Fix: build libcurl with --with-secure-transport on macOS [INS-3359]#23
Fix: build libcurl with --with-secure-transport on macOS [INS-3359]#23
--with-secure-transport on macOS [INS-3359]#23Conversation
notjaywu
changed the title
--with-secure-transport on macOS [INS-3359]
| # ssl | ||
| #### | ||
| if [ ! -z "$OPENSSL_BUILD_FOLDER" ]; then | ||
| if [ "${RUNNER_OS}" == "macOS" ]; then |
There was a problem hiding this comment.
I wonder why we do this only for MacOS, and not only for Linux and Windows?
There was a problem hiding this comment.
According to the information from curl doc, Secure Transport is the native implementation of TLS on macOS. It can read the keychain on macOS correctly, but OpenSSL can NOT.
There was a problem hiding this comment.
I will check if this issue also happens on Windows and Linux tomorrow.
| - name: Publish binary | ||
| if: startsWith(github.ref, 'refs/tags/') | ||
| run: | | ||
| pip install setuptools |
There was a problem hiding this comment.
The reason why it runs pip install setuptools is because it will fail to run node-libcurl/node_modules/node-gyp/gyp/gyp_main.py without this step.
You can get more details here build error
There was a problem hiding this comment.
The error is ModuleNotFoundError: No module named 'distutils'
It would appear distutils was deprecated in python 3.10 https://peps.python.org/pep-0632/
So this error is consistent with the github action ambient version being 3.12 or above.
Its worth mentioning that this step only fails on macos
|
Is this tested with and without custom CA certificate? |
4 participants
OpenSSLas the implementation of TLS for all OS, but it will fail to read the keychain on macOS.SecureTransportis the native implementation of TLS on macOS, so we should buildlibcurlwith the--with-secure-transportoption.