Closed approximate closed 1 year ago
You should be able to build it without too much trouble. I added -static -DOPENSSL_API_COMPAT=0x30000000L
to CXXFLAGS
, and a static binary was produced.
❯ ldd git-crypt
not a dynamic executable
The OPENSSL_API_COMPAT
bit came from: https://github.com/AGWA/git-crypt/issues/232 as a work around for building with a new OpenSSL. I built this on an RPi running Ubuntu 22.04, just because it was convenient.
Thank you for the response! It worked quite well for us: we ended up having our own cloned repo, and auto-building/publishing the static binary for the rest of our tooling to use.
I'm getting this error when I try:
$ CXXFLAGS='-Wall -pedantic -Wno-long-long -O2 -static -DOPENSSL_API_COMPAT=0x30000000L' make
g++ -Wall -pedantic -Wno-long-long -O2 -static -DOPENSSL_API_COMPAT=0x30000000L -std=c++11 -c -o crypto-openssl-11.o crypto-openssl-11.cpp
crypto-openssl-11.cpp: In function ‘void init_crypto()’:
crypto-openssl-11.cpp:49:2: error: ‘ERR_load_crypto_strings’ was not declared in this scope; did you mean ‘ERR_load_ERR_strings’?
49 | ERR_load_crypto_strings();
| ^~~~~~~~~~~~~~~~~~~~~~~
| ERR_load_ERR_strings
make: *** [<builtin>: crypto-openssl-11.o] Error 1
Am I missing dependencies?
First off, thanks for the awesome tool!
Would it be possible to provide a statically-linked
git-crypt
release, maybe in addition to existing releases?We're using
git-crypt
in our containerized CI/CD pipelines, and we prefer to use slimmer images (alpine
,busybox
or*-slim
variants). They usually require some extra packages in order to makegit-crypt
work, and some of those packages aren't even available in the official repos - e.g. latest Ubuntu doesn't have libssl1.1 that provideslibcrypto.so.1.1
, so I had to get that package from Debian security update repos.Another situation where the statically-linked version is very useful: our hosting provider doesn't let us install any packages, but we would like to use
git-crypt
to manage local deployment configuration synced to master repo on our VCS. Withoutgit-crypt
we either have to keep secrets in plaintext and manage them using file permissions (our current setup), or ask the hosting provider to redesign their deployment process (with very slim changes of that happening). I realize that our current situation is suboptimal, but havinggit-crypt
that can simply be dropped on a box and executed without and extra fiddling would be perfect.