Split GCP startup script in two:
+ One started before Docker, to set the hostname
+ Another to run the startup script
Signed-off-by: David Gageot <david@gageot.net>
I had occasion to use a Moby build of 1.12 on Docker for Mac today
and I had to patch this in. Given that we re-added support for 1.12
for cloud, for CS, may as well support on OSX too as we are still
doing releases.
The fix is a bit messy (hence the flag), as it writes to the file
system but we will remove it later, or work around the write if
we need to continue to support 1.12 outside the 1.12.x branch.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
vsudd is quite verbose, and we are confident enough about its stability.
This will clean Pinata logs as well indirectly
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
See #875
This will only happen if there has been some sort of error
before, but lets not make it worse.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- make quiet
- force, so some adjustments are not checked see https://github.com/docker/pinata/issues/6198
- set resize_inode as we do resize partitions on cloud and they could have very few inodes otherwise
- inline all the default options and remove the config file, so script is more standalone
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- run test suite under containerd
- in future this should be converted to Go not shell see #860
- test suite is now in its own initrd, can be run on any platform not just qemu
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Regenerated the kernel config from container, which bumped the kernel
version and included some other fixes. Also bumps the check-config
container to check for VSYSCALL_NATIVE
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
When building the base images always test signatures.
This will be the default at some point.
Add a test that content trust is working.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8
fix#53
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
