Windows: cargo install fails on openssl-sys (no system OpenSSL) #73

New issue

Open

opened 2026-05-23 20:55:30 +00:00 by coilysiren · 0 comments

coilysiren commented 2026-05-23 20:55:30 +00:00

Owner

Copy link

Originally filed by @coilysiren on 2026-04-29T01:58:19Z - https://github.com/coilysiren/repo-recall/issues/29

Repro

On a fresh Windows 11 box with Rust toolchain stable-x86_64-pc-windows-msvc and MSVC build tools installed:

```sh
cargo install --git https://github.com/coilysiren/repo-recall --tag v0.13.15 --locked
```

fails compiling `openssl-sys v0.9.114`:

Could not find directory of OpenSSL installation, and this `-sys` crate cannot proceed without this knowledge.

`vcpkg` not present, `OPENSSL_DIR` unset. Windows ships no system OpenSSL.

Workaround

`choco install openssl` (243 MB, needs admin), then `OPENSSL_DIR='C:\Program Files\OpenSSL-Win64'` in front of the cargo install. Works, but a 250 MB system-wide install with a UAC prompt is a real friction tax for what should be a single-binary tool.

Root cause

`web-push 0.10` (the only TLS-touching dep, used for the opt-in PWA push deliveries) defaults to native TLS, which on Windows means linking against a system OpenSSL that doesn't exist by default.

Suggested fix

Switch `web-push` to a rustls-backed configuration so the build is hermetic on all three OSes. Two routes worth exploring:

1. `web-push` itself has feature flags for the HTTP client backend (`isahc-client` default vs `hyper-client`). The `hyper-client` path can be paired with a rustls connector and skip OpenSSL entirely. Worth checking whether that combo is exposed cleanly through web-push's feature surface or needs a small wrapper.
2. If web-push's surface doesn't make this clean, consider `web-push-native` or rolling the FCM POST directly with `reqwest` + `rustls-tls` (already implicit elsewhere in the stack).

Either way, the goal is `cargo install --git ... --locked` working cold on Windows with no system deps. Same hermetic build that `rusqlite`'s `bundled` feature already gives us for SQLite.

Adjacent: README install path on Windows

Once cargo install works hermetically, the README's "Install via Homebrew" section is the only documented packaged path. A short Windows section pointing at `cargo install` (and noting `brew services` doesn't translate, NSSM/Task Scheduler are the equivalents) would help. Happy to take that as a follow-up once the rustls swap lands.

_Originally filed by @coilysiren on 2026-04-29T01:58:19Z - [https://github.com/coilysiren/repo-recall/issues/29](https://github.com/coilysiren/repo-recall/issues/29)_ ## Repro On a fresh Windows 11 box with Rust toolchain `stable-x86_64-pc-windows-msvc` and MSVC build tools installed: \`\`\`sh cargo install --git https://github.com/coilysiren/repo-recall --tag v0.13.15 --locked \`\`\` fails compiling \`openssl-sys v0.9.114\`: > Could not find directory of OpenSSL installation, and this \`-sys\` crate cannot proceed without this knowledge. \`vcpkg\` not present, \`OPENSSL_DIR\` unset. Windows ships no system OpenSSL. ## Workaround \`choco install openssl\` (243 MB, needs admin), then \`OPENSSL_DIR='C:\Program Files\OpenSSL-Win64'\` in front of the cargo install. Works, but a 250 MB system-wide install with a UAC prompt is a real friction tax for what should be a single-binary tool. ## Root cause \`web-push 0.10\` (the only TLS-touching dep, used for the opt-in PWA push deliveries) defaults to native TLS, which on Windows means linking against a system OpenSSL that doesn't exist by default. ## Suggested fix Switch \`web-push\` to a rustls-backed configuration so the build is hermetic on all three OSes. Two routes worth exploring: 1. \`web-push\` itself has feature flags for the HTTP client backend (\`isahc-client\` default vs \`hyper-client\`). The \`hyper-client\` path can be paired with a rustls connector and skip OpenSSL entirely. Worth checking whether that combo is exposed cleanly through web-push's feature surface or needs a small wrapper. 2. If web-push's surface doesn't make this clean, consider \`web-push-native\` or rolling the FCM POST directly with \`reqwest\` + \`rustls-tls\` (already implicit elsewhere in the stack). Either way, the goal is \`cargo install --git ... --locked\` working cold on Windows with no system deps. Same hermetic build that \`rusqlite\`'s \`bundled\` feature already gives us for SQLite. ## Adjacent: README install path on Windows Once cargo install works hermetically, the README's "Install via Homebrew" section is the only documented packaged path. A short Windows section pointing at \`cargo install\` (and noting \`brew services\` doesn't translate, NSSM/Task Scheduler are the equivalents) would help. Happy to take that as a follow-up once the rustls swap lands.

coilysiren added the

P3

label 2026-05-31 01:54:58 +00:00

coilysiren added

P4

and removed

P3

labels 2026-05-31 07:01:08 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

action-required-mine

mcp-app-rewrite

v0.45.0

v0.44.0

v0.43.0

v0.42.2

v0.42.1

v0.42.0

v0.41.1

v0.41.0

v0.40.7

v0.40.6

v0.40.5

v0.40.4

v0.40.3

v0.40.2

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.0

v0.34.0

v0.33.1

v0.33.0

v0.32.3

v0.32.2

v0.32.1

v0.32.0

v0.31.1

v0.31.0

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.56

v0.29.55

v0.29.54

v0.29.53

v0.29.52

v0.29.51

v0.29.50

v0.29.49

v0.29.48

v0.29.47

v0.29.46

v0.29.45

v0.29.44

v0.29.43

v0.29.42

v0.29.41

v0.29.40

v0.29.39

v0.29.38

v0.29.37

v0.29.36

v0.29.35

v0.29.34

v0.29.33

v0.29.32

v0.29.31

v0.29.30

v0.29.29

v0.29.28

v0.29.27

v0.29.26

v0.29.25

v0.29.24

v0.29.23

v0.29.22

v0.29.21

v0.29.20

v0.29.19

v0.29.18

v0.29.17

v0.29.16

v0.29.15

v0.29.14

v0.29.13

v0.29.12

v0.29.11

v0.29.10

v0.29.9

v0.29.8

v0.29.7

v0.29.6

v0.29.5

v0.29.4

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.36

v0.28.35

v0.28.34

v0.28.33

v0.28.32

v0.28.31

v0.28.30

v0.28.29

v0.28.28

v0.28.27

v0.28.26

v0.28.25

v0.28.24

v0.28.23

v0.28.22

v0.28.21

v0.28.20

v0.28.19

v0.28.18

v0.28.17

v0.28.16

v0.28.15

v0.28.14

v0.28.13

v0.28.12

v0.28.11

v0.28.10

v0.28.9

v0.28.8

v0.28.7

v0.28.6

v0.28.5

v0.28.4

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27.0

v0.26.1

v0.26.0

v0.25.1

v0.25.0

v0.24.0

v0.23.1

v0.23.0

v0.22.3

v0.22.2

v0.22.1

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.0

v0.14.1

v0.14.0

v0.13.15

v0.13.14

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.9

v0.12.8

v0.12.7

v0.12.6

v0.12.5

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.0

v0.8.0

v0.7.0

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-flight-deck/repo-recall#73

No description provided.