Skip to content

Commit

Permalink
chore(loongapps): batch update
Browse files Browse the repository at this point in the history
  • Loading branch information
@MingcongBai
MingcongBai committed Mar 8, 2024
1 parent 9018a68 commit ca71baf
Show file tree
Hide file tree
Showing 16 changed files with 228 additions and 1 deletion.
22 changes: 22 additions & 0 deletions content/docs/apps/loongapps/1108.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,26 @@ updateTime: "2022-07-14T15:42:13"
debName: "http://113.24.212.22:8090/upload/file/com.xylink.linuxclient_1.0.0.3102-20220120_1139_loongarch64.deb"
debSize: "93.1MB"
command: "/opt/apps/com.xylink.linuxclient/files/xylinkmeetapp.sh %u"
compatility: 2
---

{{< issue "内包 GLib 库可能导致启动失败" >}}

小鱼易连内包的 GLib 库 (`libgmodule`) 与系统库存在兼容问题,可能启动失败。终端启动时报告如下问题:

```
xylinkmeetapp: symbol lookup error: /usr/lib/libgio-2.0.so.0: undefined symbol: g_module_open_full
```

遇到该问题时,运行如下命令删除内包 GLib 库:

```bash
sudo rm -v /opt/apps/com.xylink.linuxclient/files/lib/libgmodule-2.0.so.0
```

随后安装系统 GLib 库即可。AOSC OS 下,可运行如下命令安装 GLib:

```
oma install glib
```
{{< /issue >}}
27 changes: 27 additions & 0 deletions content/docs/apps/loongapps/1109.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,31 @@ updateTime: "2022-07-14T16:27:54"
debName: "http://113.24.212.22:8090/upload/file/gstarcad2022_22sp1_loongarch64.deb"
debSize: "84.4MB"
command: "bash /opt/apps/gstarcad2022/v2022/files/gcad.sh %F"
compatibility: 2
---

{{< issue "内置图标会导致 gtk-update-icon-cache 报错" >}}
安装浩辰 CAD Linux 版 2022 后,常用于生成桌面图标主题缓存的 `gtk-update-icon-cache` 命令会报错:

```
gtk-update-icon-cache: The generated cache was invalid.
```

经查,该问题是该软件内置的图标文件导致的:

```
/usr/share/icons/hicolor/96x96/apps/gcad.png
```

该文件导致图标主题缓存生成失败的原因有待调查。
{{< /issue >}}

{{< issue "内置卸载工具依赖 MATE Terminal" >}}
浩辰 CAD Linux 版 2022 自带“卸载”功能,依赖 MATE Terminal 且有许多报错。

为避免问题,我们建议直接使用相关系统包管理命令卸载,如在 AOSC OS 下运行如下命令即可完成卸载操作:

```
oma remove gstarcad
```
{{< /issue >}}
23 changes: 23 additions & 0 deletions content/docs/apps/loongapps/1113.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,27 @@ updateTime: "2022-07-18T14:28:02"
debName: "http://113.24.212.22:8090/upload/file/cn.ts-it.office_5.0.0.347_loongarch64_trial.deb"
debSize: "365.6MB"
command: "/opt/apps/cn.ts-it.office/files/ts-office %F"
compatibility: 2
---

{{< issue 未正确安装应用程序图标 >}}

安装泰山 Office 后,程序图标未正确安装到应用菜单中:

```
/opt/apps/cn.ts-it.office/entries/applications/cn.ts-it.office.desktop
```

该文件应该安装到如下路径:

```
/usr/share/applications/cn.ts-it.office.desktop
```

使用如下命令可更正该问题:

```bash
sudo cp -v /opt/apps/cn.ts-it.office/entries/applications/cn.ts-it.office.desktop /usr/share/applications/
sudo update-desktop-database
```
{{< /issue >}}
44 changes: 44 additions & 0 deletions content/docs/apps/loongapps/1114.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,47 @@ debName: "http://113.24.212.22:8090/upload/file/com.wind.wft_21.4.0.1_loongarch6
debSize: "158MB"
command: "\"/opt/apps/com.wind.wft/files/bin/wmain.sh\""
---

{{< issue "程序混用 MIPS 与 LoongArch 运行时库" >}}

我们发现启动万得时报错:

```
./wmain: error while loading shared libraries: libicudata.so.63: cannot open shared object file: No such file or directory
```

经查,其需要的 `libicudata.so.63` 库在其应用目录下存在:

```
/opt/apps/com.wind.wft/files/lib/3rd/libicudata.so.63
```

但是,我们经过 `file` 命令检查,发现这个库是为 MIPS 龙芯编译的:

```
/opt/apps/com.wind.wft/files/lib/3rd/libicudata.so.63: symbolic link to libicudata.so.63.1
/opt/apps/com.wind.wft/files/lib/3rd/libicudata.so.63.1: ELF 64-bit LSB shared object, MIPS, MIPS64 rel2 version 1 (SYSV), dynamically linked, BuildID[sha1]=69d52e792d8d555c4e4eeb8c64d373d581b923aa, stripped
```
{{< /issue >}}

{{< issue 未正确安装应用程序图标 >}}

安装万得后,程序图标未正确安装到应用菜单中:

```
/opt/apps/com.wind.wft/entries/applications/com.wind.wft.desktop
```

该文件应该安装到如下路径:

```
/usr/share/applications/com.wind.wft.desktop
```

使用如下命令可更正该问题:

```bash
sudo cp -v /opt/apps/com.wind.wft/entries/applications/com.wind.wft.desktop /usr/share/applications/
sudo update-desktop-database
```
{{< /issue >}}
9 changes: 9 additions & 0 deletions content/docs/apps/loongapps/1168.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,13 @@ updateTime: "2023-06-28T11:34:02"
debName: "http://113.24.212.22:8090/upload/file/com.alibabainc.dingtalk_1.7.0.30424_loongarch64.deb"
debSize: "175.2 MB"
command: "/opt/apps/com.alibabainc.dingtalk/files/Elevator.sh"
compatibility: 1
---

{{< issue "钉钉无法启动" >}}
经查,钉钉内包的共享库文件 `libutforpc.so``.dynamic` 节中缺少运行时库依赖的声明(`DT_NEEDED`),该库文件至少还需要 `libssl.so.1.1``libldap-2.4.so.2`;同时,在 `.dynsym` 节中,对 OpenSSL 的符号的引用没有标注符号版本。上述问题可能致使 `libutforpc.so` 被链接上错误的 OpenSSL 的符号版本。

结合上述现象,可合理推测在链接 `libutforpc.so` 时没有传入 `-Wl,-z,defs` 选项,同时没有指明其全部的直接依赖库,致使出现了未能链接的符号进入最终二进制。同时,由于运行的系统上目前暂时不存在更新的 OpenSSL 库,并且上述两个缺失的依赖库刚好作为其他共享库文件的依赖引入,于是掩盖了上述问题,看起来可以成功运行。

我们向钉钉开发商建议:在链接共享库文件的时候,应传入 `-Wl,-z,defs` 选项,并传入全部直接依赖(例如 `-lssl`)。前者可以当传入的依赖不完整的时候报错退出,后者可以在链接的目标产物中增加需要库的声明,并正确设定符号版本。
{{< /issue >}}
1 change: 1 addition & 0 deletions content/docs/apps/loongapps/1237.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ updateTime: "2022-09-20T14:52:48"
debName: "http://113.24.212.22:8090/upload/file/app.web.design.pixso_1.0.0_all.deb"
debSize: "36KB"
command: "xdg-open https://pixso.design/"
compatibility: 3
---
1 change: 1 addition & 0 deletions content/docs/apps/loongapps/1238.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ updateTime: "2022-09-20T14:55:35"
debName: "http://113.24.212.22:8090/upload/file/app.web.processon_1.0.0_all.deb"
debSize: "16KB"
command: "xdg-open https://www.processon.com/"
compatibility: 3
---
1 change: 1 addition & 0 deletions content/docs/apps/loongapps/1239.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ updateTime: "2022-09-20T14:58:24"
debName: "http://113.24.212.22:8090/upload/file/app.web.soogif_1.0.0_all.deb"
debSize: "20KB"
command: "xdg-open \"https://www.soogif.com/tool-list\""
compatibility: 3
---
3 changes: 2 additions & 1 deletion content/docs/apps/loongapps/1377.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ updateTime: "2023-06-14T10:54:48"
debName: "http://113.24.212.22:8090/upload/file/applicationnews_1.0.0-1.lnd.3_loongarch64.deb"
debSize: "84.7 MB"
command: "/usr/bin/applicationnews"
---
compatibility: 3
---
16 changes: 16 additions & 0 deletions content/docs/apps/loongapps/1395.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,20 @@ updateTime: "2023-01-12T16:29:08"
debName: "http://113.24.212.22:8090/upload/file/e-mobile_7.2.8_loongarch64.deb"
debSize: "69.6MB"
command: "e-mobile %U"
compatibility: 2
---

{{< issue "程序启动失败" >}}

E-Mobile 无法正常启动,使用终端运行 `e-mobile` 命令报告如下错误:

```
[40777:0309/001810.551083:FATAL:gpu_data_manager_impl_private.cc(1034)] The display compositor is frequently crashing. Goodbye.
```

此时,使用 `--no-sandbox` 参数可以暂时规避此问题:

```
e-mobile --no-sandbox
```
{{< /issue >}}
1 change: 1 addition & 0 deletions content/docs/apps/loongapps/1407.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ updateTime: "2023-03-07T15:57:49"
debName: "http://113.24.212.22:8090/upload/file/joydin_2.2_loongarch64.deb"
debSize: "86.7 MB"
command: "/opt/apps/com.joydin.braingame/files/BrainGame"
compatibility: 3
---
12 changes: 12 additions & 0 deletions content/docs/apps/loongapps/1729.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,16 @@ updateTime: "2023-08-23T14:42:44"
debName: "http://113.24.212.22:8090/upload/file/hzclassroom_0.1.0-lnd.edu1_loongarch64.deb"
debSize: "503.8 MB"
command: "/opt/hzclassroom/hzclassroom"
compatibility: 2
---

{{< issue 沙箱功能导致启动卡死 >}}

慧中虚拟仿真平台基于 Chromium 技术开发且默认开启沙箱功能,启动后会卡死在载入界面。我们目前尚未查明原因。

在问题得到解决前,请使用如下命令启动程序:

```bash
/opt/hzclassroom/hzclassroom --no-sandbox
```
{{< /issue >}}
1 change: 1 addition & 0 deletions content/docs/apps/loongapps/1730.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ updateTime: "2023-08-23T14:40:30"
debName: "http://113.24.212.22:8090/upload/file/jscb_0.1.0-lnd.edu1_loongarch64.deb"
debSize: "71.8 MB"
command: "/opt/jscb/jscb"
compatibility: 3
---
1 change: 1 addition & 0 deletions content/docs/apps/loongapps/1731.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ updateTime: "2023-08-23T15:13:05"
debName: "http://113.24.212.22:8090/upload/file/com.toec.oem3000dn_2.6-3_loongarch64.deb"
debSize: "30.8 MB"
command: "/opt/toec/OEM3000DN/bin/Scanner/TOEC-StartUpTool.sh"
compatibility: 3
---
58 changes: 58 additions & 0 deletions content/docs/apps/loongapps/1741.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,62 @@ updateTime: "2023-08-31T16:24:23"
debName: "http://113.24.212.22:8090/upload/file/weixunclient-loongarch64.deb"
debSize: "104.5 MB"
command: "/opt/apps/com.centerm.weixunclient/files/linuxclient/IvyClientQt.sh"
compatibility: 2
---

{{< issue "内包 sudo 配置存在严重安全漏洞" >}}
#### 前言

考虑到该问题描述的是一个严重的安全漏洞,请先运行如下命令移除该软件中包含的后门程序:

```bash
sudo rm -v /usr/bin/AppPublishUpgrader.sh
sudo rm -v /etc/sudoers.d/26_apppublishupgrade
```

#### 分析报告

我们在安装威讯云桌面后运行 `sudo` 命令提权时,发现终端有如下报错:

```
sudo: /etc/sudoers.d/26_apppublishupgrade 属于用户 ID 1000,应为 0
```

在查看其内容时,发现该配置定义所有用户均可使用 `/usr/bin/AppPublishUpgrader.sh` 无密码提权:

```
%sudo ALL=(ALL) NOPASSWD:/usr/bin/AppPublishUpgrader.sh,(ALL) NOPASSWD:/usr/bin/AppPublishUpgrader.sh
```

我们查阅 `/usr/bin/AppPublishUpgrader.sh` 内容时惊恐地发现,该文件其实是 `dpkg` 包管理“安装软件包”(`dpkg -i`) 命令的包装:

```bash
#!/bin/bash
dpkg -i "$@"
```

这样的设计是**极为危险和不负责任的**,这无异于在用户电脑上安装了一个提权后门,在使用 `dpkg` 管理软件包的系统上,这意味着**任何用户都可以随意安装软件包**

比起这个问题,在一开始描述的 `sudoers.d` 配置文件的权限错误不值一提,开发商只需按提示调整其所有者即可。但不论是为了更新软件还是安装附加包,这样的做法都是**绝对错误甚至在有意或无意中将用户置身与极大的危险之中,应立即整改!**
{{< /issue >}}

{{< issue "内包 GLib 库可能导致启动失败" >}}

威讯云桌面内包的 GLib 库 (`libgmodule`) 与系统库存在兼容问题,可能启动失败。终端启动时报告如下问题:

```
/opt/apps/com.centerm.weixunclient/files/linuxclient/weixunclientApp: symbol lookup error: /usr/lib/libgio-2.0.so.0: undefined symbol: g_module_open_full
```

遇到该问题时,运行如下命令删除内包 GLib 库:

```bash
sudo rm -v /opt/apps/com.centerm.weixunclient/files/lib/libgmodule-2.0.so.0
```

随后安装系统 GLib 库即可。AOSC OS 下,可运行如下命令安装 GLib:

```
oma install glib
```
{{< /issue >}}
9 changes: 9 additions & 0 deletions content/docs/apps/loongapps/1755.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,13 @@ updateTime: "2023-09-08T11:56:30"
debName: "http://113.24.212.22:8090/upload/file/com.zjd.gov-loongarch64.deb"
debSize: "363.6 MB"
command: "/opt/apps/com.zjd.gov/files/Elevator.sh"
compatibility: 1
---

{{< issue "浙政钉无法启动" >}}
经查,浙政钉(钉钉)内包的共享库文件 `libutforpc.so``.dynamic` 节中缺少运行时库依赖的声明(`DT_NEEDED`),该库文件至少还需要 `libssl.so.1.1``libldap-2.4.so.2`;同时,在 `.dynsym` 节中,对 OpenSSL 的符号的引用没有标注符号版本。上述问题可能致使 `libutforpc.so` 被链接上错误的 OpenSSL 的符号版本。

结合上述现象,可合理推测在链接 `libutforpc.so` 时没有传入 `-Wl,-z,defs` 选项,同时没有指明其全部的直接依赖库,致使出现了未能链接的符号进入最终二进制。同时,由于运行的系统上目前暂时不存在更新的 OpenSSL 库,并且上述两个缺失的依赖库刚好作为其他共享库文件的依赖引入,于是掩盖了上述问题,看起来可以成功运行。

我们向浙政钉(钉钉)开发商建议:在链接共享库文件的时候,应传入 `-Wl,-z,defs` 选项,并传入全部直接依赖(例如 `-lssl`)。前者可以当传入的依赖不完整的时候报错退出,后者可以在链接的目标产物中增加需要库的声明,并正确设定符号版本。
{{< /issue >}}

0 comments on commit ca71baf

Please sign in to comment.