From 16d2629082de135692f3f98ee8c60c2a2dba2e1f Mon Sep 17 00:00:00 2001 From: Arunesh Dwivedi Date: Tue, 9 Jun 2026 10:35:33 +0000 Subject: [PATCH] fix: support multi-arch container image builds (arm64, amd64) Replace single-arch amd64-only download with multi-stage build that downloads both amd64 and arm64 binaries, then uses TARGETARCH to copy the correct one into the final image. Fixes ContainerSSH/ContainerSSH#696 Signed-off-by: Arunesh Dwivedi --- containerssh/Dockerfile | 57 +++++++++++++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 13 deletions(-) diff --git a/containerssh/Dockerfile b/containerssh/Dockerfile index c891557..631cc4b 100644 --- a/containerssh/Dockerfile +++ b/containerssh/Dockerfile @@ -13,33 +13,64 @@ RUN mkdir -p /containerssh && \ cd /containerssh && \ adduser --uid 1022 --disabled-password --system --no-create-home containerssh && \ chown containerssh /containerssh -# Drop privileges for download + +# Detect architecture and download the matching binary +RUN uname -m > /tmp/arch + +FROM alpine AS download-amd64 +ARG CONTAINERSSH_VERSION +ARG GITHUB_TOKEN +ARG SOURCE_REPO +RUN apk add --no-cache curl +RUN mkdir -p /containerssh && adduser --uid 1022 --disabled-password --system --no-create-home containerssh USER 1022:1022 RUN cd /containerssh && \ URL=${SOURCE_REPO}/releases/download/${CONTAINERSSH_VERSION}/containerssh_${CONTAINERSSH_VERSION/v/}_linux_amd64.tar.gz && \ if [ -n "${GITHUB_TOKEN}" ]; then \ - curl -L -o containerssh.tar.gz --header 'authorization: Bearer ${GITHUB_TOKEN}' ${URL}; \ + curl -L -o containerssh.tar.gz --header "authorization: Bearer ${GITHUB_TOKEN}" ${URL}; \ + else \ + curl -L -o containerssh.tar.gz ${URL}; \ + fi && \ + tar xzf containerssh.tar.gz && rm containerssh.tar.gz +USER 0:0 +RUN mv /containerssh/containerssh /containerssh/containerssh-amd64 + +FROM alpine AS download-arm64 +ARG CONTAINERSSH_VERSION +ARG GITHUB_TOKEN +ARG SOURCE_REPO +RUN apk add --no-cache curl +RUN mkdir -p /containerssh && adduser --uid 1022 --disabled-password --system --no-create-home containerssh +USER 1022:1022 +RUN cd /containerssh && \ + URL=${SOURCE_REPO}/releases/download/${CONTAINERSSH_VERSION}/containerssh_${CONTAINERSSH_VERSION/v/}_linux_arm64.tar.gz && \ + if [ -n "${GITHUB_TOKEN}" ]; then \ + curl -L -o containerssh.tar.gz --header "authorization: Bearer ${GITHUB_TOKEN}" ${URL}; \ else \ - curl -vvvvv -L -o containerssh.tar.gz ${URL}; \ + curl -L -o containerssh.tar.gz ${URL}; \ fi && \ - tar -xvvzf containerssh.tar.gz && \ - rm containerssh.tar.gz + tar xzf containerssh.tar.gz && rm containerssh.tar.gz USER 0:0 -RUN chown -R root:root /containerssh +RUN mv /containerssh/containerssh /containerssh/containerssh-arm64 + +FROM alpine AS merge +COPY --from=download-amd64 /containerssh/containerssh-amd64 /containerssh/ +COPY --from=download-arm64 /containerssh/containerssh-arm64 /containerssh/ +COPY --from=download-amd64 /containerssh/LICENSE* /containerssh/ +COPY --from=download-amd64 /containerssh/NOTICE* /containerssh/ FROM alpine +ARG TARGETARCH RUN apk upgrade --no-cache && apk add --no-cache 'libssl3' 'libcrypto3' -COPY --from=download /containerssh/containerssh / -COPY --from=download /containerssh/LICENSE* / -COPY --from=download /containerssh/NOTICE* / -RUN chmod +x /containerssh +# Copy only the binary for the target architecture +COPY --from=merge /containerssh/containerssh-${TARGETARCH} /containerssh/containerssh +COPY --from=merge /containerssh/LICENSE* / +COPY --from=merge /containerssh/NOTICE* +RUN chmod +x /containerssh && rm -rf /containerssh/containerssh-* ENTRYPOINT ["/containerssh"] CMD ["--config", "/etc/containerssh/config.yaml"] VOLUME /etc/containerssh VOLUME /var/secrets -# Run as user 1022 to avoid running as root USER 1022:1022 -# Expose SSH port EXPOSE 2222 -# Expose metrics port (disabled by default) EXPOSE 9100