From 501a7be689a0ad6fdebd71abfef7ca5faf23f680 Mon Sep 17 00:00:00 2001
From: Daniel Pupius <dan@pupi.us>
Date: Mon, 16 Mar 2026 03:34:28 +0000
Subject: [PATCH] Use setarch --addr-no-randomize to fix esbuild crash in
 Docker

esbuild's Go binary crashes with lfstack.push on kernels with 5-level
paging or high-entropy ASLR (memory mapped above 47-bit addresses).
Disabling ASLR via the personality syscall for the build process keeps
allocations at low addresses without requiring host changes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 Dockerfile | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 3e26704..0cf8787 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,12 +31,15 @@ ENV VITE_API_BASE_URL=${MESHSTREAM_API_BASE_URL} \
     VITE_SITE_TITLE=${MESHSTREAM_SITE_TITLE} \
     VITE_SITE_DESCRIPTION=${MESHSTREAM_SITE_DESCRIPTION}
 
-# Prevent esbuild's Go runtime from crashing on kernels with high-entropy ASLR
-# or 5-level paging, which places memory at addresses above 47 bits.
-ENV MALLOC_ARENA_MAX=2
+# esbuild's bundled Go binary crashes on kernels with 5-level paging or
+# high-entropy ASLR because Go's lfstack can't handle addresses above 47 bits.
+# setarch --addr-no-randomize disables ASLR for the process via the personality
+# syscall, keeping allocations at low addresses. util-linux provides setarch.
+RUN apt-get update && apt-get install -y --no-install-recommends util-linux \
+    && rm -rf /var/lib/apt/lists/*
 
 # Build the web app
-RUN pnpm build
+RUN setarch "$(uname -m)" --addr-no-randomize pnpm build
 
 ###############################################################################
 # Stage 2: Build the Go server