Skip to content

Automated releases fail: OpenSSL cross-compilation errors on all targets #37

Open
Open
Automated releases fail: OpenSSL cross-compilation errors on all targets#37
Labels
bugSomething isn't workingrelease
@mostronatorcoder

Description

@mostronatorcoder
mostronatorcoder
bot
opened on Mar 15, 2026

Problem

PR #32 added automated multi-arch release workflow, but all releases fail due to cross-compilation errors.

Evidence:

Failed targets:

  • x86_64-unknown-linux-musl
  • aarch64-unknown-linux-musl
  • armv7-unknown-linux-gnueabi
  • x86_64-pc-windows-gnu
  • x86_64-unknown-freebsd

Root Cause

OpenSSL dependency in reqwest:

reqwest = { version = "0.13.2", features = ["native-tls", "json", "http2"] }

native-tlsopenssl-sys → requires system OpenSSL headers for each target architecture during cross-compilation.

Why it fails:

  • Cross-compilation with native-tls requires installing libssl-dev for each target
  • Requires custom Docker configuration (pre-build hooks or Dockerfiles)
  • Complex arch mapping (amd64, arm64, armhf for Debian packages)
  • Not supported out-of-the-box by cross tool

Solution: Switch to rustls (Pure Rust TLS)

Change:

- reqwest = { version = "0.13.2", features = ["native-tls", "json", "http2"] }
+ reqwest = { version = "0.13.2", features = ["rustls", "json", "http2"] }

Benefits:

  • ✅ No system dependencies (pure Rust crypto)
  • ✅ Cross-compilation works out-of-the-box with cross
  • ✅ No Docker configuration needed
  • ✅ Same HTTPS functionality
  • ✅ Portable across all platforms

Trade-offs:

  • Binary size increases ~200KB
  • Uses webpki-roots instead of system CA store (acceptable for mostrix use case)

Alternative Considered: Fix Cross.toml

Option: Add pre-build hooks to install OpenSSL for each target.

Why rejected:

Verdict: Vendored crypto (rustls) is simpler and more reliable.

Impact

Current state:

  • Automated releases broken
  • Manual binary distribution required
  • Users cannot download pre-built binaries from GitHub releases

After fix:

  • Automated releases work for all 5 architectures
  • GitHub releases include binaries + SHA256 manifest
  • Users can download and verify binaries

Implementation Plan

  1. Modify Cargo.toml:

    - reqwest = { version = "0.13.2", default-features = false, features = ["native-tls", "json", "http2"] }
+ reqwest = { version = "0.13.2", default-features = false, features = ["rustls", "json", "http2"] }

  2. Validate:

    cargo fmt
cargo clippy --all-targets --all-features -- -D warnings
cargo test

  3. Verify no OpenSSL dependency:

    cargo tree | grep openssl
# Should return empty

  4. Test cross-compilation locally (optional):

    cross build --release --target x86_64-unknown-linux-musl
cross build --release --target aarch64-unknown-linux-musl

  5. Create PR with changes

  6. Re-trigger release:

    • After PR merge, create new tag (e.g., v0.1.5)
    • Workflow should succeed for all 5 targets

Acceptance Criteria

  • Cargo.toml updated to use rustls instead of native-tls
  • cargo tree shows no openssl-sys dependency
  • All validation passes (fmt, clippy, test)
  • Release workflow succeeds for all 5 targets
  • GitHub release created with 5 binaries + manifest
  • Binaries are verified to work on respective platforms

Related

Estimated Effort

  • Code change: 1 line (Cargo.toml)
  • Validation: 5 minutes
  • PR review/merge: depends on review cycle
  • Re-trigger release: create new tag → automatic

Total time: ~15 minutes of active work + review time

Priority

High — Automated releases are a key feature for distribution. Users expect pre-built binaries.

Labels

bug, release, cross-compilation, dependencies

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingrelease

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions