From ad9ca26606c5a5c12ddf51544983dffd665846d2 Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Fri, 13 Mar 2026 10:45:01 +0000 Subject: [PATCH] gnu: codex, codex-acp: Drop file_lock patches; enable network-proxy. * gnu/packages/patches/rust-codex-0.98.0-arg0-file-lock.patch, gnu/packages/patches/rust-codex-0.98.0-core-file-lock.patch, gnu/packages/patches/rust-codex-0.98.0-execpolicy-file-lock.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Unregister them. * gnu/packages/rust-sources.scm (rust-codex-0.0.0.785c0c43)[source]: Remove file-lock patches. (rust-codex-0.98.0)[source]: Likewise. [arguments]<#:cargo-package-crates>: Add codex-network-proxy. * gnu/packages/rust-apps.scm (codex)[source]: Remove file-lock patches. [arguments]<#:cargo-install-paths>: Add network-proxy. <#:cargo-package-crates>: Add codex-network-proxy. (codex-acp)[arguments]<#:rust>: Delete. <#:cargo-test-flags>: Remove override. * gnu/packages/patches/codex-0.98.0-remove-patch-sections.patch: Stop excluding network-proxy from workspace members. Change-Id: Iabc65a4ca2e8cc5801933a74a2b53b9bce404102 --- gnu/local.mk | 3 - .../codex-0.98.0-remove-patch-sections.patch | 16 +--- .../rust-codex-0.98.0-arg0-file-lock.patch | 89 ------------------ .../rust-codex-0.98.0-core-file-lock.patch | 91 ------------------- ...st-codex-0.98.0-execpolicy-file-lock.patch | 49 ---------- gnu/packages/rust-apps.scm | 16 ++-- gnu/packages/rust-sources.scm | 19 +--- 7 files changed, 12 insertions(+), 271 deletions(-) delete mode 100644 gnu/packages/patches/rust-codex-0.98.0-arg0-file-lock.patch delete mode 100644 gnu/packages/patches/rust-codex-0.98.0-core-file-lock.patch delete mode 100644 gnu/packages/patches/rust-codex-0.98.0-execpolicy-file-lock.patch diff --git a/gnu/local.mk b/gnu/local.mk index 328f881aab..d208b0b9de 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2376,10 +2376,7 @@ dist_patch_DATA = \ %D%/packages/patches/rust-1.70-fix-rustix-build.patch \ %D%/packages/patches/rust-1.78-unwinding-fix.patch \ %D%/packages/patches/rust-1.81-fix-riscv64-bootstrap.patch \ - %D%/packages/patches/rust-codex-0.98.0-arg0-file-lock.patch \ - %D%/packages/patches/rust-codex-0.98.0-core-file-lock.patch \ %D%/packages/patches/rust-codex-0.98.0-core-remove-self-dep.patch \ - %D%/packages/patches/rust-codex-0.98.0-execpolicy-file-lock.patch \ %D%/packages/patches/rust-codex-0.98.0-test-shebangs.patch \ %D%/packages/patches/rust-codex-0.98.0-test-timeout.patch \ %D%/packages/patches/rust-codex-0.98.0-windows-sandbox-protocol-version.patch \ diff --git a/gnu/packages/patches/codex-0.98.0-remove-patch-sections.patch b/gnu/packages/patches/codex-0.98.0-remove-patch-sections.patch index 34cd8bccf5..c54fe0b7fd 100644 --- a/gnu/packages/patches/codex-0.98.0-remove-patch-sections.patch +++ b/gnu/packages/patches/codex-0.98.0-remove-patch-sections.patch @@ -2,28 +2,16 @@ Author: Danny Milosavljevic Date: 2026-02-08 License: ASL2.0 -Remove [patch.crates-io] and [patch.'ssh://...'] sections and -exclude network-proxy from workspace members. +Remove [patch.crates-io] and [patch.'ssh://...'] sections. The [patch] sections point to git repositories which are unavailable in an offline build. The vendored crossterm, ratatui, tokio-tungstenite and tungstenite forks are provided as cargo-inputs instead. -The network-proxy workspace member depends on rama which requires -Rust 1.91+. - --- a/codex-rs/Cargo.toml +++ b/codex-rs/Cargo.toml -@@ -28,7 +28,6 @@ - "lmstudio", - "login", - "mcp-server", -- "network-proxy", - "ollama", - "process-hardening", - "protocol", -@@ -311,16 +310,3 @@ +@@ -311,16 +311,3 @@ debug = 1 # Reduce debug symbol size inherits = "test" opt-level = 0 diff --git a/gnu/packages/patches/rust-codex-0.98.0-arg0-file-lock.patch b/gnu/packages/patches/rust-codex-0.98.0-arg0-file-lock.patch deleted file mode 100644 index 62298d9572..0000000000 --- a/gnu/packages/patches/rust-codex-0.98.0-arg0-file-lock.patch +++ /dev/null @@ -1,89 +0,0 @@ -Author: Danny Milosavljevic -Date: 2026-02-07 -License: ASL2.0 -Subject: Use libc::flock instead of unstable std File::try_lock(). - -The file_lock feature is tracked at -and is not yet stable in old Rust versions like Rust 1.88. - -diff -ruN a/codex-rs/arg0/Cargo.toml b/codex-rs/arg0/Cargo.toml ---- a/codex-rs/arg0/Cargo.toml -+++ b/codex-rs/arg0/Cargo.toml -@@ -17,5 +17,6 @@ - codex-core = { workspace = true } - codex-linux-sandbox = { workspace = true } - dotenvy = { workspace = true } -+libc = { workspace = true } - tempfile = { workspace = true } - tokio = { workspace = true, features = ["rt-multi-thread"] } -diff -ruN a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs ---- a/codex-rs/arg0/src/lib.rs -+++ b/codex-rs/arg0/src/lib.rs -@@ -5,6 +5,8 @@ - - use codex_core::CODEX_APPLY_PATCH_ARG1; - #[cfg(unix)] -+use std::os::unix::io::AsRawFd; -+#[cfg(unix)] - use std::os::unix::fs::symlink; - use tempfile::TempDir; - -@@ -13,6 +15,18 @@ - const MISSPELLED_APPLY_PATCH_ARG0: &str = "applypatch"; - const LOCK_FILENAME: &str = ".lock"; - -+// FIXME: Remove this helper when Rust provides stable file locking API. -+// The file_lock feature is tracked at . -+#[cfg(unix)] -+fn try_lock_exclusive(file: &File) -> std::io::Result<()> { -+ let ret = unsafe { libc::flock(file.as_raw_fd(), libc::LOCK_EX | libc::LOCK_NB) }; -+ if ret == 0 { -+ Ok(()) -+ } else { -+ Err(std::io::Error::last_os_error()) -+ } -+} -+ - /// Keeps the per-session PATH entry alive and locked for the process lifetime. - pub struct Arg0PathEntryGuard { - _temp_dir: TempDir, -@@ -216,7 +230,7 @@ - .create(true) - .truncate(false) - .open(&lock_path)?; -- lock_file.try_lock()?; -+ try_lock_exclusive(&lock_file)?; - - for filename in &[ - APPLY_PATCH_ARG0, -@@ -307,10 +321,10 @@ - Err(err) => return Err(err), - }; - -- match lock_file.try_lock() { -+ match try_lock_exclusive(&lock_file) { - Ok(()) => Ok(Some(lock_file)), -- Err(std::fs::TryLockError::WouldBlock) => Ok(None), -- Err(err) => Err(err.into()), -+ Err(ref e) if e.raw_os_error() == Some(libc::EWOULDBLOCK) => Ok(None), -+ Err(err) => Err(err), - } - } - -@@ -318,6 +332,7 @@ - mod tests { - use super::LOCK_FILENAME; - use super::janitor_cleanup; -+ use super::try_lock_exclusive; - use std::fs; - use std::fs::File; - use std::path::Path; -@@ -350,7 +365,7 @@ - let dir = root.path().join("locked"); - fs::create_dir(&dir)?; - let lock_file = create_lock(&dir)?; -- lock_file.try_lock()?; -+ try_lock_exclusive(&lock_file)?; - - janitor_cleanup(root.path())?; - diff --git a/gnu/packages/patches/rust-codex-0.98.0-core-file-lock.patch b/gnu/packages/patches/rust-codex-0.98.0-core-file-lock.patch deleted file mode 100644 index ee53f7e277..0000000000 --- a/gnu/packages/patches/rust-codex-0.98.0-core-file-lock.patch +++ /dev/null @@ -1,91 +0,0 @@ -Author: Danny Milosavljevic -Date: 2026-01-25 -License: ASL2.0 -Subject: Use libc::flock instead of unstable std File::try_lock()/try_lock_shared(). - -The file_lock feature is tracked at . -and is not yet stable in old Rust versions like Rust 1.85. - -The file_lock feature was stabilized after Rust 1.88, but we only have 1.88. - -diff -u a/codex-rs/core/src/message_history.rs b/codex-rs/core/src/message_history.rs ---- a/codex-rs/core/src/message_history.rs -+++ b/codex-rs/core/src/message_history.rs -@@ -41,6 +41,8 @@ - use std::os::unix::fs::OpenOptionsExt; - #[cfg(unix)] - use std::os::unix::fs::PermissionsExt; -+#[cfg(unix)] -+use std::os::unix::io::AsRawFd; - - /// Filename that stores the message history inside `~/.codex`. - const HISTORY_FILENAME: &str = "history.jsonl"; -@@ -51,6 +53,28 @@ - const MAX_RETRIES: usize = 10; - const RETRY_SLEEP: Duration = Duration::from_millis(100); - -+// FIXME: Remove these helpers when Rust provides stable file locking API -+// The file_lock feature is tracked at . -+#[cfg(unix)] -+fn try_lock_exclusive(file: &File) -> std::io::Result<()> { -+ let ret = unsafe { libc::flock(file.as_raw_fd(), libc::LOCK_EX | libc::LOCK_NB) }; -+ if ret == 0 { -+ Ok(()) -+ } else { -+ Err(std::io::Error::last_os_error()) -+ } -+} -+ -+#[cfg(unix)] -+fn try_lock_shared(file: &File) -> std::io::Result<()> { -+ let ret = unsafe { libc::flock(file.as_raw_fd(), libc::LOCK_SH | libc::LOCK_NB) }; -+ if ret == 0 { -+ Ok(()) -+ } else { -+ Err(std::io::Error::last_os_error()) -+ } -+} -+ - #[derive(Serialize, Deserialize, Debug, Clone, PartialEq)] - pub struct HistoryEntry { - pub session_id: String, -@@ -126,7 +150,7 @@ - tokio::task::spawn_blocking(move || -> Result<()> { - // Retry a few times to avoid indefinite blocking when contended. - for _ in 0..MAX_RETRIES { -- match history_file.try_lock() { -+ match try_lock_exclusive(&history_file) { - Ok(()) => { - // While holding the exclusive lock, write the full line. - // We do not open the file with `append(true)` on Windows, so ensure the -@@ -137,10 +161,10 @@ - enforce_history_limit(&mut history_file, history_max_bytes)?; - return Ok(()); - } -- Err(std::fs::TryLockError::WouldBlock) => { -+ Err(ref e) if e.kind() == std::io::ErrorKind::WouldBlock => { - std::thread::sleep(RETRY_SLEEP); - } -- Err(e) => return Err(e.into()), -+ Err(e) => return Err(e), - } - } - -@@ -341,7 +365,7 @@ - // Open & lock file for reading using a shared lock. - // Retry a few times to avoid indefinite blocking. - for _ in 0..MAX_RETRIES { -- let lock_result = file.try_lock_shared(); -+ let lock_result = try_lock_shared(&file); - - match lock_result { - Ok(()) => { -@@ -368,7 +392,7 @@ - // Not found at requested offset. - return None; - } -- Err(std::fs::TryLockError::WouldBlock) => { -+ Err(ref e) if e.kind() == std::io::ErrorKind::WouldBlock => { - std::thread::sleep(RETRY_SLEEP); - } - Err(e) => { diff --git a/gnu/packages/patches/rust-codex-0.98.0-execpolicy-file-lock.patch b/gnu/packages/patches/rust-codex-0.98.0-execpolicy-file-lock.patch deleted file mode 100644 index 10b8b37c5c..0000000000 --- a/gnu/packages/patches/rust-codex-0.98.0-execpolicy-file-lock.patch +++ /dev/null @@ -1,49 +0,0 @@ -Author: Danny Milosavljevic -Date: 2026-01-25 -License: ASL2.0 -Subject: Use libc::flock instead of unstable std File::lock(). - -The file_lock feature is tracked at . -and is not yet stable in old Rust versions like Rust 1.85. - -The file_lock feature was stabilized after Rust 1.88, but we only have 1.88. - -diff -u a/codex-rs/execpolicy/Cargo.toml b/codex-rs/execpolicy/Cargo.toml ---- a/codex-rs/execpolicy/Cargo.toml -+++ b/codex-rs/execpolicy/Cargo.toml -@@ -19,6 +19,7 @@ - [dependencies] - anyhow = { workspace = true } - clap = { workspace = true, features = ["derive"] } -+libc = { workspace = true } - multimap = { workspace = true } - serde = { workspace = true, features = ["derive"] } - serde_json = { workspace = true } -diff -u a/codex-rs/execpolicy/src/amend.rs b/codex-rs/execpolicy/src/amend.rs ---- a/codex-rs/execpolicy/src/amend.rs -+++ b/codex-rs/execpolicy/src/amend.rs -@@ -1,4 +1,5 @@ - use std::fs::OpenOptions; -+use std::os::unix::io::AsRawFd; - use std::io::Read; - use std::io::Seek; - use std::io::SeekFrom; -@@ -100,10 +101,14 @@ - path: policy_path.to_path_buf(), - source, - })?; -- file.lock().map_err(|source| AmendError::LockPolicyFile { -- path: policy_path.to_path_buf(), -- source, -- })?; -+ // FIXME: Use file.lock() when Rust 1.91 is available -+ let ret = unsafe { libc::flock(file.as_raw_fd(), libc::LOCK_EX) }; -+ if ret != 0 { -+ return Err(AmendError::LockPolicyFile { -+ path: policy_path.to_path_buf(), -+ source: std::io::Error::last_os_error(), -+ }); -+ } - - let len = file - .metadata() diff --git a/gnu/packages/rust-apps.scm b/gnu/packages/rust-apps.scm index fadc8dfa71..827e778c93 100644 --- a/gnu/packages/rust-apps.scm +++ b/gnu/packages/rust-apps.scm @@ -845,9 +845,6 @@ Commit and SemVer specifications.") (origin (inherit (package-source rust-codex-0.98.0)) (patches (search-patches - "rust-codex-0.98.0-execpolicy-file-lock.patch" - "rust-codex-0.98.0-core-file-lock.patch" - "rust-codex-0.98.0-arg0-file-lock.patch" "codex-0.98.0-remove-patch-sections.patch" "rust-codex-0.98.0-test-shebangs.patch" "rust-codex-0.98.0-test-timeout.patch")))) @@ -856,7 +853,7 @@ Commit and SemVer specifications.") (list #:install-source? #f #:cargo-install-paths '(list "cli" "exec" "exec-server" - "linux-sandbox" "mcp-server" + "linux-sandbox" "mcp-server" "network-proxy" "app-server" "tui") ;; schema_fixtures_match_generated (upstream fixture is stale: ;; FileChange::Update in codex-protocol gained old_content, @@ -1042,7 +1039,7 @@ Commit and SemVer specifications.") "codex-exec" "codex-exec-server" "codex-stdio-to-uds" - ;; codex-network-proxy requires rama which needs Rust 1.91+. + "codex-network-proxy" "codex-chatgpt" "codex-cloud-tasks-client" ;;; Tier 5. @@ -1148,7 +1145,10 @@ Commit and SemVer specifications.") (lambda _ (setenv "HOME" "/tmp") (setenv "USER" "nixbld")))))) - (native-inputs (list perl python-minimal ;for tests + (native-inputs (list clang ;bindgen uses libclang to parse BoringSSL's C headers + cmake-minimal ;BoringSSL is compiled from C source + libunwind ;BoringSSL tests verify stack unwinding in assembly + perl python-minimal ;for tests pkg-config)) (inputs (cons* bash-minimal coreutils git-minimal sed openssl sqlite `(,zstd "lib") @@ -1180,11 +1180,7 @@ Configure providers via @file{~/.codex/config.toml}.") (build-system cargo-build-system) (arguments (list - #:rust rust-1.88 #:install-source? #f - ;; Skip doctests (--doc) because rustdoc is unavailable for non-default - ;; Rust versions in Guix. - #:cargo-test-flags '(list "--lib" "--bins" "--tests") #:phases #~(modify-phases %standard-phases (add-after 'unpack 'patch-codex-deps diff --git a/gnu/packages/rust-sources.scm b/gnu/packages/rust-sources.scm index c4e2c2685d..93ddee042a 100644 --- a/gnu/packages/rust-sources.scm +++ b/gnu/packages/rust-sources.scm @@ -728,13 +728,7 @@ intelligence.") (file-name (git-file-name name version)) (sha256 (base32 "0rwj1ykknng39mhzna3fw3rcl3vngynsjdcj1namgkvw91zd9dl7")) - ;; TODO: Remove patches when Rust provides stable file locking API. - ;; The file_lock feature is tracked at - ;; . - (patches (search-patches "rust-codex-0.98.0-execpolicy-file-lock.patch" - "rust-codex-0.98.0-core-file-lock.patch" - "rust-codex-0.98.0-arg0-file-lock.patch" - "rust-codex-0.98.0-core-remove-self-dep.patch")))) + (patches (search-patches "rust-codex-0.98.0-core-remove-self-dep.patch")))) (build-system cargo-build-system) (arguments (list @@ -832,9 +826,6 @@ and runtime for AI-assisted coding.") (file-name (git-file-name name version)) (sha256 (base32 "1mn322gbir4gn4y5jihdqg0wprjlnx771chyfmmm7ri7pnim1zmc")) - ;; TODO: Remove patches when Rust provides stable file locking API. - ;; The file_lock feature is tracked at - ;; . (modules '((guix build utils))) (snippet '(begin ;;; These are JSON manifests with a dotslash @@ -845,10 +836,7 @@ and runtime for AI-assisted coding.") ;; Bundled bubblewrap source tree; includes a ;; compiled BPF blob (demos/flatpak.bpf). (delete-file-recursively "codex-rs/vendor/bubblewrap"))) - (patches (search-patches "rust-codex-0.98.0-execpolicy-file-lock.patch" - "rust-codex-0.98.0-core-file-lock.patch" - "rust-codex-0.98.0-arg0-file-lock.patch" - "rust-codex-0.98.0-core-remove-self-dep.patch" + (patches (search-patches "rust-codex-0.98.0-core-remove-self-dep.patch" "rust-codex-0.98.0-windows-sandbox-protocol-version.patch" "rust-codex-0.98.0-test-shebangs.patch")))) (build-system cargo-build-system) @@ -888,7 +876,8 @@ and runtime for AI-assisted coding.") "codex-login" ; Depends on codex-core "codex-ollama" ; Depends on codex-core "codex-common" ; Depends on codex-core, codex-lmstudio, codex-ollama - "codex-mcp-server") ; Depends on codex-core, codex-common + "codex-mcp-server" ; Depends on codex-core, codex-common + "codex-network-proxy") ; Depends on codex-core, rama #:phases #~(modify-phases %standard-phases (add-after 'unpack 'chdir-to-workspace