fix(windows): vendor OpenSSL for the windows-gnu cross build #27

Merged

David merged 1 commit from fix/windows-vendored-openssl into main 2026-05-29 02:14:47 +02:00

Conversation 0 Commits 1 Files changed 3 +29 -5

David commented 2026-05-29 02:10:18 +02:00

Owner

Copy link

Problem

just build-windows (and the Windows CI build) failed cross-compiling to x86_64-pc-windows-gnu. openssl-sys is linked transitively by the libgit2 git stack (git2 -> libgit2-sys -> libssh2-sys) and by reqwest's default native-tls, and there is no x86_64-w64-mingw32 OpenSSL to link against.

Fix

Vendor the Windows-target OpenSSL. A cfg(windows)-gated openssl dependency with the vendored feature pulls openssl-src, which builds OpenSSL from source with the mingw gcc. openssl-sys uses links = "openssl", so the single vendored feature unifies across the whole graph (git2 + reqwest) for the Windows build. Native Linux builds are untouched (the dep is gated to Windows targets) and keep using the distro OpenSSL. Cargo.lock gains openssl-src.

oci-build/Dockerfile.windows bumps its base to rust-builder-glibc-windows:v1.1.0, which adds the toolchain bits the build needs: make + full perl (the slim base ships only perl-base, which lacks the modules OpenSSL's Configure needs) for the vendored target build, and libssl-dev for a second openssl-sys that gets compiled for the build host because ssh2-config build-depends on git2.

Verification

Built end-to-end against a local image patched with those three packages: produces a valid PE32+ executable ... x86-64 fj.exe (~32 MB). cargo check on Linux is unchanged.

Sequencing

Depends on niceguyit/oci-images publishing rust-builder-glibc-windows:v1.1.0 (the make + perl + libssl-dev additions). Until that image is live, this PR's Windows CI build will fail to pull the base image. Merge after the image is published.

## Problem `just build-windows` (and the Windows CI build) failed cross-compiling to `x86_64-pc-windows-gnu`. `openssl-sys` is linked transitively by the libgit2 git stack (`git2` -> `libgit2-sys` -> `libssh2-sys`) and by `reqwest`'s default `native-tls`, and there is no `x86_64-w64-mingw32` OpenSSL to link against. ## Fix Vendor the Windows-target OpenSSL. A `cfg(windows)`-gated `openssl` dependency with the `vendored` feature pulls `openssl-src`, which builds OpenSSL from source with the mingw gcc. `openssl-sys` uses `links = "openssl"`, so the single vendored feature unifies across the whole graph (git2 + reqwest) for the Windows build. Native Linux builds are untouched (the dep is gated to Windows targets) and keep using the distro OpenSSL. `Cargo.lock` gains `openssl-src`. `oci-build/Dockerfile.windows` bumps its base to `rust-builder-glibc-windows:v1.1.0`, which adds the toolchain bits the build needs: `make` + full `perl` (the slim base ships only `perl-base`, which lacks the modules OpenSSL's `Configure` needs) for the vendored target build, and `libssl-dev` for a second `openssl-sys` that gets compiled for the build host because `ssh2-config` build-depends on `git2`. ## Verification Built end-to-end against a local image patched with those three packages: produces a valid `PE32+ executable ... x86-64` `fj.exe` (~32 MB). `cargo check` on Linux is unchanged. ## Sequencing Depends on `niceguyit/oci-images` publishing `rust-builder-glibc-windows:v1.1.0` (the `make` + `perl` + `libssl-dev` additions). Until that image is live, this PR's Windows CI build will fail to pull the base image. Merge after the image is published.

David added 1 commit 2026-05-29 02:10:18 +02:00

fix(windows): vendor OpenSSL for the windows-gnu cross build ... 672222bfe8

The x86_64-pc-windows-gnu cross build failed because openssl-sys (pulled by the libgit2 git stack git2 -> libgit2-sys -> libssh2-sys and by reqwest's native-tls) had no OpenSSL to link. There is no x86_64-w64-mingw32 OpenSSL package, so the Windows-target openssl-sys is now vendored: a cfg(windows)-gated openssl dependency with the vendored feature pulls openssl-src and builds OpenSSL from source with the mingw gcc. openssl-sys uses links = "openssl", so this one feature unifies across the whole graph for the Windows build; native Linux builds are untouched and keep using the distro OpenSSL. Cargo.lock gains openssl-src.

The vendored build needs make + a full perl in the builder image, and a second openssl-sys is compiled for the build host (ssh2-config build-depends on git2) which needs libssl-dev. Those ship in rust-builder-glibc-windows >= v1.1.0, so bump the FROM tag. Verified end-to-end against a patched image: produces a PE32+ x86-64 fj.exe.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

David merged commit 2fe1237f05 into main 2026-05-29 02:14:47 +02:00

David deleted branch fix/windows-vendored-openssl 2026-05-29 02:14:48 +02:00

David referenced this pull request from a commit 2026-05-29 02:14:48 +02:00

Merge pull request 'fix(windows): vendor OpenSSL for the windows-gnu cross build' (#27) from fix/windows-vendored-openssl into main

David referenced this pull request 2026-05-29 02:25:50 +02:00

ci(version): pass COMMIT_DATE and BUILD_DATE build-args so dates bake (FJ-25) #29

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pandoras-box/forgejo-cli!27

No description provided.