Add macOS arm64 sysroot/lbcxx#4656
Open
mathetake wants to merge 20 commits into
Open
Conversation
✅ Deploy Preview for nifty-bassi-e26446 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Add repository rules and build scripts for cross-compiling to macOS arm64 from Linux x86_64: - sysroot.bzl: add `macos_sysroot` rule and `setup_macos_sysroot()` for macOS SDK sysroot (headers, frameworks, .tbd stubs) - libcxx_libs.bzl: add `libcxx_libs_darwin` rule and `setup_libcxx_libs_darwin()` for darwin libc++ (dylibs + __config_site) - versions.bzl: add placeholder hashes for macOS sysroot and darwin libcxx - build_macos_sysroot.sh: script to package macOS SDK from Xcode - build_libcxx_darwin.sh: script to build darwin libc++ from LLVM source The macOS SDK sysroot provides system headers and .tbd library stubs. The darwin libcxx provides libc++ dylibs and the __config_site header needed by the LLVM toolchain for cross-compilation. When hashes are empty (tarballs not yet built/uploaded), the rules generate fallback content: the sysroot creates an empty directory, and libcxx_libs generates __config_site from the Linux LLVM version. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Add a `build-macos-sysroot` job to the Bazel CI workflow that runs on `macos-14` and produces two artifacts: 1. `sysroot-macos-arm64.tar.xz` — macOS SDK sysroot extracted from the Xcode installation on the CI runner (headers, frameworks, .tbd stubs) 2. `libcxx-llvm18.1.8-darwin-aarch64.tar.xz` — libc++ built from LLVM source for darwin arm64 (dylibs + __config_site) These artifacts are needed for cross-compiling Envoy (and other C++ projects) from Linux x86_64 to macOS arm64. The Linux sysroots are built by debootstrap on Linux runners; the macOS sysroot requires a macOS runner with Xcode to extract Apple's SDK. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
- Fix shellcheck SC2295: quote expansions inside ${..} in sysroot scripts
- Fix shellcheck SC2034: remove unused ARCH variable in libcxx script
- Fix cmake error: add libunwind to LLVM_ENABLE_RUNTIMES and set
LIBCXXABI_USE_LLVM_UNWINDER=ON (required by libcxxabi)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
mathetake
force-pushed
the
tyoneda/darwin-cross-compilation
branch
from
043c3fe to
fa34f54
Compare
Some frameworks (e.g., SystemConfiguration) have headers under Versions/A/Headers/ instead of just Headers/. Copy the full framework structure including versioned directories so clang can find all headers. Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
macOS `cp -a` requires the parent directory to exist. Create it with mkdir -p before copying Headers/Modules directories. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Ruby.framework contains self-referencing symlinks (ruby -> .) that cause infinite recursion during Bazel's glob expansion. Remove these circular symlinks before packaging. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Selectively copying Headers/Modules/tbd from frameworks breaks clang's framework header lookup, which depends on symlinks like: Headers -> Versions/Current/Headers Versions/Current -> A SDK frameworks contain only headers, modules, and .tbd stubs (no large binaries), so copying the entire directory is safe and correct. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Without this, binaries linked against the cross-compiled libc++ fail at runtime with "no LC_RPATH's found" because the dylib install name is @rpath/libc++.1.dylib. macOS ships libc++ at /usr/lib/libc++.1.dylib, so patching the install names makes binaries use the system library. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Member
Author
|
sorry will switch to a different way - |
Replace the macos-14 runner approach with a fully Linux-based build: Sysroot: Download Apple's CLTools SDK package from their public CDN (swcdn.apple.com, no auth required) and extract on Linux using cerisier/pkgutil. A manifest file selects only the needed files (headers, .tbd stubs, 6 frameworks). Result: ~6MB vs 205MB. Libcxx: Extract __config_site and libc++ dylibs directly from the official LLVM macOS-ARM64 release tarball — no cmake build needed. Patch install names from @rpath/ to /usr/lib/ so binaries use the system libc++ at runtime. Benefits: - No macOS runner needed (cheaper, faster) - Deterministic (pinned URLs + SHA256 checksums) - Minimal sysroot (only files needed for cross-compilation) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Apple's CDN may reject requests without a browser user-agent. Also fix stale comment referencing macos-14 runner. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
LLVM 18.x uses "clang+llvm-VER-arm64-apple-macosNN" naming convention, not "LLVM-VER-macOS-ARM64" (which is the newer format from LLVM 20+). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
The macOS LLVM tarball's llvm-install-name-tool is a Mach-O binary that can't run on Linux. Use the Linux distro's llvm-install-name-tool instead — it can edit Mach-O files cross-platform. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
The system llvm package doesn't include llvm-install-name-tool. Extract it from the Linux LLVM 18.1.8 release instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
llvm-install-name-tool is a symlink to llvm-objcopy that changes behavior based on argv[0]. Extract llvm-objcopy and create the symlink. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
The pre-built LLVM 18 binaries need libtinfo.so.5 which isn't on Ubuntu 24.04. Use the system llvm-18 package instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
phlax
reviewed
Jun 16, 2026
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
phlax
reviewed
Jun 16, 2026
These cmake/Xcode-based scripts are superseded by the CI job that extracts pre-built artifacts from Apple's CDN and LLVM releases. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
mathetake
force-pushed
the
tyoneda/darwin-cross-compilation
branch
from
6eabf64 to
406c810
Compare
Member
|
ci/docker error is unrelated annoyance |
phlax
reviewed
Jun 16, 2026
| # Darwin libc++ cross-compilation libraries (built from LLVM source for macOS arm64) | ||
| # Contains include/__config_site and lib/libc++.dylib, lib/libc++abi.dylib | ||
| "libcxx_libs_darwin_sha256": { | ||
| "aarch64": "", # TODO: populate after building and uploading tarball |
Member
There was a problem hiding this comment.
we might need to hook this into the ci bazel/prepare step
mathetake
changed the title
Hook the macOS cross-compilation artifact hashes into the bazel release prepare step in _release.yml. When a bins release is created, the jq filter now also updates macos_sysroot_sha256 and libcxx_libs_darwin_sha256 in versions.bzl from the release asset checksums. Handles both initial population (empty string → hash) and updates (old hash → new hash). Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Member
Author
|
docker 🤷 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.