記 Kylin 麒麟系統安全中心攔截導致 dotnet sdk 找不到 OpenSsl 構建失敗

錯誤資訊如下

System.TypeInitializationException: The type initializer for 'Crypto' threw an exception.
 ---> System.DllNotFoundException: Unable to load shared library 'libSystem.Security.Cryptography.Native.OpenSsl' or one of its dependencies. In order to help diagnose loading problems, consider using a tool like strace. If you're using glibc, consider setting the LD_DEBUG environment variable:
/home/lindexi/wzc/dotnet/shared/Microsoft.NETCore.App/8.0.7/libSystem.Security.Cryptography.Native.OpenSsl.so: failed to map segment from shared object
libSystem.Security.Cryptography.Native.OpenSsl.so: cannot open shared object file: No such file or directory
/home/lindexi/wzc/dotnet/shared/Microsoft.NETCore.App/8.0.7/liblibSystem.Security.Cryptography.Native.OpenSsl.so: cannot open shared object file: No such file or directory
/home/lindexi/wzc/dotnet/shared/Microsoft.NETCore.App/8.0.7/libSystem.Security.Cryptography.Native.OpenSsl: cannot open shared object file: No such file or directory
/home/lindexi/wzc/dotnet/shared/Microsoft.NETCore.App/8.0.7/liblibSystem.Security.Cryptography.Native.OpenSsl: cannot open shared object file: No such file or directory

   at Interop.Crypto..cctor()
   --- End of inner exception stack trace ---
   at Interop.Crypto.HashAlgorithmToEvp(String hashAlgorithmId)
   at System.Security.Cryptography.HashProviderDispenser.OneShotHashProvider.HashData(String hashAlgorithmId, ReadOnlySpan`1 source, Span`1 destination)
   at System.Security.Cryptography.SHA256.TryHashData(ReadOnlySpan`1 source, Span`1 destination, Int32& bytesWritten)
   at System.Security.Cryptography.SHA256.HashData(ReadOnlySpan`1 source, Span`1 destination)
   at System.Security.Cryptography.SHA256.HashData(ReadOnlySpan`1 source)
   at System.Security.Cryptography.SHA256.HashData(Byte[] source)
   at Microsoft.DotNet.Cli.Utils.Sha256Hasher.Hash(String text)
   at Microsoft.DotNet.Cli.Utils.Sha256Hasher.HashWithNormalizedCasing(String text)
   at Microsoft.DotNet.Cli.Utils.ApplicationInsightsEntryFormat.<>c__DisplayClass10_0.<WithAppliedToPropertiesValue>b__1(KeyValuePair`2 p)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector)
   at Microsoft.DotNet.Cli.Utils.ApplicationInsightsEntryFormat.WithAppliedToPropertiesValue(Func`2 func)
   at Microsoft.DotNet.Cli.Telemetry.TelemetryFilter.<Filter>b__3_0(ApplicationInsightsEntryFormat r)
   at System.Linq.Enumerable.SelectListIterator`2.Fill(ReadOnlySpan`1 source, Span`1 destination, Func`2 func)
   at System.Linq.Enumerable.SelectListIterator`2.ToList()
   at Microsoft.DotNet.Cli.Telemetry.TelemetryFilter.Filter(Object objectToFilter)
   at Microsoft.DotNet.Cli.Utils.TelemetryEventEntry.SendFiltered(Object o)
   at Microsoft.DotNet.Cli.Program.ProcessArgs(String[] args, TimeSpan startupTime, ITelemetry telemetryClient)
   at Microsoft.DotNet.Cli.Program.Main(String[] args)

嘗試設定 export LD_DEBUG=all 命令尋找依賴，卻沒有看到有用的資訊，能看到尋找資訊如下

binding file /lib/loongarch64-linux-gnu/libssl.so.1.1 [0] to /lib/loongarch64-linux-gnu/libcrypto.so.1.1 [0]: normal symbol `UINT32_it' [OPENSSL_1_1_0f]

且能夠在機器上找到此檔案

/lib/loongarch64-linux-gnu$ ls | grep libssl
libssl3.so
libssl.so.1.1

嘗試使用 LD_LIBRARY_PATH 環境變數設定尋找路徑，依然沒有幫助，依然提示上述錯誤

嘗試重新去龍芯官方下載 dotnet sdk 安裝，也沒有解決問題，下載地址： http://ftp.loongnix.cn/dotnet/8.0.7/8.0.7-1/deb/dotnet-sdk-8.0_8.0.107-1_loongarch64.deb

我甚至都開始懷疑是龍芯新舊世界的問題了，因為龍芯提供的 dotnet 是舊世界的，我跑的麒麟系統也是舊世界的。透過安同的文件可知，只需判斷 /lib64 路徑下是否只有 ld.so.1 檔案即可知道是否舊世界的系統

/lib64$ ls
ld.so.1

再使用 file 命令檢視 dotnet 入口程式檔案

file dotnet
dotnet: ELF 64-bit LSB shared object, LoongArch-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld.so.1, for GNU/Linux 4.15.0, BuildID[sha1]=b1631460420e1fb663d140cc85a9b39b7783f7f3, stripped

透過以上命令的 interpreter /lib64/ld.so.1 可以知道龍芯提供的 dotnet sdk 也是舊世界的。新世界的 dotnet 是在龍芯社群組織裡面的，詳細請看 https://github.com/loongson-community/dotnet-unofficial-build

以上這些推測都不正確，我後面在除錯別的問題的時候，發現了麒麟系統的安全中心才發現了核心問題

核心原因是我是使用 ssh 遠端過去的，麒麟系統的安全中心將我的 dotnet sdk 執行給攔截了，但是在 SSH 裡面啥都沒有提示，啥都沒有看見

解決方法就是在實體機器上，插入顯示器和鍵盤滑鼠，再敲一次 dotnet build 命令，接著將彈出的安全中心的未授權程式都點允許

點選那會我忘記截圖了，下圖可見是在麒麟系統的通知欄上的內容

點選允許之後，再次在遠端的 ssh 裡面執行 dotnet build 就都能透過了

如此證明龍芯提供的 dotnet sdk 是沒有問題的。只是麒麟系統的安全中心在逗我

參考文件：

• Unable to load shared library 'libFabricCommon.so' or one of its dependencies. · Issue #1203 · microsoft/service-fabric-issues
• https://github.com/loongson-community/dotnet-unofficial-build
• 新舊世界
• http://ftp.loongnix.cn/dotnet/8.0.7/8.0.7-1/deb/dotnet-sdk-8.0_8.0.107-1_loongarch64.deb
• 我需要幫助，關於gcc的 - LA UOSC
• The program cannot be started on Linux , Loongson, Arch · Issue #7747 · AvaloniaUI/Avalonia
• https://github.com/shushanhf/runtime
• Add LoongArch64 architecture port · Issue #59561 · dotnet/runtime
• https://nuget.loongnix.cn/packages/Microsoft.NETCore.App.Runtime.linux-loongarch64
• LoongArch & Avalonia
• 常見問題(FAQ) · 文件
• 在LoongArch Loongnix開發C#的問題 - LA UOSC
• The unofficial yet comprehensive FAQ for LoongArch (last updated 2022-11-23) write(2)
• [LoongArch64] A plan for amending the LoongArch64‘s port · Issue #69705 · dotnet/runtime