Conversation
Pull Request Test Coverage Report for Build 92Details
💛 - Coveralls |
| // Android's /system/etc/security/cacerts/ uses MD5-based hash filenames, | ||
| // but OpenSSL 3.x directory lookup expects SHA1-based hashes. Bypass hash | ||
| // lookup by iterating the directory and loading each cert directly. | ||
| if (PEM_read_X509 && X509_STORE_add_cert && X509_free) { | ||
| X509_STORE *store = SSL_CTX_get_cert_store(client_ctx); | ||
| DIR *dir = opendir("/system/etc/security/cacerts"); | ||
| if (dir) { | ||
| struct dirent *entry; | ||
| char path[512]; | ||
| while ((entry = readdir(dir)) != NULL) { | ||
| if (entry->d_name[0] == '.') continue; | ||
| snprintf(path, sizeof(path), "/system/etc/security/cacerts/%s", entry->d_name); | ||
| FILE *fp = fopen(path, "r"); | ||
| if (fp) { | ||
| X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL); | ||
| if (cert) { | ||
| X509_STORE_add_cert(store, cert); | ||
| X509_free(cert); | ||
| } | ||
| fclose(fp); | ||
| } | ||
| } | ||
| closedir(dir); | ||
| } |
There was a problem hiding this comment.
We iterate the directory and loads all certificates here. The "correct" approach would be hook into JNI to get certificates, but it is way to complex here.
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a619abcc2c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
- pidfd fallback: try pidfd_open, fall back to blocking waitpid in worker thread when unavailable (benefits all Linux < 5.3) - guard posix_spawn_file_actions_addchdir_np with runtime dlsym check on Android (only available on API 34+, returns ENOSYS otherwise) - set 64KB thread stack size on Android (512 bytes is below minimum) - TLS: add Android libssl.so dlopen path, BoringSSL SSLeay version compat, SSL_CTX_load_verify_locations for /system/etc/security/cacerts/ - replace hardcoded /tmp/ with C function that checks $TMPDIR and falls back to /data/local/tmp/ on Android Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
openssl.c: Android's /system/etc/security/cacerts/ uses MD5-based hash filenames (OpenSSL 1.0 era), but OpenSSL 3.x directory lookup expects SHA1-based hashes. The previous code relied on SSL_CTX_set_default_verify_paths (which always returns 1) with a fallback to SSL_CTX_load_verify_locations using the hash-based CApath — both fail due to the hash mismatch. Fix by dlopen'ing libcrypto.so for PEM_read_X509/X509_STORE_add_cert/X509_free, then iterating the Android CA cert directory and loading each cert directly into the X509_STORE, bypassing hash-based lookup entirely. thread_pool.c: Guard #include <spawn.h> and all posix_spawn usage with #if !defined(__ANDROID__) || __ANDROID_API__ >= 28. Provide a stub moonbitlang_async_make_spawn_job that returns NULL on older Android, eliminating the need for per-app posix_spawn_compat.c workarounds. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When posix_spawn is unavailable (Android API < 28), make_spawn_job previously returned NULL, causing the worker thread to exit silently without sending a completion notification. This left the caller in perform_job_in_worker waiting forever. Return a proper job struct with a worker function that sets err = ENOSYS, so the caller receives a clear "Function not implemented" error. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When pidfd_open is unavailable (Android, Linux <5.3), the fallback waitpid in the worker thread reaps the child but discards the exit status. The subsequent get_process_result then calls waitpid again, which fails with ECHILD. Store the exit code in job->ret during the fallback waitpid and propagate it back via wait_pid's return type (Unit -> Int?) so callers skip the redundant second waitpid. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ory leak The #owned parameters (path, args, envp, cwd) were silently discarded without moonbit_decref(), leaking memory on every Job::spawn call on Android API < 28. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
tonyfettes
force-pushed
the
worktree-android
branch
from
289a601 to
c65cd3d
Compare
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c65cd3d809
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let exit_code = perform_job_in_worker(job, context~, cancel=_ => { | ||
| job.cancel_process_waiter() | ||
| NeedWait |
There was a problem hiding this comment.
When register_pid fails (for example on kernels without pidfd_open), this fallback calls perform_job_in_worker with a cancel callback that only sets job.cancel_process_waiter() and returns NeedWait. In EventLoop::wait_for_job, NeedWait suppresses the cancellation until the worker completes, and because this callback never invokes evloop.cancel_job_in_worker(job_id, ...), the blocking waitpid is not interrupted, so @process.run/@process.spawn cancellation handlers do not run until the child exits naturally.
Useful? React with 👍 / 👎.
| const char *tmpdir = getenv("TMPDIR"); | ||
| path = tmpdir ? tmpdir : "/data/local/tmp/"; |
There was a problem hiding this comment.
This uses $TMPDIR verbatim on Android, but tmpdir() builds paths by directly concatenating tmp_base_path with the generated name, so a common value like /data/local/tmp (no trailing slash) produces malformed paths such as /data/local/tmpprefix... and can create directories in the wrong location or fail unexpectedly. Normalize the base path (or append / if missing) before returning it.
Useful? React with 👍 / 👎.
tonyfettes
force-pushed
the
worktree-android
branch
from
c65cd3d to
9746562
Compare
2 participants
Summary
wait_pidnow triespidfd_openfirst, falls back to blockingwaitpidin a worker thread when unavailable (graceful degradation on any Linux kernel < 5.3, not just Android)addchdir_npruntime guard: On Android, checks availability viadlsymat runtime (API 34+ only), returnsENOSYSif unavailablelibssl.soloading,SSLeayfallback for version detection,SSL_CTX_load_verify_locationsfor/system/etc/security/cacerts//tmp/with a C function that checks$TMPDIRand falls back to/data/local/tmp/on AndroidApproach
All Android-specific logic is in C via
#ifdef __ANDROID__. MoonBit code stays#cfg(not(platform="windows"))for Unix — no MoonBit-level Android guards needed.Test plan
moon checkpassesmoon build --target nativecompiles cleanlymoon test --target native— all tests pass (no regressions)posix_spawnwithcwdon API < 34 returns clear ENOSYS error🤖 Generated with Claude Code