runtime: Segmentation fault on dotnet restore on Debian
Steps to reproduce
% mkdir /tmp/dotnet
% cd /tmp/dotnet
% wget https://dotnetcli.blob.core.windows.net/dotnet/Sdk/rel-1.0.0/dotnet-dev-debian-x64.latest.tar.gz
% tar xf dotnet-dev-debian-x64.latest.tar.gz
% ls
dotnet dotnet-dev-debian-x64.latest.tar.gz host LICENSE.txt sdk shared ThirdPartyNotices.txt
% mkdir prj
% cd prj
% ../dotnet new
Created new C# project in /tmp/dotnet/prj.
% ../dotnet restore
log : Restoring packages for /tmp/dotnet/prj/project.json...
zsh: segmentation fault ../dotnet restore
Expected behavior
dotnet restore should succeed
Actual behavior
dotnet restore doesn’t download or do anything.
Environment data
dotnet --info output:
.NET Command Line Tools (1.0.0-preview3-003892)
Product Information:
Version: 1.0.0-preview3-003892
Commit SHA-1 hash: 5301f08423
Runtime Environment:
OS Name: debian
OS Version:
OS Platform: Linux
RID: debian.8-x64
Cause of this problem
There are two different versions of libssl linked. Maybe the build happend in an unclean environment or it the package got incrementally built.
/tmp/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Net.Http.Native.so:
libssl.so.1.0.2 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2 (0x00007f563d13c000)
/tmp/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.so:
libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fe6caf4b000)
% LD_DEBUG=bindings /tmp/dotnet/dotnet restore 2>&1 >/dev/null |grep \`X509_verify_cert"'\|STORE_CTX_init'"
4799: binding file /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2 [0] to /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 [0]: normal symbol `X509_STORE_CTX_init' [OPENSSL_1.0.2d]
4799: binding file /tmp/dotnet/shared/Microsoft.NETCore.App/1.0.1/System.Security.Cryptography.Native.so [0] to /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 [0]: normal symbol `X509_verify_cert' [OPENSSL_1.0.0]
zsh: segmentation fault LD_DEBUG=bindings /tmp/dotnet/dotnet restore 2>&1 > /dev/null |
% gdb --args /tmp/dotnet/dotnet restore
Reading symbols from /tmp/dotnet/dotnet...(no debugging symbols found)...done.
(gdb) r
Starting program: /tmp/dotnet/dotnet restore
log : Restoring packages for /mnt/other/Alex-Projekt/src/web/project.json...
Thread 14 "dotnet" received signal SIGSEGV, Segmentation fault.
0x00007fffe24a235d in trust_1oidany (trust=0x7fffe2789e10 <trstandard+80>, x=0x7fff3802b240, flags=0) at x509_trs.c:270
270 x509_trs.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0 0x00007fffe24a235d in trust_1oidany (trust=0x7fffe2789e10 <trstandard+80>, x=0x7fff3802b240, flags=0) at x509_trs.c:270
dotnet/core-setup#1 0x00007fffe249c19c in check_trust (ctx=0x7fff5cfa8ee0) at x509_vfy.c:923
dotnet/core-setup#2 X509_verify_cert (ctx=<optimized out>) at x509_vfy.c:381
dotnet/core-setup#3 0x00007fff7cf546f5 in ?? ()
dotnet/core-setup#4 0x00007fff5cfa8ca0 in ?? ()
dotnet/core-setup#5 0xbafbcb4b7ab40f52 in ?? ()
dotnet/core-setup#6 0x0000000006042606 in ?? ()
dotnet/core-setup#7 0x00007ffff67d7f90 in vtable for InlinedCallFrame () from /tmp/dotnet/shared/Microsoft.NETCore.App/1.0.1/libcoreclr.so
dotnet/core-setup#8 0x00007fff5cfa95e8 in ?? ()
dotnet/core-setup#9 0x00007fff7d7082f0 in ?? ()
dotnet/core-setup#10 0x00007fff7d7082f0 in ?? ()
(gdb) up
dotnet/core-setup#1 0x00007fffe249c19c in check_trust (ctx=0x7fff5cfa8ee0) at x509_vfy.c:923
923 x509_vfy.c: Datei oder Verzeichnis nicht gefunden.
(gdb) p ctx->get_issuer
$2 = (int (*)(X509 **, X509_STORE_CTX *, X509 *)) 0x7fff5fd0a630 <X509_STORE_CTX_get1_issuer>
(gdb) i sy X509_STORE_CTX_get1_issuer
X509_STORE_CTX_get1_issuer in section .text of /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(gdb) p X509_STORE_CTX_get1_issuer
$3 = {int (X509 **, X509_STORE_CTX *, X509 *)} 0x7fffe24a1020 <X509_STORE_CTX_get1_issuer>
(gdb) br X509_STORE_CTX_get1_issuer
Breakpoint 1 at 0x7fff5fd0a630: X509_STORE_CTX_get1_issuer. (2 locations)
(gdb) i br
Num Type Disp Enb Address What
1 breakpoint keep y <MULTIPLE>
1.1 y 0x00007fff5fd0a630 in X509_STORE_CTX_get1_issuer at x509_lu.c:612
1.2 y 0x00007fffe24a1020 in X509_STORE_CTX_get1_issuer at x509_lu.c:612
As you can see, the function get_issuer in the context X509_STORE_CTX is not from the code segment of the libssl1.0.0 which is used for X509_verify_cert.
Solution
Rebuild System.Security.Cryptography.Native.so with libssl1.0.2.
% git https://github.com/dotnet/corefx
% cd src/Native
% ./build-native.sh release
% cp ../../bin/Linux.x64.Release/Native/System.Security.Cryptography.Native.so /tmp/dotnet/shared/Microsoft.NETCore.App/1.0.1/
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 16 (9 by maintainers)
Here’s what I did to fix dotnet on Debian unstable (sid)
sudo dotnet-install.sh -Version 2.0.0-preview1-005791 --verbose -InstallDir /opt/dotnetfind /opt/dotnet -name '*.so' -type f -print | xargs ldd | grep 'not found'to see if you are missing any librariesliblldb.so. I installedliblldb-3.7and then linked the library to/usr/lib/x86_64-linux-gnu/liblldb.sodotnet restorewould segfault, apparently because dotnet depends on old versions of libcurl3 as discussed here.apt-get update, and then runningapt-get install libcurl3=7.38.0-4+deb8u5 libcurl4-openssl-dev=7.38.0-4+deb8u5Since this came up high in search results when encountering the same problem, I’m on Debian testing at the time of writing, and I had that segault triggered by the sheer presence of an old
libssl1.0.0package on my system. Removing that in favour of thelibssl1.0.2package let thedotnettool run.This issue is misleading. It is indeed libssl1.0.0 library that is segfaulting, but on behalf of libcurl3 one. This is because dotnet depends on old versions of libcurl3 for some reason, at least in ubuntu 16.04/14.04 + debian8 packages.
apt-get install libcurl3=7.38.0-4+deb8u5 libcurl4-openssl-dev=7.38.0-4+deb8u5This fixes it. Grab any version from jessie and install it on testing/sid.