This way it runs as root so files always owned by root.
Fix#887
This is the simplest fix for 1.13, we can also use this for
creating the main system initrd, but that needs more changes
so leaving for 1.14.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- this is a raw 1GB filesystem image with syslinux for booting
- built with libguestfs so does not need any privileges
- need not be built on GCE
- there is a target that runs the image in qemu for local tests
Does not yet have a script to upload the image to cloud storage or create image from it.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- run test suite under containerd
- in future this should be converted to Go not shell see #860
- test suite is now in its own initrd, can be run on any platform not just qemu
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Allows appending another initrd.
Also build initrd on tmpfs as should be a bit faster now we have to do
another copy.
Fix#618
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8
fix#53
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This means that multiple builds will not conflict, so we can
remove the lock from the CI. Also quieter when no errors.
Some still left to do, only done the ones used in build and CI
initially. Some of the others will be cleaned up anyway later.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
1. Upstream issue in Alpine that default directory is not used.
2. dhcp appends ntp servers, so delete default first.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Simpler to have an image that takes the kernel and initrd as input,
rather than building them into the image.
The rest need converting.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is needed for volume drivers as they will mount their
volumes under here, and if they are running in a container
docker on the host will need to see these.
Also provide our own fstab, removes the media devices that were
there previously.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The CI uses Alpine with busybox and that version is not good
at compression.
ALso use `.DELETE_ON_ERROR` so empty files are not created on failure.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
