On 1/2/2025 10:59 PM, Viktor Dukhovni wrote:
Unfortunately, that can't trivially work for OpenSSL, because
architecture-specific assembly targets are included in the build. You'd
need to build *both* the ARM *and* X86_64 assembly targets, invoking the
appropriate assembler on each one, and producing either object code for
that particular platform for inclusion in the "fat" binary, or somehow
producting a "fat" objec that is "empty" for one of the targets.
How to do that, requires more detailed knowledge of fat binaries than I
can muster.
To create a fat binary on macOS, you need to use lipo command to combine
both x64 and arm64 libraries that must be built separately as Viktor
explained:
lipo -create -output libcrypto.dylib libcrypto.dylib.x64
libcrypto.dylib.arm64
We have a script that automates this process. It fetches the OpenSSL
tarball from GitHub, performs separate x64 and arm64 builds, invokes
lipo, updates the install_name and handles code signing. The script is
too long to include here so I’ve shared it as a GitHub gist:
https://gist.github.com/idrassi/cf4ef1a81f9bb5b7d7b3e8382b942665
Take a look at the function lipo_dylib that calls lipo:
-----------------------------------------------------------------
lipo_dylib() {
local lib_name="\$1"
local src_x86_64="${INSTALL_PREFIX_X86_64}/lib/${lib_name}"
local src_arm64="${INSTALL_PREFIX_ARM64}/lib/${lib_name}"
local dest="${INSTALL_PREFIX_UNIVERSAL}/lib/${lib_name}"
if [[ -f "${src_x86_64}" && -f "${src_arm64}" ]]; then
echo "Creating universal binary for ${lib_name}..."
lipo -create -output "${dest}" "${src_x86_64}" "${src_arm64}"
# Use install_name_tool to set the correct install_name
echo "Updating install_name for ${lib_name}..."
install_name_tool -id "${INSTALL_PATH}/lib/${lib_name}"
"${dest}" || {
echo "Failed to update install_name for ${lib_name}"
exit 1
}
# If libssl depends on libcrypto, update the dependency path
if [[ "${lib_name}" == "libssl.3.dylib" ]]; then
echo "Updating dependency of libssl.3.dylib to point to
${INSTALL_PATH}/lib/libcrypto.3.dylib..."
install_name_tool -change
"/tmp/openssl_x86_64/lib/libcrypto.3.dylib"
"${INSTALL_PATH}/lib/libcrypto.3.dylib" "${dest}" || {
echo "Failed to update libssl.3.dylib dependency for
x86_64"
exit 1
}
install_name_tool -change
"/tmp/openssl_arm64/lib/libcrypto.3.dylib"
"${INSTALL_PATH}/lib/libcrypto.3.dylib" "${dest}" || {
echo "Failed to update libssl.3.dylib dependency for
arm64"
exit 1
}
fi
else
echo "Error: Missing ${lib_name} for one or both architectures."
exit 1
fi
}
--------------------
Mounir IDRASSI
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/30a11935-2688-44f8-86e2-52d48462f3f6%40idrix.net.