diff --git a/.clang-tidy b/.clang-tidy index 044d86e8..8297518b 100644 --- a/.clang-tidy +++ b/.clang-tidy @@ -6,6 +6,7 @@ Checks: > -bugprone-assignment-in-if-condition, -bugprone-branch-clone, -bugprone-easily-swappable-parameters, + -bugprone-empty-catch, -bugprone-implicit-widening-of-multiplication-result, -bugprone-macro-parentheses, -bugprone-narrowing-conversions, @@ -14,12 +15,14 @@ Checks: > -bugprone-suspicious-include, -bugprone-suspicious-memory-comparison, -bugprone-suspicious-string-compare, + -bugprone-switch-missing-default-case, clang-analyzer-*, -clang-analyzer-optin.performance.Padding, -clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling, -clang-analyzer-security.insecureAPI.strcpy, clang-diagnostics-*', performance-*, + -performance-avoid-endl, -performance-unnecessary-value-param, FormatStyle: file HeaderFilterRegex: '.*' diff --git a/.gitignore b/.gitignore index fa48ea38..9bd5a9cb 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,8 @@ GNUmakefile MMakefile Makevars.local* +compile_flags.txt +Tmp* tmp* *.a diff --git a/compile_flags.txt b/compile_flags.txt deleted file mode 100644 index 0b508e35..00000000 --- a/compile_flags.txt +++ /dev/null @@ -1,6 +0,0 @@ --std=gnu++17 --Ivendor --DDEBUG --fno-strict-aliasing --fno-strict-overflow --funsigned-char diff --git a/doc/upx.1 b/doc/upx.1 index 9de91542..a26f7b9a 100644 --- a/doc/upx.1 +++ b/doc/upx.1 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "UPX 1" -.TH UPX 1 "2023-05-28" "upx 4.1.0" " " +.TH UPX 1 "2023-08-03" "upx 4.1.0" " " .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/misc/analyze/clang-tidy/clang-tidy-bzip2.yml b/misc/analyze/clang-tidy/clang-tidy-bzip2.yml index 7ebfa205..316d8136 100644 --- a/misc/analyze/clang-tidy/clang-tidy-bzip2.yml +++ b/misc/analyze/clang-tidy/clang-tidy-bzip2.yml @@ -9,6 +9,7 @@ Checks: > -bugprone-macro-parentheses, -bugprone-narrowing-conversions, -bugprone-reserved-identifier, + -bugprone-switch-missing-default-case, clang-analyzer-*, -clang-analyzer-core.UndefinedBinaryOperatorResult, -clang-analyzer-core.uninitialized.Assign, diff --git a/misc/analyze/clang-tidy/clang-tidy-zlib.yml b/misc/analyze/clang-tidy/clang-tidy-zlib.yml index 032f6ce4..a87c6a73 100644 --- a/misc/analyze/clang-tidy/clang-tidy-zlib.yml +++ b/misc/analyze/clang-tidy/clang-tidy-zlib.yml @@ -9,6 +9,7 @@ Checks: > -bugprone-macro-parentheses, -bugprone-narrowing-conversions, -bugprone-reserved-identifier, + -bugprone-switch-missing-default-case, clang-analyzer-*, -clang-analyzer-optin.performance.Padding, -clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling, diff --git a/misc/analyze/clang-tidy/clang-tidy-zstd.yml b/misc/analyze/clang-tidy/clang-tidy-zstd.yml index 296d69e5..894190c4 100644 --- a/misc/analyze/clang-tidy/clang-tidy-zstd.yml +++ b/misc/analyze/clang-tidy/clang-tidy-zstd.yml @@ -11,6 +11,7 @@ Checks: > -bugprone-misplaced-widening-cast, -bugprone-narrowing-conversions, -bugprone-reserved-identifier, + -bugprone-switch-missing-default-case, clang-analyzer-*, -clang-analyzer-core.UndefinedBinaryOperatorResult, -clang-analyzer-deadcode.DeadStores, diff --git a/misc/podman/test-qemu/README.md b/misc/podman/test-qemu/README.md deleted file mode 100644 index efe2f143..00000000 --- a/misc/podman/test-qemu/README.md +++ /dev/null @@ -1,52 +0,0 @@ -test-qemu with Podman -===================== - -This directory provides some simple scripts for creating and running -quite small Alpine Linux container images, intended for testing -statically-linked Linux executables with Podman and qemu-user. - -Very short usage instructions follow. - -### Where do I get statically-linked Linux binaries: - - all recent official UPX linux release binaries are statically linked - - the `zigcc linux-musl` artifacts as created by our GitHub Actions CI - - many other `linux-musl` binaries are statically linked - - many `Go` and some `Rust` programs are statically linked - -### PREPARATION OUTSIDE THE CONTAINER: - -```sh - cd your-upx-top-level-directory - mkdir -p tmp - cd tmp - - # download official UPX release binaries - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-amd64_linux.tar.xz - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-arm64_linux.tar.xz - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-armeb_linux.tar.xz - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-arm_linux.tar.xz - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.tar.xz - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-mipsel_linux.tar.xz - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-mips_linux.tar.xz - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-powerpc64le_linux.tar.xz - wget https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-powerpc_linux.tar.xz - - # and unpack all .tar.xz files - for f in ./upx*.tar.xz; do tar -xJf $f; done -``` - -### INSIDE THE CONTAINER: - -```sh - cd /home/upx/src/upx/tmp - - # check that the official UPX release binaries do work - qemu-i386 ./upx-4.0.2-i386_linux/upx --version - qemu-mips ./upx-4.0.2-mips_linux/upx --version - # ...same for more architectures - - # use qemu-mips to unpack the arm64 binary, and then run the unpacked arm64 binary: - qemu-mips ./upx-4.0.2-mips_linux/upx -d upx-4.0.2-arm64_linux/upx -o upx-arm64-unpacked - qemu-aarch64 ./upx-arm64-unpacked --version - # ...same for more architectures -``` diff --git a/misc/podman/test-qemu/test-qemu-2.12-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-2.12-alpine/10-create-image.sh deleted file mode 100755 index a2d1698f..00000000 --- a/misc/podman/test-qemu/test-qemu-2.12-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-2.12-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-2.12-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-2.12-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-2.12-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-2.12-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-2.12-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-2.12-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-2.12-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-2.12-alpine/Dockerfile deleted file mode 100644 index 72d3bd46..00000000 --- a/misc/podman/test-qemu/test-qemu-2.12-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.8 - -# install qemu-2.12.0-r3 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/misc/podman/test-qemu/test-qemu-3.1-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-3.1-alpine/10-create-image.sh deleted file mode 100755 index e535ca27..00000000 --- a/misc/podman/test-qemu/test-qemu-3.1-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-3.1-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-3.1-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-3.1-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-3.1-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-3.1-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-3.1-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-3.1-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-3.1-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-3.1-alpine/Dockerfile deleted file mode 100644 index eac21bfd..00000000 --- a/misc/podman/test-qemu/test-qemu-3.1-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.9 - -# install qemu-3.1.0-r3 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/misc/podman/test-qemu/test-qemu-4.2-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-4.2-alpine/10-create-image.sh deleted file mode 100755 index 186e85c8..00000000 --- a/misc/podman/test-qemu/test-qemu-4.2-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-4.2-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-4.2-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-4.2-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-4.2-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-4.2-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-4.2-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-4.2-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-4.2-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-4.2-alpine/Dockerfile deleted file mode 100644 index 90d43d6c..00000000 --- a/misc/podman/test-qemu/test-qemu-4.2-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.11 - -# install qemu-4.2.0-r0 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/misc/podman/test-qemu/test-qemu-5.2-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-5.2-alpine/10-create-image.sh deleted file mode 100755 index 2cd7b7a5..00000000 --- a/misc/podman/test-qemu/test-qemu-5.2-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-5.2-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-5.2-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-5.2-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-5.2-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-5.2-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-5.2-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-5.2-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-5.2-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-5.2-alpine/Dockerfile deleted file mode 100644 index 5ffbf20e..00000000 --- a/misc/podman/test-qemu/test-qemu-5.2-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.13 - -# install qemu-5.2.0-r3 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/misc/podman/test-qemu/test-qemu-6.0-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-6.0-alpine/10-create-image.sh deleted file mode 100755 index e5ba78ef..00000000 --- a/misc/podman/test-qemu/test-qemu-6.0-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-6.0-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-6.0-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-6.0-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-6.0-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-6.0-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-6.0-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-6.0-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-6.0-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-6.0-alpine/Dockerfile deleted file mode 100644 index 6065e605..00000000 --- a/misc/podman/test-qemu/test-qemu-6.0-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.14 - -# install qemu-6.0.0-r5 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/misc/podman/test-qemu/test-qemu-6.1-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-6.1-alpine/10-create-image.sh deleted file mode 100755 index 69ba25d5..00000000 --- a/misc/podman/test-qemu/test-qemu-6.1-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-6.1-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-6.1-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-6.1-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-6.1-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-6.1-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-6.1-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-6.1-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-6.1-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-6.1-alpine/Dockerfile deleted file mode 100644 index 4829a3fb..00000000 --- a/misc/podman/test-qemu/test-qemu-6.1-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.15 - -# install qemu-6.1.1-r0 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/misc/podman/test-qemu/test-qemu-7.0-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-7.0-alpine/10-create-image.sh deleted file mode 100755 index 1d7261a0..00000000 --- a/misc/podman/test-qemu/test-qemu-7.0-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-7.0-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-7.0-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-7.0-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-7.0-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-7.0-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-7.0-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-7.0-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-7.0-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-7.0-alpine/Dockerfile deleted file mode 100644 index 1ad14ed4..00000000 --- a/misc/podman/test-qemu/test-qemu-7.0-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.16 - -# install qemu-7.0.0-r0 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/misc/podman/test-qemu/test-qemu-7.1-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-7.1-alpine/10-create-image.sh deleted file mode 100755 index a887f4a8..00000000 --- a/misc/podman/test-qemu/test-qemu-7.1-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-7.1-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-7.1-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-7.1-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-7.1-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-7.1-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-7.1-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-7.1-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-7.1-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-7.1-alpine/Dockerfile deleted file mode 100644 index fd23c954..00000000 --- a/misc/podman/test-qemu/test-qemu-7.1-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.17 - -# install qemu-7.1.0-r7 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/misc/podman/test-qemu/test-qemu-8.0-alpine/10-create-image.sh b/misc/podman/test-qemu/test-qemu-8.0-alpine/10-create-image.sh deleted file mode 100755 index 76014206..00000000 --- a/misc/podman/test-qemu/test-qemu-8.0-alpine/10-create-image.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# create the image from Dockerfile -# using a rootless Podman container - -image=upx-test-qemu-8.0-alpine-20230725-v1 -[[ $1 == --print-image ]] && echo "$image" && exit 0 - -podman build --squash -t "$image" -f "$argv0dir/Dockerfile" "$argv0dir" - -podman image list "$image" -echo -podman image tree "$image" diff --git a/misc/podman/test-qemu/test-qemu-8.0-alpine/11-list-packages.sh b/misc/podman/test-qemu/test-qemu-8.0-alpine/11-list-packages.sh deleted file mode 100755 index 58445cc0..00000000 --- a/misc/podman/test-qemu/test-qemu-8.0-alpine/11-list-packages.sh +++ /dev/null @@ -1,19 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# list all system packages that are installed in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -podman image list "$image" -echo -podman image tree "$image" - -echo 'Packages:' -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -podman run "${flags[@]}" "$image" bash -c $'apk info -v | sed \'s/ *$//\' | LC_ALL=C sort' diff --git a/misc/podman/test-qemu/test-qemu-8.0-alpine/20-image-run-shell.sh b/misc/podman/test-qemu/test-qemu-8.0-alpine/20-image-run-shell.sh deleted file mode 100755 index d4f61f5d..00000000 --- a/misc/podman/test-qemu/test-qemu-8.0-alpine/20-image-run-shell.sh +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env bash -## vim:set ts=4 sw=4 et: -set -e; set -o pipefail -argv0=$0; argv0abs="$(readlink -fn "$argv0")"; argv0dir="$(dirname "$argv0abs")" - -# run an interactive shell in the image -# using a rootless Podman container - -image="$("$argv0dir/10-create-image.sh" --print-image)" - -flags=( --read-only --rm --pull=never ) -flags+=( --cap-drop=all ) # drop all capabilities -flags+=( --network=none ) # no network needed -flags+=( -ti -e TERM="$TERM" ) # allocate an interactive pseudo-tty and pass $TERM -if [[ 1 == 1 ]]; then - # run as user upx 2000:2000 - flags+=( --user 2000 ) - # map container users 0..999 to subuid-users 1..1000, and map container user 2000 to current host user - flags+=( --uidmap=0:1:1000 --uidmap=2000:0:1 ) - # map container groups 0..999 to subgid-groups 1..1000, and map container group 2000 to current host group - flags+=( --gidmap=0:1:1000 --gidmap=2000:0:1 ) - # NOTE: we mount the upx top-level directory read-write under /home/upx/src/upx - # INFO: SELinux users *may* have to add ":z" to the volume mount flags; check the docs! - flags+=( -v "${argv0dir}/../../../..:/home/upx/src/upx" ) - flags+=( -w /home/upx/src/upx ) # set working directory - flags+=( --tmpfs /home/upx/.cache:rw,exec ) # mount a writeable tmpfs - flags+=( --tmpfs /home/upx/.local:rw,exec ) # mount a writeable tmpfs -else - # run as user root 0:0 - # ONLY FOR DEBUGGING THE IMAGE - # map container user/group 0 to current host user/group - flags+=( --user 0 ) -fi - -if [[ $# == 0 ]]; then - podman run "${flags[@]}" "$image" bash -l -else - podman run "${flags[@]}" "$image" "$@" -fi - -# please see usage instructions in ../README.md diff --git a/misc/podman/test-qemu/test-qemu-8.0-alpine/Dockerfile b/misc/podman/test-qemu/test-qemu-8.0-alpine/Dockerfile deleted file mode 100644 index e627e817..00000000 --- a/misc/podman/test-qemu/test-qemu-8.0-alpine/Dockerfile +++ /dev/null @@ -1,35 +0,0 @@ -FROM docker.io/library/alpine:3.18 - -# install qemu-8.0.3-r1 and some utils -RUN apk update && apk upgrade && apk add \ - bash-completion \ - coreutils \ - musl-dbg \ - qemu-aarch64 \ - qemu-aarch64_be \ - qemu-arm \ - qemu-armeb \ - qemu-i386 \ - qemu-m68k \ - qemu-mips \ - qemu-mipsel \ - qemu-ppc \ - qemu-ppc64 \ - qemu-ppc64le \ - qemu-riscv32 \ - qemu-riscv64 \ - qemu-s390x \ - qemu-sh4 \ - qemu-sh4eb \ - qemu-x86_64 \ - strace \ - zsh \ - && true - -# create default user upx:upx 2000:2000 -RUN adduser upx -u 2000 -D \ - && cd /home/upx && chmod 00700 . \ - && mkdir -p .cache/tmp .local/bin src/upx \ - && chown -R upx:upx . \ - && true -USER upx diff --git a/src/compress/compress_ucl.cpp b/src/compress/compress_ucl.cpp index d074850f..c6b1e1f6 100644 --- a/src/compress/compress_ucl.cpp +++ b/src/compress/compress_ucl.cpp @@ -56,6 +56,8 @@ static int convert_errno_from_ucl(int r) { // UCL extra: case UCL_E_OVERLAP_OVERRUN: return UPX_E_ERROR; + default: + break; } return UPX_E_ERROR; } diff --git a/src/compress/compress_zlib.cpp b/src/compress/compress_zlib.cpp index 91b89779..755e367d 100644 --- a/src/compress/compress_zlib.cpp +++ b/src/compress/compress_zlib.cpp @@ -64,6 +64,8 @@ static int convert_errno_from_zlib(int zr) { return UPX_E_ERROR; case -7: // UPX extra return UPX_E_INPUT_OVERRUN; + default: + break; } return UPX_E_ERROR; } diff --git a/src/conf.h b/src/conf.h index cfd78120..094e57df 100644 --- a/src/conf.h +++ b/src/conf.h @@ -85,7 +85,7 @@ inline void upx_std_call_once(upx_std_once_flag &flag, NoexceptCallable &&f) { } #endif // WITH_THREADS -// C++20 std::is_bounded_array +// upx_std_is_bounded_array: same as C++20 std::is_bounded_array template struct upx_std_is_bounded_array : public std::false_type {}; template @@ -93,7 +93,13 @@ struct upx_std_is_bounded_array : public std::true_type {}; template inline constexpr bool upx_std_is_bounded_array_v = upx_std_is_bounded_array::value; -// is_same_all and is_same_any: std::is_same for multiple types +// upx_is_integral is overloaded for BE16 & friends; see bele.h +template +struct upx_is_integral : public std::is_integral {}; +template +inline constexpr bool upx_is_integral_v = upx_is_integral::value; + +// util: is_same_all and is_same_any means std::is_same for multiple types template struct is_same_all : public std::conjunction...> {}; template @@ -103,12 +109,6 @@ struct is_same_any : public std::disjunction...> {}; template inline constexpr bool is_same_any_v = is_same_any::value; -// upx_is_integral is overloaded for BE16 & friends; see bele.h -template -struct upx_is_integral : public std::is_integral {}; -template -inline constexpr bool upx_is_integral_v = upx_is_integral::value; - #if (ACC_ARCH_M68K && ACC_OS_TOS && ACC_CC_GNUC) && defined(__MINT__) // horrible hack for broken compiler #define upx_fake_alignas_1 __attribute__((__aligned__(1),__packed__)) @@ -461,7 +461,7 @@ constexpr bool string_le(const char *a, const char *b) { constexpr bool string_ge(const char *a, const char *b) { return !string_lt(a, b); } -} +} // namespace compile_time /************************************************************************* // constants diff --git a/src/file.cpp b/src/file.cpp index 163a116e..94b6850a 100644 --- a/src/file.cpp +++ b/src/file.cpp @@ -129,10 +129,10 @@ upx_off_t FileBase::seek(upx_off_t off, int whence) { whence = SEEK_SET; } // SEEK_CUR falls through to here - upx_off_t rv = ::lseek(_fd, off, whence); - if (rv < 0) + upx_off_t l = ::lseek(_fd, off, whence); + if (l < 0) throwIOException("seek error", errno); - return rv - _offset; + return l - _offset; } upx_off_t FileBase::tell() const { @@ -321,7 +321,7 @@ upx_off_t OutputFile::seek(upx_off_t off, int whence) { void OutputFile::set_extent(upx_off_t offset, upx_off_t length) { super::set_extent(offset, length); bytes_written = 0; - if (0 == offset && 0xffffffffLL == length) { + if (0 == offset && 0xffffffffLL == length) { // TODO: check all callers of this method if (::fstat(_fd, &st) != 0) throwIOException(_name, errno); _length = st.st_size - offset; diff --git a/src/packer.h b/src/packer.h index 5c1d434c..54f463e6 100644 --- a/src/packer.h +++ b/src/packer.h @@ -291,29 +291,35 @@ protected: static inline constexpr bool is_te32_type = is_same_any_v; template static inline constexpr bool is_te64_type = is_same_any_v; + template + using enable_if_te16 = std::enable_if_t, T>; + template + using enable_if_te32 = std::enable_if_t, T>; + template + using enable_if_te64 = std::enable_if_t, T>; - template , T> > + template > inline unsigned get_te16(const T *p) const noexcept { return bele->get16(p); } - template , T> > + template > inline unsigned get_te32(const T *p) const noexcept { return bele->get32(p); } - template , T> > + template > inline upx_uint64_t get_te64(const T *p) const noexcept { return bele->get64(p); } - template , T> > + template > inline void set_te16(T *p, unsigned v) noexcept { bele->set16(p, v); } - template , T> > + template > inline void set_te32(T *p, unsigned v) noexcept { bele->set32(p, v); } - template , T> > + template > inline void set_te64(T *p, upx_uint64_t v) noexcept { bele->set64(p, v); } diff --git a/src/pefile.cpp b/src/pefile.cpp index 59085d56..7f5ee917 100644 --- a/src/pefile.cpp +++ b/src/pefile.cpp @@ -197,7 +197,7 @@ int PeFile::readFileHeader() { throwCantPack(buf); } pe_offset += delta; - } else if (get_le32(&h) == 'P' + 'E' * 256) + } else if (get_le32((const byte *) &h) == 'P' + 'E' * 256) break; else return 0; diff --git a/src/util/membuffer.cpp b/src/util/membuffer.cpp index 7d682798..4715ad8f 100644 --- a/src/util/membuffer.cpp +++ b/src/util/membuffer.cpp @@ -62,6 +62,7 @@ static noinline void init_use_simple_mcheck() noexcept { static bool use_simple_mcheck() noexcept { static upx_std_once_flag init_done; upx_std_call_once(init_done, init_use_simple_mcheck); + // NOTE: clang-analyzer-unix.Malloc does not know that this flag is "constant" return use_simple_mcheck_flag; } #else @@ -195,7 +196,7 @@ void MemBuffer::checkState() const { } void MemBuffer::alloc(upx_uint64_t bytes) { - // NOTE: we don't automatically free a used buffer + // INFO: we don't automatically free a used buffer assert(ptr == nullptr); assert(size_in_bytes == 0); // @@ -254,9 +255,9 @@ void MemBuffer::dealloc() noexcept { set_ne32(p + size_in_bytes, 0); set_ne32(p + size_in_bytes + 4, 0); // - ::free(p - 16); + ::free(p - 16); // NOLINT(clang-analyzer-unix.Malloc) // see NOTE above } else { - ::free(ptr); + ::free(ptr); // NOLINT(clang-analyzer-unix.Malloc) // see NOTE above } ptr = nullptr; size_in_bytes = 0; diff --git a/src/util/xspan.cpp b/src/util/xspan.cpp index 108d805f..e5643a8a 100644 --- a/src/util/xspan.cpp +++ b/src/util/xspan.cpp @@ -76,7 +76,11 @@ void xspan_check_range(const void *ptr, const void *base, ptrdiff_t size_in_byte xspan_fail_range_nullptr(); if very_unlikely (base == nullptr) xspan_fail_range_nullbase(); - ptrdiff_t off = (const charptr) ptr - (const charptr) base; +#if defined(__SANITIZE_ADDRESS__) + const acc_intptr_t off = (acc_uintptr_t) ptr - (acc_uintptr_t) base; +#else + const ptrdiff_t off = (const charptr) ptr - (const charptr) base; +#endif if very_unlikely (off < 0 || off > size_in_bytes || size_in_bytes > UPX_RSIZE_MAX) xspan_fail_range_range(); NO_fprintf(stderr, "xspan_check_range done\n"); diff --git a/src/util/xspan_impl.h b/src/util/xspan_impl.h index d846e682..c5ff7dbd 100644 --- a/src/util/xspan_impl.h +++ b/src/util/xspan_impl.h @@ -206,6 +206,16 @@ struct XSpanInternalDummyArg { XSPAN_NAMESPACE_END +// poison a pointer: point to a non-null invalid address +// - resulting pointer should crash on dereference +// - this should be efficient (so no mmap() guard page etc.) +// - this should play nice with runtime checkers like ASAN, valgrind, etc. +// - this should play nice with static analyzers like clang-tidy +static forceinline void *XSPAN_GET_POISON_VOID_PTR() { + // return (void *) (upx_uintptr_t) 16; // NOLINT(performance-no-int-to-ptr) + return (void *) 16; +} + #ifndef XSPAN_DELETED_FUNCTION #define XSPAN_DELETED_FUNCTION = delete #endif diff --git a/src/util/xspan_impl_common.h b/src/util/xspan_impl_common.h index aeca4b10..820f9c76 100644 --- a/src/util/xspan_impl_common.h +++ b/src/util/xspan_impl_common.h @@ -114,7 +114,7 @@ forceinline ~CSelf() noexcept {} noinline void invalidate() { assertInvariants(); // poison the pointer: point to non-null invalid address - ptr = (pointer) (void *) (upx_uintptr_t) 16; // NOLINT(performance-no-int-to-ptr) + ptr = (pointer) XSPAN_GET_POISON_VOID_PTR(); // ptr = (pointer) (void *) &ptr; // point to self base = ptr; size_in_bytes = 0; diff --git a/src/util/xspan_impl_ptr.h b/src/util/xspan_impl_ptr.h index beabe273..8144d678 100644 --- a/src/util/xspan_impl_ptr.h +++ b/src/util/xspan_impl_ptr.h @@ -78,7 +78,7 @@ public: noinline void invalidate() { assertInvariants(); // poison the pointer: point to non-null invalid address - ptr = (pointer) (void *) (upx_uintptr_t) 16; // NOLINT(performance-no-int-to-ptr) + ptr = (pointer) XSPAN_GET_POISON_VOID_PTR(); // ptr = (pointer) (void *) &ptr; // point to self assertInvariants(); } diff --git a/src/version.h b/src/version.h index 597b6a8a..cf3f5a76 100644 --- a/src/version.h +++ b/src/version.h @@ -1,6 +1,6 @@ #define UPX_VERSION_HEX 0x040100 /* 04.01.00 */ #define UPX_VERSION_STRING "4.1.0" #define UPX_VERSION_STRING4 "4.10" -#define UPX_VERSION_DATE "May 28th 2023" -#define UPX_VERSION_DATE_ISO "2023-05-28" +#define UPX_VERSION_DATE "Aug 3rd 2023" +#define UPX_VERSION_DATE_ISO "2023-08-03" #define UPX_VERSION_YEAR "2023" diff --git a/src/work.cpp b/src/work.cpp index a52fd59e..56cdb037 100644 --- a/src/work.cpp +++ b/src/work.cpp @@ -100,7 +100,6 @@ void do_one_file(const char *iname, char *oname) { } InputFile fi; - fi.st = st; fi.sopen(iname, O_RDONLY | O_BINARY, SH_DENYWR); #if USE_FTIME