diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index af68354..7715ca8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -26,6 +26,8 @@ jobs:
     - name: Add keys group (needed for go tests)
       run: sudo groupadd keys
       if: matrix.os == 'ubuntu-latest'
+    - name: Run lint
+      run: nix-build --no-out-link default.nix -A lint
     - name: Build nix packages
       run: nix-build --no-out-link release.nix
     - name: Run unit tests
diff --git a/default.nix b/default.nix
index c474d5f..55963df 100644
--- a/default.nix
+++ b/default.nix
@@ -34,11 +34,25 @@ in rec {
     buildPhase = ''
       HOME=$TMPDIR golangci-lint run
     '';
+    doCheck = false;
     installPhase = ''
       touch $out
     '';
     fixupPhase = ":";
   });
 
+  cross-build = sops-install-secrets.overrideAttrs (old: {
+    name = "cross-build";
+    nativeBuildInputs = old.nativeBuildInputs ++ [ pkgs.gox ];
+    buildPhase = ''
+      (cd pkgs/sops-install-secrets && gox -os linux)
+    '';
+    doCheck = false;
+    installPhase = ''
+      touch $out $unittest
+    '';
+    fixupPhase = ":";
+  });
+
 # integration tests
 } // pkgs.lib.optionalAttrs (pkgs.stdenv.isLinux) sops-install-secrets.tests
diff --git a/flake.lock b/flake.lock
index 7a0afa2..1739dd0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1609214493,
-        "narHash": "sha256-lz8ROoxchhjoBd5phaM8t6EFAmRf+dU6clod2mdHOAg=",
+        "lastModified": 1612101959,
+        "narHash": "sha256-7IsEL/6wpr1fI/XyIw26Rz+KjRCoJvoozIcTRpCFfMQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ea3638a3fb262d3634be7e4c2aa3d4e9474ae157",
+        "rev": "1b77b735ea70c3dfbdab3eaa79aee48d75d3e162",
         "type": "github"
       },
       "original": {
diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go
index 1e99827..1d683c2 100644
--- a/pkgs/sops-install-secrets/main.go
+++ b/pkgs/sops-install-secrets/main.go
@@ -251,7 +251,7 @@ func decryptSecrets(secrets []secret) error {
 	return nil
 }
 
-const RAMFS_MAGIC = 0x858458f6
+const RAMFS_MAGIC int32 = -2054924042
 
 func mountSecretFs(mountpoint string, keysGid int) error {
 	if err := os.MkdirAll(mountpoint, 0750); err != nil {
@@ -262,7 +262,7 @@ func mountSecretFs(mountpoint string, keysGid int) error {
 	if err := unix.Statfs(mountpoint, &buf); err != nil {
 		return fmt.Errorf("Cannot get statfs for directory '%s': %w", mountpoint, err)
 	}
-	if buf.Type != RAMFS_MAGIC {
+	if int32(buf.Type) != RAMFS_MAGIC {
 		if err := unix.Mount("none", mountpoint, "ramfs", unix.MS_NODEV|unix.MS_NOSUID, "mode=0750"); err != nil {
 			return fmt.Errorf("Cannot mount: %s", err)
 		}