Open Source · Apache 2.0

Native arm64 scientific
containers, verified to work.

The conda-forge geo stack — GDAL, PROJ, GEOS, rasterio, shapely, scikit-image — won't pip install on arm64 (No matching distribution found for rasterio). It solves clean on conda-forge. aarch.science builds it native for Apple Silicon and AWS Graviton — and proves each image imports and runs, not just solves.

Use it → GitHub
5
verified env images — geospatial, earth-observation, geo-ml, climate, pointcloud
~2.5×
better price/core on Graviton c7g vs Intel c7i
solve ≠ run
every image must import & pass a functional smoke test

The sister project to aarch.bio — same machinery, the conda-forge science layer instead of bioconda.

A delivery gap, one layer over

aarch.science stands on conda-forge — an enormous, mostly-volunteer good. The arm64 packages are already there. The way most people reach for them isn't.

The machines doing science are increasingly arm64 — every Apple Silicon Mac, every AWS Graviton instance, measured ~2.5× cheaper per core for CPU-bound geospatial work.

But the native-library scientific stack — GDAL, PROJ, GEOS and the Python packages on top of them (rasterio, fiona, shapely, pyproj) — has incomplete, Python-version-fragile arm64 wheel coverage on PyPI. Reach for it with pip on a Graviton box and you get No matching distribution found for rasterio. The build falls back to expensive Intel, leaving the price/perf win on the table.

The packages do exist on arm64 — conda-forge ships linux-aarch64 builds, and the whole geo stack solves cleanly there (123 packages, all native). The gap isn't porting; it's that there's no curated, verified set of containers built from those packages. That's what aarch.science fills.

The subtle part — and why "verified" is the whole point: an environment can solve and still fail to assemble on arm64 — a missing native lib, an ABI mismatch, a broken wheel. pip "solved" too, then import rasterio would have failed. So every aarch.science image is tested inside the built arm64 container: it must import every headline package and do real work — reproject a point through PROJ, run GEOS geometry ops, write a GeoTIFF and read it back through both rasterio and raw GDAL. Only then does it earn the tag.

How it works

A curated conda-forge environment, built native per architecture, then proven to run before it's published.

native build

No emulation, ever

Native-library envs build on a native arm64 runner — no QEMU. We never emulate to publish images whose whole purpose is running native on Graviton and Apple Silicon.

curated envs

Whole stacks, not loose packages

conda-forge ships packages, not containers. We curate version-pinned environments by workflow — geospatial first — committed as the source of truth and versioned by content hash.

verified

Solve ≠ run

The build refuses to tag unless the env imports every headline package and passes a functional smoke test inside the arm64 image. The smoke test is baked in, so you can re-run it on what you pull.

provenance

Signed, traceable

Every image is cosign keyless-signed in CI and logged to the Sigstore transparency log. Anyone can verify it was built by our public workflow, from a specific commit — no need to trust us.

Use it

Pull the verified geospatial image and run native. The same image works on an Apple Silicon laptop and a Graviton server.

# pull a verified stack — native arm64, no account docker pull quay.io/aarchsci/geospatial:latest docker pull quay.io/aarchsci/earth-observation:latest docker pull quay.io/aarchsci/geo-ml:latest docker pull quay.io/aarchsci/climate:latest docker pull quay.io/aarchsci/pointcloud:latest
# re-run the verification yourself — it ships inside the image docker run --rm quay.io/aarchsci/geospatial:latest python /opt/aarchsci/smoke.py

geospatial
123 packages — native arm64, verified, signed, public

The fieldwork CPU-prep stack. Headline packages:

gdal proj geos rasterio fiona shapely pyproj scikit-image numpy scipy … +113 deps, all native arm64

earth-observation
236 packages — native arm64, verified, signed, public

The geospatial base plus the labeled-array / lazy / STAC layer:

+ xarray dask rioxarray stackstac pystac-client odc-stac netcdf4 zarr … on the full geospatial stack

geo-ml
378 packages — CPU machine learning on geospatial / tabular data

+ scikit-learn xgboost lightgbm geopandas pysal statsmodels datashader

climate
247 packages — atmospheric / climate analysis (GRIB + regridding)

xarray dask cartopy cfgrib / eccodes metpy xesmf / esmpy netcdf4 · zarr

pointcloud
287 packages — LiDAR / DEM / terrain processing

+ pdal python-pdal laspy richdem on the full geospatial stack

Browse the registry →  ·  Want another env (earth-observation, geo-ml, climate)? Request it.

🔄 Kept current automatically. A daily reconciler re-solves each env spec and rebuilds when the resolved package set changes — so latest stays current with conda-forge.

Verify, don't trust

Two independent things you can check yourself: that it works, and where it came from.

# 1. it actually runs — the functional smoke test ships in the image docker run --rm quay.io/aarchsci/geospatial:latest python /opt/aarchsci/smoke.py # 2. it was built by aarch.science's CI, from source, logged publicly cosign verify quay.io/aarchsci/geospatial:latest \ --certificate-identity-regexp 'github.com/playgroundlogic/aarchsci' \ --certificate-oidc-issuer https://token.actions.githubusercontent.com

Images are built by a public GitHub Actions workflow, keyless-signed with Sigstore, and recorded in the Rekor transparency log. The signature attests which workflow, which repo, which commit produced the image. And because the smoke test is baked in, you can confirm the env imports and runs on your own hardware. Trust the process, not the publisher.