This is a minimal standalone statically linked shell for use
for now in converting images to containers.
Plan to phase it out and replace with actual programs later.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
When building the base images always test signatures.
This will be the default at some point.
Add a test that content trust is working.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
