Fix Termux/Android compatibility issues (DNS, locking, Android target support)#5
Draft
wallentx wants to merge 266 commits into
Draft
Fix Termux/Android compatibility issues (DNS, locking, Android target support)#5wallentx wants to merge 266 commits into
wallentx wants to merge 266 commits into
Conversation
wallentx
changed the title
wallentx
force-pushed
the
wallentx/termux-target
branch
from
d61ca4b to
6c3d14b
Compare
|
Hi, do you know if this will continue to work with, and maybe improve, https://github.com/termux-user-repository/tur/blob/cf26feef42820d03b7061866ee5f456324657a7a/tur/codex/build.sh ? |
Owner
Author
The current TUR provided codex is impacted by the issue that my PR resolves, so if I get an invite to PR upstream, this should fix at least the locking issues. I had some code change logic to handle the absence of /etc/resolve.conf on android, but found that simply adding an aarch64-linux-android target made all of that unnecessary.. but if this never gets merged upstream, I could provide a patch with that original conditional logic so that this can be fully solved via patches in the TUR. Are you a maintainer, @robertkirkman ? |
Yes, I have merge permission for TUR. If you want users of Codex on TUR to get this fix, you could also submit this to https://github.com/termux-user-repository/tur/pulls and I would be able to approve it there, and then whenever this version gets merged the patch could be removed from the TUR version when it gets updated. |
wallentx
force-pushed
the
wallentx/termux-target
branch
from
4cccbca to
89ee71b
Compare
Owner
Author
|
Upstream, they have made a prerelease for rusty-v8 that they are using to test artifacts against their release binaries https://github.com/openai/codex/releases/tag/rusty-v8-v147.4.0 Then I can mirror their upstream prerelease for rust-v8-v147.4.0 which will also include my android artifacts, and this PR might actually be suitable for upstream merging. |
wallentx
force-pushed
the
wallentx/termux-target
branch
from
438ac09 to
7ead295
Compare
…nt/wallentx_termux-target_from_release_0.133.0_5180a72112f6 # Conflicts: # .github/workflows/rust-release.yml # codex-rs/Cargo.toml
…et_from_release_0.133.0_5180a72112f6 checkpoint: into wallentx/termux-target from release/0.133.0 @ 5180a72
Termux rust-v0.133.0-alpha.3
…nt/wallentx_termux-target_from_release_0.133.0_cf55321c25b5 # Conflicts: # codex-rs/Cargo.toml
…et_from_release_0.133.0_cf55321c25b5 checkpoint: into wallentx/termux-target from release/0.133.0 @ cf55321
- Goals are now enabled by default, backed by dedicated storage, and track progress across active turns. (openai#23300, openai#23685, openai#23696, openai#23732) - `codex remote-control` now runs like a foreground command, waits for readiness, reports machine status, and keeps explicit daemon-style `start`/`stop` commands. (openai#22878) - Permission profiles gained list APIs, inheritance, managed `requirements.toml` support, runtime refresh behavior, and stronger Windows sandbox integration. (openai#22928, openai#23412, openai#22270, openai#23433, openai#22931, openai#23715) - Plugin discovery is easier to inspect, with marketplace-aware list output, installed versions, visible marketplace roots, and remote collection support. (openai#23372, openai#23584, openai#23727, openai#23730) - Extensions can observe more lifecycle events, including subagent start/stop, tool execution, turn metadata, and async approval/turn processing. (openai#22782, openai#22873, openai#23309, openai#23688, openai#23690, openai#23692) ## Bug Fixes - Fixed TUI startup choosing the wrong working directory when reusing a local app-server socket. (openai#23538) - Fixed plan-mode free-form answers so modified Enter keys, like Shift+Enter, no longer submit unexpectedly. (openai#23536) - Removed stale background terminal poll events after a process exits. (openai#23231) - Preserved raw code-mode exec output unless an explicit output token limit is requested. (openai#23564) - Made AGENTS instruction loading more reliable, including local global reads and warnings for invalid UTF-8 instead of silent drops. (openai#23343, openai#23232) - Fixed app-server startup/shutdown races, empty resume/fork paths, plugin upgrade failures, and realtime v1 websocket compatibility. (openai#23516, openai#23578, openai#23400, openai#23356, openai#23771) ## Documentation - Added clearer plugin-creator guidance for updating and reinstalling local personal plugins. (openai#23542) - Expanded app-server/API docs and schema coverage around managed permission profile requirements. (openai#23433, openai#23555) ## Chores - Added a canonical Codex package archive pipeline and moved installers, npm packages, DotSlash, and SDK runtimes toward that shared layout. (openai#23513, openai#23582, openai#23586, openai#23596, openai#23635, openai#23636, openai#23637, openai#23638, openai#23786) - Fixed Linux Python runtime wheel tags so glibc-based systems can install the runtime artifacts. (openai#21812) - Improved release and CI reliability with package-builder tests, prebuilt resource packaging, DotSlash zstd handling, platform-sharded Rust tests, and Codex Linux release runners. (openai#23760, openai#23759, openai#23752, openai#23358, openai#23761) ## Changelog Full Changelog: openai/codex@rust-v0.132.0...rust-v0.133.0 - openai#23343 codex: route global AGENTS reads through LOCAL_FS @starr-openai - openai#22380 fix: default unknown tool schemas to empty schemas @celia-oai - openai#23309 Add tool lifecycle extension contributor @jif-oai - openai#23253 Reduce rust-ci-full Windows nextest timeout flakes @starr-openai - openai#22878 Improve `codex remote-control` CLI UX @owenlin0 - openai#21812 Publish Linux runtime wheels with glibc-compatible tags @aibrahim-oai - openai#22709 [codex] Trim unused TurnContextItem fields @pakrym-oai - openai#23353 Include plugin id in plugin MCP tool metadata @mzeng-openai - openai#22728 [codex] Move pending input into input queue @pakrym-oai - openai#23371 fix(tui): warn on unsupported iTerm2 pet versions @fcoury-oai - openai#23376 [codex-analytics] preserve user thread source for exec threads @marksteinbrick-oai - openai#23360 app-server: use profile ids in v2 permission params @bolinfest - openai#23384 [codex] Remove external websocket session resets @pakrym-oai - openai#22721 cleanup: Remove skill env var dependency prompting @xl-openai - openai#23389 Remove ToolSearch feature toggle @sayan-oai - openai#23080 [1 of 7] Add thread settings to UserInput @etraut-openai - openai#23081 [2 of 7] Remove UserInputWithTurnContext @etraut-openai - openai#23075 [3 of 7] Remove UserTurn @etraut-openai - openai#23396 [codex] Extract turn skill and plugin injections @pakrym-oai - openai#23356 fix(plugins): keep version upgrades additive @iceweasel-oai - openai#22508 [5 of 7] Replace OverrideTurnContext with ThreadSettings @etraut-openai - openai#22086 CI: Customize v8 building @cconger - openai#23390 Remove explicit connector tool undeferral @sayan-oai - openai#22928 core: expose permission profile picker metadata @viyatb-oai - openai#23352 Preserve context baselines for full-history agent forks @jif-oai - openai#23300 feat: dedicated goal DB @jif-oai - openai#22835 Remove ToolsConfig from tool planning @jif-oai - openai#22870 Add `body_after_prefix` auto-compact token limit scope @jif-oai - openai#23144 Defer v1 multi-agent tools behind tool search @jif-oai - openai#23409 [codex] Allow empty turn/start requests @pakrym-oai - openai#23388 [codex] Move hook request plumbing into hook runtime @pakrym-oai - openai#23405 [codex] Preserve steer input as user input @pakrym-oai - openai#22914 [2 of 4] tui: route app and skill enablement through app server @etraut-openai - openai#23397 [codex] Make contextual user fragments dyn-renderable @pakrym-oai - openai#23475 chore: namespace v1 sub-agent tools @jif-oai - openai#23493 Make `deny` canonical for filesystem permission entries @viyatb-oai - openai#22929 Harden CLI rate limit window labels @ase-openai - openai#22782 Add SubagentStart hook @abhinav-oai - openai#23513 build: add Codex package builder @bolinfest - openai#23369 Make local environment optional in EnvironmentManager @starr-openai - openai#23327 Refactor exec-server websocket pump @starr-openai - openai#23536 fix(tui): preserve modified enter in plan questions @fcoury-oai - openai#23400 Fix empty rollout path app-server handling @wiltzius-openai - openai#23551 Route local-only app-server gating through processors @starr-openai - openai#23372 Split plugin install discovery into list and request tools @mzeng-openai - openai#23516 fix: serialize unix app-server startup @efrazer-oai - openai#22169 [codex] Honor role-defined spawn service tiers @aibrahim-oai - openai#23555 Add CUA requirements subsection for locked computer use @adams-oai - openai#23538 Fix: TUI starting in wrong CWD @canvrno-oai - openai#23526 build: fetch rg for Codex packages @bolinfest - openai#23573 Remove unused ARC monitor path @mzeng-openai - openai#23576 test: fix multi-agent service tier assertion @bolinfest - openai#23541 build: default Codex package target and output @bolinfest - openai#23358 Fan out rust-ci-full nextest by platform @starr-openai - openai#23593 feat: expose codex-app-server version flag @bolinfest - openai#23412 feat: add permission profile list api @viyatb-oai - openai#23535 Move plugin and skill warmup into session startup @aibrahim-oai - openai#23231 Fix stale background terminal poll events @etraut-openai - openai#23564 [codex] Preserve raw code-mode exec output by default @aibrahim-oai - openai#23232 Warn on invalid UTF-8 in AGENTS.md files @etraut-openai - openai#23584 feat: Add vertical remote plugin collection support @xl-openai - openai#23586 build: package prebuilt Codex entrypoints @bolinfest - openai#23582 ci: build Codex package archives in release workflow @bolinfest - openai#23596 runtime: detect Codex package layout @bolinfest - openai#23500 add encryptedcontent to functioncalloutput @sayan-oai - openai#23633 Migrate exec-server remote registration to environments @richardopenai - openai#23451 Add timeout for remote compaction requests @jif-oai - openai#23667 feat: rename 1 @jif-oai - openai#23669 feat: rename 3 @jif-oai - openai#23668 feat: rename 2 @jif-oai - openai#23675 fix: main @jif-oai - openai#23685 feat: wire goal extension tools to the dedicated goal store @jif-oai - openai#23690 feat: async approval contrib @jif-oai - openai#23692 feat: async turn item process @jif-oai - openai#23688 feat: expose turn-start metadata to extensions @jif-oai - openai#23605 [codex] Hide deferred tools from code mode prompt @pakrym-oai - openai#23634 runtime: use install context for bundled bwrap @bolinfest - openai#23635 release: publish Codex package archive checksums @bolinfest - openai#23592 feat: Add btw alias for side slash command @anp-oai - openai#23696 feat: account active goal progress in the goal extension @jif-oai - openai#23176 [2 of 2] Start fresh TUI thread in background @etraut-openai - openai#23578 fix(app-server): speed up shutdown @fcoury-oai - openai#22896 windows-sandbox: add resolved permissions helper @bolinfest - openai#23502 Add thread/settings/update app-server API @etraut-openai - openai#23507 Sync TUI thread settings through app server @etraut-openai - openai#23666 feat: add turn_id and truncation_policy to extension tool calls @jif-oai - openai#23636 install: consume Codex package archives @bolinfest - openai#23717 [codex] Preserve failed goal accounting flushes @jif-oai - openai#23655 add standalone websearch api client @sayan-oai - openai#23724 Fix thread settings clippy failure @etraut-openai - openai#23637 npm: ship platform packages in Codex package layout @bolinfest - openai#23729 fix(config): resolve cloud requirements deny-read globs @viyatb-oai - openai#23638 dotslash: publish Codex entrypoints from package archives @bolinfest - openai#22918 windows-sandbox: send permission profiles to elevated runner @bolinfest - openai#23735 windows-sandbox: share bundled helper lookup @bolinfest - openai#18868 Add MITM hook config model @evawong-oai - openai#22270 feat(permissions): resolve permission profile inheritance @viyatb-oai - openai#23719 cli: add strict config to exec-server @bolinfest - openai#23542 [skills] Create a personal update flow for plugin creator @caseychow-oai - openai#21272 Support compact SessionStart hooks @abhinav-oai - openai#20659 Wire MITM hooks into runtime enforcement @evawong-oai - openai#23752 release: use DotSlash zstd for package archives @bolinfest - openai#22923 windows-sandbox: drive write roots from resolved permissions @bolinfest - openai#23761 chore: use Codex Linux runners for Rust releases @bolinfest - openai#23759 release: package prebuilt resource binaries @bolinfest - openai#23167 windows-sandbox: feed setup from resolved permissions @bolinfest - openai#22931 core: refresh active permission profiles at runtime @viyatb-oai - openai#22873 Add SubagentStop hook @abhinav-oai - openai#23727 feat(plugins): tabulate plugin list output @caseychow-oai - openai#23732 Make goals feature on by default and no longer experimental @etraut-openai - openai#23537 Honor client-resolved service tier defaults @shijie-oai - openai#23771 [codex] Fix realtime v1 websocket compatibility @guinness-oai - openai#23764 Remove Windows sandbox resource stamping @iceweasel-oai - openai#23730 [codex] List marketplaces considered by plugin discovery @caseychow-oai - openai#23760 ci: run Codex package builder tests @bolinfest - openai#23737 [codex] Add plugin id to MCP tool call items @mzeng-openai - openai#18240 Use named MITM permissions config @evawong-oai - openai#23774 [codex] Reject read-only fallback with approvals disabled @viyatb-oai - openai#23714 windows-sandbox: add profile-native elevated APIs @bolinfest - openai#23433 feat: support managed permission profiles in requirements.toml @viyatb-oai - openai#23715 core: pass permission profiles to Windows runner @bolinfest - openai#23786 sdk: launch packaged Codex runtimes @bolinfest
Termux rust-v0.133.0
…nt/wallentx_termux-target_from_release_0.133.0_7bcabc22ebc3
…et_from_release_0.133.0_7bcabc22ebc3 checkpoint: into wallentx/termux-target from release/0.133.0 @ 7bcabc2
Termux rust-v0.141.0-alpha.5
…nt/wallentx_termux-target_from_release_0.141.0_1541a9cd5dcf
…et_from_release_0.141.0_1541a9cd5dcf checkpoint: into wallentx/termux-target from release/0.141.0 @ 1541a9c
…nai#28671) ## Summary - Revert openai#28655, restoring the thread `recencyAt` behavior introduced by openai#27910. - Move `threads_recency_at` to migration 0039 so it no longer collides with `external_agent_config_imports` at version 0038. - Repair databases that already applied the recency migration as version 38 by moving the matching migration-history row to version 39 before SQLx validation. The current version-38 migration can then apply normally. ## Validation - `just test -p codex-state migrations::tests::repairs_recency_migration_that_was_applied_as_version_38` - `just test -p codex-state -p codex-rollout -p codex-thread-store -p codex-app-server-protocol -p codex-tui`: 3,439 passed; six TUI tests could not open the machine's existing read-only incident database at `~/.codex/sqlite/state_5.sqlite`. - `just fix -p codex-state` - `just fmt` - Verified that state migration versions are unique.
This mechanically extracts the existing TUI plugin catalog and detail popup rendering from `chatwidget/plugins.rs` into a new `chatwidget/plugin_catalog.rs` module. `plugins.rs` now keeps the stateful plugin workflow and orchestration, while `plugin_catalog.rs` owns the presentation-heavy catalog/detail popup construction and its pure helpers. The goal is to keep `plugins.rs` focused before later plugin sharing work adds more catalog behavior. - Moves existing catalog/detail popup builders and related pure helpers into `plugin_catalog.rs` - Leaves plugin fetch/state/key handling in `plugins.rs` - Adds only minimal sibling-module visibility/import wiring - Intentionally makes no product behavior or UI changes beyond the code move
## Summary Updates the bundled OpenAI Docs skill to use compact, title-like search queries. This performs better in Codex. ## Validation - OpenAI Docs skill validation passed - `git diff --check`
## Why It should be possible for app-server to handle "foreign" OS paths in unified_exec working directories, allowing e.g. a Linux app-server to run processes on e.g. a Windows exec-server. ## What Convert the core unified_exec cwd values to use `PathUri`. Adds fallible path conversion in several places to try to minimize the scope of this change. The only time this change suppresses errors from converting `PathUri` to an `AbsolutePathBuf` is when the turn is configured with no sandboxing at all to allow us to make progress testing without sandboxing. Future changes to apply_patch and sandboxing will clean up these error paths. A tool's cwd is resolved from joining a model-provided workdir to the environment's cwd. When using `AbsolutePathBuf::join()`, an absolute-path workdir would overwrite the environment's cwd and we would resolve permissions/sandboxing against the model-provided path. This change extends `PathUri::join()` to also treat an absolute rhs as an override of the base/lhs. This also removes some coverage from the remove_env_windows tests until a follow-up converts foreign paths in command exec events correctly. ## Breaking Changes When using `AbsolutePathBuf::join()` for workdir resolution, we ended up resolving tilde-prefixed paths against the app-server's `$HOME`, e.g. `~/foo/bar` becomes `/home/anp/foo/bar`. It's difficult to do this with `PathUri` joining, so after offline discussion this PR no longer implements it. A quick check of some power users' rollouts suggests that models don't actually generate home-prefixed absolute working directories for their spawns, so this shouldn't have any real blast radius.
) ## Summary - Track plugin install failures through the unified `codex_plugin_install_failed` event for local installs, remote install preflight failures, bundle failures, and remote catalog/backend failures. - Send classified `error_type` values in plugin install failure analytics instead of raw error strings. - Stop sending raw external-agent import errors in analytics while preserving raw failure details in app-facing import notifications/history. - Keep raw plugin/migration diagnostics in `tracing::warn!` logs. - Keep remote failure plugin names as the existing local placeholder (`unknown`) and remove the extra telemetry plugin-name override. - Change `ExternalAgentConfigImportParams.source` from a generated enum to `string | null`, with legacy `claudeCode` / `claudeCowork` inputs normalized to existing analytics values. ## Testing
## Why Services that proxy the exec-server environment registry endpoints need to deserialize and forward the same Noise registration and harness-key validation payloads. Those wire models currently live as private, serialize-only structs in `exec-server`, which forces consumers to duplicate the contract. ## What changed - Add owned serde models for registration and harness-key validation requests and responses. - Use those models in the existing exec-server registry client. - Re-export the models from `codex-exec-server` and `codex-core-api`. - Keep the harness authorization request free of a derived `Debug` implementation so it is not accidentally logged. ## Testing - Focused exec-server registration and harness-key validation tests: 2 passed. - `cargo check -p codex-core-api` The full `codex-exec-server` suite compiled and ran 254 tests: 222 passed, while 32 existing filesystem sandbox tests could not run under the nested macOS sandbox (`sandbox_apply: Operation not permitted`). Co-authored-by: Codex <noreply@openai.com>
## Summary - allow local marketplace `source.path: "."` and `source.path: "./"` to resolve to the marketplace root - keep `""` invalid and preserve rejection of non-root paths without `./` plus non-normal/traversal paths - add focused regression coverage for repo-root plugin layouts and rejected local paths ## Tests - `RUSTUP_TOOLCHAIN=stable just fmt` - `RUSTUP_TOOLCHAIN=stable just test -p codex-core-plugins` - `RUSTUP_TOOLCHAIN=stable just fix -p codex-core-plugins` Note: plain pinned-toolchain `just fmt` was blocked locally by a rustup `clippy` component conflict, so validation used the working stable 1.95 toolchain fallback.
## Why macOS Bazel jobs fail before target analysis because the pinned Apple CDN object now returns HTTP 403. ## What Uprev the pin to Apple's currently live macOS 26.5 Command Line Tools package, including its checksum and SDK extraction path. ## Validation - Built `@macos_sdk//sysroot` from a fresh Bazel output root. - Regenerated and checked `MODULE.bazel.lock`; it remains unchanged.
Add more tracing spans around tool building.
## Why `PathUri::join` should not depend on the app-server compatibility wrapper `LegacyAppPathString` to parse native paths. Native path parsing belongs to the URI abstraction that it constructs. ## What Move platform-independent native path parsing into the root `PathUri` module. `PathUri::join` and `LegacyAppPathString` now share the crate-private `PathUri::from_absolute_native_path` constructor.
Termux rust-v0.141.0-alpha.6
…nt/wallentx_termux-target_from_release_0.141.0_96f6efe5debd
## Why
Codex can run a remote exec server through the Noise relay, but the
normal
environment-manager path could not establish an
environment-registry-backed
harness connection. Signed rendezvous URLs and harness authorizations
are
short-lived, so reconnects must fetch a fresh bundle instead of
retaining
stale connection credentials. A stalled registry request must also fail
within
the regular remote connection deadline, without exposing these
credentials in
debug logs.
Issue: N/A (internal environment-service integration).
## What Changed
- Add environment-manager configuration for a registry-backed Noise
rendezvous
environment.
- Request a fresh bundle from
`/cloud/environment/{environment_id}/connect` for every physical harness
connection, using the existing 10-second remote connection timeout.
- Share the Environment Registry register, connect, and validate wire
payloads
through `codex-exec-server` and `codex-core-api`.
- Redact the signed rendezvous URL and harness authorization from the
public
connect response's `Debug` output.
- Add focused coverage for registry bundle retrieval, stalled requests,
and
credential redaction.
…et_from_release_0.141.0_96f6efe5debd checkpoint: into wallentx/termux-target from release/0.141.0 @ 96f6efe
Termux rust-v0.141.0-alpha.7
…nt/wallentx_termux-target_from_release_0.141.0_8c573573be47
…et_from_release_0.141.0_8c573573be47 checkpoint: into wallentx/termux-target from release/0.141.0 @ 8c57357
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Codex CLI currently fails on native Termux/Android due to DNS resolution and unsupported lock semantics in this environment. This PR adds compatibility adjustments that allow:
The changes preserve existing behavior on non-Android platforms.
Changes
DNS/Resolver fixes
$PREFIX/etc/resolv.conf,Graceful handling of unsupported locks
std::io::ErrorKind::Unsupportedfromtry_lock()without failing.Android build target support in CI
To produce and validate builds targeting Android (e.g. native Termux):
aarch64-linux-androidtarget in GitHub Actions.CC, andARfor the Android target.keyringtarget dependencies for Android.This enables CI to build Android artifacts that include the compatibility adjustments above, which aids testing and validation.
Validation
just fmtcargo test