- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
These will be containerised, and were disabled anyway.
Need client, as git needs it, and docker needs git.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- use our own code rather than Alpine setup-disk
- remove alpine setup code as not needed
- do not create swap partitions
- create swap file on desktop editions for now (may remove)
Fix#619
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
We are not using these anywhere, busybox provides some of them.
Avoids security warnings.
Rework of #684
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Tweak the config to use RDSEED or (fallback) RDRAND. Makes sure
we have initial random seed in cases where there is no other
random source if these are supported.
The default config in Alpine currently disables these, which makes
it pretty useless, as there is no motherboard rng support any more.
Replaces #517Fix#514Fix#183
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we used the defaults (main and community) but we
currently only need main, but are likely to need some packages
from edge soon.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
