From cb6584de46f27e349d6ebe4dbe3e3a46fca65a45 Mon Sep 17 00:00:00 2001 From: Dylan Hurd Date: Tue, 4 Nov 2025 09:17:16 -0800 Subject: [PATCH] fix: pin musl 1.2.5 for DNS fixes (#6189) ## Summary musl 1.2.5 includes [several fixes to DNS over TCP](https://www.openwall.com/lists/musl/2024/03/01/2), which appears to be the root cause of #6116. This approach is a bit janky, but according to codex: > On the Ubuntu 24.04 runners we use, apt-cache policy musl-tools shows only the distro build (1.2.4-2ubuntu2)" We should build with this version and confirm. ## Testing - [ ] TODO: test and see if this fixes Azure issues --- .github/actions/setup-musl-1_2_5/action.yml | 47 +++++++++++++++++++++ .github/workflows/rust-ci.yml | 12 ++---- .github/workflows/rust-release.yml | 8 ++-- 3 files changed, 55 insertions(+), 12 deletions(-) create mode 100644 .github/actions/setup-musl-1_2_5/action.yml diff --git a/.github/actions/setup-musl-1_2_5/action.yml b/.github/actions/setup-musl-1_2_5/action.yml new file mode 100644 index 00000000..64d43204 --- /dev/null +++ b/.github/actions/setup-musl-1_2_5/action.yml @@ -0,0 +1,47 @@ +name: Setup musl 1.2.5 toolchain +description: Install musl 1.2.5 from source and configure the linker for the requested target. +inputs: + target: + description: Cargo target triple that requires musl (e.g., x86_64-unknown-linux-musl). + required: true +runs: + using: composite + steps: + - name: Install musl 1.2.5 + shell: bash + env: + MUSL_VERSION: 1.2.5 + MUSL_PREFIX: /opt/musl-1.2.5 + DEBIAN_FRONTEND: noninteractive + run: | + set -euo pipefail + sudo apt-get -y update -o Acquire::Retries=3 + sudo apt-get -y install --no-install-recommends build-essential curl pkg-config + + curl -sSfL --retry 3 --retry-delay 1 "https://musl.libc.org/releases/musl-${MUSL_VERSION}.tar.gz" -o /tmp/musl.tar.gz + tar -xf /tmp/musl.tar.gz -C /tmp + + pushd "/tmp/musl-${MUSL_VERSION}" + ./configure --prefix="${MUSL_PREFIX}" + make -j"$(nproc)" + sudo make install + popd + + echo "${MUSL_PREFIX}/bin" >> "$GITHUB_PATH" + musl_gcc="${MUSL_PREFIX}/bin/musl-gcc" + "${musl_gcc}" --version + + case "${{ inputs.target }}" in + x86_64-unknown-linux-musl) + echo "CC_x86_64_unknown_linux_musl=${musl_gcc}" >> "$GITHUB_ENV" + echo "CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=${musl_gcc}" >> "$GITHUB_ENV" + ;; + aarch64-unknown-linux-musl) + echo "CC_aarch64_unknown_linux_musl=${musl_gcc}" >> "$GITHUB_ENV" + echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=${musl_gcc}" >> "$GITHUB_ENV" + ;; + *) + echo "Unsupported musl target '${{ inputs.target }}'" >&2 + exit 1 + ;; + esac diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 103e8cf6..6bc7574d 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -217,14 +217,10 @@ jobs: key: apt-${{ matrix.runner }}-${{ matrix.target }}-v1 - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}} - name: Install musl build tools - env: - DEBIAN_FRONTEND: noninteractive - shell: bash - run: | - set -euo pipefail - sudo apt-get -y update -o Acquire::Retries=3 - sudo apt-get -y install --no-install-recommends musl-tools pkg-config + name: Setup musl 1.2.5 toolchain + uses: ./.github/actions/setup-musl-1_2_5 + with: + target: ${{ matrix.target }} - name: Install cargo-chef if: ${{ matrix.profile == 'release' }} diff --git a/.github/workflows/rust-release.yml b/.github/workflows/rust-release.yml index 26afdaf5..f58c84bd 100644 --- a/.github/workflows/rust-release.yml +++ b/.github/workflows/rust-release.yml @@ -92,10 +92,10 @@ jobs: key: cargo-${{ matrix.runner }}-${{ matrix.target }}-release-${{ hashFiles('**/Cargo.lock') }} - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}} - name: Install musl build tools - run: | - sudo apt-get update - sudo apt-get install -y musl-tools pkg-config + name: Setup musl 1.2.5 toolchain + uses: ./.github/actions/setup-musl-1_2_5 + with: + target: ${{ matrix.target }} - name: Cargo build run: cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy