- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Tweak the config to use RDSEED or (fallback) RDRAND. Makes sure
we have initial random seed in cases where there is no other
random source if these are supported.
The default config in Alpine currently disables these, which makes
it pretty useless, as there is no motherboard rng support any more.
Replaces #517Fix#514Fix#183
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we used the defaults (main and community) but we
currently only need main, but are likely to need some packages
from edge soon.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
