Master/upx
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

all: final cleanups in preparation for release

Browse Source
This commit is contained in:
Markus F.X.J. Oberhumer
2023-08-03 14:20:35 +02:00
parent 13e5c13695
commit fa364d6ea3
57 changed files with 62 additions and 1087 deletions
Download Patch File Download Diff File Expand all files Collapse all files
misc/analyze/clang-tidy/clang-tidy-bzip2.yml
+1
View File
@@ -9,6 +9,7 @@ Checks: >
-bugprone-macro-parentheses,
-bugprone-narrowing-conversions,
-bugprone-reserved-identifier,
-bugprone-switch-missing-default-case,
clang-analyzer-*,
-clang-analyzer-core.UndefinedBinaryOperatorResult,
-clang-analyzer-core.uninitialized.Assign,
misc/analyze/clang-tidy/clang-tidy-zlib.yml
+1
View File
@@ -9,6 +9,7 @@ Checks: >
-bugprone-macro-parentheses,
-bugprone-narrowing-conversions,
-bugprone-reserved-identifier,
-bugprone-switch-missing-default-case,
clang-analyzer-*,
-clang-analyzer-optin.performance.Padding,
-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,
misc/analyze/clang-tidy/clang-tidy-zstd.yml
+1
View File
@@ -11,6 +11,7 @@ Checks: >
-bugprone-misplaced-widening-cast,
-bugprone-narrowing-conversions,
-bugprone-reserved-identifier,
-bugprone-switch-missing-default-case,
clang-analyzer-*,
-clang-analyzer-core.UndefinedBinaryOperatorResult,
-clang-analyzer-deadcode.DeadStores,
misc/podman/test-qemu/README.md
-52
View File
@@ -1,52 +0,0 @@
test-qemu with Podman
=====================
This directory provides some simple scripts for creating and running
quite small Alpine Linux container images, intended for testing
statically-linked Linux executables with Podman and qemu-user.
Very short usage instructions follow.
### Where do I get statically-linked Linux binaries:
- all recent official UPX linux release binaries are statically linked
- the `zigcc linux-musl` artifacts as created by our GitHub Actions CI
- many other `linux-musl` binaries are statically linked
- many `Go` and some `Rust` programs are statically linked
### PREPARATION OUTSIDE THE CONTAINER:
```sh
cd your-upx-top-level-directory
mkdir -p tmp
cd tmp
# download official UPX release binaries
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-amd64_linux.tar.xz
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-arm64_linux.tar.xz
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-armeb_linux.tar.xz
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-arm_linux.tar.xz
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.tar.xz
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-mipsel_linux.tar.xz
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-mips_linux.tar.xz
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-powerpc64le_linux.tar.xz
wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-powerpc_linux.tar.xz
# and unpack all .tar.xz files
for f in ./upx*.tar.xz; do tar -xJf $f; done
```
### INSIDE THE CONTAINER:
```sh
cd /home/upx/src/upx/tmp
# check that the official UPX release binaries do work
qemu-i386 ./upx-4.0.2-i386_linux/upx --version
qemu-mips ./upx-4.0.2-mips_linux/upx --version
# ...same for more architectures
# use qemu-mips to unpack the arm64 binary, and then run the unpacked arm64 binary:
qemu-mips ./upx-4.0.2-mips_linux/upx -d upx-4.0.2-arm64_linux/upx -o upx-arm64-unpacked
qemu-aarch64 ./upx-arm64-unpacked --version
# ...same for more architectures
```
misc/podman/test-qemu/test-qemu-2.12-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-2.12-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-2.12-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-2.12-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-2.12-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.8
# install qemu-2.12.0-r3 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx
misc/podman/test-qemu/test-qemu-3.1-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-3.1-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-3.1-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-3.1-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-3.1-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.9
# install qemu-3.1.0-r3 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx
misc/podman/test-qemu/test-qemu-4.2-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-4.2-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-4.2-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-4.2-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-4.2-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.11
# install qemu-4.2.0-r0 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx
misc/podman/test-qemu/test-qemu-5.2-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-5.2-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-5.2-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-5.2-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-5.2-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.13
# install qemu-5.2.0-r3 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx
misc/podman/test-qemu/test-qemu-6.0-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-6.0-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-6.0-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-6.0-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-6.0-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.14
# install qemu-6.0.0-r5 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx
misc/podman/test-qemu/test-qemu-6.1-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-6.1-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-6.1-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-6.1-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-6.1-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.15
# install qemu-6.1.1-r0 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx
misc/podman/test-qemu/test-qemu-7.0-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-7.0-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-7.0-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-7.0-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-7.0-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.16
# install qemu-7.0.0-r0 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx
misc/podman/test-qemu/test-qemu-7.1-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-7.1-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-7.1-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-7.1-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-7.1-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.17
# install qemu-7.1.0-r7 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx
misc/podman/test-qemu/test-qemu-8.0-alpine/10-create-image.sh
-16
View File
@@ -1,16 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# create the image from Dockerfile
# using a rootless Podman container
image=upx-test-qemu-8.0-alpine-20230725-v1
[[ $1 == --print-image ]] && echo "$image" && exit 0
podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
podman image list "$image"
echo
podman image tree "$image"
misc/podman/test-qemu/test-qemu-8.0-alpine/11-list-packages.sh
-19
View File
@@ -1,19 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# list all system packages that are installed in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
podman image list "$image"
echo
podman image tree "$image"
echo 'Packages:'
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort'
misc/podman/test-qemu/test-qemu-8.0-alpine/20-image-run-shell.sh
-41
View File
@@ -1,41 +0,0 @@
#! /usr/bin/env bash
## vim:set ts=4 sw=4 et:
set -e; set -o pipefail
argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
# run an interactive shell in the image
# using a rootless Podman container
image="$("$argv0dir/10-create-image.sh" --print-image)"
flags=( --read-only --rm --pull=never )
flags+=( --cap-drop=all ) # drop all capabilities
flags+=( --network=none ) # no network needed
flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM
if [[ 1 == 1 ]]; then
# run as user upx 2000:2000
flags+=( --user 2000 )
# map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
# map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
# NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
# INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" )
flags+=( -w /home/upx/src/upx ) # set working directory
flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
else
# run as user root 0:0
# ONLY FOR DEBUGGING THE IMAGE
# map container user/group 0 to current host user/group
flags+=( --user 0 )
fi
if [[ $# == 0 ]]; then
podman run "${flags[@]}" "$image" bash -l
else
podman run "${flags[@]}" "$image" "$@"
fi
# please see usage instructions in ../README.md
misc/podman/test-qemu/test-qemu-8.0-alpine/Dockerfile
-35
View File
@@ -1,35 +0,0 @@
FROM docker.io/library/alpine:3.18
# install qemu-8.0.3-r1 and some utils
RUN apk update && apk upgrade && apk add \
bash-completion \
coreutils \
musl-dbg \
qemu-aarch64 \
qemu-aarch64_be \
qemu-arm \
qemu-armeb \
qemu-i386 \
qemu-m68k \
qemu-mips \
qemu-mipsel \
qemu-ppc \
qemu-ppc64 \
qemu-ppc64le \
qemu-riscv32 \
qemu-riscv64 \
qemu-s390x \
qemu-sh4 \
qemu-sh4eb \
qemu-x86_64 \
strace \
zsh \
&& true
# create default user upx:upx 2000:2000
RUN adduser upx -u 2000 -D \
&& cd /home/upx && chmod 00700 . \
&& mkdir -p .cache/tmp .local/bin src/upx \
&& chown -R upx:upx . \
&& true
USER upx