Fix library paths for preloading NSS on Ubuntu 11.10.

crypto/nss_util.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 
 #include <nss.h>
 #include <plarena.h>
 #include <prerror.h>
@@ skipping 11 matching lines @@
 
 #include "base/environment.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/native_library.h"
 #include "base/stringprintf.h"
 #include "base/threading/thread_restrictions.h"
+#include "build/build_config.h"
 #include "crypto/scoped_nss_types.h"
 
 #if defined(OS_CHROMEOS)
 #include "crypto/symmetric_key.h"
 #endif
 
 // USE_NSS means we use NSS for everything crypto-related.  If USE_NSS is not
 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
 // use NSS for crypto or certificate verification, and we don't use the NSS
 // certificate and key databases.
@@ skipping 601 matching lines @@
 
 void LoadNSSLibraries() {
   // Some NSS libraries are linked dynamically so load them here.
 #if defined(USE_NSS)
   // Try to search for multiple directories to load the libraries.
   std::vector<FilePath> paths;
 
   // Use relative path to Search PATH for the library files.
   paths.push_back(FilePath());
 
-  // For Debian derivaties NSS libraries are located here.
+  // For Debian derivatives NSS libraries are located here.
   paths.push_back(FilePath("/usr/lib/nss"));
 
+  // Ubuntu 11.10 (Oneiric) places the libraries here.
+#if defined(ARCH_CPU_64_BITS)
+  paths.push_back(FilePath("/usr/lib/x86_64-linux-gnu/nss"));

[awong, 2011/10/05 18:07:42]

Can we confirm with the ubuntu folks that this nss path isn't in the default
ld.so.conf?

[wtc, 2011/10/06 01:13:18]

awong: This is true.  The NSS package in Debian derivatives
has been patched to know about these /usr/lib/*/nss
directories.  It is not in the default .so search path.

+#elif defined(ARCH_CPU_32_BITS)
+  paths.push_back(FilePath("/usr/lib/i386-linux-gnu/nss"));
+#endif

[wtc, 2011/10/06 01:06:44]

Please test __x86_64__ and __i386__ or our equivalent macros
ARCH_CPU_X86_64 and ARCH_CPU_X86 instead, because Chrome
also supports ARM processors.

Lambros: do you think this is the cause of
http://code.google.com/p/chromium/issues/detail?id=91962 ?
Perhaps issue 99053 is a duplicate of that bug?

[wtc, 2011/10/06 17:27:24]

It is OK to leave ARM processor support as a TODO.

According to http://packages-rore.debian.org/en/sid/armel/libnss3-1d/filelist,
I beleive the pathname for ARM little-endian processors is
"/usr/lib/arm-linux-gnueabi/nss", so we can also just try
that.

[Lambros, 2011/10/06 20:32:19]

Done.

+
   // A list of library files to load.
   std::vector<std::string> libs;
   libs.push_back("libsoftokn3.so");
   libs.push_back("libfreebl3.so");
 
   // For each combination of library file and path, check for existence and
   // then load.
   size_t loaded = 0;
   for (size_t i = 0; i < libs.size(); ++i) {
     for (size_t j = 0; j < paths.size(); ++j) {
       FilePath path = paths[j].Append(libs[i]);
       base::NativeLibrary lib = base::LoadNativeLibrary(path, NULL);
       if (lib) {
         ++loaded;
         break;
       }
     }
   }
 
   if (loaded == libs.size()) {
     VLOG(3) << "NSS libraries loaded.";
   } else {
     LOG(WARNING) << "Failed to load NSS libraries.";

[wtc, 2011/10/06 17:27:24]

Can you find out why we don't see this WARNING message in
the log output?  It would have pointed us in the right
direction sooner.

In any case, let's change this to a LOG(ERROR) message,
because it is a serious error to have failed to load NSS
libraries.  Hopefully that will make the message appear
in the log output.

[Lambros, 2011/10/06 20:32:19]

Chrome (Official Release build) only logs ERROR (and higher severity) messages
to stderr.  If I run chrome with --enable-logging, then I do see this warning
printed in the chrome_debug.log file.
Done.

   }
 #endif
 }
 
 bool CheckNSSVersion(const char* version) {
   return !!NSS_VersionCheck(version);
 }
 
 #if defined(USE_NSS)
 bool OpenTestNSSDB(const FilePath& path, const char* description) {
@@ skipping 86 matching lines @@
 
 PK11SlotInfo* GetPublicNSSKeySlot() {
   return g_nss_singleton.Get().GetPublicNSSKeySlot();
 }
 
 PK11SlotInfo* GetPrivateNSSKeySlot() {
   return g_nss_singleton.Get().GetPrivateNSSKeySlot();
 }
 
 }  // namespace crypto