Re: [Chicken-users] Building the openssl egg on MacOS

[Vasilij Schneidermann]

Hello Lassi,

I maintain the openssl egg these days.

> On MacOS Mojave, "chicken-install openssl" fails because the OS doesn't ship
> any pkg-config definition file for its version of the openssl library. The
> pkg-config definition is supposed to be in a file called 'openssl.pc' but
> 'sudo find / -name openssl.pc 2>/dev/null' turns up no such file for the
> OpenSSL that comes with the OS.
> 
> (In this version of MacOS the openssl library is actually the OpenSSL
> compatibility wrapper of the LibreSSL library: "/usr/bin/openssl version"
> says "LibreSSL 2.6.5". Even though the library is LibreSSL, it's still
> designed to ship with a file named 'openssl.pc' for compatibility with
> OpenSSL. But MacOS doesn't have that file.)

Ugh.  I've always had the impression macOS gets worse with each release,
but this is ridiculous, almost as if they expect everyone to use XCode
for development...

> The easiest workaround is to install a copy of OpenSSL or LibreSSL from the
> popular Homebrew package manager and build the egg using that copy:
> 
>     brew install openssl
>     export PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig"
>     chicken-install openssl
> 
> Or:
> 
>     brew install libressl
>     export PKG_CONFIG_PATH="$(brew --prefix libressl)/lib/pkgconfig"
>     chicken-install openssl

This is what I recommend to everyone who has to work on that kind of
system.  It's sad, but the least painful way of getting work done.

> In principle one could use the openssl library that ships with MacOS to
> build the openssl egg. However, on this OS version I can't find the
> <openssl/ssl.h> C header file anywhere in the file system, even though the
> library itself is installed as </usr/lib/libssl.dylib>.

The reason for this is because on macOS you're supposed to use
"frameworks" instead which contain all that information, much like an
.app contains all the files associated with a program.  There's even a
`-framework` option for `csc` which might just make this work... I can't
test this though because I've abandoned that OS many years ago.

> I installed Apple's command-line developer tools using "sudo
> xcode-select --install". As far as I can tell, I don't have the full
> GUI version of XCode anymore with this OS upgrade. I think the GUI
> version is still available free of charge but it may now require a Mac
> App Store login to install. From Chicken's point of view, we
> unfortunately can't assume that people who use Chicken have the full
> version of XCode.

I hereby reiterate my point that doing development on macOS involves
much sadness, such as creating a developer account to do development.
I'm afraid there isn't much else you can do, unless you somehow get gcc
and the rest of the toolchain working without that.

> Many/most MacOS users of intarweb might stumble onto this problem now that
> HTTPS websites are everywhere, so would it make sense to add MacOS-specific
> checks to the build-openssl script? Since it seems tricky to reliably find
> the system OpenSSL header files, maybe it should suggest that people use
> Homebrew as the easiest alternative. I can write and test a patch for the
> 'build-openssl' shell script if it helps (well, I already wrote most of it
> :-)

Before you do that, there is some work I've done on a few more eggs I
maintain, I got fed up with writing user-unfriendly shell scripts that I
rewrote the non-Windows version to use a Scheme program instead doing
basic version detection, falling back to environment variables and
finally bailing out with an error.  You can find the latest version of
it at the breadline repository [1].  Please let me know if that fulfills
your wishes and if not, whether it can be made to do so.  If yes, then
I'd be willing to migrate the openssl egg towards such a script as well.
The reason I haven't done so is because unlike the other eggs I maintain
it's something I'd rather not touch unnecessarily, breakages to it will
be far more annoying to handle than anything else.  And honestly
speaking, OpenSSL isn't nice to deal with either :>

Vasilij

[1] 
https://raw.githubusercontent.com/wasamasa/breadline/master/build-breadline.scm

signature.asc
Description: PGP signature