From f02e5263a2b69078a74c8ffd0e4667848e1751a9 Mon Sep 17 00:00:00 2001 From: Shiloh Heurich Date: Wed, 7 Jan 2026 16:40:52 -0500 Subject: [PATCH] build: support native architecture builds on ARM hosts --- .dockerignore | 1 + .gitignore | 2 ++ Containerfile | 8 +++++++- tools/container-build.sh | 32 +++++++++++++++++++++----------- tools/make-deb.sh | 8 ++++++-- 5 files changed, 37 insertions(+), 14 deletions(-) diff --git a/.dockerignore b/.dockerignore index 8797cc5274e..05dc17082f2 100644 --- a/.dockerignore +++ b/.dockerignore @@ -8,3 +8,4 @@ test/certs/webpki test/certs/.softhsm-tokens .git .gocache +.github diff --git a/.gitignore b/.gitignore index 5e1426c919a..502a89ea7a6 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ *.a *.so *.pyc +boulder-*.deb +boulder-*.tar.gz # Folders _obj diff --git a/Containerfile b/Containerfile index 92276aa6d30..bd69a33a808 100644 --- a/Containerfile +++ b/Containerfile @@ -5,6 +5,7 @@ FROM docker.io/ubuntu:24.04 AS builder ARG COMMIT_ID ARG GO_VERSION +ARG TARGETPLATFORM ARG VERSION ENV DEBIAN_FRONTEND=noninteractive @@ -12,7 +13,12 @@ RUN apt-get --assume-yes --no-install-recommends --update install \ ca-certificates curl gcc git gnupg2 libc6-dev COPY tools/fetch-and-verify-go.sh /tmp -RUN /tmp/fetch-and-verify-go.sh ${GO_VERSION} +RUN case "${TARGETPLATFORM}" in \ + "linux/amd64"|"") PLATFORM="linux-amd64" ;; \ + "linux/arm64") PLATFORM="linux-arm64" ;; \ + *) echo "Unsupported platform: ${TARGETPLATFORM}" && exit 1 ;; \ + esac && \ + /tmp/fetch-and-verify-go.sh ${GO_VERSION} ${PLATFORM} RUN tar -C /opt -xzf go.tar.gz ENV PATH="/opt/go/bin:${PATH}" diff --git a/tools/container-build.sh b/tools/container-build.sh index 735332b6a67..344527a4971 100755 --- a/tools/container-build.sh +++ b/tools/container-build.sh @@ -7,23 +7,32 @@ set -ex -# Without this, `go install` produces: -# # runtime/cgo -# gcc: error: unrecognized command-line option '-m64' -if [ "$(uname -m)" = "arm64" ]; then - export DOCKER_DEFAULT_PLATFORM=linux/amd64 -fi - if [ -z "${GO_VERSION}" ] ; then echo "GO_VERSION not set" exit 1 fi -ARCH="$(uname -m)" +# Determine what architecture to build for +if [ -n "${DOCKER_DEFAULT_PLATFORM:-}" ]; then + PLATFORM="${DOCKER_DEFAULT_PLATFORM}" +else + case "$(uname -m)" in + x86_64) PLATFORM="linux/amd64" ;; + aarch64|arm64) PLATFORM="linux/arm64" ;; + *) echo "Unsupported architecture: $(uname -m)" && exit 1 ;; + esac +fi + +case "${PLATFORM}" in + linux/amd64) ARCH="amd64" ;; + linux/arm64) ARCH="arm64" ;; + *) echo "Unsupported platform: ${PLATFORM}" && exit 1 ;; +esac COMMIT_ID="$(git rev-parse --short=8 HEAD)" VERSION="${GO_VERSION}.$(date +%s)" docker buildx build \ + --platform "$PLATFORM" \ --file Containerfile \ --build-arg "COMMIT_ID=${COMMIT_ID}" \ --build-arg "GO_VERSION=${GO_VERSION}" \ @@ -33,10 +42,11 @@ docker buildx build \ --tag boulder \ . -docker run boulder tar -C /opt/boulder -cpz . > "./boulder-${VERSION}-${COMMIT_ID}.${ARCH}.tar.gz" . -# Produces e.g. boulder-1.25.0.1754519595-591c0545.x86_64.deb +docker run boulder tar -C /opt/boulder -cpz . > "./boulder-${VERSION}-${COMMIT_ID}.${ARCH}.tar.gz" +# Produces e.g. boulder-1.25.0.1754519595-591c0545.amd64.deb docker run -v .:/boulderrepo \ - -e "COMMIT_ID=$(git rev-parse --short=8 HEAD)" \ + -e "ARCH=${ARCH}" \ + -e "COMMIT_ID=${COMMIT_ID}" \ -e "VERSION=${VERSION}" \ boulder \ /boulderrepo/tools/make-deb.sh diff --git a/tools/make-deb.sh b/tools/make-deb.sh index 56d0a4ae899..c9fa1b0de16 100755 --- a/tools/make-deb.sh +++ b/tools/make-deb.sh @@ -10,6 +10,10 @@ set -eu cd "$(realpath -- "$(dirname -- "$0")")/.." +if [ -z "${ARCH:-}" ]; then echo "ARCH not set"; exit 1; fi +if [ -z "${VERSION:-}" ]; then echo "VERSION not set"; exit 1; fi +if [ -z "${COMMIT_ID:-}" ]; then echo "COMMIT_ID not set"; exit 1; fi + BUILD="$(mktemp -d)" mkdir -p "${BUILD}/opt" @@ -21,7 +25,7 @@ Package: boulder Version: 1:${VERSION} License: Mozilla Public License v2.0 Vendor: ISRG -Architecture: amd64 +Architecture: ${ARCH} Maintainer: Community Section: default Priority: extra @@ -29,4 +33,4 @@ Homepage: https://github.com/letsencrypt/boulder Description: Boulder is an ACME-compatible X.509 Certificate Authority EOF -dpkg-deb -Zgzip -b "${BUILD}" "boulder-${VERSION}-${COMMIT_ID}.x86_64.deb" +dpkg-deb -Zgzip -b "${BUILD}" "boulder-${VERSION}-${COMMIT_ID}.${ARCH}.deb"