Containerize binfmt_misc

- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8

fix #53

Signed-off-by: Justin Cormack <justin.cormack@docker.com>

alpine/containers/binfmt/Makefile

@@ -0,0 +1,27 @@
+QEMU_IMAGE=mobylinux/qemu-user-static:7a07de557d7f6ae3d72873c32bfb4c51c7687d03
+QEMU_BINARIES=qemu-arm-static qemu-aarch64-static qemu-ppc64le-static
+
+default: rootfs
+
+$(QEMU_BINARIES):
+	docker run --rm --net=none $(QEMU_IMAGE) tar cf - -C /usr/bin $@ | tar xf -
+
+DEPS=Dockerfile main.go 00_moby.conf $(QEMU_BINARIES)
+
+rootfs: $(DEPS) $(QEMU_BINARIES)
+	mkdir -p $@
+	BUILD=$$( tar cf - $(DEPS) | docker build -q - ) && \
+	[ -n "$$BUILD" ] && \
+	echo "Built $$BUILD" && \
+	IMAGE=$$( docker run --rm --net=none $$BUILD | docker build -q - ) && \
+	[ -n "$$IMAGE" ] && \
+	echo "Built $$IMAGE" && \
+	CONTAINER=$$( docker create $$IMAGE /dev/null ) && \
+	docker export $$CONTAINER | tar -xf - -C $@ && \
+	docker rm $$CONTAINER && \
+	( cd $@ && rm -rf .dockerenv Dockerfile dev/* etc/hostname etc/hosts etc/mtab etc/resolv.conf )
+
+clean:
+	rm -rf rootfs $(QEMU_BINARIES)
+
+.DELETE_ON_ERROR: