Skip to content

feat: build static linux x64 binaries with musl #2903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wavezhang wants to merge 2 commits into
base: main
Choose a base branch
from
+19 −15
Open

feat: build static linux x64 binaries with musl #2903

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
21f2561
feat: build static linux x64 binaries with musl
wavezhang Jun 8, 2026
3cc28ba
fix: gate keyring behind not(target_env = "musl") for static builds
wavezhang Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions .cnb.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,20 +113,24 @@ $:
- docker:
image: rust:1.88-bookworm
stages:
- name: build linux x64 release assets
- name: build linux x64 release assets (static)
script: |
set -eu

apt-get update
apt-get install -y git libdbus-1-dev nodejs pkg-config
apt-get install -y git musl-tools nodejs pkg-config
rustup target add x86_64-unknown-linux-musl

./scripts/release/check-versions.sh
./scripts/release/check-ohos-deps.sh
cargo build --release --locked -p codewhale-cli -p codewhale-tui
cargo build --release --locked \
--target x86_64-unknown-linux-musl \
-p codewhale-cli -p codewhale-tui
Comment on lines +126 to +128

@greptile-apps greptile-apps Bot Jun 8, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Missing Cargo.toml change breaks the musl build

crates/secrets/Cargo.toml still declares ["linux-native-sync-persistent", "crypto-rust"] for the Linux keyring dependency. The linux-native-sync-persistent feature pulls in dbus-secret-servicedbuslibdbus-sys, which builds a C extension and links against libdbus-1. Since libdbus-1-dev is no longer installed in this pipeline and the resulting binary must be fully static musl, cargo build --target x86_64-unknown-linux-musl will fail at the link stage with an unresolved dbus-1 pkg-config error. The PR description mentions adding tls-native to crates/secrets/Cargo.toml to avoid the dbus backend, but that change is absent from the diff — only .cnb.yml was committed.

Fix in Codex Fix in Claude Code Fix in Cursor

@wavezhang wavezhang Jun 11, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in commit 89b373ac, now included in the rebased branch. The OS keyring dependency is gated behind not(target_env = "musl") in crates/secrets/Cargo.toml and all cfg attributes in crates/secrets/src/lib.rs are updated accordingly. Verified: cargo build --release --locked --target x86_64-unknown-linux-musl succeeds on the CNB workspace (Debian trixie, musl-tools 1.2.5).


mkdir -p target/cnb-release
cp target/release/codewhale target/cnb-release/codewhale-linux-x64
cp target/release/codewhale-tui target/cnb-release/codewhale-tui-linux-x64
BIN_DIR="target/x86_64-unknown-linux-musl/release"
cp "$BIN_DIR/codewhale" target/cnb-release/codewhale-linux-x64
cp "$BIN_DIR/codewhale-tui" target/cnb-release/codewhale-tui-linux-x64
strip \
target/cnb-release/codewhale-linux-x64 \
target/cnb-release/codewhale-tui-linux-x64 \
Expand Down
2 changes: 1 addition & 1 deletion crates/secrets/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ keyring = { version = "3", features = ["apple-native"] }
[target.'cfg(target_os = "windows")'.dependencies]
keyring = { version = "3", features = ["windows-native"] }

[target.'cfg(all(target_os = "linux", not(target_env = "ohos")))'.dependencies]
[target.'cfg(all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl")))'.dependencies]
keyring = { version = "3", features = ["linux-native-sync-persistent", "crypto-rust"] }

[dev-dependencies]
Expand Down
18 changes: 9 additions & 9 deletions crates/secrets/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ impl DefaultKeyringStore {
#[cfg(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
))]
{
// `Entry::new` is enough to validate the native macOS/Windows
Expand Down Expand Up @@ -156,7 +156,7 @@ impl DefaultKeyringStore {
#[cfg(not(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
)))]
{
let _ = &self.service;
Expand All @@ -170,7 +170,7 @@ impl KeyringStore for DefaultKeyringStore {
#[cfg(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
))]
{
let entry = keyring::Entry::new(&self.service, key)
Expand All @@ -184,7 +184,7 @@ impl KeyringStore for DefaultKeyringStore {
#[cfg(not(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
)))]
{
let _ = key;
Expand All @@ -196,7 +196,7 @@ impl KeyringStore for DefaultKeyringStore {
#[cfg(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
))]
{
let entry = keyring::Entry::new(&self.service, key)
Expand All @@ -208,7 +208,7 @@ impl KeyringStore for DefaultKeyringStore {
#[cfg(not(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
)))]
{
let _ = (key, value);
Expand All @@ -220,7 +220,7 @@ impl KeyringStore for DefaultKeyringStore {
#[cfg(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
))]
{
let entry = keyring::Entry::new(&self.service, key)
Expand All @@ -233,7 +233,7 @@ impl KeyringStore for DefaultKeyringStore {
#[cfg(not(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
)))]
{
let _ = key;
Expand All @@ -249,7 +249,7 @@ impl KeyringStore for DefaultKeyringStore {
#[cfg(not(any(
target_os = "macos",
target_os = "windows",
all(target_os = "linux", not(target_env = "ohos"))
all(target_os = "linux", not(target_env = "ohos"), not(target_env = "musl"))
)))]
fn unsupported_keyring_message() -> String {
"system keyring backend is unsupported on this platform".to_string()
Expand Down