ──────────────────────────────
echo "[SEC] Applying kernel security hardening..."
cat > /etc/sysctl.d/99-alfred-security.conf << 'SYSCTL'
# ═══════════════════════════════════════════════════════
# Alfred Linux — Kernel Security Hardening
# Defense-in-depth: Quantum-resistant + traditional hardening
# ═══════════════════════════════════════════════════════
# ── Memory Protection ──
kernel.randomize_va_space = 2 # Full ASLR (stack, VDSO, mmap, heap)
kernel.kptr_restrict = 2 # Hide kernel pointers from ALL users
kernel.dmesg_restrict = 1 # Block kernel log snooping (info leaks)
kernel.perf_event_paranoid = 3 # Restrict perf (side-channel attacks)
kernel.yama.ptrace_scope = 1 # Only parent process can ptrace children
kernel.unprivileged_bpf_disabled = 1 # Block unprivileged eBPF (kernel exploits)
# ── Filesystem Protection ──
fs.protected_hardlinks = 1 # Prevent hardlink-based privilege escalation
fs.protected_symlinks = 1 # Prevent symlink-based privilege escalation
fs.protected_fifos = 2 # Restrict FIFO creation in sticky directories
fs.protected_regular = 2 # Restrict regular file creation in sticky dirs
fs.suid_dumpable = 0 # No core dumps from SUID programs (info leak)
# ── Network: Anti-DDoS & Anti-Spoofing ──
net.ipv4.tcp_syncookies = 1 # SYN flood DDoS protection
net.ipv4.tcp_max_syn_backlog = 4096 # Larger SYN backlog for burst handling
net.ipv4.tcp_synack_retries = 2 # Faster timeout on unanswered SYN-ACKs
net.ipv4.conf.all.rp_filter = 1 # Strict reverse-path filtering (IP spoofing)
net.ipv4.conf.default.rp_filter = 1 # Same for new interfaces
net.ipv4.icmp_echo_ignore_broadcasts = 1 # Block Smurf DDoS attacks
net.ipv4.icmp_ignore_bogus_error_responses = 1 # Ignore bogus ICMP errors
net.ipv4.conf.all.accept_redirects = 0 # Block ICMP redirects (MITM)
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0 # Don't send ICMP redirects
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0 # Block source-routed packets
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1 # Log spoofed/redirected packets
net.ipv4.conf.default.log_martians = 1
# ── TCP Hardening ──
net.ipv4.tcp_timestamps = 1 # Keep timestamps (needed for PAWS)
net.ipv4.tcp_rfc1337 = 1 # Defend against TIME-WAIT assassination
net.ipv4.tcp_fin_timeout = 15 # Faster cleanup of dead connections
net.ipv4.tcp_keepalive_time = 600 # 10min keepalive (detect dead peers faster)
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
# ── IPv6 Hardening ──
net.ipv6.conf.default.accept_ra = 0 # Don't accept router advertisements
net.ipv6.conf.all.accept_ra = 0 # (prevents rogue RA attacks)
SYSCTL
# ── 2. APPARMOR ENFORCEMENT ───────────────────────────────────
echo "[SEC] Enabling AppArmor enforcement..."
apt-get install -y apparmor apparmor-utils apparmor-profiles apparmor-profiles-extra 2>/dev/null || true
# Ensure AppArmor is enabled at boot
if [ -f /etc/default/grub ]; then
if ! grep -q "apparmor=1" /etc/default/grub; then
sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="\(.*\)"/GRUB_CMDLINE_LINUX_DEFAULT="\1 apparmor=1 security=apparmor"/' /etc/default/grub
fi
fi
# Enable AppArmor service
systemctl enable apparmor 2>/dev/null || true
# ── 3. AUTOMATIC SECURITY UPDATES ────────────────────────────
echo "[SEC] Configuring automatic security updates..."
apt-get install -y unattended-upgrades apt-listchanges 2>/dev/null || true
cat > /etc/apt/apt.conf.d/50unattended-upgrades << 'UNATTENDED'
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}";
};
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "false";
UNATTENDED
cat > /etc/apt/apt.conf.d/20auto-upgrades << 'AUTOUPGRADE'
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";
AUTOUPGRADE
# ── 4. FAIL2BAN (brute-force protection) ─────────────────────
echo "[SEC] Installing fail2ban..."
apt-get install -y fail2ban 2>/dev/null || true
cat > /etc/fail2ban/jail.local << 'JAIL'
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 24h
JAIL
systemctl enable fail2ban 2>/dev/null || true
# ── 5. USB GUARD (live session only — optional) ──────────────
echo "[SEC] Setting restrictive USB policy for live sessions..."
cat > /etc/udev/rules.d/99-alfred-usb-guard.rules << 'USB'
# Log all USB device connections for audit trail
ACTION=="add", SUBSYSTEM=="usb", RUN+="/usr/bin/logger -t alfred-usb 'USB device connected: %k vendor=%s{idVendor} product=%s{idProduct}'"
USB
# ── 6. AUDIT LOGGING ─────────────────────────────────────────
echo "[SEC] Enabling security audit logging..."
apt-get install -y auditd audispd-plugins 2>/dev/null || true
systemctl enable auditd 2>/dev/null || true
# Key audit rules
cat > /etc/audit/rules.d/alfred-security.rules << 'AUDIT'
# Monitor /etc/passwd and shadow changes
-w /etc/passwd -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/group -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/sudoers -p wa -k privilege
-w /etc/sudoers.d/ -p wa -k privilege
# Monitor SSH config changes
-w /etc/ssh/sshd_config -p wa -k sshd_config
# Monitor kernel module loading
-w /sbin/insmod -p x -k kernel_modules
-w /sbin/rmmod -p x -k kernel_modules
-w /sbin/modprobe -p x -k kernel_modules
# Monitor cron changes
-w /etc/crontab -p wa -k cron
-w /etc/cron.d/ -p wa -k cron
AUDIT
echo ""
echo "╔═══════════════════════════════════════════════════╗"
echo "║ [0160] Security Hardening — COMPLETE ║"
echo "║ ║"
echo "║ ✓ 30+ kernel sysctl hardening rules ║"
echo "║ ✓ AppArmor enforced at boot ║"
echo "║ ✓ Automatic security updates (unattended) ║"
echo "║ ✓ Fail2ban (SSH brute-force: 3 tries → 24h ban) ║"
echo "║ ✓ USB device logging ║"
echo "║ ✓ Audit logging (identity, privilege, kernel) ║"
echo "║ ║"
echo "║ Combined with Kyber-1024 PQ encryption, ║"
echo "║ UFW firewall, and SSH hardening from hook 0100. ║"
echo "╚═══════════════════════════════════════════════════╝"

147
scripts/build-b2.sh Normal file
View File

@ -0,0 +1,147 @@
#!/bin/bash
# Alfred Linux v2.0-b2 — ISO Build Script
# Build: b2 (Branding + Alfred Browser)
set -uo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
BUILD_DIR="$PROJECT_DIR/build"
OUTPUT_DIR="$PROJECT_DIR/iso-output"
DATE=$(date +%Y%m%d)
VERSION="2.0-b2"
ISO_NAME="alfred-linux-${VERSION}-amd64-${DATE}.iso"
echo ""
echo " ╔═══════════════════════════════════════════════╗"
echo " ║ Alfred Linux — ISO Build System v2.0 ║"
echo " ║ Building: ${VERSION} (Browser) ║"
echo " ╚═══════════════════════════════════════════════╝"
echo ""
if [[ $EUID -ne 0 ]]; then
echo "ERROR: Must run as root (sudo)."
exit 1
fi
for cmd in lb debootstrap mksquashfs xorriso; do
if ! command -v "$cmd" &>/dev/null; then
echo "ERROR: '$cmd' not found. Install: apt-get install live-build debootstrap squashfs-tools xorriso"
exit 1
fi
done
echo "[BUILD] Setting up build directory..."
mkdir -p "$BUILD_DIR"
cd "$BUILD_DIR"
if [[ -f .build/config ]]; then
echo "[BUILD] Cleaning previous build..."
lb clean --purge 2>/dev/null || true
fi
echo "[BUILD] Configuring live-build for Debian Bookworm..."
lb config \
--mode debian \
--distribution bookworm \
--architectures amd64 \
--binary-images iso-hybrid \
--bootloader syslinux \
--apt-indices false \
--memtest none \
--firmware-chroot false \
--linux-packages "linux-image" \
--linux-flavours "amd64" \
--parent-mirror-bootstrap "http://deb.debian.org/debian" \
--parent-mirror-chroot "http://deb.debian.org/debian" \
--parent-mirror-chroot-security "http://deb.debian.org/debian-security" \
--parent-mirror-binary "http://deb.debian.org/debian" \
--parent-mirror-binary-security "http://deb.debian.org/debian-security" \
--mirror-bootstrap "http://deb.debian.org/debian" \
--mirror-chroot "http://deb.debian.org/debian" \
--mirror-chroot-security "http://deb.debian.org/debian-security" \
--mirror-binary "http://deb.debian.org/debian" \
--mirror-binary-security "http://deb.debian.org/debian-security" \
--iso-application "Alfred Linux" \
--iso-publisher "GoSiteMe — alfredlinux.com" \
--iso-volume "Alfred Linux 2.0"
# Copy b2 package list (no firefox-esr, has webkit deps)
echo "[BUILD] Installing package lists (b2 — no Firefox)..."
cp "$PROJECT_DIR/config/package-lists/alfred-b2.list.chroot" config/package-lists/alfred.list.chroot 2>/dev/null || true
# Copy all chroot hooks (0100-branding + 0200-browser)
echo "[BUILD] Installing build hooks..."
mkdir -p config/hooks/live
cp "$PROJECT_DIR/config/hooks/live/"*.hook.chroot config/hooks/live/ 2>/dev/null || true
chmod +x config/hooks/live/*.hook.chroot 2>/dev/null || true
# Copy Alfred Browser .deb into packages.chroot for auto-install
echo "[BUILD] Including Alfred Browser .deb..."
mkdir -p config/packages.chroot
cp "$PROJECT_DIR/config/packages.chroot/"*.deb config/packages.chroot/ 2>/dev/null || true
echo "[BUILD] Packages in packages.chroot: $(ls config/packages.chroot/ 2>/dev/null | wc -l)"
# Security repo fix hook
cat > config/hooks/live/0010-fix-security-repo.hook.chroot << 'HOOKEOF'
#!/bin/bash
echo "deb http://deb.debian.org/debian-security bookworm-security main" > /etc/apt/sources.list.d/security.list
echo "deb http://deb.debian.org/debian bookworm-updates main" > /etc/apt/sources.list.d/updates.list
apt-get update -qq
HOOKEOF
chmod +x config/hooks/live/0010-fix-security-repo.hook.chroot
# Fix bootloader
echo "[BUILD] Fixing bootloader config (isolinux)..."
mkdir -p config/bootloaders/isolinux
for f in install.cfg isolinux.cfg live.cfg.in menu.cfg splash.svg.in stdmenu.cfg; do
if [[ -f /usr/share/live/build/bootloaders/isolinux/$f ]]; then
cp /usr/share/live/build/bootloaders/isolinux/$f config/bootloaders/isolinux/
fi
done
cp /usr/lib/ISOLINUX/isolinux.bin config/bootloaders/isolinux/isolinux.bin
cp /usr/lib/syslinux/modules/bios/vesamenu.c32 config/bootloaders/isolinux/vesamenu.c32
for extra in ldlinux.c32 libutil.c32 libcom32.c32; do
[[ -f /usr/lib/syslinux/modules/bios/$extra ]] && cp /usr/lib/syslinux/modules/bios/$extra config/bootloaders/isolinux/
done
echo "[BUILD] Bootloader fix applied: $(ls config/bootloaders/isolinux/ | wc -l) files"
# Copy skeleton files
echo "[BUILD] Installing skeleton files..."
if [[ -d "$PROJECT_DIR/config/includes.chroot" ]]; then
mkdir -p config/includes.chroot
cp -r "$PROJECT_DIR/config/includes.chroot/"* config/includes.chroot/ 2>/dev/null || true
fi
# Build
echo "[BUILD] Starting ISO build... (this takes 20-40 minutes)"
echo "[BUILD] Build log: $BUILD_DIR/build.log"
lb build 2>&1 | tee "$BUILD_DIR/build.log"
BUILD_RC=${PIPESTATUS[0]}
echo "[BUILD] lb build exited with code: $BUILD_RC"
if [ $BUILD_RC -ne 0 ]; then
echo "[BUILD] WARNING: lb build returned non-zero ($BUILD_RC) — checking if ISO was still created..."
fi
# Move output
ISO_FILE=$(find . -maxdepth 1 -name "*.iso" -o -name "*.hybrid.iso" | head -1)
if [[ -n "$ISO_FILE" ]]; then
mkdir -p "$OUTPUT_DIR"
mv "$ISO_FILE" "$OUTPUT_DIR/$ISO_NAME"
cd "$OUTPUT_DIR"
sha256sum "$ISO_NAME" > "${ISO_NAME}.sha256"
SIZE=$(du -h "$ISO_NAME" | cut -f1)
echo ""
echo " ╔═══════════════════════════════════════════════╗"
echo " ║ BUILD COMPLETE — v2.0-b2 ║"
echo " ║ ISO: $ISO_NAME"
echo " ║ Size: $SIZE"
echo " ║ SHA256: $(cat "${ISO_NAME}.sha256" | cut -d' ' -f1 | head -c 16)..."
echo " ╚═══════════════════════════════════════════════╝"
echo ""
else
echo ""
echo " ERROR: ISO build failed. Check build.log for details."
tail -30 "$BUILD_DIR/build.log"
echo ""
exit 1
fi

0
scripts/build-unified.sh Normal file → Executable file
View File