Pass -allow-host-networking to nanvixd in standalone mode#646
Closed
ppenna wants to merge 17 commits into
Closed
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add a derived Docker image (ghcr.io/nanvix/toolchain-python) that layers Python 3 on top of the minimal GCC toolchain image. This provides the host Python interpreter required by --with-build-python during CPython cross-compilation. A backward-compat symlink (/opt/nanvix/bin/python3 -> /usr/bin/python3) ensures existing Makefile paths work without changes. Makefile.nanvix defaults are intentionally left unchanged until the shared CI workflow is updated to pull the new image. Changes: - .nanvix/docker/Dockerfile: derived image from toolchain-gcc + python3 - .github/workflows/docker-image.yml: CI to build & publish to GHCR - .github/dependabot.yml: add Docker ecosystem for base-image bumps - .nanvix/config.py: update DOCKER_IMAGE constant - NANVIX.md: update docker pull instructions Closes #612 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The v1.15.0 shared workflow defaults to ghcr.io/nanvix/toolchain-gcc which does not include a host Python interpreter. CPython cross- compilation requires --with-build-python, so pass the derived toolchain-python image (created in #612) via the new docker-image input. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The windows-zip CI job (updated in the v2.0.0 workflow bump) expects .tar.gz standalone tarballs, but package.py was still producing .tar.bz2. This mismatch caused the Windows .zip release to silently stop being created. Switch all tarball creation and verification in package.py from bzip2 to gzip compression to align with the CI workflow expectations.
zutils v0.8.2 natively handles .tar.gz, .tar.bz2 and .zip archives.
Update _download_dep_fallback() to accept all three formats instead
of hardcoding .tar.bz2, using tarfile.open("r:*") for auto-detection
and zipfile.is_zipfile() for zip archives.
Replace all references to the legacy nanvix/toolchain:latest-minimal Docker Hub image with ghcr.io/nanvix/toolchain-python:latest in Makefile.nanvix and NANVIX.md documentation. Files updated: - Makefile.nanvix: NANVIX_DOCKER_IMAGE default - NANVIX.md: default image documentation
nanvix/workflows v2.0.1 added 'packages: read' to its top-level permissions block (commit 48eeaf7) so the reusable workflow can authenticate to ghcr.io for the docker pull retry loop. GitHub Actions enforces that a reusable workflow's effective permissions must be <= the caller job's. Our caller's explicit permissions block omits 'packages', so that scope implicitly defaults to 'none', causing every PR run to fail with startup_failure (zero jobs) the moment the bump moves the ref to @v2.0.1. Also drop the redundant job-level permissions block on ci-scheduled — it duplicated the workflow-level block exactly and added nothing besides maintenance burden.
Thread nanvixd_extra through run_all() in test.py so that z.py can supply extra flags per deployment mode. When the deployment mode is standalone, pass -allow-host-networking to nanvixd for both the hello-world and regrtest test runs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR intends to pass -allow-host-networking to nanvixd for standalone test runs, but it also makes broader Nanvix build, packaging, Docker, CI, and socket-support changes.
Changes:
- Threads
nanvixd_extrathrough the Nanvix CPython test runner and supplies standalone networking flags. - Updates Nanvix/zutil versions, Docker image defaults, CI workflow inputs, and release artifact format from
.tar.bz2to.tar.gz. - Adds Nanvix socket compatibility shims and a new GHCR Docker image build workflow.
Show a summary per file
| File | Description |
|---|---|
z.sh |
Bumps pinned nanvix-zutil version. |
z.ps1 |
Bumps pinned nanvix-zutil version for Windows. |
NANVIX.md |
Updates documented Docker image references. |
Modules/socketmodule.c |
Adds Nanvix inet shims and adjusts CLOEXEC errno handling. |
Modules/getaddrinfo.c |
Adds fallback definition for IN_CLASSA_NSHIFT. |
Makefile.nanvix |
Updates Docker image and forces socket-related configure checks. |
.nanvix/z.py |
Refactors local Nanvix overlay/dependency fallback and passes standalone nanvixd_extra. |
.nanvix/test.py |
Supports .tar.gz release downloads and threads nanvixd_extra. |
.nanvix/package.py |
Switches release packaging and verification to .tar.gz. |
.nanvix/nanvix.toml |
Bumps Nanvix version. |
.nanvix/docker/Dockerfile |
Adds Docker image definition for toolchain plus host Python. |
.nanvix/config.py |
Updates default Docker image. |
.github/workflows/nanvix-ci.yml |
Updates reusable workflow version, Docker image, permissions, and tar handling. |
.github/workflows/docker-image.yml |
Adds GHCR Docker image build/publish workflow. |
.github/dependabot.yml |
Adds Dockerfile update monitoring. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 15/15 changed files
- Comments generated: 11
| errno = EAFNOSUPPORT; | ||
| return NULL; | ||
| } | ||
| #define inet_ntop(af, src, dst, size) _Py_nanvix_inet_ntop(af, src, dst, size) |
Comment on lines
+409
to
+414
| cache_dir = buildroot.parent / "cache" | ||
| asset_prefix = f"{dep_name}-{platform}-" | ||
| for cached in sorted(cache_dir.iterdir()) if cache_dir.is_dir() else []: | ||
| if not cached.name.startswith(asset_prefix): | ||
| continue | ||
| self._extract_python_packages(cached, buildroot) |
|
|
||
| # Sysroot tarball. | ||
| sysroot_tar = dist_dir / f"{artifact}.tar.bz2" | ||
| sysroot_tar = dist_dir / f"{artifact}.tar.gz" |
| ```bash | ||
| # 1. Pull the Docker image | ||
| docker pull nanvix/toolchain:latest-minimal | ||
| docker pull ghcr.io/nanvix/toolchain-python:latest |
| set -euo pipefail | ||
|
|
||
| PINNED_VERSION="0.7.48" | ||
| PINNED_VERSION="0.8.5" |
Comment on lines
+114
to
+115
| ``WITH_NANVIX`` environment variable (set by ``z.sh``) or falls | ||
| back to the path persisted in ``.nanvix/env.json``. |
Comment on lines
+11
to
+14
| python3 \ | ||
| python3-dev \ | ||
| && rm -rf /var/lib/apt/lists/* \ | ||
| && ln -sf /usr/bin/python3 /opt/nanvix/bin/python3 |
Comment on lines
+94
to
95
| f"No cpython release asset matching '{asset_prefix}*.tar.gz' or '*.tar.bz2' " | ||
| f"in release {tag}. Available assets: " |
| } | ||
| else if (errno == EINVAL) { | ||
| /* Linux older than 2.6.27 does not support SOCK_CLOEXEC */ | ||
| else if (errno == EINVAL || errno == EPROTOTYPE) { |
| } | ||
| else if (errno == EINVAL) { | ||
| /* Linux older than 2.6.27 does not support SOCK_CLOEXEC */ | ||
| else if (errno == EINVAL || errno == EPROTOTYPE) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Thread
nanvixd_extrathroughrun_all()intest.pyso thatz.pycan supply extra flags per deployment mode.When the deployment mode is standalone, pass
-allow-host-networkingtonanvixdfor both the hello-world and regrtest test runs.Changes
.nanvix/z.py–test()now buildsnanvixd_extra=['-allow-host-networking']when standalone and passes it torun_all()..nanvix/test.py–run_all()accepts the newnanvixd_extraparameter and threads it torun_hello()andrun_regrtest().