On 2010-06-12 12:49 PDT, Robin H. Johnson wrote: > On Sat, Jun 12, 2010 at 12:15:07PM -0700, Matt McCutchen wrote: >> On Jun 12, 2:25 pm, Nelson B Bolyard <nel...@bolyard.me> wrote: >>> On 2010-06-10 22:59 PDT, Robin H. Johnson wrote: >>>> The testcase has been run on Arch and Fedora now, and both of those >>>> cases it works fine. >>> Does that mean this problem is resolved? >> As I read, it is not; it was reported on Gentoo Linux. > No, it still exists on Gentoo, and I haven't been able to reproduce it > anywhere else.
OK, thanks for that clarification. You have a problem with a distribution of NSS that is not identical to the NSS as built from the upstream NSS source repository. Mozilla's NSS team supports NSS as it comes from the builds from the upstream NSS source repository. Mozilla's NSS team does not attempt to keep track of all the changes made to NSS by every downstream Linux distro. If the upstream NSS works, but some downstream distribution does not, then the differences are due to changes outside of the control of Mozilla's NSS team, and primary support for those problems (that are unique to a downstream distribution) must come from the suppliers of that downstream distribution. It is true that virtually every Linux distribution modifies NSS sources significantly and distributes a downstream flavor of NSS that differs from the upstream version in a number of ways. For some distros, the differences are so minor that you can simply download the upstream NSS sources, build them yourself, and use the resultant binaries as a replacement for the binaries that came with the distribution, and it all works fine. For other distros, they've made changes on such a large scale, such as renaming the functions, renaming the shared libraries and splitting up the shared libraries so that they no longer all live in the same directory, that a vanilla build of NSS from upstream sources simply will not work with programs that were built to work with that distro's NSS libraries. If your distro is one of those, then you'll have no choice but to get help from the maintainers of that distro. It may be that, in your case, the problem is as simple as this: the distro did not include the ".chk" files that are generated during the NSS build process, or it put them in the wrong directory or gave them the wrong file names, so that NSS cannot find them. Or they may have changed the shared libraries, but not regenerated the .chk files. If that is the case, and the distro HAS distributed NSS's shlibsign program, then you may be able to remedy this yourself by generating replacements for the missing (or old) .chk files using shlibsign. Instructions on how to use shlibsign may be found at http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html If you don't have the shlibsign executable in your distro, then you have an incomplete distro, and you need to get a complete distro, either by building it yourself, or getting your distro supplier to supply a complete and functional distro. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
