diff --git a/Dockerfile b/Dockerfile
index 2e00bb65f9a..f14d2e981af 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -51,53 +51,55 @@ ARG UBUNTU_VERSION=22.04
 ARG CONTAINERIZED_SYSTEMD_VERSION=v0.1.1
 ARG GOTESTSUM_VERSION=v1.9.0
 
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.2.1 AS xx
+
+
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bullseye AS build-base-debian
+COPY --from=xx / /
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+  apt-get install -y git pkg-config dpkg-dev
+ARG TARGETARCH
 # libbtrfs: for containerd
 # libseccomp: for runc and bypass4netns
-RUN dpkg --add-architecture arm64 && \
-  dpkg --add-architecture amd64 && \
-  apt-get update && \
-  apt-get install -y crossbuild-essential-amd64 crossbuild-essential-arm64 git libbtrfs-dev:amd64 libbtrfs-dev:arm64 libseccomp-dev:amd64 libseccomp-dev:arm64
+RUN xx-apt-get update && \
+  xx-apt-get install -y binutils gcc libc6-dev libbtrfs-dev libseccomp-dev
 
 FROM build-base-debian AS build-containerd
+ARG TARGETARCH
 ARG CONTAINERD_VERSION
 RUN git clone https://github.com/containerd/containerd.git /go/src/github.com/containerd/containerd
 WORKDIR /go/src/github.com/containerd/containerd
 RUN git checkout ${CONTAINERD_VERSION} && \
-  mkdir -p /out /out/amd64 /out/arm64 && \
+  mkdir -p /out /out/$TARGETARCH && \
   cp -a containerd.service /out
 ENV CGO_ENABLED=1
 ENV GO111MODULE=off
 # TODO: how to build containerd as static binaries? https://github.com/containerd/containerd/issues/6158
-RUN GOARCH=amd64 CC=x86_64-linux-gnu-gcc make && \
-  cp -a bin/containerd bin/containerd-shim-runc-v2 bin/ctr /out/amd64
-RUN git clean -xfd
-RUN GOARCH=arm64 CC=aarch64-linux-gnu-gcc make && \
-  cp -a bin/containerd bin/containerd-shim-runc-v2 bin/ctr /out/arm64
+RUN GO=xx-go make && \
+  cp -a bin/containerd bin/containerd-shim-runc-v2 bin/ctr /out/$TARGETARCH
 
 FROM build-base-debian AS build-runc
 ARG RUNC_VERSION
+ARG TARGETARCH
 RUN git clone https://github.com/opencontainers/runc.git /go/src/github.com/opencontainers/runc
 WORKDIR /go/src/github.com/opencontainers/runc
 RUN git checkout ${RUNC_VERSION} && \
   mkdir -p /out
 ENV CGO_ENABLED=1
-RUN GOARCH=amd64 CC=x86_64-linux-gnu-gcc make static && \
-  cp -a runc /out/runc.amd64
-RUN GOARCH=arm64 CC=aarch64-linux-gnu-gcc make static && \
-  cp -a runc /out/runc.arm64
+RUN GO=xx-go make static && \
+  xx-verify --static runc && cp -v -a runc /out/runc.${TARGETARCH}
 
 FROM build-base-debian AS build-bypass4netns
 ARG BYPASS4NETNS_VERSION
+ARG TARGETARCH
 RUN git clone https://github.com/rootless-containers/bypass4netns.git /go/src/github.com/rootless-containers/bypass4netns
 WORKDIR /go/src/github.com/rootless-containers/bypass4netns
 RUN git checkout ${BYPASS4NETNS_VERSION} && \
-  mkdir -p /out/amd64 /out/arm64
+  mkdir -p /out/${TARGETARCH}
 ENV CGO_ENABLED=1
-RUN GOARCH=amd64 CC=x86_64-linux-gnu-gcc make static && \
-  cp -a bypass4netns bypass4netnsd /out/amd64
-RUN GOARCH=arm64 CC=aarch64-linux-gnu-gcc make static && \
-  cp -a bypass4netns bypass4netnsd /out/arm64
+RUN GO=xx-go make static && \
+  xx-verify --static bypass4netns && cp -a bypass4netns bypass4netnsd /out/${TARGETARCH}
 
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS build-base
 RUN apk add --no-cache make git curl