From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6460881787873656832 X-Received: by 10.25.72.195 with SMTP id v186mr924825lfa.0.1504291265252; Fri, 01 Sep 2017 11:41:05 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.28.12.143 with SMTP id 137ls382244wmm.0.canary-gmail; Fri, 01 Sep 2017 11:41:04 -0700 (PDT) X-Google-Smtp-Source: ADKCNb60Lso7JHCHKl5c9sXMIo3nKbiwoutZ7fzXXt7+hQRxLD3e7XA7S88NeUcwTgT8xv8d2oUL X-Received: by 10.28.9.13 with SMTP id 13mr199856wmj.31.1504291264923; Fri, 01 Sep 2017 11:41:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1504291264; cv=none; d=google.com; s=arc-20160816; b=wXeUxVkPPpiJAKq8VK6X2RonPzerU23xIz+I/APVpcR+/NnIw0tih/vOtxPZYgaWAX KoQ+36gF0rr+V1paiWXnTIap56NlXlgJ9V+7V49rIPcHFXSwY1VIUkJy+kAAkePFFf2c z5k2GhuJDZ39+1LfI2tI9Gz7bn3kMuy7ymuaytLjFkaIn1NO9KmUDkaFZkinmR5ICBVA LSdlxzxM0KSt8AMBYaazFz1MN6/PuQ87eSnIPIcHZc27DXKKglnSIR2vOdhDAmfpbJhN Pnmgh8aJHSnFrt/C6tcK0o1e5esIOoh+l1+NOBPrpj58u92/OFVCEAQv+/Vj41is1qqz jDOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:mime-version:user-agent :date:message-id:subject:from:to:arc-authentication-results; bh=Hns4ctuAXdbX5iAZ3pJx0kjCQYDiltrgSuz3vnbsFps=; b=xZJc9fLt3WrFi8THMtCudQ8isabgURGNpRSX/IxBmxBXsxIAigYYc2lxnz3rMsbMhz emZKNRvJmW1ZUYFFzpmJbY6ByPWvZVeF3GyqRce+qmt2wSDXSmcyTkDkpuRPk6O/60hg q5Po1MuWsO07mnPSLmYzPpGeZjYJuY44usqqKtmuI1pflfsOT8olXz4zZrNJrRdzLgxc rIbnkYzr/2MLOhtHfrnArk00vfwlJ69uKcICp4hfP1HtOMZuIs2ahso0EtYwVoTL7VSc Tl5SEHA4fFARaexAa3dHRq4Ss3Vplr502YfC45WpgAP3rqwmw0OVYORudwc4XfbrLGL4 ofhw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 192.35.17.2 is neither permitted nor denied by best guess record for domain of jan.kiszka@siemens.com) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id m63si189795wma.8.2017.09.01.11.41.04 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Sep 2017 11:41:04 -0700 (PDT) Received-SPF: neutral (google.com: 192.35.17.2 is neither permitted nor denied by best guess record for domain of jan.kiszka@siemens.com) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 192.35.17.2 is neither permitted nor denied by best guess record for domain of jan.kiszka@siemens.com) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id v81If4NJ000460 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 1 Sep 2017 20:41:04 +0200 Received: from md1f2u6c.ww002.siemens.net ([139.25.68.37]) by mail1.siemens.de (8.15.2/8.15.2) with ESMTP id v81If4jF003303 for ; Fri, 1 Sep 2017 20:41:04 +0200 To: isar-users From: Jan Kiszka Subject: Building cross images inside containers Message-ID: Date: Fri, 1 Sep 2017 20:41:04 +0200 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: ZfW+OQCmby4+ Hi, trying to cross-build an Isar image for ARM inside a Docker container, I ran into another dependency that currently prevents unprivileged builds: transparent cross-execution of binaries via binfmt_misc (configured by binfmt-support). In order to allow that, I need to start the container with --privileged rights, and it will consequently reconfigure the host kernel according to its own desire. That cannot work on container-based CI systems, only inside VMs. So we either need to overcome this feature as well (dunno if/how other distros are using it) or give up on Docker-based build and go into a VM. Jan -- Siemens AG, Corporate Technology, CT RDA ITP SES-DE Corporate Competence Center Embedded Linux