misc: update misc/rebuild-stubs-with-podman to install previous UPX versions

2022-10-25 08:47:01 +02:00 · 2022-10-25 08:47:01 +02:00 · 504224696c
parent e2acd666df
commit 504224696c
3 changed files with 48 additions and 16 deletions
--- a/misc/rebuild-stubs-with-podman/10-create-image.sh
+++ b/misc/rebuild-stubs-with-podman/10-create-image.sh
@ -6,7 +6,7 @@ argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
 # create the image from Dockerfile
 # using a rootless Podman container

-image=upx-stubtools-20210104-v2
+image=upx-stubtools-20210104-v5

 podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"

--- a/misc/rebuild-stubs-with-podman/20-image-run-shell.sh
+++ b/misc/rebuild-stubs-with-podman/20-image-run-shell.sh
@ -6,18 +6,29 @@ argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
 # run an interactive shell in the image
 # using a rootless Podman container

-image=upx-stubtools-20210104-v2
+image=upx-stubtools-20210104-v5

 flags=( -ti --read-only --rm )
-flags+=( --cap-drop=all )
-flags+=( --network=none )
-flags+=( --user 2000 )
-# map container user 0 to 1, and map container user 2000 to current host user
-flags+=( --uidmap=0:1:1 --uidmap=2000:0:1 )
-flags+=( -w /home/upx )
-flags+=( -e TERM="$TERM" )
-# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
-flags+=( -v "${argv0dir}/../..:/home/upx/src/upx:rw" )
+flags+=( --cap-drop=all )           # drop all capabilities
+flags+=( --network=none )           # no network needed
+flags+=( -e TERM="$TERM" )          # pass $TERM
+if [[ 1 == 1 ]]; then
+    # run as user upx 2000:2000
+    flags+=( --user 2000 )
+    # map container user 0 to subuid-user 1, and map container user 2000 to current host user
+    flags+=( --uidmap=0:1:1 --uidmap=2000:0:1 )
+    # map container group 0 to subgid-group 1, and map container group 2000 to current host group
+    flags+=( --gidmap=0:1:1 --gidmap=2000:0:1 )
+    # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
+    # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
+    flags+=( -v "${argv0dir}/../..:/home/upx/src/upx" )
+    flags+=( -w /home/upx/src/upx ) # working directory
+else
+    # run as user root 0:0
+    # ONLY FOR DEBUGGING THE IMAGE
+    # map container user/group 0 to current host user/group
+    flags+=( --user 0 )
+fi

 podman run "${flags[@]}" "$image" bash -l

--- a/misc/rebuild-stubs-with-podman/Dockerfile
+++ b/misc/rebuild-stubs-with-podman/Dockerfile
@ -7,11 +7,13 @@ RUN dpkg --add-architecture i386 \
    && apt-get update && apt-get upgrade -y \
    && apt-get install -y --no-install-recommends \
        aria2 ca-certificates git less libmpc3 libncurses5 make \
-        ncurses-term perl-base python2-minimal xz-utils \
+        ncurses-term perl-base python2-minimal wget xz-utils \
        libc6:i386 zlib1g:i386 \
-        # these packages are not required but make the image more convenient
-        # and also allow building upx via cmake:
-        bzip2 cmake file g++ patch unzip vim zip \
+        # the following packages are not required for rebuilding the stubs,
+        # but they do make the image more convenient and also allow building
+        # the full UPX binary inside the container via CMake:
+        bzip2 cmake elfutils file g++ libzstd-dev lzop ninja-build patch \
+        patchelf pax-utils rsync unzip vim zip zlib1g-dev zsh zstd \
    && true

 # manually install compat libs from Ubuntu 16.04
@ -32,10 +34,29 @@ RUN cd /root \
    && aria2c --checksum=sha-256=abcd8337cc656fe68d7bbb2ffe0f1e5ddce618688aa0e18c1ebcc40072843884 \
              'https://github.com/upx/upx-stubtools/releases/download/v20210104/bin-upx-20210104.tar.xz' \
    && cd /usr/local/bin \
-    && tar -xJf /root/bin-upx-20210104.tar.xz \
+    && tar -xoaf /root/bin-upx-20210104.tar.xz \
    && rm /root/bin-upx-20210104.tar.xz \
    && true

+# install previous UPX versions into /usr/local/bin
+RUN cd /root \
+    && wget -q https://github.com/upx/upx/releases/download/v3.91/upx-3.91-amd64_linux.tar.bz2 \
+    && wget -q https://github.com/upx/upx/releases/download/v3.92/upx-3.92-amd64_linux.tar.xz \
+    && wget -q https://github.com/upx/upx/releases/download/v3.93/upx-3.93-amd64_linux.tar.xz \
+    && wget -q https://github.com/upx/upx/releases/download/v3.94/upx-3.94-amd64_linux.tar.xz \
+    && wget -q https://github.com/upx/upx/releases/download/v3.95/upx-3.95-amd64_linux.tar.xz \
+    && wget -q https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz \
+    && for f in ./upx-*.tar.*; do tar -xoaf $f; done \
+    && rm ./upx-*.tar.* \
+    && d=upx-3.91-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.91 \
+    && d=upx-3.92-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.92 \
+    && d=upx-3.93-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.93 \
+    && d=upx-3.94-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.94 \
+    && d=upx-3.95-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.95 \
+    && d=upx-3.96-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.96 \
+    && rm -rf ./upx-*linux \
+    && true
+
 # create default user upx 2000:2000
 RUN useradd upx -U --uid 2000 --shell /bin/bash -m \
    && mkdir -p /home/upx/.local/bin /home/upx/src/upx \