search

dotnet / source-build

A repository to track efforts to produce a source tarball of the .NET Core SDK and all its components
MIT License
265 stars 132 forks source link

VMR Codespace build fails for aspnetcore #4771

Open ViktorHofer opened 9 hours ago

ViktorHofer commented 9 hours ago

When building the VMR from a GH codespace with ./build.sh --clean-while-building -bl the builds fails for the aspnetcore repo:

    Restored /workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj (in 2.95 sec).
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error : Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:03000098:digital envelope routines::invalid digest [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Interop.Crypto.RsaSignHash(SafeEvpPKeyHandle pkey, RSASignaturePaddingMode paddingMode, HashAlgorithmName digestAlgorithm, ReadOnlySpan`1 hash, Span`1 destination) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at System.Security.Cryptography.RSAOpenSsl.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.SigningUtilities.CalculateRsaSignature(IEnumerable`1 content, RSAParameters privateKey) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.DesktopStrongNameProvider.<>c__DisplayClass12_0.<SignBuilder>b__0(IEnumerable`1 content) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at System.Reflection.PortableExecutable.PEBuilder.Sign(BlobBuilder peImage, Blob strongNameSignatureFixup, Func`2 signatureProvider) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.Cci.PeWriter.WritePeToStream(EmitContext context, CommonMessageProvider messageProvider, Func`1 getPeStream, Func`1 getPortablePdbStreamOpt, PdbWriter nativePdbWriterOpt, String pdbPathOpt, Boolean metadataOnly, Boolean isDeterministic, Boolean emitTestCoverageData, Nullable`1 privateKeyOpt, CancellationToken cancellationToken) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.Compilation.SerializePeToStream(CommonPEModuleBuilder moduleBeingBuilt, DiagnosticBag metadataDiagnostics, CommonMessageProvider messageProvider, Func`1 getPeStream, Func`1 getMetadataPeStreamOpt, Func`1 getPortablePdbStreamOpt, PdbWriter nativePdbWriterOpt, String pdbPathOpt, RebuildData rebuildData, Boolean metadataOnly, Boolean includePrivateMembers, Boolean isDeterministic, Boolean emitTestCoverageData, Nullable`1 privateKeyOpt, CancellationToken cancellationToken) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.Compilation.SerializeToPeStream(CommonPEModuleBuilder moduleBeingBuilt, EmitStreamProvider peStreamProvider, EmitStreamProvider metadataPEStreamProvider, EmitStreamProvider pdbStreamProvider, RebuildData rebuildData, Func`2 testSymWriterFactory, DiagnosticBag diagnostics, EmitOptions emitOptions, Nullable`1 privateKeyOpt, CancellationToken cancellationToken) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CommonCompiler.CompileAndEmit(TouchedFileLogger touchedFilesLogger, Compilation& compilation, ImmutableArray`1 analyzers, ImmutableArray`1 generators, ImmutableArray`1 additionalTextFiles, AnalyzerConfigSet analyzerConfigSet, ImmutableArray`1 sourceFileAnalyzerConfigOptions, ImmutableArray`1 embeddedTexts, DiagnosticBag diagnostics, ErrorLogger errorLogger, CancellationToken cancellationToken, CancellationTokenSource& analyzerCts, AnalyzerDriver& analyzerDriver, Nullable`1& generatorTimingInfo) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CommonCompiler.RunCore(TextWriter consoleOutput, ErrorLogger errorLogger, CancellationToken cancellationToken) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CommonCompiler.Run(TextWriter consoleOutput, CancellationToken cancellationToken) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CSharp.CommandLine.Csc.<>c__DisplayClass1_0.<Run>b__0(TextWriter tw) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CSharp.CommandLine.Csc.Run(String[] args, BuildPaths buildPaths, TextWriter textWriter, IAnalyzerAssemblyLoader analyzerLoader) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CommandLine.BuildClient.RunCompilation(IEnumerable`1 originalArguments, BuildPaths buildPaths, TextWriter textWriter, String pipeName) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CommandLine.BuildClient.Run(IEnumerable`1 arguments, RequestLanguage language, CompileFunc compileFunc, CompileOnServerFunc compileOnServerFunc, ICompilerServerLogger logger) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CSharp.CommandLine.Program.MainCore(String[] args) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]
  /workspaces/dotnet/.dotnet/sdk/10.0.100-alpha.1.24555.54/Roslyn/Microsoft.CSharp.Core.targets(89,5): error :    at Microsoft.CodeAnalysis.CSharp.CommandLine.Program.Main(String[] args) [/workspaces/dotnet/src/aspnetcore/eng/tools/RepoTasks/RepoTasks.csproj::TargetFramework=net10.0]

Apparently there's a long discussion about this in https://github.com/dotnet/runtime/issues/65874. @tmds mentioned in the last post:

update the build on all source-built repos so they work without setting OPENSSL_ENABLE_SHA1_SIGNATURES=1

I'm not sure what that exactly means. @tmds can you please elaborate?

dotnet-issue-labeler[bot] commented 9 hours ago

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

dotnet-issue-labeler[bot] commented 9 hours ago

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

tmds commented 9 hours ago

update the build on all source-built repos so they work without setting OPENSSL_ENABLE_SHA1_SIGNATURES=1

Because SHA1 is insecure, on some systems OpenSSL disallows it. Setting the OPENSSL_ENABLE_SHA1_SIGNATURES=1 makes OpenSSL allow the signature.

Based on https://github.com/dotnet/runtime/issues/65874#issuecomment-1051052527 my understanding is that we don't need the (strong naming) SHA1 signatures when source-building .NET.

If we update the repos so they don't use the SHA1 signatures, setting OPENSSL_ENABLE_SHA1_SIGNATURES=1 will no longer be needed.

ViktorHofer commented 9 hours ago

If we update the repos so they don't use the SHA1 signatures

Sorry for my ignorance but what does that exactly mean?

tmds commented 9 hours ago

Sorry for my ignorance but what does that exactly mean?

My understanding is that it means: not doing the strong naming in source-build configuration.

ViktorHofer commented 9 hours ago

cc @mmitche @MichaelSimons

tmds commented 8 hours ago

Note that we can build the entire runtime repo without having to set OPENSSL_ENABLE_SHA1_SIGNATURES=1 which makes me assume it is doable for other repos too.

ViktorHofer commented 8 hours ago

The build from the top post failed when doing a non-source-only build. I don't think this should be tied to source-build.

tmds commented 8 hours ago

You may still want to do the strong naming for non-source build, I am not sure.