/var/lib/tox-bootstrapd on the host is owned by hosts's tox-bootstrapd
and chowned 700, but the container attempts to access it as its own
tox-bootstrapd user with possibly different uid:gid, which will fail if
host's tox-bootstrapd user has different uid:gid than the tox-bootstrapd
user inside the container.
This change makes the container use host's tox-bootstrapd uid:gid, which
fixes the issue.
* Use fully static build for the bootstrap daemon.
* Store a sha256sum of the binary in the repo.
* Updated documentation for it.
* Add support for fully static build in cmake.
* Enable the docker build on every PR, so we catch changes to the
checksum. I realise this is adding toil, but having the checksum is
valuable for security of released binaries.
tox-bootstrapd can use around 600 TCP sockets during TCP server's normal
functioning. Many systems default to having a soft limit of 1024 open file
descriptors, which we are close to reaching, so it was suggested we bump that
limit to a higher number. iphy suggested increasing it to 32768.
@arthurtiteica has pointed out that systemd has more suitable facilities for
creating a temporary directory for a PID file rather than calling ExecStartPre,
which requires an absolute path to coreutils executables we used for creating a
directory and changing its owner, paths of which are are not universal across
distributions. Systemd can take care of it for us without need to provide
absolute paths, which is what we use here.
