From 5744226562b2e65d0b27c675f5823eb75a68970f Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 17 Jan 2019 14:28:12 -0800
Subject: [PATCH] Add "update.sh", use a template, and add multiple versions

---
 2.11/Dockerfile               | 162 ++++++++++++++++++++++++++++++++++
 2.11/qemu-signals.patch       |  20 +++++
 2.11/start-qemu               | 100 +++++++++++++++++++++
 Dockerfile => 2.12/Dockerfile |  34 +++++--
 2.12/qemu-signals.patch       |  20 +++++
 2.12/start-qemu               | 100 +++++++++++++++++++++
 3.0/Dockerfile                | 162 ++++++++++++++++++++++++++++++++++
 3.0/qemu-signals.patch        |  20 +++++
 3.0/start-qemu                | 100 +++++++++++++++++++++
 3.1/Dockerfile                | 162 ++++++++++++++++++++++++++++++++++
 3.1/qemu-signals.patch        |  20 +++++
 3.1/start-qemu                | 100 +++++++++++++++++++++
 Dockerfile.template           | 162 ++++++++++++++++++++++++++++++++++
 update.sh                     |  38 ++++++++
 14 files changed, 1193 insertions(+), 7 deletions(-)
 create mode 100644 2.11/Dockerfile
 create mode 100644 2.11/qemu-signals.patch
 create mode 100755 2.11/start-qemu
 rename Dockerfile => 2.12/Dockerfile (76%)
 create mode 100644 2.12/qemu-signals.patch
 create mode 100755 2.12/start-qemu
 create mode 100644 3.0/Dockerfile
 create mode 100644 3.0/qemu-signals.patch
 create mode 100755 3.0/start-qemu
 create mode 100644 3.1/Dockerfile
 create mode 100644 3.1/qemu-signals.patch
 create mode 100755 3.1/start-qemu
 create mode 100644 Dockerfile.template
 create mode 100755 update.sh

diff --git a/2.11/Dockerfile b/2.11/Dockerfile
new file mode 100644
index 0000000..efab59c
--- /dev/null
+++ b/2.11/Dockerfile
@@ -0,0 +1,162 @@
+FROM debian:stretch-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		ovmf \
+	&& rm -rf /var/lib/apt/lists/*
+
+COPY *.patch /qemu-patches/
+
+# https://wiki.qemu.org/SecurityProcess
+ENV QEMU_KEYS \
+# Michael Roth
+		CEACC9E15534EBABB82D3FA03353C9CEF108B584
+# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release)
+
+# https://www.qemu.org/download/#source
+# https://download.qemu.org/?C=M;O=D
+ENV QEMU_VERSION 2.11.2
+ENV QEMU_URL https://download.qemu.org/qemu-2.11.2.tar.xz
+
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	\
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		ca-certificates \
+		gnupg dirmngr \
+		wget \
+		xz-utils \
+		\
+		patch \
+		\
+		gcc \
+		gnutls-dev \
+		libaio-dev \
+		libbz2-dev \
+		libc-dev \
+		libcap-dev \
+		libcap-ng-dev \
+		libcurl4-gnutls-dev \
+		libglib2.0-dev \
+		libiscsi-dev \
+		libjpeg-dev \
+		libncursesw5-dev \
+		libnfs-dev \
+		libnuma-dev \
+		libpixman-1-dev \
+		libpng-dev \
+		libseccomp-dev \
+		libssh2-1-dev \
+		libusb-1.0-0-dev \
+		libusbredirparser-dev \
+		libxen-dev \
+		make \
+		pkg-config \
+		python \
+		xfslibs-dev \
+		zlib1g-dev \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	tarball="$(basename "$QEMU_URL")"; \
+	wget -O "$tarball.sig" "$QEMU_URL.sig"; \
+	wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \
+	\
+	export GNUPGHOME="$(mktemp -d)"; \
+	for key in $QEMU_KEYS; do \
+		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+	done; \
+	gpg --batch --verify "$tarball.sig" "$tarball"; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME"; \
+	\
+	mkdir /usr/src/qemu; \
+	tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \
+	rm "$tarball" "$tarball.sig"; \
+	\
+	cd /usr/src/qemu; \
+	\
+	for p in /qemu-patches/*.patch; do \
+		patch --strip 1 --input "$p"; \
+	done; \
+	rm -rf /qemu-patches; \
+	\
+	./configure --help; \
+	./configure \
+		--target-list=' \
+# system targets
+# (https://sources.debian.org/src/qemu/stretch/debian/rules/#L57-L61, slimmed)
+			i386-softmmu x86_64-softmmu aarch64-softmmu arm-softmmu m68k-softmmu \
+			mips64-softmmu mips64el-softmmu ppc64-softmmu \
+			sparc64-softmmu s390x-softmmu \
+# user targets
+# (https://sources.debian.org/src/qemu/stretch/debian/rules/#L81-L86, slimmed)
+			i386-linux-user x86_64-linux-user aarch64-linux-user arm-linux-user m68k-linux-user \
+			mips64-linux-user mips64el-linux-user \
+			ppc64-linux-user ppc64le-linux-user sparc64-linux-user \
+			s390x-linux-user \
+		' \
+		--disable-docs \
+		--disable-gtk --disable-vte \
+		--disable-sdl \
+		--enable-attr \
+		--enable-bzip2 \
+		--enable-cap-ng \
+		--enable-curl \
+		--enable-curses \
+		--enable-fdt \
+		--enable-gnutls \
+		--enable-kvm \
+		--enable-libiscsi \
+		--enable-libnfs \
+		--enable-libssh2 \
+		--enable-libusb \
+		--enable-linux-aio \
+		--enable-linux-user \
+		--enable-modules \
+		--enable-numa \
+		--enable-seccomp \
+		--enable-system \
+		--enable-tools \
+		--enable-usb-redir \
+		--enable-vhost-net \
+		--enable-vhost-user \
+		--enable-vhost-vsock \
+		--enable-virtfs \
+		--enable-vnc \
+		--enable-vnc-jpeg \
+		--enable-vnc-png \
+		--enable-xen \
+		--enable-xfsctl \
+#		--enable-rbd \
+#		--enable-vde \
+	; \
+	make -j "$(nproc)"; \
+	make install; \
+	\
+	cd /; \
+	rm -rf /usr/src/qemu; \
+	\
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
+	find /usr/local -type f -executable -exec ldd '{}' ';' \
+		| awk '/=>/ { print $(NF-1) }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	\
+# basic smoke test
+	qemu-img --version
+
+STOPSIGNAL SIGHUP
+
+EXPOSE 22
+EXPOSE 5900
+
+COPY start-qemu /usr/local/bin/
+CMD ["start-qemu"]
diff --git a/2.11/qemu-signals.patch b/2.11/qemu-signals.patch
new file mode 100644
index 0000000..cbd86f7
--- /dev/null
+++ b/2.11/qemu-signals.patch
@@ -0,0 +1,20 @@
+Origin: https://bugs.launchpad.net/qemu/+bug/1217339/comments/2
+Origin: https://lists.nongnu.org/archive/html/qemu-devel/2017-03/msg03039.html
+
+diff --git a/vl.c b/vl.c
+index 1ad1c04637..9e07fe1dbb 100644
+--- a/vl.c
++++ b/vl.c
+@@ -1898,7 +1898,11 @@ void qemu_system_killed(int signal, pid_t pid)
+     /* Cannot call qemu_system_shutdown_request directly because
+      * we are in a signal handler.
+      */
+-    shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL;
++    if (signal == SIGHUP) {
++        powerdown_requested = 1;
++    } else {
++        shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL;
++    }
+     qemu_notify_event();
+ }
+ 
diff --git a/2.11/start-qemu b/2.11/start-qemu
new file mode 100755
index 0000000..a6d9f7b
--- /dev/null
+++ b/2.11/start-qemu
@@ -0,0 +1,100 @@
+#!/bin/bash
+set -e
+
+# main available options:
+#   QEMU_CPU=n    (cores)
+#   QEMU_RAM=nnn  (megabytes)
+#   QEMU_HDA      (filename)
+#   QEMU_HDA_SIZE (bytes, suffixes like "G" allowed)
+#   QEMU_CDROM    (filename)
+#   QEMU_BOOT     (-boot)
+#   QEMU_PORTS="xxx[ xxx ...]" (space separated port numbers)
+#   QEMU_NET_USER_EXTRA="net=192.168.76.0/24,dhcpstart=192.168.76.9" (extra raw args for "-net user,...")
+#   QEMU_NO_SSH=1 (suppress automatic port 22 forwarding)
+#   QEMU_NO_SERIAL=1 (suppress automatic "-serial stdio")
+
+hostArch="$(uname -m)"
+qemuArch="${QEMU_ARCH:-$hostArch}"
+qemu="${QEMU_BIN:-qemu-system-$qemuArch}"
+qemuArgs=()
+
+qemuPorts=()
+if [ -z "${QEMU_NO_SSH:-}" ]; then
+	qemuPorts+=( 22 )
+fi
+qemuPorts+=( ${QEMU_PORTS:-} )
+
+if [ -e /dev/kvm ]; then
+	qemuArgs+=( -enable-kvm )
+elif [ "$hostArch" = "$qemuArch" ]; then
+	echo >&2
+	echo >&2 'warning: /dev/kvm not found'
+	echo >&2 '  PERFORMANCE WILL SUFFER'
+	echo >&2 '  (hint: docker run --device /dev/kvm ...)'
+	echo >&2
+	sleep 3
+fi
+
+qemuArgs+=( -smp "${QEMU_CPU:-1}" )
+qemuArgs+=( -m "${QEMU_RAM:-512}" )
+
+if [ -n "${QEMU_HDA:-}" ]; then
+	if [ ! -f "$QEMU_HDA" -o ! -s "$QEMU_HDA" ]; then
+		(
+			set -x
+			qemu-img create -f qcow2 -o preallocation=off "$QEMU_HDA" "${QEMU_HDA_SIZE:-8G}"
+		)
+	fi
+
+	# http://wiki.qemu.org/download/qemu-doc.html#Invocation
+	qemuScsiDevice='virtio-scsi-pci'
+	case "$qemuArch" in
+		arm) qemuScsiDevice='virtio-scsi-device' ;;
+	esac
+
+	#qemuArgs+=( -hda "$QEMU_HDA" )
+	#qemuArgs+=( -drive file="$QEMU_HDA",index=0,media=disk,discard=unmap )
+	qemuArgs+=(
+		-drive file="$QEMU_HDA",index=0,media=disk,discard=unmap,detect-zeroes=unmap,if=none,id=hda
+		-device "$qemuScsiDevice"
+		-device scsi-hd,drive=hda
+	)
+fi
+
+if [ -n "${QEMU_CDROM:-}" ]; then
+	qemuArgs+=( -cdrom "$QEMU_CDROM" )
+fi
+
+if [ -n "${QEMU_BOOT:-}" ]; then
+	qemuArgs+=( -boot "$QEMU_BOOT" )
+fi
+
+netArg='user'
+netArg+=",hostname=$(hostname)"
+if [ -n "${QEMU_NET_USER_EXTRA:-}" ]; then
+	netArg+=",$QEMU_NET_USER_EXTRA"
+fi
+for port in "${qemuPorts[@]}"; do
+	netArg+=",hostfwd=tcp::$port-:$port"
+	netArg+=",hostfwd=udp::$port-:$port"
+done
+
+qemuNetDevice='virtio-net-pci'
+case "$qemuArch" in
+	arm) qemuNetDevice='virtio-net-device' ;;
+esac
+
+qemuArgs+=(
+	-netdev "$netArg,id=net"
+	-device "$qemuNetDevice,netdev=net"
+	-vnc ':0'
+)
+if [ -z "${QEMU_NO_SERIAL:-}" ]; then
+	qemuArgs+=(
+		-serial stdio
+	)
+fi
+qemuArgs+=( "$@" )
+
+set -x
+exec "$qemu" "${qemuArgs[@]}"
diff --git a/Dockerfile b/2.12/Dockerfile
similarity index 76%
rename from Dockerfile
rename to 2.12/Dockerfile
index 516accd..2f0dce6 100644
--- a/Dockerfile
+++ b/2.12/Dockerfile
@@ -2,14 +2,20 @@ FROM debian:stretch-slim
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
 		ovmf \
-#		qemu-system \
-#		qemu-utils \
 	&& rm -rf /var/lib/apt/lists/*
 
 COPY *.patch /qemu-patches/
 
+# https://wiki.qemu.org/SecurityProcess
+ENV QEMU_KEYS \
+# Michael Roth
+		CEACC9E15534EBABB82D3FA03353C9CEF108B584
+# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release)
+
 # https://www.qemu.org/download/#source
+# https://download.qemu.org/?C=M;O=D
 ENV QEMU_VERSION 2.12.1
+ENV QEMU_URL https://download.qemu.org/qemu-2.12.1.tar.xz
 
 RUN set -eux; \
 	\
@@ -18,6 +24,7 @@ RUN set -eux; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
 		ca-certificates \
+		gnupg dirmngr \
 		wget \
 		xz-utils \
 		\
@@ -52,11 +59,21 @@ RUN set -eux; \
 	; \
 	rm -rf /var/lib/apt/lists/*; \
 	\
-	wget -O qemu.tar.xz "https://download.qemu.org/qemu-${QEMU_VERSION}.tar.xz"; \
-# TODO verify signature
+	tarball="$(basename "$QEMU_URL")"; \
+	wget -O "$tarball.sig" "$QEMU_URL.sig"; \
+	wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \
+	\
+	export GNUPGHOME="$(mktemp -d)"; \
+	for key in $QEMU_KEYS; do \
+		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+	done; \
+	gpg --batch --verify "$tarball.sig" "$tarball"; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME"; \
+	\
 	mkdir /usr/src/qemu; \
-	tar -xf qemu.tar.xz -C /usr/src/qemu --strip-components=1; \
-	rm qemu.tar.xz; \
+	tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \
+	rm "$tarball" "$tarball.sig"; \
 	\
 	cd /usr/src/qemu; \
 	\
@@ -131,7 +148,10 @@ RUN set -eux; \
 		| sort -u \
 		| xargs -r apt-mark manual \
 	; \
-	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	\
+# basic smoke test
+	qemu-img --version
 
 STOPSIGNAL SIGHUP
 
diff --git a/2.12/qemu-signals.patch b/2.12/qemu-signals.patch
new file mode 100644
index 0000000..cbd86f7
--- /dev/null
+++ b/2.12/qemu-signals.patch
@@ -0,0 +1,20 @@
+Origin: https://bugs.launchpad.net/qemu/+bug/1217339/comments/2
+Origin: https://lists.nongnu.org/archive/html/qemu-devel/2017-03/msg03039.html
+
+diff --git a/vl.c b/vl.c
+index 1ad1c04637..9e07fe1dbb 100644
+--- a/vl.c
++++ b/vl.c
+@@ -1898,7 +1898,11 @@ void qemu_system_killed(int signal, pid_t pid)
+     /* Cannot call qemu_system_shutdown_request directly because
+      * we are in a signal handler.
+      */
+-    shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL;
++    if (signal == SIGHUP) {
++        powerdown_requested = 1;
++    } else {
++        shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL;
++    }
+     qemu_notify_event();
+ }
+ 
diff --git a/2.12/start-qemu b/2.12/start-qemu
new file mode 100755
index 0000000..a6d9f7b
--- /dev/null
+++ b/2.12/start-qemu
@@ -0,0 +1,100 @@
+#!/bin/bash
+set -e
+
+# main available options:
+#   QEMU_CPU=n    (cores)
+#   QEMU_RAM=nnn  (megabytes)
+#   QEMU_HDA      (filename)
+#   QEMU_HDA_SIZE (bytes, suffixes like "G" allowed)
+#   QEMU_CDROM    (filename)
+#   QEMU_BOOT     (-boot)
+#   QEMU_PORTS="xxx[ xxx ...]" (space separated port numbers)
+#   QEMU_NET_USER_EXTRA="net=192.168.76.0/24,dhcpstart=192.168.76.9" (extra raw args for "-net user,...")
+#   QEMU_NO_SSH=1 (suppress automatic port 22 forwarding)
+#   QEMU_NO_SERIAL=1 (suppress automatic "-serial stdio")
+
+hostArch="$(uname -m)"
+qemuArch="${QEMU_ARCH:-$hostArch}"
+qemu="${QEMU_BIN:-qemu-system-$qemuArch}"
+qemuArgs=()
+
+qemuPorts=()
+if [ -z "${QEMU_NO_SSH:-}" ]; then
+	qemuPorts+=( 22 )
+fi
+qemuPorts+=( ${QEMU_PORTS:-} )
+
+if [ -e /dev/kvm ]; then
+	qemuArgs+=( -enable-kvm )
+elif [ "$hostArch" = "$qemuArch" ]; then
+	echo >&2
+	echo >&2 'warning: /dev/kvm not found'
+	echo >&2 '  PERFORMANCE WILL SUFFER'
+	echo >&2 '  (hint: docker run --device /dev/kvm ...)'
+	echo >&2
+	sleep 3
+fi
+
+qemuArgs+=( -smp "${QEMU_CPU:-1}" )
+qemuArgs+=( -m "${QEMU_RAM:-512}" )
+
+if [ -n "${QEMU_HDA:-}" ]; then
+	if [ ! -f "$QEMU_HDA" -o ! -s "$QEMU_HDA" ]; then
+		(
+			set -x
+			qemu-img create -f qcow2 -o preallocation=off "$QEMU_HDA" "${QEMU_HDA_SIZE:-8G}"
+		)
+	fi
+
+	# http://wiki.qemu.org/download/qemu-doc.html#Invocation
+	qemuScsiDevice='virtio-scsi-pci'
+	case "$qemuArch" in
+		arm) qemuScsiDevice='virtio-scsi-device' ;;
+	esac
+
+	#qemuArgs+=( -hda "$QEMU_HDA" )
+	#qemuArgs+=( -drive file="$QEMU_HDA",index=0,media=disk,discard=unmap )
+	qemuArgs+=(
+		-drive file="$QEMU_HDA",index=0,media=disk,discard=unmap,detect-zeroes=unmap,if=none,id=hda
+		-device "$qemuScsiDevice"
+		-device scsi-hd,drive=hda
+	)
+fi
+
+if [ -n "${QEMU_CDROM:-}" ]; then
+	qemuArgs+=( -cdrom "$QEMU_CDROM" )
+fi
+
+if [ -n "${QEMU_BOOT:-}" ]; then
+	qemuArgs+=( -boot "$QEMU_BOOT" )
+fi
+
+netArg='user'
+netArg+=",hostname=$(hostname)"
+if [ -n "${QEMU_NET_USER_EXTRA:-}" ]; then
+	netArg+=",$QEMU_NET_USER_EXTRA"
+fi
+for port in "${qemuPorts[@]}"; do
+	netArg+=",hostfwd=tcp::$port-:$port"
+	netArg+=",hostfwd=udp::$port-:$port"
+done
+
+qemuNetDevice='virtio-net-pci'
+case "$qemuArch" in
+	arm) qemuNetDevice='virtio-net-device' ;;
+esac
+
+qemuArgs+=(
+	-netdev "$netArg,id=net"
+	-device "$qemuNetDevice,netdev=net"
+	-vnc ':0'
+)
+if [ -z "${QEMU_NO_SERIAL:-}" ]; then
+	qemuArgs+=(
+		-serial stdio
+	)
+fi
+qemuArgs+=( "$@" )
+
+set -x
+exec "$qemu" "${qemuArgs[@]}"
diff --git a/3.0/Dockerfile b/3.0/Dockerfile
new file mode 100644
index 0000000..54b6daa
--- /dev/null
+++ b/3.0/Dockerfile
@@ -0,0 +1,162 @@
+FROM debian:stretch-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		ovmf \
+	&& rm -rf /var/lib/apt/lists/*
+
+COPY *.patch /qemu-patches/
+
+# https://wiki.qemu.org/SecurityProcess
+ENV QEMU_KEYS \
+# Michael Roth
+		CEACC9E15534EBABB82D3FA03353C9CEF108B584
+# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release)
+
+# https://www.qemu.org/download/#source
+# https://download.qemu.org/?C=M;O=D
+ENV QEMU_VERSION 3.0.0
+ENV QEMU_URL https://download.qemu.org/qemu-3.0.0.tar.xz
+
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	\
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		ca-certificates \
+		gnupg dirmngr \
+		wget \
+		xz-utils \
+		\
+		patch \
+		\
+		gcc \
+		gnutls-dev \
+		libaio-dev \
+		libbz2-dev \
+		libc-dev \
+		libcap-dev \
+		libcap-ng-dev \
+		libcurl4-gnutls-dev \
+		libglib2.0-dev \
+		libiscsi-dev \
+		libjpeg-dev \
+		libncursesw5-dev \
+		libnfs-dev \
+		libnuma-dev \
+		libpixman-1-dev \
+		libpng-dev \
+		libseccomp-dev \
+		libssh2-1-dev \
+		libusb-1.0-0-dev \
+		libusbredirparser-dev \
+		libxen-dev \
+		make \
+		pkg-config \
+		python \
+		xfslibs-dev \
+		zlib1g-dev \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	tarball="$(basename "$QEMU_URL")"; \
+	wget -O "$tarball.sig" "$QEMU_URL.sig"; \
+	wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \
+	\
+	export GNUPGHOME="$(mktemp -d)"; \
+	for key in $QEMU_KEYS; do \
+		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+	done; \
+	gpg --batch --verify "$tarball.sig" "$tarball"; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME"; \
+	\
+	mkdir /usr/src/qemu; \
+	tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \
+	rm "$tarball" "$tarball.sig"; \
+	\
+	cd /usr/src/qemu; \
+	\
+	for p in /qemu-patches/*.patch; do \
+		patch --strip 1 --input "$p"; \
+	done; \
+	rm -rf /qemu-patches; \
+	\
+	./configure --help; \
+	./configure \
+		--target-list=' \
+# system targets
+# (https://sources.debian.org/src/qemu/stretch/debian/rules/#L57-L61, slimmed)
+			i386-softmmu x86_64-softmmu aarch64-softmmu arm-softmmu m68k-softmmu \
+			mips64-softmmu mips64el-softmmu ppc64-softmmu \
+			sparc64-softmmu s390x-softmmu \
+# user targets
+# (https://sources.debian.org/src/qemu/stretch/debian/rules/#L81-L86, slimmed)
+			i386-linux-user x86_64-linux-user aarch64-linux-user arm-linux-user m68k-linux-user \
+			mips64-linux-user mips64el-linux-user \
+			ppc64-linux-user ppc64le-linux-user sparc64-linux-user \
+			s390x-linux-user \
+		' \
+		--disable-docs \
+		--disable-gtk --disable-vte \
+		--disable-sdl \
+		--enable-attr \
+		--enable-bzip2 \
+		--enable-cap-ng \
+		--enable-curl \
+		--enable-curses \
+		--enable-fdt \
+		--enable-gnutls \
+		--enable-kvm \
+		--enable-libiscsi \
+		--enable-libnfs \
+		--enable-libssh2 \
+		--enable-libusb \
+		--enable-linux-aio \
+		--enable-linux-user \
+		--enable-modules \
+		--enable-numa \
+		--enable-seccomp \
+		--enable-system \
+		--enable-tools \
+		--enable-usb-redir \
+		--enable-vhost-net \
+		--enable-vhost-user \
+		--enable-vhost-vsock \
+		--enable-virtfs \
+		--enable-vnc \
+		--enable-vnc-jpeg \
+		--enable-vnc-png \
+		--enable-xen \
+		--enable-xfsctl \
+#		--enable-rbd \
+#		--enable-vde \
+	; \
+	make -j "$(nproc)"; \
+	make install; \
+	\
+	cd /; \
+	rm -rf /usr/src/qemu; \
+	\
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
+	find /usr/local -type f -executable -exec ldd '{}' ';' \
+		| awk '/=>/ { print $(NF-1) }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	\
+# basic smoke test
+	qemu-img --version
+
+STOPSIGNAL SIGHUP
+
+EXPOSE 22
+EXPOSE 5900
+
+COPY start-qemu /usr/local/bin/
+CMD ["start-qemu"]
diff --git a/3.0/qemu-signals.patch b/3.0/qemu-signals.patch
new file mode 100644
index 0000000..cbd86f7
--- /dev/null
+++ b/3.0/qemu-signals.patch
@@ -0,0 +1,20 @@
+Origin: https://bugs.launchpad.net/qemu/+bug/1217339/comments/2
+Origin: https://lists.nongnu.org/archive/html/qemu-devel/2017-03/msg03039.html
+
+diff --git a/vl.c b/vl.c
+index 1ad1c04637..9e07fe1dbb 100644
+--- a/vl.c
++++ b/vl.c
+@@ -1898,7 +1898,11 @@ void qemu_system_killed(int signal, pid_t pid)
+     /* Cannot call qemu_system_shutdown_request directly because
+      * we are in a signal handler.
+      */
+-    shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL;
++    if (signal == SIGHUP) {
++        powerdown_requested = 1;
++    } else {
++        shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL;
++    }
+     qemu_notify_event();
+ }
+ 
diff --git a/3.0/start-qemu b/3.0/start-qemu
new file mode 100755
index 0000000..a6d9f7b
--- /dev/null
+++ b/3.0/start-qemu
@@ -0,0 +1,100 @@
+#!/bin/bash
+set -e
+
+# main available options:
+#   QEMU_CPU=n    (cores)
+#   QEMU_RAM=nnn  (megabytes)
+#   QEMU_HDA      (filename)
+#   QEMU_HDA_SIZE (bytes, suffixes like "G" allowed)
+#   QEMU_CDROM    (filename)
+#   QEMU_BOOT     (-boot)
+#   QEMU_PORTS="xxx[ xxx ...]" (space separated port numbers)
+#   QEMU_NET_USER_EXTRA="net=192.168.76.0/24,dhcpstart=192.168.76.9" (extra raw args for "-net user,...")
+#   QEMU_NO_SSH=1 (suppress automatic port 22 forwarding)
+#   QEMU_NO_SERIAL=1 (suppress automatic "-serial stdio")
+
+hostArch="$(uname -m)"
+qemuArch="${QEMU_ARCH:-$hostArch}"
+qemu="${QEMU_BIN:-qemu-system-$qemuArch}"
+qemuArgs=()
+
+qemuPorts=()
+if [ -z "${QEMU_NO_SSH:-}" ]; then
+	qemuPorts+=( 22 )
+fi
+qemuPorts+=( ${QEMU_PORTS:-} )
+
+if [ -e /dev/kvm ]; then
+	qemuArgs+=( -enable-kvm )
+elif [ "$hostArch" = "$qemuArch" ]; then
+	echo >&2
+	echo >&2 'warning: /dev/kvm not found'
+	echo >&2 '  PERFORMANCE WILL SUFFER'
+	echo >&2 '  (hint: docker run --device /dev/kvm ...)'
+	echo >&2
+	sleep 3
+fi
+
+qemuArgs+=( -smp "${QEMU_CPU:-1}" )
+qemuArgs+=( -m "${QEMU_RAM:-512}" )
+
+if [ -n "${QEMU_HDA:-}" ]; then
+	if [ ! -f "$QEMU_HDA" -o ! -s "$QEMU_HDA" ]; then
+		(
+			set -x
+			qemu-img create -f qcow2 -o preallocation=off "$QEMU_HDA" "${QEMU_HDA_SIZE:-8G}"
+		)
+	fi
+
+	# http://wiki.qemu.org/download/qemu-doc.html#Invocation
+	qemuScsiDevice='virtio-scsi-pci'
+	case "$qemuArch" in
+		arm) qemuScsiDevice='virtio-scsi-device' ;;
+	esac
+
+	#qemuArgs+=( -hda "$QEMU_HDA" )
+	#qemuArgs+=( -drive file="$QEMU_HDA",index=0,media=disk,discard=unmap )
+	qemuArgs+=(
+		-drive file="$QEMU_HDA",index=0,media=disk,discard=unmap,detect-zeroes=unmap,if=none,id=hda
+		-device "$qemuScsiDevice"
+		-device scsi-hd,drive=hda
+	)
+fi
+
+if [ -n "${QEMU_CDROM:-}" ]; then
+	qemuArgs+=( -cdrom "$QEMU_CDROM" )
+fi
+
+if [ -n "${QEMU_BOOT:-}" ]; then
+	qemuArgs+=( -boot "$QEMU_BOOT" )
+fi
+
+netArg='user'
+netArg+=",hostname=$(hostname)"
+if [ -n "${QEMU_NET_USER_EXTRA:-}" ]; then
+	netArg+=",$QEMU_NET_USER_EXTRA"
+fi
+for port in "${qemuPorts[@]}"; do
+	netArg+=",hostfwd=tcp::$port-:$port"
+	netArg+=",hostfwd=udp::$port-:$port"
+done
+
+qemuNetDevice='virtio-net-pci'
+case "$qemuArch" in
+	arm) qemuNetDevice='virtio-net-device' ;;
+esac
+
+qemuArgs+=(
+	-netdev "$netArg,id=net"
+	-device "$qemuNetDevice,netdev=net"
+	-vnc ':0'
+)
+if [ -z "${QEMU_NO_SERIAL:-}" ]; then
+	qemuArgs+=(
+		-serial stdio
+	)
+fi
+qemuArgs+=( "$@" )
+
+set -x
+exec "$qemu" "${qemuArgs[@]}"
diff --git a/3.1/Dockerfile b/3.1/Dockerfile
new file mode 100644
index 0000000..3593dd9
--- /dev/null
+++ b/3.1/Dockerfile
@@ -0,0 +1,162 @@
+FROM debian:stretch-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		ovmf \
+	&& rm -rf /var/lib/apt/lists/*
+
+COPY *.patch /qemu-patches/
+
+# https://wiki.qemu.org/SecurityProcess
+ENV QEMU_KEYS \
+# Michael Roth
+		CEACC9E15534EBABB82D3FA03353C9CEF108B584
+# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release)
+
+# https://www.qemu.org/download/#source
+# https://download.qemu.org/?C=M;O=D
+ENV QEMU_VERSION 3.1.0
+ENV QEMU_URL https://download.qemu.org/qemu-3.1.0.tar.xz
+
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	\
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		ca-certificates \
+		gnupg dirmngr \
+		wget \
+		xz-utils \
+		\
+		patch \
+		\
+		gcc \
+		gnutls-dev \
+		libaio-dev \
+		libbz2-dev \
+		libc-dev \
+		libcap-dev \
+		libcap-ng-dev \
+		libcurl4-gnutls-dev \
+		libglib2.0-dev \
+		libiscsi-dev \
+		libjpeg-dev \
+		libncursesw5-dev \
+		libnfs-dev \
+		libnuma-dev \
+		libpixman-1-dev \
+		libpng-dev \
+		libseccomp-dev \
+		libssh2-1-dev \
+		libusb-1.0-0-dev \
+		libusbredirparser-dev \
+		libxen-dev \
+		make \
+		pkg-config \
+		python \
+		xfslibs-dev \
+		zlib1g-dev \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	tarball="$(basename "$QEMU_URL")"; \
+	wget -O "$tarball.sig" "$QEMU_URL.sig"; \
+	wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \
+	\
+	export GNUPGHOME="$(mktemp -d)"; \
+	for key in $QEMU_KEYS; do \
+		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+	done; \
+	gpg --batch --verify "$tarball.sig" "$tarball"; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME"; \
+	\
+	mkdir /usr/src/qemu; \
+	tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \
+	rm "$tarball" "$tarball.sig"; \
+	\
+	cd /usr/src/qemu; \
+	\
+	for p in /qemu-patches/*.patch; do \
+		patch --strip 1 --input "$p"; \
+	done; \
+	rm -rf /qemu-patches; \
+	\
+	./configure --help; \
+	./configure \
+		--target-list=' \
+# system targets
+# (https://sources.debian.org/src/qemu/stretch/debian/rules/#L57-L61, slimmed)
+			i386-softmmu x86_64-softmmu aarch64-softmmu arm-softmmu m68k-softmmu \
+			mips64-softmmu mips64el-softmmu ppc64-softmmu \
+			sparc64-softmmu s390x-softmmu \
+# user targets
+# (https://sources.debian.org/src/qemu/stretch/debian/rules/#L81-L86, slimmed)
+			i386-linux-user x86_64-linux-user aarch64-linux-user arm-linux-user m68k-linux-user \
+			mips64-linux-user mips64el-linux-user \
+			ppc64-linux-user ppc64le-linux-user sparc64-linux-user \
+			s390x-linux-user \
+		' \
+		--disable-docs \
+		--disable-gtk --disable-vte \
+		--disable-sdl \
+		--enable-attr \
+		--enable-bzip2 \
+		--enable-cap-ng \
+		--enable-curl \
+		--enable-curses \
+		--enable-fdt \
+		--enable-gnutls \
+		--enable-kvm \
+		--enable-libiscsi \
+		--enable-libnfs \
+		--enable-libssh2 \
+		--enable-libusb \
+		--enable-linux-aio \
+		--enable-linux-user \
+		--enable-modules \
+		--enable-numa \
+		--enable-seccomp \
+		--enable-system \
+		--enable-tools \
+		--enable-usb-redir \
+		--enable-vhost-net \
+		--enable-vhost-user \
+		--enable-vhost-vsock \
+		--enable-virtfs \
+		--enable-vnc \
+		--enable-vnc-jpeg \
+		--enable-vnc-png \
+		--enable-xen \
+		--enable-xfsctl \
+#		--enable-rbd \
+#		--enable-vde \
+	; \
+	make -j "$(nproc)"; \
+	make install; \
+	\
+	cd /; \
+	rm -rf /usr/src/qemu; \
+	\
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
+	find /usr/local -type f -executable -exec ldd '{}' ';' \
+		| awk '/=>/ { print $(NF-1) }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	\
+# basic smoke test
+	qemu-img --version
+
+STOPSIGNAL SIGHUP
+
+EXPOSE 22
+EXPOSE 5900
+
+COPY start-qemu /usr/local/bin/
+CMD ["start-qemu"]
diff --git a/3.1/qemu-signals.patch b/3.1/qemu-signals.patch
new file mode 100644
index 0000000..cbd86f7
--- /dev/null
+++ b/3.1/qemu-signals.patch
@@ -0,0 +1,20 @@
+Origin: https://bugs.launchpad.net/qemu/+bug/1217339/comments/2
+Origin: https://lists.nongnu.org/archive/html/qemu-devel/2017-03/msg03039.html
+
+diff --git a/vl.c b/vl.c
+index 1ad1c04637..9e07fe1dbb 100644
+--- a/vl.c
++++ b/vl.c
+@@ -1898,7 +1898,11 @@ void qemu_system_killed(int signal, pid_t pid)
+     /* Cannot call qemu_system_shutdown_request directly because
+      * we are in a signal handler.
+      */
+-    shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL;
++    if (signal == SIGHUP) {
++        powerdown_requested = 1;
++    } else {
++        shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL;
++    }
+     qemu_notify_event();
+ }
+ 
diff --git a/3.1/start-qemu b/3.1/start-qemu
new file mode 100755
index 0000000..a6d9f7b
--- /dev/null
+++ b/3.1/start-qemu
@@ -0,0 +1,100 @@
+#!/bin/bash
+set -e
+
+# main available options:
+#   QEMU_CPU=n    (cores)
+#   QEMU_RAM=nnn  (megabytes)
+#   QEMU_HDA      (filename)
+#   QEMU_HDA_SIZE (bytes, suffixes like "G" allowed)
+#   QEMU_CDROM    (filename)
+#   QEMU_BOOT     (-boot)
+#   QEMU_PORTS="xxx[ xxx ...]" (space separated port numbers)
+#   QEMU_NET_USER_EXTRA="net=192.168.76.0/24,dhcpstart=192.168.76.9" (extra raw args for "-net user,...")
+#   QEMU_NO_SSH=1 (suppress automatic port 22 forwarding)
+#   QEMU_NO_SERIAL=1 (suppress automatic "-serial stdio")
+
+hostArch="$(uname -m)"
+qemuArch="${QEMU_ARCH:-$hostArch}"
+qemu="${QEMU_BIN:-qemu-system-$qemuArch}"
+qemuArgs=()
+
+qemuPorts=()
+if [ -z "${QEMU_NO_SSH:-}" ]; then
+	qemuPorts+=( 22 )
+fi
+qemuPorts+=( ${QEMU_PORTS:-} )
+
+if [ -e /dev/kvm ]; then
+	qemuArgs+=( -enable-kvm )
+elif [ "$hostArch" = "$qemuArch" ]; then
+	echo >&2
+	echo >&2 'warning: /dev/kvm not found'
+	echo >&2 '  PERFORMANCE WILL SUFFER'
+	echo >&2 '  (hint: docker run --device /dev/kvm ...)'
+	echo >&2
+	sleep 3
+fi
+
+qemuArgs+=( -smp "${QEMU_CPU:-1}" )
+qemuArgs+=( -m "${QEMU_RAM:-512}" )
+
+if [ -n "${QEMU_HDA:-}" ]; then
+	if [ ! -f "$QEMU_HDA" -o ! -s "$QEMU_HDA" ]; then
+		(
+			set -x
+			qemu-img create -f qcow2 -o preallocation=off "$QEMU_HDA" "${QEMU_HDA_SIZE:-8G}"
+		)
+	fi
+
+	# http://wiki.qemu.org/download/qemu-doc.html#Invocation
+	qemuScsiDevice='virtio-scsi-pci'
+	case "$qemuArch" in
+		arm) qemuScsiDevice='virtio-scsi-device' ;;
+	esac
+
+	#qemuArgs+=( -hda "$QEMU_HDA" )
+	#qemuArgs+=( -drive file="$QEMU_HDA",index=0,media=disk,discard=unmap )
+	qemuArgs+=(
+		-drive file="$QEMU_HDA",index=0,media=disk,discard=unmap,detect-zeroes=unmap,if=none,id=hda
+		-device "$qemuScsiDevice"
+		-device scsi-hd,drive=hda
+	)
+fi
+
+if [ -n "${QEMU_CDROM:-}" ]; then
+	qemuArgs+=( -cdrom "$QEMU_CDROM" )
+fi
+
+if [ -n "${QEMU_BOOT:-}" ]; then
+	qemuArgs+=( -boot "$QEMU_BOOT" )
+fi
+
+netArg='user'
+netArg+=",hostname=$(hostname)"
+if [ -n "${QEMU_NET_USER_EXTRA:-}" ]; then
+	netArg+=",$QEMU_NET_USER_EXTRA"
+fi
+for port in "${qemuPorts[@]}"; do
+	netArg+=",hostfwd=tcp::$port-:$port"
+	netArg+=",hostfwd=udp::$port-:$port"
+done
+
+qemuNetDevice='virtio-net-pci'
+case "$qemuArch" in
+	arm) qemuNetDevice='virtio-net-device' ;;
+esac
+
+qemuArgs+=(
+	-netdev "$netArg,id=net"
+	-device "$qemuNetDevice,netdev=net"
+	-vnc ':0'
+)
+if [ -z "${QEMU_NO_SERIAL:-}" ]; then
+	qemuArgs+=(
+		-serial stdio
+	)
+fi
+qemuArgs+=( "$@" )
+
+set -x
+exec "$qemu" "${qemuArgs[@]}"
diff --git a/Dockerfile.template b/Dockerfile.template
new file mode 100644
index 0000000..9b3fde9
--- /dev/null
+++ b/Dockerfile.template
@@ -0,0 +1,162 @@
+FROM debian:stretch-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		ovmf \
+	&& rm -rf /var/lib/apt/lists/*
+
+COPY *.patch /qemu-patches/
+
+# https://wiki.qemu.org/SecurityProcess
+ENV QEMU_KEYS \
+# Michael Roth
+		CEACC9E15534EBABB82D3FA03353C9CEF108B584
+# https://wiki.qemu.org/Planning/ReleaseProcess#Sign_the_resulting_tarball_with_GPG: (they get signed by whoever is making the release)
+
+# https://www.qemu.org/download/#source
+# https://download.qemu.org/?C=M;O=D
+ENV QEMU_VERSION %%QEMU_VERSION%%
+ENV QEMU_URL %%QEMU_URL%%
+
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	\
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		ca-certificates \
+		gnupg dirmngr \
+		wget \
+		xz-utils \
+		\
+		patch \
+		\
+		gcc \
+		gnutls-dev \
+		libaio-dev \
+		libbz2-dev \
+		libc-dev \
+		libcap-dev \
+		libcap-ng-dev \
+		libcurl4-gnutls-dev \
+		libglib2.0-dev \
+		libiscsi-dev \
+		libjpeg-dev \
+		libncursesw5-dev \
+		libnfs-dev \
+		libnuma-dev \
+		libpixman-1-dev \
+		libpng-dev \
+		libseccomp-dev \
+		libssh2-1-dev \
+		libusb-1.0-0-dev \
+		libusbredirparser-dev \
+		libxen-dev \
+		make \
+		pkg-config \
+		python \
+		xfslibs-dev \
+		zlib1g-dev \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	tarball="$(basename "$QEMU_URL")"; \
+	wget -O "$tarball.sig" "$QEMU_URL.sig"; \
+	wget -O "$tarball" "$QEMU_URL" --progress=dot:giga; \
+	\
+	export GNUPGHOME="$(mktemp -d)"; \
+	for key in $QEMU_KEYS; do \
+		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+	done; \
+	gpg --batch --verify "$tarball.sig" "$tarball"; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME"; \
+	\
+	mkdir /usr/src/qemu; \
+	tar -xf "$tarball" -C /usr/src/qemu --strip-components=1; \
+	rm "$tarball" "$tarball.sig"; \
+	\
+	cd /usr/src/qemu; \
+	\
+	for p in /qemu-patches/*.patch; do \
+		patch --strip 1 --input "$p"; \
+	done; \
+	rm -rf /qemu-patches; \
+	\
+	./configure --help; \
+	./configure \
+		--target-list=' \
+# system targets
+# (https://sources.debian.org/src/qemu/stretch/debian/rules/#L57-L61, slimmed)
+			i386-softmmu x86_64-softmmu aarch64-softmmu arm-softmmu m68k-softmmu \
+			mips64-softmmu mips64el-softmmu ppc64-softmmu \
+			sparc64-softmmu s390x-softmmu \
+# user targets
+# (https://sources.debian.org/src/qemu/stretch/debian/rules/#L81-L86, slimmed)
+			i386-linux-user x86_64-linux-user aarch64-linux-user arm-linux-user m68k-linux-user \
+			mips64-linux-user mips64el-linux-user \
+			ppc64-linux-user ppc64le-linux-user sparc64-linux-user \
+			s390x-linux-user \
+		' \
+		--disable-docs \
+		--disable-gtk --disable-vte \
+		--disable-sdl \
+		--enable-attr \
+		--enable-bzip2 \
+		--enable-cap-ng \
+		--enable-curl \
+		--enable-curses \
+		--enable-fdt \
+		--enable-gnutls \
+		--enable-kvm \
+		--enable-libiscsi \
+		--enable-libnfs \
+		--enable-libssh2 \
+		--enable-libusb \
+		--enable-linux-aio \
+		--enable-linux-user \
+		--enable-modules \
+		--enable-numa \
+		--enable-seccomp \
+		--enable-system \
+		--enable-tools \
+		--enable-usb-redir \
+		--enable-vhost-net \
+		--enable-vhost-user \
+		--enable-vhost-vsock \
+		--enable-virtfs \
+		--enable-vnc \
+		--enable-vnc-jpeg \
+		--enable-vnc-png \
+		--enable-xen \
+		--enable-xfsctl \
+#		--enable-rbd \
+#		--enable-vde \
+	; \
+	make -j "$(nproc)"; \
+	make install; \
+	\
+	cd /; \
+	rm -rf /usr/src/qemu; \
+	\
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
+	find /usr/local -type f -executable -exec ldd '{}' ';' \
+		| awk '/=>/ { print $(NF-1) }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	\
+# basic smoke test
+	qemu-img --version
+
+STOPSIGNAL SIGHUP
+
+EXPOSE 22
+EXPOSE 5900
+
+COPY start-qemu /usr/local/bin/
+CMD ["start-qemu"]
diff --git a/update.sh b/update.sh
new file mode 100755
index 0000000..12df6b8
--- /dev/null
+++ b/update.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+versions=( */ )
+versions=( "${versions[@]%/}" )
+
+# https://download.qemu.org/?C=M;O=D
+urls="$(
+	wget -qO- 'https://www.qemu.org/download/' \
+		| grep -oE 'https://download[.]qemu[.]org/qemu-([^"]+)[.]tar[.]xz' \
+		| sort -ruV
+)"
+
+for version in "${versions[@]}"; do
+	rcGrepV='-v'
+	rcVersion="${version%-rc}"
+	if [ "$rcVersion" != "$version" ]; then
+		rcGrepV=
+	fi
+
+	url="$(
+		grep -E "qemu-$rcVersion([.-])" <<<"$urls" \
+			| grep $rcGrepV -E -- '-rc' \
+			| head -1
+	)"
+	fullVersion="${url##*/qemu-}"
+	fullVersion="${fullVersion%%.tar.*}"
+
+	echo "$version: $fullVersion"
+
+	sed -r \
+		-e 's/%%QEMU_VERSION%%/'"$fullVersion"'/g' \
+		-e 's!%%QEMU_URL%%!'"$url"'!g' \
+		Dockerfile.template > "$version/Dockerfile"
+	cp -a start-qemu *.patch "$version/"
+done