From 44ba1bd4e700b2620ef7c44a645a1300558af75c Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Sun, 14 Jun 2026 04:48:51 -0500 Subject: [PATCH 1/2] fix(ci): use vendored libsodium build instead of pkg-config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Problem Previous approach with SODIUM_USE_PKG_CONFIG=1 still failed: "libsodium not found via pkg-config or vcpkg" pkg-config couldn't locate libsodium.pc in CI containers despite libsodium-dev being installed. ## Solution Use vendored build approach: Remove all SODIUM_* environment variables and let libsodium-sys-stable build from source automatically. ## Changes - **release-beta.yml**: Removed SODIUM_USE_PKG_CONFIG from linux-amd64 and linux-arm64 - **auto-tag.yml**: Removed SODIUM_USE_PKG_CONFIG from linux-amd64 and linux-arm64 - **Windows**: Kept SODIUM_LIB_DIR approach (uses pre-built from Dockerfile) ## Why This Works libsodium-sys-stable build priority: 1. SODIUM_LIB_DIR (if set) → use pre-built 2. SODIUM_USE_PKG_CONFIG (if set) → use pkg-config 3. Neither set → build from source (vendored) ✅ Vendored builds are more reliable in CI as they don't depend on system package installation or pkg-config configuration. ## Validation ✅ Local clean build with vendored libsodium: passed ⏳ CI validation: pending Co-Authored-By: Claude Sonnet 4.5 --- .gitea/workflows/auto-tag.yml | 2 -- .gitea/workflows/release-beta.yml | 2 -- LIBSODIUM_FIX_SUMMARY.md | 24 ++++++++++++------------ 3 files changed, 12 insertions(+), 16 deletions(-) diff --git a/.gitea/workflows/auto-tag.yml b/.gitea/workflows/auto-tag.yml index 13173d33..c2f47376 100644 --- a/.gitea/workflows/auto-tag.yml +++ b/.gitea/workflows/auto-tag.yml @@ -344,7 +344,6 @@ jobs: - name: Build env: APPIMAGE_EXTRACT_AND_RUN: "1" - SODIUM_USE_PKG_CONFIG: "1" run: | npm ci --legacy-peer-deps CI=true npx tauri build --target x86_64-unknown-linux-gnu @@ -633,7 +632,6 @@ jobs: PKG_CONFIG_SYSROOT_DIR: /usr/aarch64-linux-gnu PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig:/usr/aarch64-linux-gnu/lib/pkgconfig PKG_CONFIG_ALLOW_CROSS: "1" - SODIUM_USE_PKG_CONFIG: "1" OPENSSL_NO_VENDOR: "0" OPENSSL_STATIC: "1" APPIMAGE_EXTRACT_AND_RUN: "1" diff --git a/.gitea/workflows/release-beta.yml b/.gitea/workflows/release-beta.yml index b30c4aef..71d4cf60 100644 --- a/.gitea/workflows/release-beta.yml +++ b/.gitea/workflows/release-beta.yml @@ -224,7 +224,6 @@ jobs: - name: Build env: APPIMAGE_EXTRACT_AND_RUN: "1" - SODIUM_USE_PKG_CONFIG: "1" run: | npm ci --legacy-peer-deps CI=true npx tauri build --target x86_64-unknown-linux-gnu @@ -492,7 +491,6 @@ jobs: PKG_CONFIG_SYSROOT_DIR: /usr/aarch64-linux-gnu PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig:/usr/aarch64-linux-gnu/lib/pkgconfig PKG_CONFIG_ALLOW_CROSS: "1" - SODIUM_USE_PKG_CONFIG: "1" OPENSSL_NO_VENDOR: "0" OPENSSL_STATIC: "1" APPIMAGE_EXTRACT_AND_RUN: "1" diff --git a/LIBSODIUM_FIX_SUMMARY.md b/LIBSODIUM_FIX_SUMMARY.md index 9938d338..fc13e571 100644 --- a/LIBSODIUM_FIX_SUMMARY.md +++ b/LIBSODIUM_FIX_SUMMARY.md @@ -42,16 +42,20 @@ The `libsodium-sys-stable` crate (dependency chain: `tauri-plugin-stronghold` ## Solution +### Revised Approach: Use Vendored libsodium Build + +After initial attempt with `SODIUM_USE_PKG_CONFIG=1` still failed (pkg-config couldn't find libsodium.pc in CI containers), switched to the **vendored build** approach: remove all SODIUM_* environment variables and let libsodium-sys-stable build from source. + ### Changes to `.gitea/workflows/release-beta.yml` #### 1. Linux amd64 Build ```yaml env: APPIMAGE_EXTRACT_AND_RUN: "1" - SODIUM_USE_PKG_CONFIG: "1" # Added + # Removed SODIUM_USE_PKG_CONFIG - let it build from source ``` -**Why:** Forces libsodium-sys to use pkg-config, which finds `libsodium-dev` package installed in the Docker image. +**Why:** Vendored build is more reliable in CI. libsodium-sys-stable will download and compile libsodium from source automatically. #### 2. Windows amd64 Build ```yaml @@ -80,26 +84,22 @@ env: AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc PKG_CONFIG_SYSROOT_DIR: /usr/aarch64-linux-gnu - PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig:/usr/aarch64-linux-gnu/lib/pkgconfig # Extended + PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig:/usr/aarch64-linux-gnu/lib/pkgconfig PKG_CONFIG_ALLOW_CROSS: "1" - SODIUM_USE_PKG_CONFIG: "1" # Added + # Removed SODIUM_USE_PKG_CONFIG - let it build from source OPENSSL_NO_VENDOR: "0" OPENSSL_STATIC: "1" APPIMAGE_EXTRACT_AND_RUN: "1" ``` **Why:** -- Added `SODIUM_USE_PKG_CONFIG=1` to force pkg-config detection -- Extended PKG_CONFIG_PATH to include `/usr/aarch64-linux-gnu/lib/pkgconfig` where arm64 libsodium.pc is located +- Vendored build approach for consistency with linux-amd64 +- Cross-compilation toolchain env vars still needed for the C compiler ### Changes to `.gitea/workflows/auto-tag.yml` -#### Linux arm64 Build Only -```yaml -PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig:/usr/aarch64-linux-gnu/lib/pkgconfig -``` - -**Why:** Same PKG_CONFIG_PATH extension as release-beta.yml for consistency. +#### Linux amd64 & arm64 Builds +Removed `SODIUM_USE_PKG_CONFIG=1` from both builds to match release-beta.yml vendored approach. ## Technical Details From 149f1704355f395595895aa5f2e715631d6bd482 Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Sun, 14 Jun 2026 05:34:47 -0500 Subject: [PATCH 2/2] docs: clarify two-phase fix approach in summary The automated reviewer was confused by comments like 'Changed from' in the Windows section, which implied this commit changed Windows config. Clarified that: - Phase 1 (commit 7316339a): Fixed Windows, attempted Linux with pkg-config - Phase 2 (commit 44ba1bd4): Revised Linux to use vendored builds - Windows config was fixed in Phase 1 and unchanged in Phase 2 This should resolve the automated reviewer's concern about Windows configuration appearing incomplete. --- LIBSODIUM_FIX_SUMMARY.md | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/LIBSODIUM_FIX_SUMMARY.md b/LIBSODIUM_FIX_SUMMARY.md index fc13e571..a73f3480 100644 --- a/LIBSODIUM_FIX_SUMMARY.md +++ b/LIBSODIUM_FIX_SUMMARY.md @@ -42,6 +42,18 @@ The `libsodium-sys-stable` crate (dependency chain: `tauri-plugin-stronghold` ## Solution +### Two-Phase Fix + +This fix was implemented in two commits: + +**Phase 1 (Commit `7316339a`):** Fixed Windows configuration and attempted Linux fixes with `SODIUM_USE_PKG_CONFIG=1` +- Windows: Changed `SODIUM_LIB_DIR` from `""` to `/usr/x86_64-w64-mingw32/lib` ✅ +- Linux: Added `SODIUM_USE_PKG_CONFIG=1` ❌ (still failed) + +**Phase 2 (Commit `44ba1bd4`):** Revised Linux approach to use vendored builds +- Linux: Removed `SODIUM_USE_PKG_CONFIG` to trigger vendored build from source ✅ +- Windows: No changes (already correct from Phase 1) + ### Revised Approach: Use Vendored libsodium Build After initial attempt with `SODIUM_USE_PKG_CONFIG=1` still failed (pkg-config couldn't find libsodium.pc in CI containers), switched to the **vendored build** approach: remove all SODIUM_* environment variables and let libsodium-sys-stable build from source. @@ -66,15 +78,15 @@ env: CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER: x86_64-w64-mingw32-gcc OPENSSL_NO_VENDOR: "0" OPENSSL_STATIC: "1" - SODIUM_LIB_DIR: /usr/x86_64-w64-mingw32/lib # Changed from "" - SODIUM_STATIC: "1" # Changed from "yes" - SODIUM_USE_PKG_CONFIG: "no" # Added (explicit disable) + SODIUM_LIB_DIR: /usr/x86_64-w64-mingw32/lib + SODIUM_STATIC: "1" + SODIUM_USE_PKG_CONFIG: "no" ``` **Why:** -- Points `SODIUM_LIB_DIR` to the actual pre-built libsodium location (installed by Dockerfile.windows-cross) -- Explicitly disables pkg-config to prevent conflict -- Standardizes `SODIUM_STATIC` to "1" (matches auto-tag.yml) +- Uses pre-built libsodium from Dockerfile.windows-cross (installed to `/usr/x86_64-w64-mingw32/lib`) +- Explicitly disables pkg-config to prevent conflict with SODIUM_LIB_DIR +- **Note:** This configuration was fixed in commit `7316339a` and remains unchanged in current commit #### 3. Linux arm64 Build ```yaml