From 82a6ccac4df5973426599c9056457531d31894cc Mon Sep 17 00:00:00 2001 From: "Markus F.X.J. Oberhumer" Date: Tue, 8 Nov 2022 03:54:30 +0100 Subject: [PATCH] misc: add misc/cross-compile-upx-with-podman --- .../10-create-image.sh | 17 +++++++ .../20-image-run-shell.sh | 40 ++++++++++++++++ misc/cross-compile-upx-with-podman/Dockerfile | 47 +++++++++++++++++++ .../20-image-run-shell.sh | 8 ++-- 4 files changed, 108 insertions(+), 4 deletions(-) create mode 100755 misc/cross-compile-upx-with-podman/10-create-image.sh create mode 100755 misc/cross-compile-upx-with-podman/20-image-run-shell.sh create mode 100644 misc/cross-compile-upx-with-podman/Dockerfile diff --git a/misc/cross-compile-upx-with-podman/10-create-image.sh b/misc/cross-compile-upx-with-podman/10-create-image.sh new file mode 100755 index 00000000..66988c96 --- /dev/null +++ b/misc/cross-compile-upx-with-podman/10-create-image.sh @@ -0,0 +1,17 @@ +#! /usr/bin/env bash +## vim:set ts=4 sw=4 et: +set -e; set -o pipefail +argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" + +# create the image from Dockerfile +# using a rootless Podman container + +# NOTE: this image is based on rebuild-stubs-with-upx/upx-stubtools-20210104-vX, +# so you have to create that image first +# WARNING: we install many packages, so the resulting image needs A LOT of disk space! +image=upx-cross-compile-20221108-v7 + +podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" + +podman image list "$image" +podman image tree "$image" diff --git a/misc/cross-compile-upx-with-podman/20-image-run-shell.sh b/misc/cross-compile-upx-with-podman/20-image-run-shell.sh new file mode 100755 index 00000000..aee0f768 --- /dev/null +++ b/misc/cross-compile-upx-with-podman/20-image-run-shell.sh @@ -0,0 +1,40 @@ +#! /usr/bin/env bash +## vim:set ts=4 sw=4 et: +set -e; set -o pipefail +argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" + +# run an interactive shell in the image +# using a rootless Podman container + +image=upx-cross-compile-20221108-v7 + +flags=( -ti --read-only --rm ) +flags+=( --cap-drop=all ) # drop all capabilities +flags+=( --network=none ) # no network needed +flags+=( -e TERM="$TERM" ) # pass $TERM +if [[ 1 == 1 ]]; then + # run as user upx 2000:2000 + flags+=( --user 2000 ) + # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user + flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) + # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group + flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) + # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx + # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! + flags+=( -v "${argv0dir}/../..:/home/upx/src/upx" ) + flags+=( -w /home/upx/src/upx ) # set working directory +else + # run as user root 0:0 + # ONLY FOR DEBUGGING THE IMAGE + # map container user/group 0 to current host user/group + flags+=( --user 0 ) +fi + +podman run "${flags[@]}" "$image" bash -l + +# now we can cross-compile UPX for Windows: +# cd /home/upx/src/upx +# rm -rf ./build/release-cross-mingw64 +# make build/release-cross-mingw64 + +# lots of other cross-compilers are installed; see "ls /usr/bin/*g++*" diff --git a/misc/cross-compile-upx-with-podman/Dockerfile b/misc/cross-compile-upx-with-podman/Dockerfile new file mode 100644 index 00000000..37cbd55d --- /dev/null +++ b/misc/cross-compile-upx-with-podman/Dockerfile @@ -0,0 +1,47 @@ +# NOTE: this image is based on rebuild-stubs-with-upx/upx-stubtools-20210104-vX, +# so you have to create that image first +# WARNING: we install many packages, so the resulting image needs A LOT of disk space! +FROM localhost/upx-stubtools-20210104-v7 +ARG DEBIAN_FRONTEND=noninteractive + +USER root + +# Ubuntu 22.04 +RUN apt-get update && apt-get upgrade -y \ + && apt-get install -y \ + # Linux cross compilers + g++-aarch64-linux-gnu \ + g++-alpha-linux-gnu \ + g++-arm-linux-gnueabi \ + g++-arm-linux-gnueabihf \ + g++-hppa-linux-gnu \ + g++-i686-linux-gnu \ + g++-m68k-linux-gnu \ + g++-mips-linux-gnu \ + g++-mipsel-linux-gnu \ + g++-mips64-linux-gnuabi64 \ + g++-mips64el-linux-gnuabi64 \ + g++-powerpc-linux-gnu \ + g++-powerpc64-linux-gnu \ + g++-powerpc64le-linux-gnu \ + g++-riscv64-linux-gnu \ + g++-s390x-linux-gnu \ + g++-sh4-linux-gnu \ + g++-sparc64-linux-gnu \ + # Linux cross compilers - ILP32 on 64-bit CPUs + g++-x86-64-linux-gnux32 \ + # Windows cross compilers + g++-mingw-w64-i686 \ + g++-mingw-w64-x86-64 \ + && true +RUN apt-get install -y \ + # clang-14 and tools + clang-14 clang-format-14 clang-tidy-14 clang-tools-14 lldb-14 llvm-14 \ + # QEMU and Wine + qemu-system qemu-user wine wine32 \ + # misc + gdb lsb-release valgrind \ + && true + +# switch back to default user upx 2000:2000 +USER upx diff --git a/misc/rebuild-stubs-with-podman/20-image-run-shell.sh b/misc/rebuild-stubs-with-podman/20-image-run-shell.sh index 63a3e60e..52abf3fc 100755 --- a/misc/rebuild-stubs-with-podman/20-image-run-shell.sh +++ b/misc/rebuild-stubs-with-podman/20-image-run-shell.sh @@ -15,10 +15,10 @@ flags+=( -e TERM="$TERM" ) # pass $TERM if [[ 1 == 1 ]]; then # run as user upx 2000:2000 flags+=( --user 2000 ) - # map container user 0 to subuid-user 1, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1 --uidmap=2000:0:1 ) - # map container group 0 to subgid-group 1, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1 --gidmap=2000:0:1 ) + # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user + flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) + # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group + flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! flags+=( -v "${argv0dir}/../..:/home/upx/src/upx" )