diff options
Diffstat (limited to 'misc/codex/files')
10 files changed, 185 insertions, 0 deletions
diff --git a/misc/codex/files/patch-codex-rs_cli_Cargo.toml b/misc/codex/files/patch-codex-rs_cli_Cargo.toml new file mode 100644 index 000000000000..628216c84f5f --- /dev/null +++ b/misc/codex/files/patch-codex-rs_cli_Cargo.toml @@ -0,0 +1,12 @@ +--- codex-rs/cli/Cargo.toml.orig 2025-09-27 08:06:01 UTC ++++ codex-rs/cli/Cargo.toml +@@ -52,6 +52,9 @@ libc = { workspace = true } + [target.'cfg(target_os = "macos")'.dependencies] + libc = { workspace = true } + ++[target.'cfg(target_os = "freebsd")'.dependencies] ++libc = { workspace = true } ++ + [dev-dependencies] + assert_cmd = { workspace = true } + predicates = { workspace = true } diff --git a/misc/codex/files/patch-codex-rs_cli_src_main.rs b/misc/codex/files/patch-codex-rs_cli_src_main.rs new file mode 100644 index 000000000000..577f39d19f85 --- /dev/null +++ b/misc/codex/files/patch-codex-rs_cli_src_main.rs @@ -0,0 +1,12 @@ +--- codex-rs/cli/src/main.rs.orig 2025-09-27 08:29:56 UTC ++++ codex-rs/cli/src/main.rs +@@ -219,6 +219,9 @@ fn pre_main_hardening() { + #[cfg(target_os = "macos")] + crate::pre_main_hardening::pre_main_hardening_macos(); + ++ #[cfg(target_os = "freebsd")] ++ crate::pre_main_hardening::pre_main_hardening_freebsd(); ++ + #[cfg(windows)] + crate::pre_main_hardening::pre_main_hardening_windows(); + } diff --git a/misc/codex/files/patch-codex-rs_cli_src_pre__main__hardening.rs b/misc/codex/files/patch-codex-rs_cli_src_pre__main__hardening.rs new file mode 100644 index 000000000000..7302568f4512 --- /dev/null +++ b/misc/codex/files/patch-codex-rs_cli_src_pre__main__hardening.rs @@ -0,0 +1,60 @@ +--- codex-rs/cli/src/pre_main_hardening.rs.orig 2025-09-26 18:28:59 UTC ++++ codex-rs/cli/src/pre_main_hardening.rs +@@ -4,9 +4,12 @@ const PTRACE_DENY_ATTACH_FAILED_EXIT_CODE: i32 = 6; + #[cfg(target_os = "macos")] + const PTRACE_DENY_ATTACH_FAILED_EXIT_CODE: i32 = 6; + +-#[cfg(any(target_os = "linux", target_os = "android", target_os = "macos"))] ++#[cfg(any(target_os = "linux", target_os = "android", target_os = "macos", target_os = "freebsd"))] + const SET_RLIMIT_CORE_FAILED_EXIT_CODE: i32 = 7; + ++#[cfg(target_os = "freebsd")] ++const PROCCTL_PROC_TRACE_CTL_FAILED_EXIT_CODE: i32 = 8; ++ + #[cfg(any(target_os = "linux", target_os = "android"))] + pub(crate) fn pre_main_hardening_linux() { + // Disable ptrace attach / mark process non-dumpable. +@@ -69,6 +72,43 @@ pub(crate) fn pre_main_hardening_macos() { + .collect(); + + for key in dyld_keys { ++ unsafe { ++ std::env::remove_var(key); ++ } ++ } ++} ++ ++#[cfg(target_os = "freebsd")] ++pub(crate) fn pre_main_hardening_freebsd() { ++ // Prevent debuggers from attaching to this process ++ let mut arg = libc::PROC_TRACE_CTL_DISABLE_EXEC; ++ let ret_code = unsafe { ++ libc::procctl(libc::P_PID, 0, libc::PROC_TRACE_CTL, &mut arg as *mut _ as *mut libc::c_void) ++ }; ++ if ret_code == -1 { ++ eprintln!( ++ "ERROR: procctl(PROC_TRACE_CTL) failed: {}", ++ std::io::Error::last_os_error() ++ ); ++ std::process::exit(PROCCTL_PROC_TRACE_CTL_FAILED_EXIT_CODE); ++ } ++ ++ // Set the core file size limit to 0 to prevent core dumps. ++ set_core_file_size_limit_to_zero(); ++ ++ // Remove all LD_ environment variables, which can be used to subvert ++ // library loading. ++ let ld_keys: Vec<String> = std::env::vars() ++ .filter_map(|(key, _)| { ++ if key.starts_with("LD_") { ++ Some(key) ++ } else { ++ None ++ } ++ }) ++ .collect(); ++ ++ for key in ld_keys { + unsafe { + std::env::remove_var(key); + } diff --git a/misc/codex/files/patch-codex-rs_core_src_exec__command_exec__command__params.rs b/misc/codex/files/patch-codex-rs_core_src_exec__command_exec__command__params.rs new file mode 100644 index 000000000000..60eb99d35251 --- /dev/null +++ b/misc/codex/files/patch-codex-rs_core_src_exec__command_exec__command__params.rs @@ -0,0 +1,11 @@ +--- codex-rs/core/src/exec_command/exec_command_params.rs.orig 2025-09-27 09:00:51 UTC ++++ codex-rs/core/src/exec_command/exec_command_params.rs +@@ -33,7 +33,7 @@ fn default_shell() -> String { + } + + fn default_shell() -> String { +- "/bin/bash".to_string() ++ "/bin/sh".to_string() + } + + #[derive(Debug, Deserialize, Serialize)] diff --git a/misc/codex/files/patch-codex-rs_core_src_exec__command_responses__api.rs b/misc/codex/files/patch-codex-rs_core_src_exec__command_responses__api.rs new file mode 100644 index 000000000000..b900e89ad10f --- /dev/null +++ b/misc/codex/files/patch-codex-rs_core_src_exec__command_responses__api.rs @@ -0,0 +1,11 @@ +--- codex-rs/core/src/exec_command/responses_api.rs.orig 2025-09-27 09:01:29 UTC ++++ codex-rs/core/src/exec_command/responses_api.rs +@@ -29,7 +29,7 @@ pub fn create_exec_command_tool_for_responses_api() -> + properties.insert( + "shell".to_string(), + JsonSchema::String { +- description: Some("The shell to use. Defaults to \"/bin/bash\".".to_string()), ++ description: Some("The shell to use. Defaults to \"/bin/sh\".".to_string()), + }, + ); + properties.insert( diff --git a/misc/codex/files/patch-codex-rs_core_src_exec__command_session__manager.rs b/misc/codex/files/patch-codex-rs_core_src_exec__command_session__manager.rs new file mode 100644 index 000000000000..a5db5d4efccb --- /dev/null +++ b/misc/codex/files/patch-codex-rs_core_src_exec__command_session__manager.rs @@ -0,0 +1,11 @@ +--- codex-rs/core/src/exec_command/session_manager.rs.orig 2025-09-27 09:02:31 UTC ++++ codex-rs/core/src/exec_command/session_manager.rs +@@ -376,7 +376,7 @@ PY"# + cmd, + yield_time_ms: 3_000, + max_output_tokens: 1_000, // large enough to avoid truncation here +- shell: "/bin/bash".to_string(), ++ shell: "/bin/sh".to_string(), + login: false, + }; + let initial_output = match session_manager diff --git a/misc/codex/files/patch-codex-rs_core_src_unified__exec_mod.rs b/misc/codex/files/patch-codex-rs_core_src_unified__exec_mod.rs new file mode 100644 index 000000000000..77088343e65d --- /dev/null +++ b/misc/codex/files/patch-codex-rs_core_src_unified__exec_mod.rs @@ -0,0 +1,38 @@ +--- codex-rs/core/src/unified_exec/mod.rs.orig 2025-09-27 09:05:00 UTC ++++ codex-rs/core/src/unified_exec/mod.rs +@@ -434,7 +434,7 @@ mod tests { + let open_shell = manager + .handle_request(UnifiedExecRequest { + session_id: None, +- input_chunks: &["bash".to_string(), "-i".to_string()], ++ input_chunks: &["sh".to_string(), "-i".to_string()], + timeout_ms: Some(2_500), + }) + .await?; +@@ -473,7 +473,7 @@ mod tests { + let shell_a = manager + .handle_request(UnifiedExecRequest { + session_id: None, +- input_chunks: &["/bin/bash".to_string(), "-i".to_string()], ++ input_chunks: &["/bin/sh".to_string(), "-i".to_string()], + timeout_ms: Some(2_500), + }) + .await?; +@@ -521,7 +521,7 @@ mod tests { + let open_shell = manager + .handle_request(UnifiedExecRequest { + session_id: None, +- input_chunks: &["bash".to_string(), "-i".to_string()], ++ input_chunks: &["sh".to_string(), "-i".to_string()], + timeout_ms: Some(2_500), + }) + .await?; +@@ -616,7 +616,7 @@ mod tests { + let open_shell = manager + .handle_request(UnifiedExecRequest { + session_id: None, +- input_chunks: &["/bin/bash".to_string(), "-i".to_string()], ++ input_chunks: &["/bin/sh".to_string(), "-i".to_string()], + timeout_ms: Some(2_500), + }) + .await?; diff --git a/misc/codex/files/patch-codex-rs_core_tests_suite_exec.rs b/misc/codex/files/patch-codex-rs_core_tests_suite_exec.rs new file mode 100644 index 000000000000..3b232ec4c752 --- /dev/null +++ b/misc/codex/files/patch-codex-rs_core_tests_suite_exec.rs @@ -0,0 +1,11 @@ +--- codex-rs/core/tests/suite/exec.rs.orig 2025-09-27 09:06:53 UTC ++++ codex-rs/core/tests/suite/exec.rs +@@ -104,7 +104,7 @@ async fn exit_command_not_found_is_ok() { + } + + let tmp = TempDir::new().expect("should be able to create temp dir"); +- let cmd = vec!["/bin/bash", "-c", "nonexistent_command_12345"]; ++ let cmd = vec!["/bin/sh", "-c", "nonexistent_command_12345"]; + run_test_cmd(tmp, cmd).await.unwrap(); + } + diff --git a/misc/codex/files/patch-codex-rs_core_tests_suite_user__notification.rs b/misc/codex/files/patch-codex-rs_core_tests_suite_user__notification.rs new file mode 100644 index 000000000000..85e58a77a1ae --- /dev/null +++ b/misc/codex/files/patch-codex-rs_core_tests_suite_user__notification.rs @@ -0,0 +1,11 @@ +--- codex-rs/core/tests/suite/user_notification.rs.orig 2025-09-27 09:08:21 UTC ++++ codex-rs/core/tests/suite/user_notification.rs +@@ -35,7 +35,7 @@ async fn summarize_context_three_requests_and_instruct + let notify_script = notify_dir.path().join("notify.sh"); + std::fs::write( + ¬ify_script, +- r#"#!/bin/bash ++ r#"#!/bin/sh + set -e + echo -n "${@: -1}" > $(dirname "${0}")/notify.txt"#, + )?; diff --git a/misc/codex/files/patch-codex-rs_exec_tests_suite_mod.rs b/misc/codex/files/patch-codex-rs_exec_tests_suite_mod.rs new file mode 100644 index 000000000000..35dee0499c66 --- /dev/null +++ b/misc/codex/files/patch-codex-rs_exec_tests_suite_mod.rs @@ -0,0 +1,8 @@ +--- codex-rs/exec/tests/suite/mod.rs.orig 2025-09-26 18:28:59 UTC ++++ codex-rs/exec/tests/suite/mod.rs +@@ -2,4 +2,5 @@ mod resume; + mod apply_patch; + mod output_schema; + mod resume; ++#[cfg(not(target_os = "freebsd"))] + mod sandbox; |