diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 6c0f7555..65336573 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -105,3 +105,91 @@ jobs:
         with:
           path: stacker
           key: ${{ inputs.build-id }}
+  build-arch:
+    runs-on: ubuntu-22.04
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    strategy:
+      matrix:
+        go-version: ${{fromJson(inputs.go-version)}}
+        privilege-level: ${{fromJson(inputs.privilege-level)}}
+        arch: ["arm64"]
+    name: "golang ${{ matrix.go-version }} privilege ${{ matrix.privilege-level }} arch ${{ matrix.arch }}"
+    steps:
+      - uses: actions/checkout@v3
+      - uses: benjlevesque/short-sha@v2.1
+        id: short-sha
+      - name: Setup Environment
+        run: |
+          gopath=$PWD/.build/gopath
+          echo "GOPATH=$gopath" >> $GITHUB_ENV
+          echo "GOCACHE=$gopath/gocache" >> $GITHUB_ENV
+          echo "PATH=$gopath/bin:$PATH" >> $GITHUB_ENV
+          echo "SLOW_TEST=${{inputs.slow-test}}" >> $GITHUB_ENV
+          if [ "${{ matrix.arch }}" == "arm64" ]; then
+            echo "QEMU_ARCH=aarch64" >> $GITHUB_ENV
+            echo "BASE_IMAGE=docker://arm64v8/alpine:edge" >> $GITHUB_ENV
+          fi
+
+          echo "PWD=$PWD"
+          cat "$GITHUB_ENV"
+      - uses: uraimo/run-on-arch-action@v2
+        name: Build for ${{ matrix.arch }}
+        id: runcmd
+        with:
+          arch: ${{ env.QEMU_ARCH }}
+          distro: ubuntu22.04
+
+          # Not required, but speeds up builds by storing container images in
+          # a GitHub package registry.
+          githubToken: ${{ github.token }}
+
+          dockerRunArgs: -v $GITHUB_WORKSPACE:/src
+
+          # Set an output parameter `uname` for use in subsequent steps
+          run: |
+            uname -a
+            echo ::set-output name=uname::$(uname -a)
+            # setup golang
+            apt-get update
+            apt-get install -yy wget curl tar software-properties-common git pkgconf build-essential
+            cd /tmp
+            wget -N https://go.dev/dl/go1.20.8.linux-${{ matrix.arch }}.tar.gz
+            rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.8.linux-${{ matrix.arch }}.tar.gz
+            export PATH=$PATH:/usr/local/go/bin
+            # install dependencies
+            export GOPATH=/src
+            add-apt-repository -y ppa:project-machine/squashfuse
+            apt-get update
+            apt-get install -yy lxc-utils lxc-dev libacl1-dev jq libcap-dev libseccomp-dev libpam-dev bats parallel libzstd-dev sudo
+            GO111MODULE=off go get github.com/opencontainers/umoci/cmd/umoci
+            curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+            apt-get install -yy autoconf automake make autogen autoconf libtool binutils git squashfs-tools libcryptsetup-dev libdevmapper-dev cryptsetup-bin squashfuse
+            echo WHOAMI=$(whoami)
+
+            # add a non-root user "stacker"
+            adduser --disabled-login --no-create-home --gecos "stacker" stacker
+
+            mkdir /src-copy
+            cp -R /src/* /src-copy/
+            chown -R stacker:stacker /src-copy
+
+            # execute this as "stacker" user
+            sudo -i -u stacker bash << EOF
+            echo WHOAMI=$(whoami)
+            export PATH=$PATH:/usr/local/go/bin
+            cd /src-copy
+            make go-download
+            make show-info
+            make stacker-dynamic VERSION_FULL=${{ inputs.build-id }}
+            export QEMU_STRACE=1
+            make stacker STACKER_REAL_UID=0 VERSION_FULL=${{ inputs.build-id }} STACKER_BUILD_BASE_IMAGE=${{ env.BASE_IMAGE }}
+            EOF
+      - name: Get the output
+        # Echo the `uname` output parameter from the `runcmd` step
+        run: |
+          echo "The uname output was ${{ steps.runcmd.outputs.uname }}"
+
diff --git a/Makefile b/Makefile
index b4149ba7..d59b334f 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,7 @@ BUILD_TAGS = exclude_graphdriver_btrfs exclude_graphdriver_devicemapper containe
 
 STACKER_OPTS=--oci-dir=$(BUILD_D)/oci --roots-dir=$(BUILD_D)/roots --stacker-dir=$(BUILD_D)/stacker --storage-type=overlay
 
-build_stacker = go build -tags "$(BUILD_TAGS) $1" -ldflags "-X main.version=$(VERSION_FULL) -X main.lxc_version=$(LXC_VERSION) $2" -o $3 ./cmd/stacker
+build_stacker = go build -buildvcs=false -tags "$(BUILD_TAGS) $1" -ldflags "-X main.version=$(VERSION_FULL) -X main.lxc_version=$(LXC_VERSION) $2" -o $3 ./cmd/stacker
 
 # See doc/hacking.md for how to use a local oci or docker repository.
 STACKER_DOCKER_BASE?=docker://
diff --git a/cmd/stacker/lxc-wrapper/lxc-wrapper.c b/cmd/stacker/lxc-wrapper/lxc-wrapper.c
index 7ed3a475..f5c39585 100644
--- a/cmd/stacker/lxc-wrapper/lxc-wrapper.c
+++ b/cmd/stacker/lxc-wrapper/lxc-wrapper.c
@@ -136,7 +136,7 @@ static int do_nsexec(char* mode, int argc, char *argv[], int *status)
 	pid_t pid;
 	int ret, cur, group_start = -1, command_start = -1;
 	char c = 'x', thepid[20];
-	static char child_stack[STACK_SIZE];
+	static char child_stack[STACK_SIZE] __attribute__ ((aligned (16)));
 	struct child_args args;
 
 	// userns - should a userns be used?