From 7f54dc17f1a60a5f1d9bb5734b399a339d332996 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 24 Nov 2025 10:48:09 +0000 Subject: [PATCH 1/7] Initial plan From 851e1c1e7d73b6e76b23b041a6c8ff3654dabc75 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 24 Nov 2025 10:55:09 +0000 Subject: [PATCH 2/7] Configure DNS for fast failure in Ubuntu images Add configure_dns_fast_fail function to mitigate systemd-resolved timeout issues. Sets DNS timeout:1 attempts:1 in /etc/resolv.conf to ensure tests expecting immediate DNS failure work correctly. Co-authored-by: phlax <454682+phlax@users.noreply.github.com> --- docker/linux/ubuntu/fun.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/docker/linux/ubuntu/fun.sh b/docker/linux/ubuntu/fun.sh index 887c8b60..1cc62bd7 100755 --- a/docker/linux/ubuntu/fun.sh +++ b/docker/linux/ubuntu/fun.sh @@ -112,6 +112,36 @@ ensure_stdlibcc () { apt list libstdc++6 | grep installed | grep "$LIBSTDCXX_EXPECTED_VERSION" } +configure_dns_fast_fail () { + # Configure DNS to fail fast for non-existent domains + # This mitigates systemd-resolved timeout issues in recent Ubuntu updates + # where DNS queries for non-existent domains timeout instead of failing immediately + + # In Docker containers, we need to configure /etc/resolv.conf with fast-fail options + # The options timeout:N and attempts:N control DNS resolution behavior: + # - timeout: seconds to wait for a response before trying next server (default 5) + # - attempts: number of times to try each nameserver (default 2) + + # Check if /etc/resolv.conf exists and is writable + if [ -f /etc/resolv.conf ]; then + # Remove the file if it's a symlink to allow us to create a real file + if [ -L /etc/resolv.conf ]; then + # Preserve the current content before removing the symlink + local temp_resolv=$(mktemp) + cat /etc/resolv.conf > "$temp_resolv" 2>/dev/null || true + rm -f /etc/resolv.conf + cat "$temp_resolv" > /etc/resolv.conf + rm -f "$temp_resolv" + fi + + # Add DNS timeout options if not already present + if ! grep -q "^options.*timeout" /etc/resolv.conf 2>/dev/null; then + # Insert options line at the beginning for faster DNS failure + sed -i '1i options timeout:1 attempts:1' /etc/resolv.conf + fi + fi +} + install_base () { apt_install "${COMMON_PACKAGES[@]}" add_ubuntu_keys "${APT_KEYS_ENV[@]}" @@ -121,6 +151,7 @@ install_base () { apt-get -qq dist-upgrade -y update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-13 1 ensure_stdlibcc + configure_dns_fast_fail } mobile_install_android () { From baa6835cb222556eaf94df423eccf104a734847f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 24 Nov 2025 10:56:52 +0000 Subject: [PATCH 3/7] Fix shellcheck warning in configure_dns_fast_fail Separate variable declaration and assignment to avoid masking return values (SC2155). Co-authored-by: phlax <454682+phlax@users.noreply.github.com> --- docker/linux/ubuntu/fun.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/linux/ubuntu/fun.sh b/docker/linux/ubuntu/fun.sh index 1cc62bd7..8bf05673 100755 --- a/docker/linux/ubuntu/fun.sh +++ b/docker/linux/ubuntu/fun.sh @@ -127,7 +127,8 @@ configure_dns_fast_fail () { # Remove the file if it's a symlink to allow us to create a real file if [ -L /etc/resolv.conf ]; then # Preserve the current content before removing the symlink - local temp_resolv=$(mktemp) + local temp_resolv + temp_resolv=$(mktemp) cat /etc/resolv.conf > "$temp_resolv" 2>/dev/null || true rm -f /etc/resolv.conf cat "$temp_resolv" > /etc/resolv.conf From 22dfe0843b77a6b60c612a55ec3e10b2df33578e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 24 Nov 2025 10:59:10 +0000 Subject: [PATCH 4/7] Improve DNS options handling in configure_dns_fast_fail Handle existing 'options' lines more robustly: - Check for any 'options' line first, not just those with 'timeout' - If options exists without timeout, append timeout/attempts to it - Prevents duplicate 'options' lines in /etc/resolv.conf Co-authored-by: phlax <454682+phlax@users.noreply.github.com> --- docker/linux/ubuntu/fun.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docker/linux/ubuntu/fun.sh b/docker/linux/ubuntu/fun.sh index 8bf05673..5fbe0557 100755 --- a/docker/linux/ubuntu/fun.sh +++ b/docker/linux/ubuntu/fun.sh @@ -136,9 +136,12 @@ configure_dns_fast_fail () { fi # Add DNS timeout options if not already present - if ! grep -q "^options.*timeout" /etc/resolv.conf 2>/dev/null; then + if ! grep -q "^options" /etc/resolv.conf 2>/dev/null; then # Insert options line at the beginning for faster DNS failure sed -i '1i options timeout:1 attempts:1' /etc/resolv.conf + elif ! grep -q "^options.*timeout" /etc/resolv.conf 2>/dev/null; then + # Options line exists but doesn't have timeout, update it + sed -i '/^options/ s/$/ timeout:1 attempts:1/' /etc/resolv.conf fi fi } From f635d6e5ed7cbc1e4d34b97d2c18eb47c9b4a4ac Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 24 Nov 2025 11:00:56 +0000 Subject: [PATCH 5/7] Address security and logic issues in configure_dns_fast_fail - Use mktemp -m 600 for secure temp file permissions - Check for both timeout and attempts separately to avoid duplicates - Add comment explaining aggressive timeout values - Individually add missing timeout or attempts options Co-authored-by: phlax <454682+phlax@users.noreply.github.com> --- docker/linux/ubuntu/fun.sh | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/docker/linux/ubuntu/fun.sh b/docker/linux/ubuntu/fun.sh index 5fbe0557..51a3d2dc 100755 --- a/docker/linux/ubuntu/fun.sh +++ b/docker/linux/ubuntu/fun.sh @@ -121,6 +121,9 @@ configure_dns_fast_fail () { # The options timeout:N and attempts:N control DNS resolution behavior: # - timeout: seconds to wait for a response before trying next server (default 5) # - attempts: number of times to try each nameserver (default 2) + # + # NOTE: timeout:1 attempts:1 is aggressive but necessary for tests that expect + # immediate failure for non-existent domains. This prevents CI timeouts. # Check if /etc/resolv.conf exists and is writable if [ -f /etc/resolv.conf ]; then @@ -128,7 +131,7 @@ configure_dns_fast_fail () { if [ -L /etc/resolv.conf ]; then # Preserve the current content before removing the symlink local temp_resolv - temp_resolv=$(mktemp) + temp_resolv=$(mktemp -m 600) cat /etc/resolv.conf > "$temp_resolv" 2>/dev/null || true rm -f /etc/resolv.conf cat "$temp_resolv" > /etc/resolv.conf @@ -139,9 +142,14 @@ configure_dns_fast_fail () { if ! grep -q "^options" /etc/resolv.conf 2>/dev/null; then # Insert options line at the beginning for faster DNS failure sed -i '1i options timeout:1 attempts:1' /etc/resolv.conf - elif ! grep -q "^options.*timeout" /etc/resolv.conf 2>/dev/null; then - # Options line exists but doesn't have timeout, update it - sed -i '/^options/ s/$/ timeout:1 attempts:1/' /etc/resolv.conf + else + # Options line exists, check if we need to add timeout or attempts + if ! grep -q "^options.*timeout" /etc/resolv.conf 2>/dev/null; then + sed -i '/^options/ s/$/ timeout:1/' /etc/resolv.conf + fi + if ! grep -q "^options.*attempts" /etc/resolv.conf 2>/dev/null; then + sed -i '/^options/ s/$/ attempts:1/' /etc/resolv.conf + fi fi fi } From c403f12ca7f897addd5d0a2b5658fcd0800f68bd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 24 Nov 2025 11:09:27 +0000 Subject: [PATCH 6/7] Call configure_dns_fast_fail at start of each install function Docker may reset /etc/resolv.conf between RUN commands. Call configure_dns_fast_fail() at the beginning of each install function to ensure DNS configuration is applied before any network operations. Co-authored-by: phlax <454682+phlax@users.noreply.github.com> --- docker/linux/ubuntu/fun.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docker/linux/ubuntu/fun.sh b/docker/linux/ubuntu/fun.sh index 51a3d2dc..94385f56 100755 --- a/docker/linux/ubuntu/fun.sh +++ b/docker/linux/ubuntu/fun.sh @@ -155,6 +155,7 @@ configure_dns_fast_fail () { } install_base () { + configure_dns_fast_fail apt_install "${COMMON_PACKAGES[@]}" add_ubuntu_keys "${APT_KEYS_ENV[@]}" add_apt_repos "${APT_REPOS_ENV[@]}" @@ -163,7 +164,6 @@ install_base () { apt-get -qq dist-upgrade -y update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-13 1 ensure_stdlibcc - configure_dns_fast_fail } mobile_install_android () { @@ -193,12 +193,14 @@ mobile_install_jdk () { } mobile_install () { + configure_dns_fast_fail add_ubuntu_keys "${APT_KEYS_MOBILE[@]}" mobile_install_jdk mobile_install_android } install () { + configure_dns_fast_fail add_apt_key "${APT_KEY_DOCKER}" add_apt_k8s_key "${APT_KEY_K8S}" add_apt_repos "${APT_REPOS[@]}" @@ -213,6 +215,7 @@ install () { } install_ci () { + configure_dns_fast_fail ensure_stdlibcc apt-get -qq update -y apt-get -qq install -y --no-install-recommends "${CI_PACKAGES[@]}" @@ -220,5 +223,6 @@ install_ci () { } install_llvm () { + configure_dns_fast_fail install_llvm_bins } From 72ed4c36d6e6adcee38ccd89c5bbcd8de9ebab27 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 24 Nov 2025 11:14:57 +0000 Subject: [PATCH 7/7] Revert all DNS configuration changes Revert all changes to docker/linux/ubuntu/fun.sh as requested. The approach was incorrect - DNS configuration needs to be in an entrypoint, not in install functions. Co-authored-by: phlax <454682+phlax@users.noreply.github.com> --- docker/linux/ubuntu/fun.sh | 47 -------------------------------------- 1 file changed, 47 deletions(-) diff --git a/docker/linux/ubuntu/fun.sh b/docker/linux/ubuntu/fun.sh index 94385f56..887c8b60 100755 --- a/docker/linux/ubuntu/fun.sh +++ b/docker/linux/ubuntu/fun.sh @@ -112,50 +112,7 @@ ensure_stdlibcc () { apt list libstdc++6 | grep installed | grep "$LIBSTDCXX_EXPECTED_VERSION" } -configure_dns_fast_fail () { - # Configure DNS to fail fast for non-existent domains - # This mitigates systemd-resolved timeout issues in recent Ubuntu updates - # where DNS queries for non-existent domains timeout instead of failing immediately - - # In Docker containers, we need to configure /etc/resolv.conf with fast-fail options - # The options timeout:N and attempts:N control DNS resolution behavior: - # - timeout: seconds to wait for a response before trying next server (default 5) - # - attempts: number of times to try each nameserver (default 2) - # - # NOTE: timeout:1 attempts:1 is aggressive but necessary for tests that expect - # immediate failure for non-existent domains. This prevents CI timeouts. - - # Check if /etc/resolv.conf exists and is writable - if [ -f /etc/resolv.conf ]; then - # Remove the file if it's a symlink to allow us to create a real file - if [ -L /etc/resolv.conf ]; then - # Preserve the current content before removing the symlink - local temp_resolv - temp_resolv=$(mktemp -m 600) - cat /etc/resolv.conf > "$temp_resolv" 2>/dev/null || true - rm -f /etc/resolv.conf - cat "$temp_resolv" > /etc/resolv.conf - rm -f "$temp_resolv" - fi - - # Add DNS timeout options if not already present - if ! grep -q "^options" /etc/resolv.conf 2>/dev/null; then - # Insert options line at the beginning for faster DNS failure - sed -i '1i options timeout:1 attempts:1' /etc/resolv.conf - else - # Options line exists, check if we need to add timeout or attempts - if ! grep -q "^options.*timeout" /etc/resolv.conf 2>/dev/null; then - sed -i '/^options/ s/$/ timeout:1/' /etc/resolv.conf - fi - if ! grep -q "^options.*attempts" /etc/resolv.conf 2>/dev/null; then - sed -i '/^options/ s/$/ attempts:1/' /etc/resolv.conf - fi - fi - fi -} - install_base () { - configure_dns_fast_fail apt_install "${COMMON_PACKAGES[@]}" add_ubuntu_keys "${APT_KEYS_ENV[@]}" add_apt_repos "${APT_REPOS_ENV[@]}" @@ -193,14 +150,12 @@ mobile_install_jdk () { } mobile_install () { - configure_dns_fast_fail add_ubuntu_keys "${APT_KEYS_MOBILE[@]}" mobile_install_jdk mobile_install_android } install () { - configure_dns_fast_fail add_apt_key "${APT_KEY_DOCKER}" add_apt_k8s_key "${APT_KEY_K8S}" add_apt_repos "${APT_REPOS[@]}" @@ -215,7 +170,6 @@ install () { } install_ci () { - configure_dns_fast_fail ensure_stdlibcc apt-get -qq update -y apt-get -qq install -y --no-install-recommends "${CI_PACKAGES[@]}" @@ -223,6 +177,5 @@ install_ci () { } install_llvm () { - configure_dns_fast_fail install_llvm_bins }