From 7fc968bea6011c80fa1098f70836e97d6828eaa0 Mon Sep 17 00:00:00 2001
From: Mikhail Malyshev <mike.malyshev@gmail.com>
Date: Mon, 14 Jul 2025 16:46:17 +0000
Subject: [PATCH 1/2] Fix Dockerfile syntax and copyright date

fix ENV/VAR syntax

Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
---
 pkg/apparmor/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/apparmor/Dockerfile b/pkg/apparmor/Dockerfile
index 9f19f91ab5a..3cbf2f70716 100644
--- a/pkg/apparmor/Dockerfile
+++ b/pkg/apparmor/Dockerfile
@@ -1,11 +1,11 @@
 # syntax=docker/dockerfile-upstream:1.5.0-rc2-labs
 
-# Copyright (c) 2023 Zededa, Inc.
+# Copyright (c) 2023-2025 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
 FROM lfedge/eve-alpine:0f2e0da38e30753c68410727a6cc269e57ff74f2 as build
-ENV BUILD_PKGS linux-headers musl-dev musl-utils musl-libintl git gcc g++ \
-               autoconf automake libtool make flex bison bash sed gettext
+ENV BUILD_PKGS="linux-headers musl-dev musl-utils musl-libintl git gcc g++ \
+               autoconf automake libtool make flex bison bash sed gettext"
 ENV PKGS alpine-baselayout
 RUN eve-alpine-deploy.sh
 

From 5d06ac9d3a5dc9efbf0edbc85230630387e9713b Mon Sep 17 00:00:00 2001
From: Mikhail Malyshev <mike.malyshev@gmail.com>
Date: Mon, 14 Jul 2025 19:18:06 +0000
Subject: [PATCH 2/2] [cross-compile] pkg/apparmor

Make pkg/apparmor cross compilable
- the main trick is how sysroot is created by importing --platform=${TARGETPALTFORM} alpine
- our cross compiler expects sysroot to be at fixed locations and doesn't accept --sysroot

Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
---
 pkg/apparmor/Dockerfile | 60 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 54 insertions(+), 6 deletions(-)

diff --git a/pkg/apparmor/Dockerfile b/pkg/apparmor/Dockerfile
index 3cbf2f70716..8502d20d8a2 100644
--- a/pkg/apparmor/Dockerfile
+++ b/pkg/apparmor/Dockerfile
@@ -3,26 +3,74 @@
 # Copyright (c) 2023-2025 Zededa, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM lfedge/eve-alpine:0f2e0da38e30753c68410727a6cc269e57ff74f2 as build
+FROM --platform=${BUILDPLATFORM} lfedge/eve-alpine:0f2e0da38e30753c68410727a6cc269e57ff74f2 as builder-native-base
 ENV BUILD_PKGS="linux-headers musl-dev musl-utils musl-libintl git gcc g++ \
                autoconf automake libtool make flex bison bash sed gettext"
 ENV PKGS alpine-baselayout
 RUN eve-alpine-deploy.sh
 
+FROM --platform=${BUILDPLATFORM} lfedge/eve-cross-compilers:fb809cfb1909752acb563e0b77cd3799534bce64 AS cross-compilers
+
+FROM builder-native-base as builder-cross-base
+COPY --from=cross-compilers /packages /packages
+
+FROM builder-cross-base as builder-target-arm64
+ARG COMPILER_TARGET_ARCH=aarch64
+
+FROM builder-cross-base as builder-target-amd64
+ARG COMPILER_TARGET_ARCH=x86_64
+
+FROM --platform=${TARGETPLATFORM} lfedge/eve-alpine:0f2e0da38e30753c68410727a6cc269e57ff74f2 as target-sysroot
+# Install the target sysroot
+ENV BUILD_PKGS="musl-dev libgcc musl-libintl libintl  linux-headers"
+RUN eve-alpine-deploy.sh
+
+#hadolint ignore=DL3006
+FROM builder-target-${TARGETARCH} as builder-target
+# install cross compiler
+#hadolint ignore=DL3006,DL3018
+RUN apk add --no-cache --allow-untrusted -X /packages "build-base-${COMPILER_TARGET_ARCH}"
+
+FROM builder-target as builder-amd64-arm64
+ENV CONFIGURE_TARGETS="--build=aarch64-alpine-linux-musl --host=x86_64-alpine-linux-musl"
+# copy libraries from target-sysroot
+COPY --from=target-sysroot /usr/lib/ /usr/x86_64-alpine-linux-musl/lib/
+COPY --from=target-sysroot /usr/include/ /usr/x86_64-alpine-linux-musl/include/
+ENV CXX=x86_64-alpine-linux-musl-g++
+
+
+FROM builder-target as builder-arm64-amd64
+ENV CONFIGURE_TARGETS="--host=aarch64-alpine-linux-musl --build=x86_64-alpine-linux-musl"
+# copy libraries from target-sysroot
+COPY --from=target-sysroot /usr/lib/ /usr/aarch64-alpine-linux-musl/lib/
+COPY --from=target-sysroot /usr/include/ /usr/aarch64-alpine-linux-musl/include/
+ENV CXX=aarch64-alpine-linux-musl-g++
+
+
+FROM builder-native-base as builder-amd64-amd64
+ENV CONFIGURE_TARGETS=
+
+FROM builder-native-base as builder-arm64-arm64
+ENV CONFIGURE_TARGETS=
+
+#hadolint ignore=DL3006
+FROM builder-${TARGETARCH}-${BUILDARCH} as builder
+
 ADD https://gitlab.com/apparmor/apparmor.git#v3.1.4 /apparmor
 WORKDIR /apparmor/libraries/libapparmor
+# hadolint ignore=SC2086
 RUN ./autogen.sh && \
-    ./configure && \
-    make
+    (./configure ${CONFIGURE_TARGETS} || cat ./config.log) && \
+    make -j"$(nproc)"
 
 WORKDIR /apparmor/parser
 RUN ../common/list_af_names.sh > base_af_names.h && \
-    make
+    make -j"$(nproc)"
 
 #Pull a selected set of artifacts into the final stage.
 FROM scratch
-COPY --from=build /out/ /
-COPY --from=build /apparmor/parser/apparmor_parser /usr/bin/
+COPY --from=builder /out/ /
+COPY --from=builder /apparmor/parser/apparmor_parser /usr/bin/
 COPY /etc/ /etc
 COPY /profiles/* /etc/apparmor.d
 COPY aa-init.sh /