记 Kylin 麒麟系统安全中心拦截导致 dotnet sdk 找不到 OpenSsl 构建失败
<p>错误信息如下</p><pre><code>System.TypeInitializationException: The type initializer for 'Crypto' threw an exception.
---> System.DllNotFoundException: Unable to load shared library 'libSystem.Security.Cryptography.Native.OpenSsl' or one of its dependencies. In order to help diagnose loading problems, consider using a tool like strace. If you're using glibc, consider setting the LD_DEBUG environment variable:
/home/lindexi/wzc/dotnet/shared/Microsoft.NETCore.App/8.0.7/libSystem.Security.Cryptography.Native.OpenSsl.so: failed to map segment from shared object
libSystem.Security.Cryptography.Native.OpenSsl.so: cannot open shared object file: No such file or directory
/home/lindexi/wzc/dotnet/shared/Microsoft.NETCore.App/8.0.7/liblibSystem.Security.Cryptography.Native.OpenSsl.so: cannot open shared object file: No such file or directory
/home/lindexi/wzc/dotnet/shared/Microsoft.NETCore.App/8.0.7/libSystem.Security.Cryptography.Native.OpenSsl: cannot open shared object file: No such file or directory
/home/lindexi/wzc/dotnet/shared/Microsoft.NETCore.App/8.0.7/liblibSystem.Security.Cryptography.Native.OpenSsl: cannot open shared object file: No such file or directory
at Interop.Crypto..cctor()
--- End of inner exception stack trace ---
at Interop.Crypto.HashAlgorithmToEvp(String hashAlgorithmId)
at System.Security.Cryptography.HashProviderDispenser.OneShotHashProvider.HashData(String hashAlgorithmId, ReadOnlySpan`1 source, Span`1 destination)
at System.Security.Cryptography.SHA256.TryHashData(ReadOnlySpan`1 source, Span`1 destination, Int32& bytesWritten)
at System.Security.Cryptography.SHA256.HashData(ReadOnlySpan`1 source, Span`1 destination)
at System.Security.Cryptography.SHA256.HashData(ReadOnlySpan`1 source)
at System.Security.Cryptography.SHA256.HashData(Byte[] source)
at Microsoft.DotNet.Cli.Utils.Sha256Hasher.Hash(String text)
at Microsoft.DotNet.Cli.Utils.Sha256Hasher.HashWithNormalizedCasing(String text)
at Microsoft.DotNet.Cli.Utils.ApplicationInsightsEntryFormat.<>c__DisplayClass10_0.<WithAppliedToPropertiesValue>b__1(KeyValuePair`2 p)
at System.Linq.Enumerable.ToDictionary(IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
at System.Linq.Enumerable.ToDictionary(IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector)
at Microsoft.DotNet.Cli.Utils.ApplicationInsightsEntryFormat.WithAppliedToPropertiesValue(Func`2 func)
at Microsoft.DotNet.Cli.Telemetry.TelemetryFilter.<Filter>b__3_0(ApplicationInsightsEntryFormat r)
at System.Linq.Enumerable.SelectListIterator`2.Fill(ReadOnlySpan`1 source, Span`1 destination, Func`2 func)
at System.Linq.Enumerable.SelectListIterator`2.ToList()
at Microsoft.DotNet.Cli.Telemetry.TelemetryFilter.Filter(Object objectToFilter)
at Microsoft.DotNet.Cli.Utils.TelemetryEventEntry.SendFiltered(Object o)
at Microsoft.DotNet.Cli.Program.ProcessArgs(String[] args, TimeSpan startupTime, ITelemetry telemetryClient)
at Microsoft.DotNet.Cli.Program.Main(String[] args)
</code></pre>
<p>尝试设置 <code>export LD_DEBUG=all</code> 命令寻找依赖,却没有看到有用的信息,能看到寻找信息如下</p>
<pre><code>binding file /lib/loongarch64-linux-gnu/libssl.so.1.1 to /lib/loongarch64-linux-gnu/libcrypto.so.1.1 : normal symbol `UINT32_it'
</code></pre>
<p>且能够在机器上找到此文件</p>
<pre><code>/lib/loongarch64-linux-gnu$ ls | grep libssl
libssl3.so
libssl.so.1.1
</code></pre>
<p>尝试使用 <code>LD_LIBRARY_PATH</code> 环境变量设置寻找路径,依然没有帮助,依然提示上述错误</p>
<p>尝试重新去龙芯官方下载 dotnet sdk 安装,也没有解决问题,下载地址: http://ftp.loongnix.cn/dotnet/8.0.7/8.0.7-1/deb/dotnet-sdk-8.0_8.0.107-1_loongarch64.deb</p>
<p>我甚至都开始怀疑是龙芯新旧世界的问题了,因为龙芯提供的 dotnet 是旧世界的,我跑的麒麟系统也是旧世界的。通过安同的文档可知,只需判断 <code>/lib64</code> 路径下是否只有 <code>ld.so.1</code> 文件即可知道是否旧世界的系统</p>
<pre><code>/lib64$ ls
ld.so.1
</code></pre>
<p>再使用 file 命令查看 dotnet 入口程序文件</p>
<pre><code>file dotnet
dotnet: ELF 64-bit LSB shared object, LoongArch-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld.so.1, for GNU/Linux 4.15.0, BuildID=b1631460420e1fb663d140cc85a9b39b7783f7f3, stripped
</code></pre>
<p>通过以上命令的 <code>interpreter /lib64/ld.so.1</code> 可以知道龙芯提供的 dotnet sdk 也是旧世界的。新世界的 dotnet 是在龙芯社区组织里面的,详细请看 https://github.com/loongson-community/dotnet-unofficial-build</p>
<p>以上这些推测都不正确,我后面在调试别的问题的时候,发现了麒麟系统的安全中心才发现了核心问题</p>
<p>核心原因是我是使用 ssh 远程过去的,麒麟系统的安全中心将我的 dotnet sdk 运行给拦截了,但是在 SSH 里面啥都没有提示,啥都没有看见</p>
<p>解决方法就是在实体机器上,插入显示器和键盘鼠标,再敲一次 dotnet build 命令,接着将弹出的安全中心的未授权程序都点允许</p>
<p>点击那会我忘记截图了,下图可见是在麒麟系统的通知栏上的内容</p>
<p><img src="https://img2024.cnblogs.com/blog/1080237/202508/1080237-20250810094929776-1490319928.png" alt="" loading="lazy"></p>
<p>点击允许之后,再次在远程的 ssh 里面执行 dotnet build 就都能通过了</p>
<p>如此证明龙芯提供的 dotnet sdk 是没有问题的。只是麒麟系统的安全中心在逗我</p>
<p>参考文档:</p>
<ul>
<li>Unable to load shared library 'libFabricCommon.so' or one of its dependencies. · Issue #1203 · microsoft/service-fabric-issues</li>
<li>https://github.com/loongson-community/dotnet-unofficial-build</li>
<li>新旧世界</li>
<li>http://ftp.loongnix.cn/dotnet/8.0.7/8.0.7-1/deb/dotnet-sdk-8.0_8.0.107-1_loongarch64.deb</li>
<li>我需要帮助,关于gcc的 - LA UOSC</li>
<li>The program cannot be started on Linux , Loongson, Arch · Issue #7747 · AvaloniaUI/Avalonia</li>
<li>https://github.com/shushanhf/runtime</li>
<li>Add LoongArch64 architecture port · Issue #59561 · dotnet/runtime</li>
<li>https://nuget.loongnix.cn/packages/Microsoft.NETCore.App.Runtime.linux-loongarch64</li>
<li>LoongArch & Avalonia</li>
<li>常见问题(FAQ) · 文档</li>
<li>在LoongArch Loongnix开发C#的问题 - LA UOSC</li>
<li>The unofficial yet comprehensive FAQ for LoongArch (last updated 2022-11-23) write(2)</li>
<li> A plan for amending the LoongArch64‘s port · Issue #69705 · dotnet/runtime</li>
</ul>
<p>其他拦截问题请看: dotnet 记龙芯麒麟教育版安全中心拦截文件 导致 docker 内 CI CD 构建失败</p>
</div>
<div id="MySignature" role="contentinfo">
<p>博客园博客只做备份,博客发布就不再更新,如果想看最新博客,请访问 https://blog.lindexi.com/</p>
<p>如图片看不见,请在浏览器开启不安全http内容兼容</p>
<img alt="知识共享许可协议" style="border-width: 0" src="https://licensebuttons.net/l/by-nc-sa/4.0/88x31.png"><br>本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。欢迎转载、使用、重新发布,但务必保留文章署名[林德熙](https://www.cnblogs.com/lindexi)(包含链接:https://www.cnblogs.com/lindexi ),不得用于商业目的,基于本文修改后的作品务必以相同的许可发布。如有任何疑问,请与我[联系](mailto:lindexi_gd@163.com)。<br><br>
来源:https://www.cnblogs.com/lindexi/p/18514833
頁:
[1]