fix: repair Docker NixOS install-sh harness#5427
Merged
AceHack merged 6 commits intoMay 27, 2026
Merged
Conversation
…r harness PATH repair Co-Authored-By: Codex <noreply@openai.com>
Keep the nixos/nix base image's Nix profile on PATH so coreutils like mkdir remain visible after the Dockerfile pre-stages mise and bun shims. Expose the architecture-specific glibc loader path from /nix/store so the pinned mise Linux release can execute inside the Nix userspace harness. Verification: git diff --check; bun tools/ci/docker-nixos-install-sh-test.ts (gets past the prior mkdir/mise execution failures; now fails later in mise install because the minimal Nix image lacks runtime/build dependencies for .mise.toml tools). Co-Authored-By: Codex <noreply@openai.com>
Install the Nix userspace commands and runtime libraries needed by install.sh and the dynamically linked .mise.toml toolchain inside the pinned nixos/nix Docker harness. Keep the glibc loader/lib directory matched, expose non-glibc compatibility libraries, and provide a cc shim for native Python package builds. Verification: git diff --check; bun tools/ci/docker-nixos-install-sh-test.ts. Co-Authored-By: Codex <noreply@openai.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
… PR #5427 Release the Docker harness repair claim inside the same PR that carries the work, per docs/AGENT-CLAIM-PROTOCOL.md. Verification: git diff --check. Co-Authored-By: Codex <noreply@openai.com>
There was a problem hiding this comment.
Pull request overview
This PR repairs the NixOS Docker harness used by docker-nixos-install-sh-test by ensuring the Nix base image’s core tooling and required runtime libraries remain discoverable during tools/setup/install.sh execution, including support for dynamically linked tool downloads under .mise.toml.
Changes:
- Extend the Docker build
PATHto include the Nix default profile binaries so base tools remain available across layers. - Install explicit Nix userspace command/runtime dependencies via
nix-env, and add compatibility symlinks for compiler and shared libraries. - Expose a conventional glibc loader path and set
LD_LIBRARY_PATHso dynamically linked binaries can run inside the Nix container.
Reviewed changes
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| tools/ci/dockerfiles/nixos-install-sh-test/Dockerfile | Updates PATH, installs required Nix packages, and wires up loader/library paths for the install.sh test harness. |
| docs/claims/codex-docker-nixos-install-sh-test-path-20260527.md | Adds a claim file describing the harness repair work and verification plan. |
Member
Author
|
Vera CI inspection: |
Co-Authored-By: Codex <noreply@openai.com>
AceHack
deleted the
claim/codex-docker-nixos-install-sh-test-path-20260527
branch
AceHack
added a commit
that referenced
this pull request
May 27, 2026
Co-Authored-By: Codex <noreply@openai.com>
Merged
4 tasks
AceHack
added a commit
that referenced
this pull request
May 27, 2026
* claim: codex-b0855-1-zeta-self-register-service-20260527 - scope B-0855.1 Co-Authored-By: Codex <noreply@openai.com> * feat: codex-b0855-1-zeta-self-register-service-20260527 - add first-boot self-register service Co-Authored-By: Codex <noreply@openai.com> * release: codex-b0855-1-zeta-self-register-service-20260527 - opened in PR #5416 Co-Authored-By: Codex <noreply@openai.com> * fix: codex-b0855-1-zeta-self-register-service-20260527 - derive self-register path defaults Co-Authored-By: Codex <noreply@openai.com> * fix: repair Docker NixOS install-sh harness (#5427) Co-Authored-By: Codex <noreply@openai.com> * fix: align self-register Bun runtime with mise Co-Authored-By: Codex <noreply@openai.com> * fix: update ISO cosign signing to bundle output Co-Authored-By: Codex <noreply@openai.com> * fix: write cosign bundle to runner temp Co-Authored-By: Codex <noreply@openai.com> * fix: retry self-register until marker exists Address the unresolved operational review finding on the B-0855.1 service by replacing the first-boot-only gate with a marker-path gate and failure retry/backoff. Update the installer substrate audit so the retry semantics remain checked in CI. Co-Authored-By: Codex <noreply@openai.com> * fix: align ISO signing summary text Address current Copilot workflow wording findings by matching the cosign bundle comment to the runner-temp output path and pointing verification guidance at the workflow run step summary rather than nonexistent workflow comments. Co-Authored-By: Codex <noreply@openai.com> * fix: close self-register review gaps Co-Authored-By: Codex <noreply@openai.com> --------- Co-authored-by: Lior <lior@zeta.dev> Co-authored-by: Codex <noreply@openai.com>
This was referenced May 27, 2026
This was referenced May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Verification
Blocks/unblocks: fixes the docker-nixos-install-sh-test failure currently blocking PR #5416.
Claim protocol note: this PR will include a release commit deleting docs/claims/codex-docker-nixos-install-sh-test-path-20260527.md.