macOS static openssl

Hi, I’ve been building binaries with a static openssl for linux without much hassle.
I’ve recently got a macbook and I’m trying to setup a macOS build on GHA but when I try to build openssl statically I get the following error:

= note: Undefined symbols for architecture x86_64:
11777
            "____chkstk_darwin", referenced from:
11778
                _do_ssl3_write in libopenssl_sys-a2b0c183d40db79a.rlib(rec_layer_s3.o)
11779
                _ERR_print_errors_cb in libopenssl_sys-a2b0c183d40db79a.rlib(err_prn.o)
11780
                _BN_mod_exp_mont_consttime in libopenssl_sys-a2b0c183d40db79a.rlib(bn_exp.o)
11781
                _curve448_base_double_scalarmul_non_secret in libopenssl_sys-a2b0c183d40db79a.rlib(curve448.o)
11782
                _tls_parse_ctos_cookie in libopenssl_sys-a2b0c183d40db79a.rlib(extensions_srvr.o)
11783
                _RSAZ_1024_mod_exp_avx2 in libopenssl_sys-a2b0c183d40db79a.rlib(rsaz_exp.o)
11784
          ld: symbol(s) not found for architecture x86_64

If I don’t build it statically then it seems to “work” but I end up with a binary that has an openssl linking to /nix/store…

Locally it seems to work fine, but I’ve got an aarch64, not an x86
On a related note, is it possible to build for aarch64-darwin from x86_64-darwin?

Thank you!

Seems like this is because pkgsStatic on Darwin is not static… so pkgsStatic.openssl does not seem to be static…
Which means the build actually tries to use the openssl from homebrew!! How is this allowed? Is there some impure way where /usr/local/opt/*/lib is added to the build on Darwin?

So the fix was to build a static openssl:

static_ssl = (pkgs.openssl.override {
    static = true;
  });