Replace binfmt container with Debian qemu-user-static.

Sporatic crashes with qemu for arm64 started to occur after kernel hardenning changes on GitHub runners. Crashes are caused by qemu being compiled with `--disable-pie`. The setup-qemu-action@v3 action uses qemu v7 from tonistiigi/binfmt:latest (compiled with this option). Using tonistiigi/binfmt:v8.1.5 (compiled without the option) has been suggested to fix this issue, but crashes are still seen (probably related to the v8 itself). Unfortunately, tonistiigi/binfmt is not providing v7 being compiled without the option yet. In the meantime, install binfmt manually from Debian package.
jlesage · Feb 1, 2025 · f36cc9a · f36cc9a
1 parent 6614438
commit f36cc9a
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/.github/workflows/build-baseimage.yml b/.github/workflows/build-baseimage.yml
@@ -128,9 +128,15 @@ jobs:
         uses: mig4/setup-bats@v1
 
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: arm,arm64,ppc64le,mips64,s390x
+        #uses: docker/setup-qemu-action@v3
+        #with:
+        #  platforms: arm,arm64,ppc64le,mips64,s390x
+        shell: bash
+        run: |
+          # Temporarily use Debian qemu-user-static, until Ubuntu fixes theirs.
+          wget -q http://ftp.debian.org/debian/pool/main/q/qemu/qemu-user-static_7.2+dfsg-7+deb12u12_amd64.deb
+          echo "1a2696081c1f30d464f79fd300196822397c77f05440ea9ce6dc8e9658b595ec qemu-user-static_7.2+dfsg-7+deb12u12_amd64.deb" | sha256sum -c
+          sudo dpkg -i qemu-user-static_7.2+dfsg-7+deb12u12_amd64.deb
 
       - name: Setup Docker Buildx
         uses: docker/setup-buildx-action@v3