From 504224696c52487ea7a6b33c8f1966181b4b6291 Mon Sep 17 00:00:00 2001 From: "Markus F.X.J. Oberhumer" Date: Tue, 25 Oct 2022 08:47:01 +0200 Subject: [PATCH] misc: update misc/rebuild-stubs-with-podman to install previous UPX versions --- .../10-create-image.sh | 2 +- .../20-image-run-shell.sh | 31 +++++++++++++------ misc/rebuild-stubs-with-podman/Dockerfile | 31 ++++++++++++++++--- 3 files changed, 48 insertions(+), 16 deletions(-) diff --git a/misc/rebuild-stubs-with-podman/10-create-image.sh b/misc/rebuild-stubs-with-podman/10-create-image.sh index 8fa1be33..38452c91 100755 --- a/misc/rebuild-stubs-with-podman/10-create-image.sh +++ b/misc/rebuild-stubs-with-podman/10-create-image.sh @@ -6,7 +6,7 @@ argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" # create the image from Dockerfile # using a rootless Podman container -image=upx-stubtools-20210104-v2 +image=upx-stubtools-20210104-v5 podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" diff --git a/misc/rebuild-stubs-with-podman/20-image-run-shell.sh b/misc/rebuild-stubs-with-podman/20-image-run-shell.sh index b7444ef0..70e3951e 100755 --- a/misc/rebuild-stubs-with-podman/20-image-run-shell.sh +++ b/misc/rebuild-stubs-with-podman/20-image-run-shell.sh @@ -6,18 +6,29 @@ argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" # run an interactive shell in the image # using a rootless Podman container -image=upx-stubtools-20210104-v2 +image=upx-stubtools-20210104-v5 flags=( -ti --read-only --rm ) -flags+=( --cap-drop=all ) -flags+=( --network=none ) -flags+=( --user 2000 ) -# map container user 0 to 1, and map container user 2000 to current host user -flags+=( --uidmap=0:1:1 --uidmap=2000:0:1 ) -flags+=( -w /home/upx ) -flags+=( -e TERM="$TERM" ) -# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx -flags+=( -v "${argv0dir}/../..:/home/upx/src/upx:rw" ) +flags+=( --cap-drop=all ) # drop all capabilities +flags+=( --network=none ) # no network needed +flags+=( -e TERM="$TERM" ) # pass $TERM +if [[ 1 == 1 ]]; then + # run as user upx 2000:2000 + flags+=( --user 2000 ) + # map container user 0 to subuid-user 1, and map container user 2000 to current host user + flags+=( --uidmap=0:1:1 --uidmap=2000:0:1 ) + # map container group 0 to subgid-group 1, and map container group 2000 to current host group + flags+=( --gidmap=0:1:1 --gidmap=2000:0:1 ) + # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx + # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! + flags+=( -v "${argv0dir}/../..:/home/upx/src/upx" ) + flags+=( -w /home/upx/src/upx ) # working directory +else + # run as user root 0:0 + # ONLY FOR DEBUGGING THE IMAGE + # map container user/group 0 to current host user/group + flags+=( --user 0 ) +fi podman run "${flags[@]}" "$image" bash -l diff --git a/misc/rebuild-stubs-with-podman/Dockerfile b/misc/rebuild-stubs-with-podman/Dockerfile index 83a04d83..7711e3d9 100644 --- a/misc/rebuild-stubs-with-podman/Dockerfile +++ b/misc/rebuild-stubs-with-podman/Dockerfile @@ -7,11 +7,13 @@ RUN dpkg --add-architecture i386 \ && apt-get update && apt-get upgrade -y \ && apt-get install -y --no-install-recommends \ aria2 ca-certificates git less libmpc3 libncurses5 make \ - ncurses-term perl-base python2-minimal xz-utils \ + ncurses-term perl-base python2-minimal wget xz-utils \ libc6:i386 zlib1g:i386 \ - # these packages are not required but make the image more convenient - # and also allow building upx via cmake: - bzip2 cmake file g++ patch unzip vim zip \ + # the following packages are not required for rebuilding the stubs, + # but they do make the image more convenient and also allow building + # the full UPX binary inside the container via CMake: + bzip2 cmake elfutils file g++ libzstd-dev lzop ninja-build patch \ + patchelf pax-utils rsync unzip vim zip zlib1g-dev zsh zstd \ && true # manually install compat libs from Ubuntu 16.04 @@ -32,10 +34,29 @@ RUN cd /root \ && aria2c --checksum=sha-256=abcd8337cc656fe68d7bbb2ffe0f1e5ddce618688aa0e18c1ebcc40072843884 \ 'https://github.com/upx/upx-stubtools/releases/download/v20210104/bin-upx-20210104.tar.xz' \ && cd /usr/local/bin \ - && tar -xJf /root/bin-upx-20210104.tar.xz \ + && tar -xoaf /root/bin-upx-20210104.tar.xz \ && rm /root/bin-upx-20210104.tar.xz \ && true +# install previous UPX versions into /usr/local/bin +RUN cd /root \ + && wget -q https://github.com/upx/upx/releases/download/v3.91/upx-3.91-amd64_linux.tar.bz2 \ + && wget -q https://github.com/upx/upx/releases/download/v3.92/upx-3.92-amd64_linux.tar.xz \ + && wget -q https://github.com/upx/upx/releases/download/v3.93/upx-3.93-amd64_linux.tar.xz \ + && wget -q https://github.com/upx/upx/releases/download/v3.94/upx-3.94-amd64_linux.tar.xz \ + && wget -q https://github.com/upx/upx/releases/download/v3.95/upx-3.95-amd64_linux.tar.xz \ + && wget -q https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz \ + && for f in ./upx-*.tar.*; do tar -xoaf $f; done \ + && rm ./upx-*.tar.* \ + && d=upx-3.91-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.91 \ + && d=upx-3.92-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.92 \ + && d=upx-3.93-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.93 \ + && d=upx-3.94-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.94 \ + && d=upx-3.95-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.95 \ + && d=upx-3.96-amd64_linux; ./$d/upx -d $d/upx -o /usr/local/bin/upx-3.96 \ + && rm -rf ./upx-*linux \ + && true + # create default user upx 2000:2000 RUN useradd upx -U --uid 2000 --shell /bin/bash -m \ && mkdir -p /home/upx/.local/bin /home/upx/src/upx \