always use custom openssl for linux electron builds

nodegit · zawata · Nov 21, 2025 · Nov 19, 2025 · Nov 19, 2025 · Nov 20, 2025
commit c2962d5d3080c4e16cb107021daae7c0a6e9640d
diff --git a/generate/templates/templates/binding.gyp b/generate/templates/templates/binding.gyp
@@ -155,21 +155,28 @@
                 "-std=c++<(cxx_version)"
               ],
             }],
-            ["<(is_electron) == 1 and <(electron_openssl_static) == 1", {
+            ["<(is_electron) == 1", {
+              "conditions": [
+                ["<(electron_openssl_static) == 1", {
+                  "libraries": [
+                    "<(electron_openssl_root)/lib/libssl.a",
+                    "<(electron_openssl_root)/lib/libcrypto.a"
+                  ]
+                }],
+                ["<(electron_openssl_static) != 1", {
+                  "library_dirs": [
+                    "<(electron_openssl_root)/lib"
+                  ],
+                  "libraries": [
+                    "-lcrypto",
+                    "-lssl"
+                  ]
+                }]
+              ],
               "include_dirs": [
                 "<(electron_openssl_root)/include"
               ],
-              "libraries": [
-                "<(electron_openssl_root)/lib64/libssl.a",
-                "<(electron_openssl_root)/lib64/libcrypto.a"
-              ]
             }],
-            ["<(is_electron) == 1 and <(electron_openssl_static) != 1", {
-              "libraries": [
-                "-lcrypto",
-                "-lssl"
-              ]
-            }]
           ],
         }],
         [

diff --git a/guides/install/from-source/README.md b/guides/install/from-source/README.md
@@ -65,7 +65,7 @@ npm install nodegit --msvs_version=2013
 ```
 
 ### Electron and OpenSSL ###
-A local version of OpenSSL is required when building for Electron on Windows and macOS. This is due to Electron using BoringSSL, as we are not able to link to it like we are OpenSSL in Node. Additionally, OpenSSL can be statically linked on Linux by setting the `NODEGIT_OPENSSL_STATIC_LINK` environment variable to `1`.
+A local version of OpenSSL is required when building for Electron. This is due to Electron using BoringSSL, as we are not able to link to it like we are OpenSSL in Node.
 
 `acquireOpenSSL.js` will attempt to download OpenSSL prebuilts from S3. If preferred, it can also be built locally by setting the environment variable `npm_config_openssl_bin_url=skip`. On macOS, this should Just Work(tm). On Windows, things are a little trickier.
 

diff --git a/utils/acquireOpenSSL.mjs b/utils/acquireOpenSSL.mjs
@@ -152,20 +152,13 @@ const buildLinux = async (buildCwd) => {
 
   const configureArgs = [
     buildConfig,
-    // Electron(at least on centos7) imports the libcups library at runtime, which has a
-    // dependency on the system libssl/libcrypto which causes symbol conflicts and segfaults.
-    // To fix this we need to hide all the openssl symbols to prevent them from being overridden
-    // by the runtime linker.
-    // "-fvisibility=hidden",
-    // compile static libraries
-    "no-shared",
-    // disable ssl2, ssl3, and compression
-    "no-ssl2",
+    // disable ssl3, and compression
     "no-ssl3",
     "no-comp",
     // set install directory
     `--prefix="${extractPath}"`,
-    `--openssldir="${extractPath}"`
+    `--openssldir="${extractPath}"`,
+    "--libdir=lib",
   ];
   await execPromise(`./Configure ${configureArgs.join(" ")}`, {
     cwd: buildCwd
@@ -175,11 +168,13 @@ const buildLinux = async (buildCwd) => {
 
   // only build the libraries, not the fuzzer or apps
   await execPromise("make build_libs", {
-    cwd: buildCwd
+    cwd: buildCwd,
+    maxBuffer: 10 * 1024 * 1024
   }, { pipeOutput: true });
 
   await execPromise("make test", {
-    cwd: buildCwd
+    cwd: buildCwd,
+    maxBuffer: 10 * 1024 * 1024
   }, { pipeOutput: true });
 
   // only install software, not the docs
@@ -341,11 +336,6 @@ const buildOpenSSLIfNecessary = async ({
     return;
   }
 
-  if (process.platform === "linux" && process.env.NODEGIT_OPENSSL_STATIC_LINK !== "1") {
-    console.log(`Skipping OpenSSL build, NODEGIT_OPENSSL_STATIC_LINK !== 1`);
-    return;
-  }
-
   await removeOpenSSLIfOudated(openSSLVersion);
 
   try {
@@ -396,11 +386,6 @@ const downloadOpenSSLIfNecessary = async ({
     return;
   }
 
-  if (process.platform === "linux" && process.env.NODEGIT_OPENSSL_STATIC_LINK !== "1") {
-    console.log(`Skipping OpenSSL download, NODEGIT_OPENSSL_STATIC_LINK !== 1`);
-    return;
-  }
-
   try {
     await fs.stat(extractPath);
     console.log("Skipping OpenSSL download, dir exists");

diff --git a/vendor/libgit2.gyp b/vendor/libgit2.gyp
@@ -11,7 +11,6 @@
     "is_clang%": 0,
     "is_IBMi%": "<!(node -p \"os.platform() == 'aix' && os.type() == 'OS400' ? 1 : 0\")",
     "electron_openssl_root%": "<!(node ../utils/getElectronOpenSSLRoot.js <(module_root_dir))",
-    "electron_openssl_static%": "<!(node -p \"process.platform !== 'linux' || process.env.NODEGIT_OPENSSL_STATIC_LINK === '1' ? 1 : 0\")",
   },
   "targets": [
     {
@@ -238,7 +237,7 @@
         }],
         ["OS=='mac' or OS=='linux' or OS.endswith('bsd') or <(is_IBMi) == 1", {
           "conditions": [
-            ["<(is_electron) == 1 and <(electron_openssl_static) == 1", {
+            ["<(is_electron) == 1", {
               "dependencies": [
                 "./libssh2.gyp:acquireOpenSSL",
               ],
@@ -487,7 +486,7 @@
       "conditions": [
         ["OS=='mac' or OS=='linux' or OS.endswith('bsd') or <(is_IBMi) == 1", {
           "conditions": [
-            ["<(is_electron) == 1 and <(electron_openssl_static) == 1", {
+            ["<(is_electron) == 1", {
               "include_dirs": [
                 "<(electron_openssl_root)/include"
               ]
@@ -559,7 +558,7 @@
         }],
         ["OS=='linux'", {
           "conditions": [
-            ["<(is_electron) == 1 and <(electron_openssl_static) == 1", {
+            ["<(is_electron) == 1", {
               "include_dirs": ["<(electron_openssl_root)/include"]
             }]
           ],