feat: add 7zz for CHM documentation extraction

Download static 7-Zip binary at Docker build time for extracting Microsoft Compiled HTML Help (.chm) files. Follows the same pattern as the existing Himalaya CLI installation. 7zz is scraped from 7-zip.org/download.html at build time.
Merge pull request 'fix: use ln -sf instead of update-alternatives --set for iptables-nft' (#28 ) from fix/vpn-iptables-nft-v3 into master
2026-05-13 16:27:32 -04:00 · 2026-05-13 16:59:50 +00:00 · 2026-05-13 12:58:43 -04:00
2 changed files with 46 additions and 5 deletions
--- a/ai/hermes/Dockerfile
+++ b/ai/hermes/Dockerfile
@@ -78,6 +78,47 @@ PYEOF
 # ---------- Install himalaya-ro wrapper ----------
 COPY --chmod=0755 himalaya-ro.sh /usr/local/bin/himalaya-ro

+# ---------- Install 7-Zip for CHM extraction ----------
+RUN /opt/hermes/.venv/bin/python3 /dev/stdin << 'PYEOF'
+import urllib.request, tarfile, os, shutil, re, subprocess
+
+# Scrape 7-zip.org for latest Linux x64 binary
+url = 'https://7-zip.org/download.html'
+req = urllib.request.Request(url, headers={'User-Agent': 'Mozilla/5.0'})
+r = urllib.request.urlopen(req, timeout=15)
+html = r.read().decode()
+
+links = re.findall(r'href="(a/7z[\d]+-linux-x64\.tar\.xz)"', html)
+if not links:
+    raise RuntimeError("Could not find 7z download link")
+
+dl_url = f'https://7-zip.org/{links[0]}'
+print(f'Downloading 7z from {dl_url}...')
+req = urllib.request.Request(dl_url, headers={'User-Agent': 'Mozilla/5.0'})
+r = urllib.request.urlopen(req, timeout=30)
+data = r.read()
+
+with open('/tmp/7z.tar.xz', 'wb') as f:
+    f.write(data)
+
+subprocess.run(['tar', '-xJf', '/tmp/7z.tar.xz', '-C', '/tmp/'], check=True)
+
+for root, dirs, files in os.walk('/tmp'):
+    for f in files:
+        if f == '7zz':
+            src = os.path.join(root, f)
+            shutil.move(src, '/usr/local/bin/7zz')
+            os.chmod('/usr/local/bin/7zz', 0o755)
+            print(f'7zz installed from {src}')
+            break
+
+os.remove('/tmp/7z.tar.xz')
+
+# Verify
+r = subprocess.run(['/usr/local/bin/7zz'], capture_output=True, text=True)
+print(f'7-Zip {r.stdout.strip()[:60]}')
+PYEOF
+

 # ---------- Runtime ----------
 USER hermes
--- a/vpn/Dockerfile
+++ b/vpn/Dockerfile
@@ -2,8 +2,8 @@
 # Fixes crash-loop when host kernel lacks legacy iptable_nat module.
 FROM ghcr.io/wg-easy/wg-easy:latest

-# The upstream image defaults to iptables-legacy via update-alternatives.
-# Switch iptables to the nftables backend (already provided by the 'iptables'
-# package on Alpine 3.18+). No apk add needed — iptables-nft is built-in.
-RUN update-alternatives --set iptables /usr/sbin/iptables-nft && \
-    update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
+# The upstream image registers only iptables-legacy with update-alternatives.
+# iptables-nft binary exists but isn't registered as an alternative key.
+# Override the alternatives-managed symlinks directly.
+RUN ln -sf /usr/sbin/iptables-nft /usr/sbin/iptables && \
+    ln -sf /usr/sbin/ip6tables-nft /usr/sbin/ip6tables
Author	SHA1	Message	Date
Hermes	c39174f0fe	feat: add 7zz for CHM documentation extraction Some checks failed Build Hermes agent / build (pull_request) Has been cancelled Details Download static 7-Zip binary at Docker build time for extracting Microsoft Compiled HTML Help (.chm) files. Follows the same pattern as the existing Himalaya CLI installation. 7zz is scraped from 7-zip.org/download.html at build time.	2026-05-13 16:27:32 -04:00
Thierry Pouplier	29ae32a1c5	Merge pull request 'fix: use ln -sf instead of update-alternatives --set for iptables-nft' (#28 ) from fix/vpn-iptables-nft-v3 into master Reviewed-on: #28	2026-05-13 16:59:50 +00:00
Hermes	8dff094768	fix: use ln -sf instead of update-alternatives --set update-alternatives --set fails because the base image only registers iptables-legacy as an alternative. The iptables-nft binary (/usr/sbin/iptables-nft) exists but isn't in the alternatives database. Direct ln -sf bypasses this.	2026-05-13 12:58:43 -04:00