diff --git a/misc/rebuild-stubs-with-podman/Dockerfile b/misc/rebuild-stubs-with-podman/Dockerfile index 146ef546..4e3a0cd5 100644 --- a/misc/rebuild-stubs-with-podman/Dockerfile +++ b/misc/rebuild-stubs-with-podman/Dockerfile @@ -52,7 +52,7 @@ RUN cd /root \ # create default user upx 2000:2000 RUN useradd upx -U --uid 2000 --shell /bin/bash -m \ - && cd /home/upx && chmod 700 . \ + && cd /home/upx && chmod 00700 . \ # prepare ~/.cache and ~/.local for possible tmpfs mounts && mkdir -p .cache .local src/upx \ && for d in ccache fontconfig go-build mesa_shader_cache tmp wine zig; do mkdir -p .cache/$d; done \ diff --git a/misc/test-qemu-with-podman/README.md b/misc/test-qemu-with-podman/README.md new file mode 100644 index 00000000..9bb6b40e --- /dev/null +++ b/misc/test-qemu-with-podman/README.md @@ -0,0 +1,48 @@ +test-qemu-with-podman +===================== + +This directory provides scripts for creating and running small Alpine Linux container +images, intended for testing statically-linked Linux executables with qemu-user. + +Very short usage instructions follow. + +### Where do I get statically-linked Linux binaries: + - all recent official UPX linux release binaries are statically linked + - the `zigcc linux-musl` artifacts as created by our GitHub Actions CI + - many other `linux-musl` binaries are statically linked + - many `Go` and some `Rust` programs are statically linked + +### PREPARATION OUTSIDE THE CONTAINER: + +```sh + cd your-upx-top-level-directory + mkdir -p tmp + cd tmp + + # download some official UPX release binaries + wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-amd64_linux.tar.xz + wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-arm64_linux.tar.xz + wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.tar.xz + wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-mips_linux.tar.xz + wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-powerpc64le_linux.tar.xz + # ...same for more architectures + + # and unpack all .tar.xz files + for f in ./upx*.tar.xz; do tar -xJf $f; done +``` + +### INSIDE THE CONTAINER: + +```sh + cd /home/upx/src/upx/tmp + + # check that the official binaries do work + qemu-i386 ./upx-4.0.2-i386_linux/upx --version + qemu-mips ./upx-4.0.2-mips_linux/upx --version + # ...same for more architectures + + # use qemu-mips to unpack the arm64 binary, and then run the unpacked arm64 binary: + qemu-mips ./upx-4.0.2-mips_linux/upx -d upx-4.0.2-arm64_linux/upx -o upx-arm64-unpacked + qemu-aarch64 ./upx-arm64-unpacked --version + # ...same for more architectures +``` diff --git a/misc/test-qemu-with-podman/test-qemu6-with-podman/10-create-image.sh b/misc/test-qemu-with-podman/test-qemu6-with-podman/10-create-image.sh new file mode 100755 index 00000000..08614c61 --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu6-with-podman/10-create-image.sh @@ -0,0 +1,15 @@ +#! /usr/bin/env bash +## vim:set ts=4 sw=4 et: +set -e; set -o pipefail +argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" + +# create the image from Dockerfile +# using a rootless Podman container + +image=upx-test-qemu6-20230708-v1 + +podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" + +podman image list "$image" +echo +podman image tree "$image" diff --git a/misc/test-qemu-with-podman/test-qemu6-with-podman/20-image-run-shell.sh b/misc/test-qemu-with-podman/test-qemu6-with-podman/20-image-run-shell.sh new file mode 100755 index 00000000..ebbb838f --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu6-with-podman/20-image-run-shell.sh @@ -0,0 +1,37 @@ +#! /usr/bin/env bash +## vim:set ts=4 sw=4 et: +set -e; set -o pipefail +argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" + +# run an interactive shell in the image +# using a rootless Podman container + +image=upx-test-qemu6-20230708-v1 + +flags=( --read-only --rm --pull=never ) +flags+=( --cap-drop=all ) # drop all capabilities +flags+=( --network=none ) # no network needed +flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM +if [[ 1 == 1 ]]; then + # run as user upx 2000:2000 + flags+=( --user 2000 ) + # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user + flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) + # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group + flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) + # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx + # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! + flags+=( -v "${argv0dir}/../../..:/home/upx/src/upx" ) + flags+=( -w /home/upx/src/upx ) # set working directory + flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs + flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs +else + # run as user root 0:0 + # ONLY FOR DEBUGGING THE IMAGE + # map container user/group 0 to current host user/group + flags+=( --user 0 ) +fi + +podman run "${flags[@]}" "$image" bash -l + +# please see usage instructions in ../README.md diff --git a/misc/test-qemu-with-podman/test-qemu6-with-podman/Dockerfile b/misc/test-qemu-with-podman/test-qemu6-with-podman/Dockerfile new file mode 100644 index 00000000..b9ee32a5 --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu6-with-podman/Dockerfile @@ -0,0 +1,24 @@ +FROM docker.io/library/alpine:3.15 + +# install qemu 6.1.1-r0 and some utils +RUN apk update && apk upgrade && apk add \ + bash-completion \ + qemu-aarch64 \ + qemu-arm \ + qemu-armeb \ + qemu-i386 \ + qemu-mips \ + qemu-mipsel \ + qemu-ppc \ + qemu-ppc64 \ + qemu-ppc64le \ + qemu-x86_64 \ + && true + +# create default user upx 2000:2000 +RUN adduser upx -u 2000 -D \ + && cd /home/upx && chmod 00700 . \ + && mkdir -p .cache .local/bin src/upx \ + && chown -R upx:upx . \ + && true +USER upx diff --git a/misc/test-qemu-with-podman/test-qemu7-with-podman/10-create-image.sh b/misc/test-qemu-with-podman/test-qemu7-with-podman/10-create-image.sh new file mode 100755 index 00000000..294b5ec7 --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu7-with-podman/10-create-image.sh @@ -0,0 +1,15 @@ +#! /usr/bin/env bash +## vim:set ts=4 sw=4 et: +set -e; set -o pipefail +argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" + +# create the image from Dockerfile +# using a rootless Podman container + +image=upx-test-qemu7-20230708-v1 + +podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" + +podman image list "$image" +echo +podman image tree "$image" diff --git a/misc/test-qemu-with-podman/test-qemu7-with-podman/20-image-run-shell.sh b/misc/test-qemu-with-podman/test-qemu7-with-podman/20-image-run-shell.sh new file mode 100755 index 00000000..c1c5e6dd --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu7-with-podman/20-image-run-shell.sh @@ -0,0 +1,37 @@ +#! /usr/bin/env bash +## vim:set ts=4 sw=4 et: +set -e; set -o pipefail +argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" + +# run an interactive shell in the image +# using a rootless Podman container + +image=upx-test-qemu7-20230708-v1 + +flags=( --read-only --rm --pull=never ) +flags+=( --cap-drop=all ) # drop all capabilities +flags+=( --network=none ) # no network needed +flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM +if [[ 1 == 1 ]]; then + # run as user upx 2000:2000 + flags+=( --user 2000 ) + # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user + flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) + # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group + flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) + # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx + # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! + flags+=( -v "${argv0dir}/../../..:/home/upx/src/upx" ) + flags+=( -w /home/upx/src/upx ) # set working directory + flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs + flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs +else + # run as user root 0:0 + # ONLY FOR DEBUGGING THE IMAGE + # map container user/group 0 to current host user/group + flags+=( --user 0 ) +fi + +podman run "${flags[@]}" "$image" bash -l + +# please see usage instructions in ../README.md diff --git a/misc/test-qemu-with-podman/test-qemu7-with-podman/Dockerfile b/misc/test-qemu-with-podman/test-qemu7-with-podman/Dockerfile new file mode 100644 index 00000000..e97a0caf --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu7-with-podman/Dockerfile @@ -0,0 +1,24 @@ +FROM docker.io/library/alpine:3.17 + +# install qemu 7.1.0-r7 and some utils +RUN apk update && apk upgrade && apk add \ + bash-completion \ + qemu-aarch64 \ + qemu-arm \ + qemu-armeb \ + qemu-i386 \ + qemu-mips \ + qemu-mipsel \ + qemu-ppc \ + qemu-ppc64 \ + qemu-ppc64le \ + qemu-x86_64 \ + && true + +# create default user upx 2000:2000 +RUN adduser upx -u 2000 -D \ + && cd /home/upx && chmod 00700 . \ + && mkdir -p .cache .local/bin src/upx \ + && chown -R upx:upx . \ + && true +USER upx diff --git a/misc/test-qemu-with-podman/test-qemu8-with-podman/10-create-image.sh b/misc/test-qemu-with-podman/test-qemu8-with-podman/10-create-image.sh new file mode 100755 index 00000000..947477aa --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu8-with-podman/10-create-image.sh @@ -0,0 +1,15 @@ +#! /usr/bin/env bash +## vim:set ts=4 sw=4 et: +set -e; set -o pipefail +argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" + +# create the image from Dockerfile +# using a rootless Podman container + +image=upx-test-qemu8-20230708-v1 + +podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" + +podman image list "$image" +echo +podman image tree "$image" diff --git a/misc/test-qemu-with-podman/test-qemu8-with-podman/20-image-run-shell.sh b/misc/test-qemu-with-podman/test-qemu8-with-podman/20-image-run-shell.sh new file mode 100755 index 00000000..03799b2c --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu8-with-podman/20-image-run-shell.sh @@ -0,0 +1,37 @@ +#! /usr/bin/env bash +## vim:set ts=4 sw=4 et: +set -e; set -o pipefail +argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" + +# run an interactive shell in the image +# using a rootless Podman container + +image=upx-test-qemu8-20230708-v1 + +flags=( --read-only --rm --pull=never ) +flags+=( --cap-drop=all ) # drop all capabilities +flags+=( --network=none ) # no network needed +flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM +if [[ 1 == 1 ]]; then + # run as user upx 2000:2000 + flags+=( --user 2000 ) + # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user + flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) + # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group + flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) + # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx + # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! + flags+=( -v "${argv0dir}/../../..:/home/upx/src/upx" ) + flags+=( -w /home/upx/src/upx ) # set working directory + flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs + flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs +else + # run as user root 0:0 + # ONLY FOR DEBUGGING THE IMAGE + # map container user/group 0 to current host user/group + flags+=( --user 0 ) +fi + +podman run "${flags[@]}" "$image" bash -l + +# please see usage instructions in ../README.md diff --git a/misc/test-qemu-with-podman/test-qemu8-with-podman/Dockerfile b/misc/test-qemu-with-podman/test-qemu8-with-podman/Dockerfile new file mode 100644 index 00000000..72a81abd --- /dev/null +++ b/misc/test-qemu-with-podman/test-qemu8-with-podman/Dockerfile @@ -0,0 +1,24 @@ +FROM docker.io/library/alpine:3.18 + +# install qemu 8.0.2-r1 and some utils +RUN apk update && apk upgrade && apk add \ + bash-completion \ + qemu-aarch64 \ + qemu-arm \ + qemu-armeb \ + qemu-i386 \ + qemu-mips \ + qemu-mipsel \ + qemu-ppc \ + qemu-ppc64 \ + qemu-ppc64le \ + qemu-x86_64 \ + && true + +# create default user upx 2000:2000 +RUN adduser upx -u 2000 -D \ + && cd /home/upx && chmod 00700 . \ + && mkdir -p .cache .local/bin src/upx \ + && chown -R upx:upx . \ + && true +USER upx