- this is a raw 1GB filesystem image with syslinux for booting
- built with libguestfs so does not need any privileges
- need not be built on GCE
- there is a target that runs the image in qemu for local tests
Does not yet have a script to upload the image to cloud storage or create image from it.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Sometimes Debian just wants to ask you questions on an install,
this is really not a useful behaviour when there is no one
attached to the process.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- run test suite under containerd
- in future this should be converted to Go not shell see #860
- test suite is now in its own initrd, can be run on any platform not just qemu
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is a minimal standalone statically linked shell for use
for now in converting images to containers.
Plan to phase it out and replace with actual programs later.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
When building the base images always test signatures.
This will be the default at some point.
Add a test that content trust is working.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8
fix#53
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
These will be containerised, and were disabled anyway.
Need client, as git needs it, and docker needs git.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- use our own code rather than Alpine setup-disk
- remove alpine setup code as not needed
- do not create swap partitions
- create swap file on desktop editions for now (may remove)
Fix#619
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Add toybox statically linked ls, sh, find etc so that it is
possible to examine the archive eaily.
Fix#749
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
We are not using these anywhere, busybox provides some of them.
Avoids security warnings.
Rework of #684
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Simpler to have an image that takes the kernel and initrd as input,
rather than building them into the image.
The rest need converting.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
