feat(native-armhf-on-arm64): opt-in extension + host_binfmt_ready core hook

[iav]

Opt-in extension that disables qemu-arm in binfmt_misc for the duration
of an armhf build on an aarch64 host. The kernel's binfmt_elf path then
runs 32-bit ARM ELF binaries natively via CONFIG_COMPAT, removing the
~10× qemu-user-static overhead from mmdebstrap, chroot apt-get, dpkg
--configure, and customize_image stages.

Activate with ENABLE_EXTENSIONS=native-armhf-on-arm64.

Core change

lib/functions/host/prepare-host.sh: add a new extension hook `host_binfmt_ready`, fired from `prepare_host_noninteractive` immediately after `prepare_host_binfmt_qemu`. At this point the binfmt_misc registrations for the target architecture are in place, which is the right window for any extension that wants to mutate them. 8 lines, no behavioral change for builds that don't use the hook.

Extension

`extensions/native-armhf-on-arm64.sh`:

• Gate: ARCH=armhf and host arch aarch64 — silent no-op otherwise.
• Verify qemu-arm is registered and enabled (it always is after `prepare_host_binfmt_qemu` on aarch64+armhf — otherwise abort with a clear message).
• Disable qemu-arm via `/proc/sys/fs/binfmt_misc/qemu-arm`.
• Probe-with-rollback: exec `/usr/arm-linux-gnueabihf/lib/ld-linux-armhf.so.3 --help` to verify the kernel can still run armhf natively via CONFIG_COMPAT. If it can't, re-enable qemu-arm and abort. Direct ld-linux exec instead of `arch-test armhf` — the latter is unreliable on some aarch64 hosts (e.g. Hetzner Ampere CAX, Ubuntu Noble 6.8) where it returns failure even when CONFIG_COMPAT is fully functional.
• `add_cleanup_handler` on success: re-enable qemu-arm on build exit (best-effort; SIGKILL leaves it disabled — manual restore documented in header).

Restrictions (header)

• NO CONCURRENT ARMBIAN BUILDS on the same host while this extension is active. Disable mutates global kernel state. The operator owns the host while this extension runs — no flock dance, no concurrency claims.

Empirical validation (Hetzner CAX21 / Ampere Altra, Ubuntu Noble 6.8.0-90)

Scenario	Result	Runtime
`PREFER_DOCKER=no` helios4 trixie minimal	✓ qemu-arm disabled → mmdebstrap via binfmt_elf → image built → qemu-arm restored	0:57
`PREFER_DOCKER=yes` helios4 trixie minimal	✓ same flow, cleanup fired inside container	1:07
SIGINT mid-build	✓ cleanup handler restored qemu-arm correctly	—

Both runs produced a working 1.28 GiB image. Kernel ORAS cache hit; mmdebstrap is the relevant work item exercising binfmt_elf.

Assisted-by: Claude:claude-opus-4.7

[iav]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1df2434bd0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".