mirror of https://github.com/openai/codex.git synced 2026-05-23 20:44:50 +00:00

Files

Michael Bolin 195ba3eb88 package: factor DotSlash executable fetching (#24129 )

## Why

The package builder already fetches `rg` from a checked-in DotSlash
manifest. The zsh packaging work needs the same
fetch/cache/size-check/SHA-256/extract path for another manifest, but
keeping that refactor inside the zsh PR makes the review harder to
follow.

This PR factors the existing `rg`-specific implementation into a
reusable helper with no intended behavior change for `rg` packaging.

## What Changed

- Added `scripts/codex_package/dotslash.py` for checked-in DotSlash
manifest parsing, archive download, cache reuse, size validation,
SHA-256 validation, and member extraction.
- Updated `scripts/codex_package/ripgrep.py` to delegate to the shared
helper.
- Preserved the existing `rg` manifest path, cache key, destination
filename, and executable-bit behavior.

## Testing

- `python3 -m py_compile scripts/codex_package/dotslash.py
scripts/codex_package/ripgrep.py scripts/codex_package/cli.py
scripts/codex_package/layout.py scripts/codex_package/zsh.py`
- `python3 -m unittest discover scripts/codex_package`


---
[//]: # (BEGIN SAPLING FOOTER)
Stack created with [Sapling](https://sapling-scm.com). Best reviewed
with [ReviewStack](https://reviewstack.dev/openai/codex/pull/24129).
* #23768
* #23756
* __->__ #24129

2026-05-22 14:38:44 -07:00

__init__.py

build: add Codex package builder (#23513 )

2026-05-19 19:54:03 +00:00

archive.py

release: use DotSlash zstd for package archives (#23752 )

2026-05-20 14:28:11 -07:00

cargo.py

ci: Use codex produced v8 artifacts for release builds (#23934 )

2026-05-22 09:42:08 -07:00

cli.py

packaging: move rg manifest out of npm bin (#23833 )

2026-05-21 15:48:42 +00:00

dotslash.py

package: factor DotSlash executable fetching (#24129 )

2026-05-22 14:38:44 -07:00

layout.py

build: package prebuilt Codex entrypoints (#23586 )

2026-05-19 22:10:03 -07:00

README.md

ci: Use codex produced v8 artifacts for release builds (#23934 )

2026-05-22 09:42:08 -07:00

packaging: move rg manifest out of npm bin (#23833 )

2026-05-21 15:48:42 +00:00

ripgrep.py

package: factor DotSlash executable fetching (#24129 )

2026-05-22 14:38:44 -07:00

targets.py

build: package prebuilt Codex entrypoints (#23586 )

2026-05-19 22:10:03 -07:00

test_archive.py

release: package prebuilt resource binaries (#23759 )

2026-05-20 14:51:46 -07:00

test_cargo.py

release: package prebuilt resource binaries (#23759 )

2026-05-20 14:51:46 -07:00

v8.py

ci: Use codex produced v8 artifacts for release builds (#23934 )

2026-05-22 09:42:08 -07:00

version.py

build: package prebuilt Codex entrypoints (#23586 )

2026-05-19 22:10:03 -07:00

README.md

Codex package builder

This package contains the implementation behind scripts/build_codex_package.py. The top-level script is the stable executable entry point; these modules keep the package-building logic split by responsibility.

The builder creates a canonical Codex package directory:

.
├── codex-package.json
├── bin
│   └── <entrypoint>[.exe]
├── codex-resources
│   ├── bwrap                             # Linux only
│   ├── codex-command-runner.exe          # Windows only
│   └── codex-windows-sandbox-setup.exe   # Windows only
└── codex-path
    └── rg[.exe]

The package directory is the primary artifact. Archive formats such as .tar.gz, .tar.zst, and .zip are serializations of that directory.

If --target is omitted, the builder uses the release target for the current host platform. On Linux, that default is a musl target to match Codex release artifacts; pass a GNU Linux target explicitly for native glibc local builds. If --package-dir is omitted, the builder creates a new temporary directory and prints its path after the package is built.

The --variant flag selects the package entrypoint. Supported variants are codex and codex-app-server. The version field in codex-package.json is read from [workspace.package].version in codex-rs/Cargo.toml.

Source-built artifacts

Artifacts built from this repository are built by the package builder in one grouped cargo build command per package when they are needed and no prebuilt override was provided:

all targets: the selected entrypoint, unless --entrypoint-bin is provided
Linux targets: bwrap, unless --bwrap-bin is provided
Windows targets: codex-command-runner and codex-windows-sandbox-setup, unless the corresponding prebuilt helper flags are provided

The default cargo profile is dev-small because local iteration should favor fast, small builds. Release jobs should pass --cargo-profile release and an explicit target. Release jobs that already built and signed/notarized the entrypoint should pass --entrypoint-bin so the package contains that exact binary instead of rebuilding it.

Release jobs that already built package resource binaries should also pass the corresponding resource flags: --bwrap-bin for Linux packages, and --codex-command-runner-bin plus --codex-windows-sandbox-setup-bin for Windows packages. This keeps package archive creation as a pure staging step after signing instead of rebuilding resources.

When the builder source-builds an entrypoint for a Darwin or Linux target, it downloads and verifies the matching Codex-built V8 release pair before invoking Cargo and sets RUSTY_V8_ARCHIVE plus RUSTY_V8_SRC_BINDING_PATH for that build. Windows targets keep Cargo's release-build MSVC artifact path. Explicit overrides remain authoritative when both variables are already set. Set V8_FROM_SOURCE=1 to leave the build with the v8 crate source-build path.

rg is not built from this repository, so the builder fetches it from the DotSlash manifest at scripts/codex_package/rg. Downloaded archives are cached under $TMPDIR/codex-package/<target>-rg and are reused only after the recorded size and SHA-256 digest have been verified. Pass --rg-bin to use a local ripgrep executable instead.