fix: Docker build on macOS

docker/builder/Dockerfile

@@ -18,18 +18,23 @@ RUN apt-get update && apt-get install -y \
     ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
-# Install Go 1.24.7
-RUN wget -c https://golang.org/dl/go1.24.7.linux-amd64.tar.gz -O - | tar -xz -C /usr/local
+# Install Go 1.24.7 (auto-detect architecture)
+ARG TARGETARCH
+RUN GOARCH=${TARGETARCH:-amd64} && \
+    wget -c https://golang.org/dl/go1.24.7.linux-${GOARCH}.tar.gz -O - | tar -xz -C /usr/local
 ENV PATH=$PATH:/usr/local/go/bin
 
 # Create foc-user and foc-group with matching host UID/GID when it is run. The 1002 below is just a placeholder which will be replaced during build process. See `docker.rs`
 ARG USER_ID=1002
 ARG GROUP_ID=1002
 RUN userdel ubuntu || true
-RUN groupadd -g ${GROUP_ID} foc-group && \
-    useradd -l -u ${USER_ID} -g foc-group -m -s /bin/bash foc-user && \
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1 || echo "") && \
+    if [ -z "$GROUP_NAME" ]; then \
+        groupadd -g ${GROUP_ID} foc-group && GROUP_NAME=foc-group; \
+    fi && \
+    useradd -l -u ${USER_ID} -g $GROUP_NAME -m -s /bin/bash foc-user && \
     mkdir -p /home/foc-user/go/pkg && \
-    chown -R foc-user:foc-group /home/foc-user
+    chown -R foc-user:$GROUP_NAME /home/foc-user
 
 # Install Rust as foc-user
 USER foc-user
@@ -51,7 +56,7 @@ RUN curl -fsSL https://deb.nodesource.com/setup_24.x | bash - && \
 WORKDIR /workspace
 
 # Define volumes for external access
-VOLUME ["/home/foc-user/.cargo", "/home/foc-user/.rustup", "/home/foc-user/go", "/var/tmp/filecoin-proof-parameters"]
+VOLUME ["/var/tmp/filecoin-proof-parameters"]
 
 # Default command
 CMD ["/bin/bash"]

docker/builder/volumes_map.toml

@@ -1,9 +1,22 @@
 # Volume mappings for builder Docker image
 # Format: host_subdirectory = "container_path"
-# Host paths will be relative to ~/.foc-devnet/artifacts/docker/volumes/builder/
+# Host paths will be relative to ~/.foc-devnet/docker/volumes/cache/foc-c-builder/
+#
+# Strategy: Mount only dependency cache directories, not tool directories
+# This allows caching of downloaded dependencies while keeping tools functional.
 
 [volumes]
-cargo = "/home/foc-user/.cargo"
-rustup = "/home/foc-user/.rustup"
-go = "/home/foc-user/go"
-foundry = "/home/foc-user/.foundry"
+# Cargo dependency caches (NOT the cargo binary itself)
+cargo-registry = "/home/foc-user/.cargo/registry"  # crates.io downloads
+cargo-git = "/home/foc-user/.cargo/git"            # git dependencies
+
+# Go module cache (NOT the go toolchain)
+go-pkg = "/home/foc-user/go/pkg"                   # go modules cache
+
+# Note: We do NOT mount:
+# - /home/foc-user/.cargo/bin (contains cargo/rustc binaries)
+# - /home/foc-user/.rustup/toolchains (contains rust toolchain)
+# - /home/foc-user/.rustup/downloads (rustup deletes files after use)
+# - /home/foc-user/.foundry (contains forge/cast binaries)
+# - /usr/local/go (Go toolchain itself)
+

docker/curio/Dockerfile

@@ -20,16 +20,20 @@ RUN apt-get update && apt-get install -y \
 ARG USER_ID=1002
 ARG GROUP_ID=1002
 RUN userdel ubuntu || true
-RUN groupadd -g ${GROUP_ID} foc-group && \
-    useradd -l -u ${USER_ID} -g foc-group -m -s /bin/bash foc-user
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1 || echo "") && \
+    if [ -z "$GROUP_NAME" ]; then \
+        groupadd -g ${GROUP_ID} foc-group && GROUP_NAME=foc-group; \
+    fi && \
+    useradd -l -u ${USER_ID} -g $GROUP_NAME -m -s /bin/bash foc-user
 
 # Create necessary directories with proper ownership
-RUN mkdir -p /var/tmp/filecoin-proof-parameters \
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1) && \
+    mkdir -p /var/tmp/filecoin-proof-parameters \
     && mkdir -p /home/foc-user/.curio \
     && mkdir -p /home/foc-user/curio/fast-storage \
     && mkdir -p /home/foc-user/curio/long-term-storage \
-    && chown -R foc-user:foc-group /var/tmp/filecoin-proof-parameters \
-    && chown -R foc-user:foc-group /home/foc-user
+    && chown -R foc-user:$GROUP_NAME /var/tmp/filecoin-proof-parameters \
+    && chown -R foc-user:$GROUP_NAME /home/foc-user
 
 # Switch to foc-user
 USER foc-user

docker/lotus-miner/Dockerfile

@@ -19,16 +19,20 @@ RUN apt-get update && apt-get install -y \
 ARG USER_ID=1002
 ARG GROUP_ID=1002
 RUN userdel ubuntu || true
-RUN groupadd -g ${GROUP_ID} foc-group && \
-    useradd -l -u ${USER_ID} -g foc-group -m -s /bin/bash foc-user
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1 || echo "") && \
+    if [ -z "$GROUP_NAME" ]; then \
+        groupadd -g ${GROUP_ID} foc-group && GROUP_NAME=foc-group; \
+    fi && \
+    useradd -l -u ${USER_ID} -g $GROUP_NAME -m -s /bin/bash foc-user
 
 # Create necessary directories with proper ownership
-RUN mkdir -p /var/tmp/filecoin-proof-parameters \
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1) && \
+    mkdir -p /var/tmp/filecoin-proof-parameters \
     && mkdir -p /home/foc-user/.lotus-miner-local-net \
     && mkdir -p /home/foc-user/.lotus-local-net \
     && mkdir -p /home/foc-user/.genesis-sectors \
-    && chown -R foc-user:foc-group /var/tmp/filecoin-proof-parameters \
-    && chown -R foc-user:foc-group /home/foc-user
+    && chown -R foc-user:$GROUP_NAME /var/tmp/filecoin-proof-parameters \
+    && chown -R foc-user:$GROUP_NAME /home/foc-user
 
 # Switch to foc-user
 USER foc-user

docker/lotus/Dockerfile

@@ -21,15 +21,19 @@ RUN apt-get update && apt-get install -y \
 ARG USER_ID=1002
 ARG GROUP_ID=1002
 RUN userdel ubuntu || true
-RUN groupadd -g ${GROUP_ID} foc-group && \
-    useradd -l -u ${USER_ID} -g foc-group -m -s /bin/bash foc-user
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1 || echo "") && \
+    if [ -z "$GROUP_NAME" ]; then \
+        groupadd -g ${GROUP_ID} foc-group && GROUP_NAME=foc-group; \
+    fi && \
+    useradd -l -u ${USER_ID} -g $GROUP_NAME -m -s /bin/bash foc-user
 
 # Create necessary directories with proper ownership
-RUN mkdir -p /var/tmp/filecoin-proof-parameters \
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1) && \
+    mkdir -p /var/tmp/filecoin-proof-parameters \
     && mkdir -p /home/foc-user/.lotus-local-net \
     && mkdir -p /home/foc-user/.genesis \
-    && chown -R foc-user:foc-group /var/tmp/filecoin-proof-parameters \
-    && chown -R foc-user:foc-group /home/foc-user
+    && chown -R foc-user:$GROUP_NAME /var/tmp/filecoin-proof-parameters \
+    && chown -R foc-user:$GROUP_NAME /home/foc-user
 
 # Switch to foc-user
 USER foc-user

docker/yugabyte/Dockerfile

@@ -18,8 +18,11 @@ ENV LC_ALL=en_US.UTF-8
 ARG USER_ID=1002
 ARG GROUP_ID=1002
 RUN userdel ubuntu || true
-RUN groupadd -g ${GROUP_ID} foc-group && \
-    useradd -l -u ${USER_ID} -g foc-group -m -s /bin/bash foc-user
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1 || echo "") && \
+    if [ -z "$GROUP_NAME" ]; then \
+        groupadd -g ${GROUP_ID} foc-group && GROUP_NAME=foc-group; \
+    fi && \
+    useradd -l -u ${USER_ID} -g $GROUP_NAME -m -s /bin/bash foc-user
 
 # Set working directory
 WORKDIR /yugabyte
@@ -30,9 +33,10 @@ ARG YUGABYTE_SOURCE=yugabyte
 COPY ${YUGABYTE_SOURCE} /yugabyte
 
 # Run post-install script and set ownership
-RUN /yugabyte/bin/post_install.sh && \
+RUN GROUP_NAME=$(getent group ${GROUP_ID} | cut -d: -f1) && \
+    /yugabyte/bin/post_install.sh && \
     mkdir -p /yugabyte/data && \
-    chown -R foc-user:foc-group /yugabyte
+    chown -R foc-user:$GROUP_NAME /yugabyte
 
 # Switch to foc-user
 USER foc-user

scripts/cache-artifacts.sh

@@ -27,11 +27,21 @@ echo "✅ Created artifacts directory: $FOC_ARTIFACTS"
 # Cache Yugabyte tarball
 echo
 echo "📦 Caching Yugabyte tarball..."
-if [ -f "$STASH_DIR/yugabyte/yugabyte-2.25.1.0-b381-linux-x86_64.tar.gz" ]; then
-    cp "$STASH_DIR/yugabyte/yugabyte-2.25.1.0-b381-linux-x86_64.tar.gz" "$FOC_ARTIFACTS/"
-    echo "✅ Yugabyte cached (~422 MB)"
+
+# Detect architecture for YugabyteDB
+ARCH=$(uname -m)
+if [ "$ARCH" = "aarch64" ] || [ "$ARCH" = "arm64" ]; then
+    YUGABYTE_ARCH_SUFFIX="el8-aarch64"
+else
+    YUGABYTE_ARCH_SUFFIX="linux-x86_64"
+fi
+YUGABYTE_TARBALL="yugabyte-2.25.1.0-b381-${YUGABYTE_ARCH_SUFFIX}.tar.gz"
+
+if [ -f "$STASH_DIR/yugabyte/$YUGABYTE_TARBALL" ]; then
+    cp "$STASH_DIR/yugabyte/$YUGABYTE_TARBALL" "$FOC_ARTIFACTS/"
+    echo "✅ Yugabyte cached ($YUGABYTE_ARCH_SUFFIX, ~422 MB)"
 else
-    echo "⚠️  Warning: Yugabyte tarball not found in $STASH_DIR/yugabyte/"
+    echo "⚠️  Warning: Yugabyte tarball not found: $STASH_DIR/yugabyte/$YUGABYTE_TARBALL"
     echo "   This will be downloaded during init (~422 MB)"
 fi
 

src/commands/build/docker.rs

@@ -84,8 +84,7 @@ pub fn setup_docker_run_args(
 
     let mut docker_run_args = vec![
         "run".to_string(),
-        "-u".to_string(),
-        "foc-user".to_string(),
+        "--rm".to_string(),
         "--name".to_string(),
         container_name,
         "-e".to_string(),

src/commands/start/curio/verification.rs

@@ -7,7 +7,6 @@
 
 use super::super::step::SetupContext;
 use super::constants::TEST_FILE_SIZE_BYTES;
-use crate::paths::foc_devnet_bin;
 use rand::Rng;
 use std::error::Error;
 use std::fs;
@@ -101,38 +100,54 @@ fn create_random_test_file(temp_dir: &TempDir) -> Result<PathBuf, Box<dyn Error>
 }
 
 /// Upload test file using pdptool.
+///
+/// Runs pdptool inside foc-builder container (which uses --network host)
+/// to test via external port, simulating real external client access.
 fn upload_test_file(
     context: &SetupContext,
     file_path: &Path,
     sp_index: usize,
 ) -> Result<String, Box<dyn Error>> {
-    // Get dynamically allocated PDP port from context
+    // Get dynamically allocated PDP port from context (external port)
     let port: u16 = context
         .get(&format!("curio_sp_{}_pdp_port", sp_index))
         .ok_or("Curio PDP port not found in context")?
         .parse()?;
 
+    // Use external port via host network for stricter testing
     let service_url = format!("http://localhost:{}", port);
 
-    let file_path_str = file_path
-        .to_str()
-        .ok_or("Invalid file path: contains non-UTF8 characters")?;
+    // Mount the test file directory into foc-builder and use it
+    let file_dir = file_path.parent().ok_or("Invalid file path")?;
+    let file_name = file_path.file_name().ok_or("Invalid file name")?;
+    let container_file_path = format!("/tmp/test-data/{}", file_name.to_string_lossy());
+
+    // Mount bin directory where pdptool is located
+    let bin_dir = crate::paths::foc_devnet_bin();
 
     let args = [
+        "run",
+        "--rm",
+        "--network",
+        "host",
+        "-v",
+        &format!("{}:/tmp/test-data", file_dir.display()),
+        "-v",
+        &format!("{}:/usr/local/bin/lotus-bins", bin_dir.display()),
+        crate::constants::BUILDER_DOCKER_IMAGE,
+        "/usr/local/bin/lotus-bins/pdptool",
         "upload-piece",
         "--service-url",
         &service_url,
         "--service-name",
         "public",
         "--hash-type",
         "commp",
-        file_path_str,
+        &container_file_path,
         "--verbose",
     ];
 
-    let output = Command::new(foc_devnet_bin().join("pdptool"))
-        .args(args)
-        .output()?;
+    let output = Command::new("docker").args(args).output()?;
 
     if !output.status.success() {
         return Err(format!(
@@ -142,7 +157,10 @@ fn upload_test_file(
         .into());
     }
 
-    info!("File uploaded via pdptool");
+    info!(
+        "File uploaded via pdptool (foc-builder, external port {})",
+        port
+    );
 
     // Extract piece CID from output
     let stdout = String::from_utf8_lossy(&output.stdout);

src/config.rs

@@ -173,7 +173,9 @@ pub struct Config {
     /// URL to download Yugabyte database tarball.
     ///
     /// This is the direct link to the Yugabyte tarball required for running curio.
-    /// Default: https://software.yugabyte.com/releases/2.25.1.0/yugabyte-2.25.1.0-b381-linux-x86_64.tar.gz
+    /// The default URL is automatically selected based on system architecture:
+    /// - ARM64 (aarch64): yugabyte-2.25.1.0-b381-el8-aarch64.tar.gz
+    /// - x86_64: yugabyte-2.25.1.0-b381-linux-x86_64.tar.gz
     pub yugabyte_download_url: String,
 
     /// Number of approved PDP service providers.
@@ -227,14 +229,35 @@ impl Default for Config {
                 url: "https://github.com/FilOzone/synapse-sdk.git".to_string(),
                 commit: "773551bf1e9cf4cdc49aeb63a47a81f8dc5cb9e1".to_string(),
             },
-            yugabyte_download_url: "https://software.yugabyte.com/releases/2.25.1.0/yugabyte-2.25.1.0-b381-linux-x86_64.tar.gz".to_string(),
+            yugabyte_download_url: Self::get_default_yugabyte_url(),
             approved_pdp_sp_count: 1,
             active_pdp_sp_count: 1,
         }
     }
 }
 
 impl Config {
+    /// Get the default YugabyteDB download URL based on system architecture.
+    ///
+    /// Returns the appropriate YugabyteDB tarball URL for the current platform:
+    /// - el8-aarch64 for ARM64 systems (Apple Silicon, AWS Graviton, etc.)
+    /// - linux-x86_64 for x86_64 systems
+    fn get_default_yugabyte_url() -> String {
+        const YUGABYTE_VERSION: &str = "2.25.1.0";
+        const YUGABYTE_BUILD: &str = "b381";
+
+        let arch_suffix = if std::env::consts::ARCH == "aarch64" {
+            "el8-aarch64"
+        } else {
+            "linux-x86_64"
+        };
+
+        format!(
+            "https://software.yugabyte.com/releases/{}/yugabyte-{}-{}-{}.tar.gz",
+            YUGABYTE_VERSION, YUGABYTE_VERSION, YUGABYTE_BUILD, arch_suffix
+        )
+    }
+
     /// Validate configuration values.
     ///
     /// Ensures that: