diskuv/dkml-installer-ocaml

Including OpenSSL

Opened this issue · 2 comments

ReallySnazzy commented

Has including OpenSSL in DkML been considered? I think it would be helpful for developers building web applications using DkML if this was included. For example, I recently tried to install Dream on Windows, and it seems like the only thing stopping me from using it is the package ssl isn't building. I get the following error:

▼ retrieved ssl.0.7.0  (cached)
[ERROR] The compilation of conf-libssl.4 failed at "pkg-config --print-errors
        --exists openssl".

#=== ERROR while compiling conf-libssl.4 ======================================#
# context     2.2.0~alpha0~20221228 | win32/x86_64 | conf-withdkml.3 ocaml-system.4.14.0 | https://opam.ocaml.org#fe987bae
# path        C:\Users\jscoo\_opam\.opam-switch\build\conf-libssl.4
# command     C:\Users\jscoo\AppData\Local\Programs\DKMLNA~1\bin\WITH-D~1.EXE pkg-config --print-errors --exists openssl
# exit-code   1
# env-file    C:\Users\jscoo\AppData\Local\opam\log\conf-libssl-44764-43ea44.env
# output-file C:\Users\jscoo\AppData\Local\opam\log\conf-libssl-44764-43ea44.out
### output ###
# Package openssl was not found in the pkg-config search path.
# Perhaps you should add the directory containing `openssl.pc'
# to the PKG_CONFIG_PATH environment variable
# Package 'openssl', required by 'virtual:world', not found

I tried installing OpenSSL via scoop, but running C:\Users\jscoo\AppData\Local\Programs\DKMLNA~1\bin\WITH-D~1.EXE pkg-config --print-errors --exists openssl on its own still provided the following error

Package openssl was not found in the pkg-config search path.
Perhaps you should add the directory containing `openssl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'openssl' found
jonahbeckford commented

Interesting. I had thought even more stuff would break with dream.

Four things have made me avoid this so far:

  1. I generally only support what I use. I don't use Dream (and if I did it would be Dream for deployment on Linux, so I'd just do my Dream development on WSL2). But I can see that local Windows development of Dream would be nice for some people!
  2. The Unix pkg-config stuff is very complicated to support on Windows. Among other things, it doesn't handle directories with spaces (ex. C:\Users\Santa Claus\myproject). So if there was a patch for openssl we'd have to work around pkg-config.
  3. For security libraries like openssl, I really really really would not want to bundle a non-patchable security DLL inside DkML. However, I would consider an easy-to-patch OCaml SSL library like tls and have done some work for that effort (see mirage/mirage-crypto#137). That work still is a long way off though

Today I think the best way forward would be to get Dream to make SSL optional (that benefits everybody doing either local development or production SSL offloading) rather than make conf-libssl magically work on Windows. Would you consider opening a ticket on the dream project?

  • 👍1
ReallySnazzy commented

Looks like they're already considering it
aantron/dream#168