If you follow our workflow instructions on RedHat EL 9 or 10, the build is not going to work. It will fail with something like:

/home/vcsjones/.nuget/packages/microsoft.net.compilers.toolset/5.3.0-1.25619.109/tasks/netcore/Microsoft.CSharp.Core.targets(84,5): \ 
error : Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:03000098:digital envelope routines::invalid digest [/home/vcsjones/Projects/runtime/src/libraries/System.Private.CoreLib/gen/System.Private.CoreLib.Generators.csproj]

This is because RedHat, and some similar flavors like CentOS Stream disable RSA+SHA-1 digital signature algorithms in their OpenSSL. This algorithm is required for Strong Name signing assemblies.

This can be worked around by passing in FullAssemblySigningSupported=false as a build property, like so:

./build.sh -rc release -s clr+libs /p:FullAssemblySigningSupported=false

But this has a number of drawbacks.

1. This is not documented anywhere in this repository.
2. It needs to be supplied to every-single invocation of dotnet build. Practically that means adding /p:FullAssemblySigningSupported=false everywhere.

I think we can improve this, with some possible options being:

1. At least document FullAssemblySigningSupported is required on certain Linux distributions.
2. Automatically set FullAssemblySigningSupported=false on Linux distributions that require it for local dev environments. I believe we do that for source builds.

Regardless, it seems unfortunate that the runtime build fails in an inscrutable way on RedHat / CentOS. Fedora might be affected as well.