Failed to compile openssl-sys with Rust on macOS

Hi there,

I’m stuck while building a package that includes OpenSSL. The error message I get is:

error: failed to run custom build command for `openssl-sys v0.9.67`

Caused by:
  process didn't exit successfully: `/Users/jost/Desktop/holochain/lair-keystore-client/target/release/build/openssl-sys-8609751769bb813c/build-script-main` (exit status: 101)

I’m running macOS on aarch64-darwin.

Here’s the nix expression snippet with build inputs:

...
buildInputs = [
    (rust-bin.stable.latest.default.override {
      extensions = [ "rust-src" ];
      targets = [ "wasm32-unknown-unknown" ];
    })
    darwin.apple_sdk.frameworks.AppKit
    # openssl.dev
  ];

  # OPENSSL_INCLUDE_DIR = "/nix/store/83ggar88dd5fv8sf5wimww0w2fsgl6n1-openssl-1.1.1p-dev/include";
  # OPENSSL_LIB_DIR = "/nix/store/83ggar88dd5fv8sf5wimww0w2fsgl6n1-openssl-1.1.1p-dev/lib";
...

The commented lines don’t make a difference, I’ve tried including openssl and/or openssl.dev, as well as pkg-config, as well as setting those env vars manually - to no avail.

I’m able to cargo build the binary successfully when I enter a nix-shell. But to build the package, nix-build seems to use the equivalent of a --pure shell, and when I build the binary from such a pure shell, I get the error.

So there must be something in my environment which enables the build, that isn’t present in the pure env. I haven’t been able to figure out what it is. There are no OPENSSL env vars set anyway.

Searched all the websites in the world I believe. Can anyone help me out?

Rust packages that rely on FFI often rely on pkg-config to discover the libraries, then you need the library in buildInputs and pkg-config in nativeBuildInputs.

Thanks for the hint, @NobbZ. I tried that, and also one variation of it by adding the env var PKG_CONFIG_PATH:

 nativeBuildInputs = [ pkg-config ];
  buildInputs = [
    (rust-bin.stable.latest.default.override {
      extensions = [ "rust-src" ];
      targets = [ "wasm32-unknown-unknown" ];
    })
    darwin.apple_sdk.frameworks.AppKit
    openssl
  ];
  PKG_CONFIG_PATH = "${pkgs.openssl.dev}/lib/pkgconfig";

Unfortunately it still gives me the same error.

Then further information might be required.

It might even be related to the fact that you use wasm32 target, but can not provide a wasm32-openssl!

That’s unlikely as it builds when I don’t use --pure for the shell, and I don’t have any global installation of Rust.

Which further information do you require ?

Here’s the full nix expression (I know there’s an easier way to build the package instead of using phases etc., but I’m just starting out ):

with import <nixpkgs> { };

let
  pname = "lair-keystore";
  version = "0.0.10";
in
stdenv.mkDerivation
{
  inherit pname;
  inherit version;

  nativeBuildInputs = [
    pkg-config
  ];

  buildInputs = [
    (rust-bin.stable.latest.default.override {
      extensions = [ "rust-src" ];
      targets = [ "wasm32-unknown-unknown" ];
    })
    darwin.apple_sdk.frameworks.AppKit
    openssl
  ];

  src = builtins.fetchGit
    {
      url = https://github.com/holochain/lair.git;
      ref = "refs/tags/v${version}";
    };

  buildPhase = ''
    CARGO_HOME=.cargo cargo build --release --bin ${pname}
  '';

  installPhase = ''
    mkdir -p $out/bin
    mv target/release/${pname} $out/bin
  '';

  installCheckPhase = ''
    export PATH="$out/bin:$PATH"
  '';
}

Through another repo that uses the “vendored” openssl crate in Rust, I finally found out that perl is the package that I need to add, because that openssl crate uses perl under the hood to configure it. It’s mentioned on the openssl crate page openssl - Rust.

So at last it works! I’m so happy

This is enough for me:

buildInputs = [
    (rust-bin.stable.latest.default.override {
      extensions = [ "rust-src" ];
      targets = [ "wasm32-unknown-unknown" ];
    })
    darwin.apple_sdk.frameworks.AppKit
    perl
  ];

wow thank you for this - would never have guessed from the error messages

+1 thank you!

perl was the missing nativeBuildInput I was looking for