Additionally requires to run the container with --privileged - not nice but
unavoidable right now, see also
https://groups.google.com/forum/#!topic/isar-users/Un75m49InjY
Also note that running containers with different binfmt settings
concurrently will cause troubles. Same for the case that the host
requires deviating settings. Use carefully.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Isar requires a number of extra packages compared to a Yocto build. It
also needs a newer e2fsprogs version which can be taken from backports.
Last but not least, its keystone multistrap contains a nasty bug [1]
under in jessie so that we need to pull the updated version from
stretch.
The value of having this image still based on jessie is that it can be
used for both purposes: Yocto (2.1/2.2) and Isar builds. We push it
along the kas core image as kas-isar during the CI run.
Isar still requires some raised privileges. Therefore, the image has to
be started with the additional switches "--cap-add=SYS_ADMIN
--cap-add=MKNOD --device $(/sbin/losetup -f)".
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774698
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
