macOS static openssl

Hi, I’ve been building binaries with a static openssl for linux without much hassle.
I’ve recently got a macbook and I’m trying to setup a macOS build on GHA but when I try to build openssl statically I get the following error:

= note: Undefined symbols for architecture x86_64:
            "____chkstk_darwin", referenced from:
                _do_ssl3_write in libopenssl_sys-a2b0c183d40db79a.rlib(rec_layer_s3.o)
                _ERR_print_errors_cb in libopenssl_sys-a2b0c183d40db79a.rlib(err_prn.o)
                _BN_mod_exp_mont_consttime in libopenssl_sys-a2b0c183d40db79a.rlib(bn_exp.o)
                _curve448_base_double_scalarmul_non_secret in libopenssl_sys-a2b0c183d40db79a.rlib(curve448.o)
                _tls_parse_ctos_cookie in libopenssl_sys-a2b0c183d40db79a.rlib(extensions_srvr.o)
                _RSAZ_1024_mod_exp_avx2 in libopenssl_sys-a2b0c183d40db79a.rlib(rsaz_exp.o)
          ld: symbol(s) not found for architecture x86_64

If I don’t build it statically then it seems to “work” but I end up with a binary that has an openssl linking to /nix/store…

Locally it seems to work fine, but I’ve got an aarch64, not an x86 :frowning:
On a related note, is it possible to build for aarch64-darwin from x86_64-darwin?

Thank you!

Seems like this is because pkgsStatic on Darwin is not static… so pkgsStatic.openssl does not seem to be static…
Which means the build actually tries to use the openssl from homebrew!! How is this allowed? Is there some impure way where /usr/local/opt/*/lib is added to the build on Darwin?

So the fix was to build a static openssl:

static_ssl = (pkgs.openssl.override {
    static = true;