You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! Thanks for shellfirm — we use it in jackin's construct image as a security guardrail for AI coding agents.
Request
Ship shellfirm-vX.Y.Z-aarch64-linux.tar.xz alongside the existing x86_64-linux artifact in releases.
Context
Recent releases (v0.3.5 through v0.3.9) only publish x86_64-linux for Linux. No aarch64-linux tarball.
Your release.yml already has the matrix entry for aarch64-linux (via rustembedded/cross), but it's commented out — the infrastructure is in place, just disabled.
Issue Native support for Apple silicon #124 was about Apple silicon (aarch64-darwin) — that's already shipping. Linux arm64 hasn't been requested before as far as we can tell.
Why we care
jackin builds a multi-arch Docker image (linux/amd64 + linux/arm64) consumed by Apple silicon (Docker Desktop / OrbStack) developers and arm64 CI runners.
Currently we run cargo install shellfirm --version <X> --locked inside the image. On arm64 CI this re-compiles shellfirm plus its transitive crate graph from source on every layer-cache miss, dominating construct build time.
We're considering moving to pre-built binary download to drop a whole multi-stage Rust toolchain stage. We already do this for tirith, which publishes tirith-aarch64-unknown-linux-gnu.tar.gz.
The shellfirm Linux arm64 gap is the one thing blocking us from removing cargo entirely.
Suggested change
Uncomment the aarch64-linux entries in release.yml:
Line 74 — add aarch64-linux back to the build list
Lines 82-87 — uncomment the matrix include
If the historical reason for disabling was cross breakage, two modern options that may avoid it:
Switch to runs-on: ubuntu-24.04-arm (free for public repos since Jan 2025) — native arm64 build, no cross-compile needed.
Or keep cross against ubuntu-latest — still works for most rust crates.
Happy to open a PR if helpful. Let me know which direction you'd prefer.
Hi! Thanks for shellfirm — we use it in jackin's construct image as a security guardrail for AI coding agents.
Request
Ship
shellfirm-vX.Y.Z-aarch64-linux.tar.xzalongside the existingx86_64-linuxartifact in releases.Context
x86_64-linuxfor Linux. Noaarch64-linuxtarball.aarch64-linux(viarustembedded/cross), but it's commented out — the infrastructure is in place, just disabled.Why we care
linux/amd64+linux/arm64) consumed by Apple silicon (Docker Desktop / OrbStack) developers and arm64 CI runners.cargo install shellfirm --version <X> --lockedinside the image. On arm64 CI this re-compiles shellfirm plus its transitive crate graph from source on every layer-cache miss, dominating construct build time.tirith-aarch64-unknown-linux-gnu.tar.gz.Suggested change
Uncomment the
aarch64-linuxentries inrelease.yml:aarch64-linuxback to the build listIf the historical reason for disabling was
crossbreakage, two modern options that may avoid it:runs-on: ubuntu-24.04-arm(free for public repos since Jan 2025) — native arm64 build, no cross-compile needed.crossagainstubuntu-latest— still works for most rust crates.Happy to open a PR if helpful. Let me know which direction you'd prefer.
Thanks!