Skip to content

Fix SIGILL crash on CPUs without AVX2 support#71

Merged
sgasser merged 1 commit intomainfrom
fix/bun-baseline-avx2-issue-70
Feb 20, 2026
Merged

Fix SIGILL crash on CPUs without AVX2 support#71
sgasser merged 1 commit intomainfrom
fix/bun-baseline-avx2-issue-70

Conversation

@sgasser
Copy link
Owner

@sgasser sgasser commented Feb 20, 2026

Summary

Fixes #70 - PasteGuard crashes with SIGILL on x86_64 CPUs without AVX2 support (e.g., Intel Atom C3558R).

Root cause: The Bun install script detected AVX2 on the GitHub Actions build host and installed the optimized binary. When run on CPUs without AVX2, it crashed immediately.

Fix: Copy the Bun binary directly from the official oven/bun:1-slim builder stage. The official images use baseline builds for x64, which only require SSE4.2.

Also fixes compatibility with the updated presidio-analyzer base image which now runs as non-root user.

Changes

  • docker/Dockerfile:

    • Copy Bun from builder stage instead of using install script
    • Add USER root for apt-get commands
    • Fix Presidio config paths (/app/presidio_analyzer/conf/)
    • Move PasteGuard to /pasteguard to avoid directory conflict with Presidio

  • docker/supervisord.conf:

    • Update Presidio directory to /app
    • Update PasteGuard directory to /pasteguard
    • Update Bun path to /usr/local/bin/bun

Tested

  • Docker image builds successfully
  • Both Presidio and PasteGuard services start correctly
  • Health endpoint returns 200

@sgasser sgasser mentioned this pull request Feb 20, 2026
Closed
@sgasser sgasser force-pushed the fix/bun-baseline-avx2-issue-70 branch from ff8d384 to c00806d Compare February 20, 2026 13:11
@sgasser
Fix SIGILL crash on CPUs without AVX2 support (#70)
21e5178 
Copy Bun binary from official oven/bun:1-slim image instead of using
the install script. The official images use baseline builds for x64,
which only require SSE4.2 and work on older/low-power CPUs like the
Intel Atom C3558R that lack AVX2 instructions.

Also fixes compatibility with updated presidio-analyzer base image:
- Use USER root for build, then switch to non-root (UID 1001) for runtime
- Fix Presidio config paths (/app/presidio_analyzer/conf/)
- Move PasteGuard to /pasteguard to avoid overwriting Presidio's /app
- Update supervisord to run without root privileges
- Update volume mount paths in docker-compose.yml and docs
@sgasser sgasser force-pushed the fix/bun-baseline-avx2-issue-70 branch from c00806d to 21e5178 Compare February 20, 2026 13:27
@sgasser sgasser marked this pull request as ready for review February 20, 2026 20:52
@sgasser sgasser merged commit cfe18e0 into main Feb 20, 2026
3 checks passed
@sgasser sgasser deleted the fix/bun-baseline-avx2-issue-70 branch February 20, 2026 20:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

pasteguard entered FATAL state, too many start retries too quickly

1 participant

@sgasser