Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure OpenSSL data dir on vendored builds. #2122

Merged
merged 1 commit into from
May 7, 2024
Merged

Configure OpenSSL data dir on vendored builds. #2122

merged 1 commit into from
May 7, 2024

Conversation

DanielSidhion
Copy link
Contributor

Currently, any build using Nix fails if it's attempting to build a static binary (musl target) that uses this crate with the vendored flag. This happened because the openssl-src crate looked for the openssl dir using a hardcoded path, and was recently fixed in alexcrichton/openssl-src-rs#220.

This PR bumps the version of openssl-src to get the fix, and propagates the value of the OPENSSL_DIR environment variable to openssl-src if it's set. This is all that's needed to unblock static musl builds on Nix.

@DanielSidhion DanielSidhion mentioned this pull request Dec 9, 2023
Open
@sfackler
Copy link
Owner

sfackler commented Dec 9, 2023

The OPENSSL_DIR environment variable is already used for an entirely different purpose in openssl-sys.

@DanielSidhion DanielSidhion force-pushed the propagate-openssl-dir-vendored branch from c9524ef to 734d2c5 Compare December 9, 2023 06:47
@DanielSidhion
Copy link
Contributor Author

My apologies for the initial changes in this PR - I just dug more into this matter and understand better why not use OPENSSL_DIR, and also what was the actual build failure I was having. The build failure turned out to be a missing perl during the build with Nix (the error message made it look like a completely different issue).

As for not using OPENSSL_DIR - I'm leaning towards creating and documenting a new environment variable for this. This variable would only be used in a vendored build to configure the directory that OpenSSL uses by default to look for configuration file and certificates. This crate's current documentation makes it seem like OpenSSL will not look in any place on a vendored build, but it does. This is especially important on vendored builds with Nix, since /usr/local/ssl (the default directory as configured by openssl-src) may contain files for a completely different version of OpenSSL, and/or not be controlled by whoever runs the binary with the vendored build.

@DanielSidhion DanielSidhion changed the title Propagate OPENSSL_DIR on vendored builds. Configure OpenSSL data dir on vendored builds. Dec 9, 2023
Nowaaru added a commit to Nowaaru/nmm-cli that referenced this pull request Mar 29, 2024
@Nowaaru
try my hardest to get this to build
4e804b8 
but in the end this sfackler guy's
maintainer-induced dementia [makes
this impossible](sfackler/rust-openssl#2122) so :P
@Skepfyr
Copy link
Collaborator

Skepfyr commented May 7, 2024

This seems neat, is clearly needed, and is documented clearly, @sfackler shout of you disagree but I'm hitting merge. Thanks for this!

@Skepfyr Skepfyr merged commit daaca3f into sfackler:master May 7, 2024
53 checks passed
@DanielSidhion DanielSidhion deleted the propagate-openssl-dir-vendored branch May 12, 2024 17:34
@cedricschwyter cedricschwyter mentioned this pull request Jul 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DanielSidhion @sfackler @Skepfyr