Address review feedback on #173:
- Don't sleep after the final build attempt (no retry follows it).
- Forward the workflow-wide CARGO_NET_RETRY into the container with a
bare '-e CARGO_NET_RETRY' instead of re-hardcoding the value, keeping
a single source of truth.
The Test (debian/alpine/fedora) matrix failed four times in a row on
2026-06-10, each on a transient network error (Docker Hub base-image
pull i/o timeout; crates.io download broken pipe) unrelated to the code.
- fail-fast: false so one distro's flake no longer cancels the others.
- Retry 'docker compose build <target>' (the Docker Hub pull) with backoff.
- Pass CARGO_NET_RETRY into the container and set it for runner-native
jobs so cargo retries crate downloads; real test failures still fail
fast (no step-level retry around the test run).
No new third-party actions — a shell retry loop keeps the supply-chain
surface unchanged.
Closes#172.
#154: Reject setuid multicall invocations where argv[0] doesn't match
AT_EXECFN from the ELF auxiliary vector. Prevents an attacker from
spoofing argv[0] to route the multicall binary to a different tool
in setuid context. Only enforced when euid != uid.
#155: Add daily cargo-audit workflow matching uutils/coreutils pattern.
Also triggers on Cargo.toml/Cargo.lock changes.
Fixes#154. Fixes#155.
- Add homepage.workspace to root package (missing vs subcrates)
- Gate Docker test-docker job to push only (seccomp:unconfined
and SYS_ADMIN are unsafe for untrusted PR contexts)
- Add Docker test matrix (debian/alpine/fedora) to GitHub Actions CI
- Add renovate.json for automated dependency updates
- Add rust-toolchain.toml for contributor convenience