Failed to compile openssl-sys with Rust on macOS

jost-s · August 6, 2022, 2:34am

Hi there,

I’m stuck while building a package that includes OpenSSL. The error message I get is:

error: failed to run custom build command for `openssl-sys v0.9.67`

Caused by:
  process didn't exit successfully: `/Users/jost/Desktop/holochain/lair-keystore-client/target/release/build/openssl-sys-8609751769bb813c/build-script-main` (exit status: 101)

I’m running macOS on aarch64-darwin.

Here’s the nix expression snippet with build inputs:

...
buildInputs = [
    (rust-bin.stable.latest.default.override {
      extensions = [ "rust-src" ];
      targets = [ "wasm32-unknown-unknown" ];
    })
    darwin.apple_sdk.frameworks.AppKit
    # openssl.dev
  ];

  # OPENSSL_INCLUDE_DIR = "/nix/store/83ggar88dd5fv8sf5wimww0w2fsgl6n1-openssl-1.1.1p-dev/include";
  # OPENSSL_LIB_DIR = "/nix/store/83ggar88dd5fv8sf5wimww0w2fsgl6n1-openssl-1.1.1p-dev/lib";
...

The commented lines don’t make a difference, I’ve tried including openssl and/or openssl.dev, as well as pkg-config, as well as setting those env vars manually - to no avail.

I’m able to cargo build the binary successfully when I enter a nix-shell. But to build the package, nix-build seems to use the equivalent of a --pure shell, and when I build the binary from such a pure shell, I get the error.

So there must be something in my environment which enables the build, that isn’t present in the pure env. I haven’t been able to figure out what it is. There are no OPENSSL env vars set anyway.

Searched all the websites in the world I believe. Can anyone help me out?

NobbZ · August 6, 2022, 8:31am

Rust packages that rely on FFI often rely on pkg-config to discover the libraries, then you need the library in buildInputs and pkg-config in nativeBuildInputs.

jost-s · August 6, 2022, 2:05pm

Thanks for the hint, @NobbZ. I tried that, and also one variation of it by adding the env var PKG_CONFIG_PATH:

 nativeBuildInputs = [ pkg-config ];
  buildInputs = [
    (rust-bin.stable.latest.default.override {
      extensions = [ "rust-src" ];
      targets = [ "wasm32-unknown-unknown" ];
    })
    darwin.apple_sdk.frameworks.AppKit
    openssl
  ];
  PKG_CONFIG_PATH = "${pkgs.openssl.dev}/lib/pkgconfig";

Unfortunately it still gives me the same error.

NobbZ · August 6, 2022, 2:38pm

Then further information might be required.

It might even be related to the fact that you use wasm32 target, but can not provide a wasm32-openssl!

jost-s · August 6, 2022, 4:03pm

That’s unlikely as it builds when I don’t use --pure for the shell, and I don’t have any global installation of Rust.

Which further information do you require ?

Here’s the full nix expression (I know there’s an easier way to build the package instead of using phases etc., but I’m just starting out ):

with import <nixpkgs> { };

let
  pname = "lair-keystore";
  version = "0.0.10";
in
stdenv.mkDerivation
{
  inherit pname;
  inherit version;

  nativeBuildInputs = [
    pkg-config
  ];

  buildInputs = [
    (rust-bin.stable.latest.default.override {
      extensions = [ "rust-src" ];
      targets = [ "wasm32-unknown-unknown" ];
    })
    darwin.apple_sdk.frameworks.AppKit
    openssl
  ];

  src = builtins.fetchGit
    {
      url = https://github.com/holochain/lair.git;
      ref = "refs/tags/v${version}";
    };

  buildPhase = ''
    CARGO_HOME=.cargo cargo build --release --bin ${pname}
  '';

  installPhase = ''
    mkdir -p $out/bin
    mv target/release/${pname} $out/bin
  '';

  installCheckPhase = ''
    export PATH="$out/bin:$PATH"
  '';
}

jost-s · August 7, 2022, 2:51am

Through another repo that uses the “vendored” openssl crate in Rust, I finally found out that perl is the package that I need to add, because that openssl crate uses perl under the hood to configure it. It’s mentioned on the openssl crate page https://azasypkin.github.io/rust-cast/openssl/index.html#vendored.

So at last it works! I’m so happy

This is enough for me:

buildInputs = [
    (rust-bin.stable.latest.default.override {
      extensions = [ "rust-src" ];
      targets = [ "wasm32-unknown-unknown" ];
    })
    darwin.apple_sdk.frameworks.AppKit
    perl
  ];

ragnarok451 · January 8, 2023, 9:44pm

wow thank you for this - would never have guessed from the error messages

MAHDTech · May 30, 2023, 4:15am

+1 thank you!

perl was the missing nativeBuildInput I was looking for