From 0a3d78e47fc1d5edb56f2bbd3ccda21c9187f10c Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Mon, 31 Jul 2017 20:18:20 +0100 Subject: [PATCH] Update hashes for rngd and add a one shot example in sshd Signed-off-by: Justin Cormack --- examples/aws.yml | 2 +- examples/azure.yml | 2 +- examples/docker.yml | 2 +- examples/gcp.yml | 2 +- examples/getty.yml | 2 +- examples/node_exporter.yml | 2 +- examples/packet.yml | 2 +- examples/sshd.yml | 5 ++++- examples/swap.yml | 2 +- examples/tpm.yml | 2 +- examples/vmware.yml | 2 +- examples/vultr.yml | 2 +- linuxkit.yml | 2 +- projects/compose/compose-dynamic.yml | 2 +- projects/compose/compose-static.yml | 2 +- projects/etcd/etcd.yml | 2 +- projects/ima-namespace/ima-namespace.yml | 2 +- projects/kubernetes/kube-master.yml | 2 +- projects/kubernetes/kube-node.yml | 2 +- projects/logging/examples/logging.yml | 2 +- projects/miragesdk/examples/fdd.yml | 2 +- projects/okernel/examples/okernel_simple.yaml | 2 +- projects/shiftfs/shiftfs.yml | 2 +- projects/swarmd/swarmd.yml | 2 +- .../030_security/000_docker-bench/test-docker-bench.yml | 2 +- 25 files changed, 28 insertions(+), 25 deletions(-) diff --git a/examples/aws.yml b/examples/aws.yml index 2ec17b5a7..e72598d75 100644 --- a/examples/aws.yml +++ b/examples/aws.yml @@ -16,7 +16,7 @@ onboot: image: linuxkit/metadata:f5d4299909b159db35f72547e4ae70bd76c42c6c services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: sshd image: linuxkit/sshd:5dc5c3c4470c85f6c89f0e26b9d477ae4ff85a3c binds: diff --git a/examples/azure.yml b/examples/azure.yml index 69069b8a2..d4983ba6e 100644 --- a/examples/azure.yml +++ b/examples/azure.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b - name: sshd diff --git a/examples/docker.yml b/examples/docker.yml index 8efc9027c..4bfc4bbb7 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -24,7 +24,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b - name: ntpd diff --git a/examples/gcp.yml b/examples/gcp.yml index 7bb30bd71..15b6ddfd3 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -20,7 +20,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: sshd image: linuxkit/sshd:5dc5c3c4470c85f6c89f0e26b9d477ae4ff85a3c binds: diff --git a/examples/getty.yml b/examples/getty.yml index 5599db970..6f80cd87a 100644 --- a/examples/getty.yml +++ b/examples/getty.yml @@ -19,7 +19,7 @@ services: #env: # - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf files: - path: etc/getty.shadow # sample sets password for root to "abcdefgh" (without quotes) diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index 74d1b5fac..21f2fb5e4 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -11,7 +11,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b - name: node_exporter diff --git a/examples/packet.yml b/examples/packet.yml index 9785d9715..a0e693353 100644 --- a/examples/packet.yml +++ b/examples/packet.yml @@ -11,7 +11,7 @@ onboot: image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b - name: sshd diff --git a/examples/sshd.yml b/examples/sshd.yml index 555347cba..7d8cf8dac 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -9,13 +9,16 @@ init: onboot: - name: sysctl image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb + - name: rngd1 + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf + command: ["/sbin/rngd", "-1"] services: - name: getty image: linuxkit/getty:58620cff1b0bf8b5d144d087602115e996f18a02 env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b - name: sshd diff --git a/examples/swap.yml b/examples/swap.yml index 067044dbe..e229cbf59 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -28,7 +28,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: nginx image: nginx:alpine capabilities: diff --git a/examples/tpm.yml b/examples/tpm.yml index 35d4706d6..41a4a2fea 100644 --- a/examples/tpm.yml +++ b/examples/tpm.yml @@ -20,7 +20,7 @@ services: - name: tss image: linuxkit/tss:51d73be868e12af76965f5682ed59309c19972b6 - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf files: - path: etc/getty.shadow # sample sets password for root to "abcdefgh" (without quotes) diff --git a/examples/vmware.yml b/examples/vmware.yml index 90c293d5a..8d6c74029 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -15,7 +15,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b - name: nginx diff --git a/examples/vultr.yml b/examples/vultr.yml index 0cddf7cfd..aa8e5ce8c 100644 --- a/examples/vultr.yml +++ b/examples/vultr.yml @@ -20,7 +20,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: sshd image: linuxkit/sshd:5dc5c3c4470c85f6c89f0e26b9d477ae4ff85a3c binds: diff --git a/linuxkit.yml b/linuxkit.yml index 299b7b1e9..1bebb820e 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -24,7 +24,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: nginx image: nginx:alpine capabilities: diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml index a372ce646..f24a19466 100644 --- a/projects/compose/compose-dynamic.yml +++ b/projects/compose/compose-dynamic.yml @@ -23,7 +23,7 @@ onboot: command: ["/usr/bin/mountie", "/var/lib/docker"] services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: ntpd image: linuxkit/openntpd:2874b66c9fa51fa5b4d11c8b50441eb94ee22a5a - name: docker diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml index fa3753191..9eb67c58c 100644 --- a/projects/compose/compose-static.yml +++ b/projects/compose/compose-static.yml @@ -23,7 +23,7 @@ onboot: command: ["/usr/bin/mountie", "/var/lib/docker"] services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: ntpd image: linuxkit/openntpd:2874b66c9fa51fa5b4d11c8b50441eb94ee22a5a - name: docker diff --git a/projects/etcd/etcd.yml b/projects/etcd/etcd.yml index 8a1e47772..21824d5d4 100644 --- a/projects/etcd/etcd.yml +++ b/projects/etcd/etcd.yml @@ -21,7 +21,7 @@ onboot: image: linuxkit/metadata:f5d4299909b159db35f72547e4ae70bd76c42c6c services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: ntpd image: linuxkit/openntpd:2874b66c9fa51fa5b4d11c8b50441eb94ee22a5a - name: node_exporter diff --git a/projects/ima-namespace/ima-namespace.yml b/projects/ima-namespace/ima-namespace.yml index a60bf55a1..2c39fdac4 100644 --- a/projects/ima-namespace/ima-namespace.yml +++ b/projects/ima-namespace/ima-namespace.yml @@ -17,7 +17,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: nginx image: nginx:alpine capabilities: diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index fb2e35959..6b643f4ae 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -34,7 +34,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: ntpd image: linuxkit/openntpd:2874b66c9fa51fa5b4d11c8b50441eb94ee22a5a - name: sshd diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index ed33a9b19..1bbd545e0 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -34,7 +34,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: ntpd image: linuxkit/openntpd:2874b66c9fa51fa5b4d11c8b50441eb94ee22a5a - name: sshd diff --git a/projects/logging/examples/logging.yml b/projects/logging/examples/logging.yml index 1d97052b7..05814eee8 100644 --- a/projects/logging/examples/logging.yml +++ b/projects/logging/examples/logging.yml @@ -17,7 +17,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: nginx image: nginx:alpine capabilities: diff --git a/projects/miragesdk/examples/fdd.yml b/projects/miragesdk/examples/fdd.yml index 20ca6e153..f91ca1868 100644 --- a/projects/miragesdk/examples/fdd.yml +++ b/projects/miragesdk/examples/fdd.yml @@ -16,7 +16,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b files: diff --git a/projects/okernel/examples/okernel_simple.yaml b/projects/okernel/examples/okernel_simple.yaml index 6a699838e..448fcd831 100644 --- a/projects/okernel/examples/okernel_simple.yaml +++ b/projects/okernel/examples/okernel_simple.yaml @@ -11,7 +11,7 @@ onboot: image: linuxkit/sysctl:3f7a3f6f9e7e1d3f245c766fcf5c2b9e97382cfb services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b - name: sshd diff --git a/projects/shiftfs/shiftfs.yml b/projects/shiftfs/shiftfs.yml index 68c82be4a..1a2a317bf 100644 --- a/projects/shiftfs/shiftfs.yml +++ b/projects/shiftfs/shiftfs.yml @@ -20,7 +20,7 @@ services: env: - INSECURE=true - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: nginx image: nginx:alpine capabilities: diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index b851dd941..4fa85dac7 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -31,7 +31,7 @@ services: binds: - /dev/vport0p1:/dev/vport0p1 - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: ntpd image: linuxkit/openntpd:2874b66c9fa51fa5b4d11c8b50441eb94ee22a5a - name: weave diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml index 635e28a9c..c9040b0bd 100644 --- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml +++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml @@ -20,7 +20,7 @@ onboot: command: ["/usr/bin/mountie", "/var/lib/docker"] services: - name: rngd - image: linuxkit/rngd:1516d5d70683a5d925fe475eb1b6164a2f67ac3b + image: linuxkit/rngd:6565ae49f6be29d4e64614a4df3978b972956ebf - name: dhcpcd image: linuxkit/dhcpcd:17423c1ccced74e3c005fd80486e8177841fe02b - name: docker