misc: add misc/test-qemu-with-podman

misc/rebuild-stubs-with-podman/Dockerfile

@@ -52,7 +52,7 @@ RUN cd /root \
 
 # create default user upx 2000:2000
 RUN useradd upx -U --uid 2000 --shell /bin/bash -m \
-    && cd /home/upx && chmod 700 . \
+    && cd /home/upx && chmod 00700 . \
     # prepare ~/.cache and ~/.local for possible tmpfs mounts
     && mkdir -p .cache .local src/upx \
     && for d in ccache fontconfig go-build mesa_shader_cache tmp wine zig; do mkdir -p .cache/$d; done \

misc/test-qemu-with-podman/README.md

@@ -0,0 +1,48 @@
+test-qemu-with-podman
+=====================
+
+This directory provides scripts for creating and running small Alpine Linux container
+images, intended for testing statically-linked Linux executables with qemu-user.
+
+Very short usage instructions follow.
+
+### Where do I get statically-linked Linux binaries:
+  - all recent official UPX linux release binaries are statically linked
+  - the `zigcc linux-musl` artifacts as created by our GitHub Actions CI
+  - many other `linux-musl` binaries are statically linked
+  - many `Go` and some `Rust` programs are statically linked
+
+### PREPARATION OUTSIDE THE CONTAINER:
+
+```sh
+    cd your-upx-top-level-directory
+    mkdir -p tmp
+    cd tmp
+
+    # download some official UPX release binaries
+    wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-amd64_linux.tar.xz
+    wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-arm64_linux.tar.xz
+    wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.tar.xz
+    wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-mips_linux.tar.xz
+    wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-powerpc64le_linux.tar.xz
+    # ...same for more architectures
+
+    # and unpack all .tar.xz files
+    for f in ./upx*.tar.xz; do tar -xJf $f; done
+```
+
+### INSIDE THE CONTAINER:
+
+```sh
+    cd /home/upx/src/upx/tmp
+
+    # check that the official binaries do work
+    qemu-i386 ./upx-4.0.2-i386_linux/upx --version
+    qemu-mips ./upx-4.0.2-mips_linux/upx --version
+    # ...same for more architectures
+
+    # use qemu-mips to unpack the arm64 binary, and then run the unpacked arm64 binary:
+    qemu-mips ./upx-4.0.2-mips_linux/upx -d upx-4.0.2-arm64_linux/upx -o upx-arm64-unpacked
+    qemu-aarch64 ./upx-arm64-unpacked --version
+    # ...same for more architectures
+```

misc/test-qemu-with-podman/test-qemu6-with-podman/10-create-image.sh

@@ -0,0 +1,15 @@
+#! /usr/bin/env bash
+## vim:set ts=4 sw=4 et:
+set -e; set -o pipefail
+argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
+
+# create the image from Dockerfile
+# using a rootless Podman container
+
+image=upx-test-qemu6-20230708-v1
+
+podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
+
+podman image list "$image"
+echo
+podman image tree "$image"

misc/test-qemu-with-podman/test-qemu6-with-podman/20-image-run-shell.sh

@@ -0,0 +1,37 @@
+#! /usr/bin/env bash
+## vim:set ts=4 sw=4 et:
+set -e; set -o pipefail
+argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
+
+# run an interactive shell in the image
+# using a rootless Podman container
+
+image=upx-test-qemu6-20230708-v1
+
+flags=( --read-only --rm --pull=never )
+flags+=( --cap-drop=all )               # drop all capabilities
+flags+=( --network=none )               # no network needed
+flags+=( -ti -e TERM="$TERM" )          # allocate an interactive pseudo-tty and pass $TERM
+if [[ 1 == 1 ]]; then
+    # run as user upx 2000:2000
+    flags+=( --user 2000 )
+    # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
+    flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
+    # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
+    flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
+    # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
+    # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
+    flags+=( -v "${argv0dir}/../../..:/home/upx/src/upx" )
+    flags+=( -w /home/upx/src/upx )     # set working directory
+    flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
+    flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
+else
+    # run as user root 0:0
+    # ONLY FOR DEBUGGING THE IMAGE
+    # map container user/group 0 to current host user/group
+    flags+=( --user 0 )
+fi
+
+podman run "${flags[@]}" "$image" bash -l
+
+# please see usage instructions in ../README.md

misc/test-qemu-with-podman/test-qemu6-with-podman/Dockerfile

@@ -0,0 +1,24 @@
+FROM docker.io/library/alpine:3.15
+
+# install qemu 6.1.1-r0 and some utils
+RUN apk update && apk upgrade && apk add \
+        bash-completion \
+        qemu-aarch64 \
+        qemu-arm \
+        qemu-armeb \
+        qemu-i386 \
+        qemu-mips \
+        qemu-mipsel \
+        qemu-ppc \
+        qemu-ppc64 \
+        qemu-ppc64le \
+        qemu-x86_64 \
+    && true
+
+# create default user upx 2000:2000
+RUN adduser upx -u 2000 -D \
+    && cd /home/upx && chmod 00700 . \
+    && mkdir -p .cache .local/bin src/upx \
+    && chown -R upx:upx . \
+    && true
+USER upx

misc/test-qemu-with-podman/test-qemu7-with-podman/10-create-image.sh

@@ -0,0 +1,15 @@
+#! /usr/bin/env bash
+## vim:set ts=4 sw=4 et:
+set -e; set -o pipefail
+argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
+
+# create the image from Dockerfile
+# using a rootless Podman container
+
+image=upx-test-qemu7-20230708-v1
+
+podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
+
+podman image list "$image"
+echo
+podman image tree "$image"

misc/test-qemu-with-podman/test-qemu7-with-podman/20-image-run-shell.sh

@@ -0,0 +1,37 @@
+#! /usr/bin/env bash
+## vim:set ts=4 sw=4 et:
+set -e; set -o pipefail
+argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
+
+# run an interactive shell in the image
+# using a rootless Podman container
+
+image=upx-test-qemu7-20230708-v1
+
+flags=( --read-only --rm --pull=never )
+flags+=( --cap-drop=all )               # drop all capabilities
+flags+=( --network=none )               # no network needed
+flags+=( -ti -e TERM="$TERM" )          # allocate an interactive pseudo-tty and pass $TERM
+if [[ 1 == 1 ]]; then
+    # run as user upx 2000:2000
+    flags+=( --user 2000 )
+    # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
+    flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
+    # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
+    flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
+    # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
+    # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
+    flags+=( -v "${argv0dir}/../../..:/home/upx/src/upx" )
+    flags+=( -w /home/upx/src/upx )     # set working directory
+    flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
+    flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
+else
+    # run as user root 0:0
+    # ONLY FOR DEBUGGING THE IMAGE
+    # map container user/group 0 to current host user/group
+    flags+=( --user 0 )
+fi
+
+podman run "${flags[@]}" "$image" bash -l
+
+# please see usage instructions in ../README.md

misc/test-qemu-with-podman/test-qemu7-with-podman/Dockerfile

@@ -0,0 +1,24 @@
+FROM docker.io/library/alpine:3.17
+
+# install qemu 7.1.0-r7 and some utils
+RUN apk update && apk upgrade && apk add \
+        bash-completion \
+        qemu-aarch64 \
+        qemu-arm \
+        qemu-armeb \
+        qemu-i386 \
+        qemu-mips \
+        qemu-mipsel \
+        qemu-ppc \
+        qemu-ppc64 \
+        qemu-ppc64le \
+        qemu-x86_64 \
+    && true
+
+# create default user upx 2000:2000
+RUN adduser upx -u 2000 -D \
+    && cd /home/upx && chmod 00700 . \
+    && mkdir -p .cache .local/bin src/upx \
+    && chown -R upx:upx . \
+    && true
+USER upx

misc/test-qemu-with-podman/test-qemu8-with-podman/10-create-image.sh

@@ -0,0 +1,15 @@
+#! /usr/bin/env bash
+## vim:set ts=4 sw=4 et:
+set -e; set -o pipefail
+argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
+
+# create the image from Dockerfile
+# using a rootless Podman container
+
+image=upx-test-qemu8-20230708-v1
+
+podman build -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir"
+
+podman image list "$image"
+echo
+podman image tree "$image"

misc/test-qemu-with-podman/test-qemu8-with-podman/20-image-run-shell.sh

@@ -0,0 +1,37 @@
+#! /usr/bin/env bash
+## vim:set ts=4 sw=4 et:
+set -e; set -o pipefail
+argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")"
+
+# run an interactive shell in the image
+# using a rootless Podman container
+
+image=upx-test-qemu8-20230708-v1
+
+flags=( --read-only --rm --pull=never )
+flags+=( --cap-drop=all )               # drop all capabilities
+flags+=( --network=none )               # no network needed
+flags+=( -ti -e TERM="$TERM" )          # allocate an interactive pseudo-tty and pass $TERM
+if [[ 1 == 1 ]]; then
+    # run as user upx 2000:2000
+    flags+=( --user 2000 )
+    # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user
+    flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 )
+    # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group
+    flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 )
+    # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx
+    # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs!
+    flags+=( -v "${argv0dir}/../../..:/home/upx/src/upx" )
+    flags+=( -w /home/upx/src/upx )     # set working directory
+    flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs
+    flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs
+else
+    # run as user root 0:0
+    # ONLY FOR DEBUGGING THE IMAGE
+    # map container user/group 0 to current host user/group
+    flags+=( --user 0 )
+fi
+
+podman run "${flags[@]}" "$image" bash -l
+
+# please see usage instructions in ../README.md

misc/test-qemu-with-podman/test-qemu8-with-podman/Dockerfile

@@ -0,0 +1,24 @@
+FROM docker.io/library/alpine:3.18
+
+# install qemu 8.0.2-r1 and some utils
+RUN apk update && apk upgrade && apk add \
+        bash-completion \
+        qemu-aarch64 \
+        qemu-arm \
+        qemu-armeb \
+        qemu-i386 \
+        qemu-mips \
+        qemu-mipsel \
+        qemu-ppc \
+        qemu-ppc64 \
+        qemu-ppc64le \
+        qemu-x86_64 \
+    && true
+
+# create default user upx 2000:2000
+RUN adduser upx -u 2000 -D \
+    && cd /home/upx && chmod 00700 . \
+    && mkdir -p .cache .local/bin src/upx \
+    && chown -R upx:upx . \
+    && true
+USER upx