Remove the deprecated NSSCertDatabase::GetInstance() .

chrome/browser/net/nss_context_linux.cc

Index: chrome/browser/net/nss_context_linux.cc
diff --git a/chrome/browser/net/nss_context_linux.cc b/chrome/browser/net/nss_context_linux.cc
index 5aa18e6bb64f8196a01154eef396c0c84d7fe332..9021a908423124c46d55ebdc8620811468abf9a1 100644
--- a/chrome/browser/net/nss_context_linux.cc
+++ b/chrome/browser/net/nss_context_linux.cc
@@ -8,6 +8,10 @@
 #include "crypto/nss_util_internal.h"
 #include "net/cert/nss_cert_database.h"
 
+namespace {
+net::NSSCertDatabase* g_nss_cert_database = NULL;

[Ryan Sleevi, 2014/07/24 23:19:10]

You'll probably get LSAN yelling at you. it has a built in suppression for leaky
lazy instances. Just fwiw

+}  // namespace
+
 crypto::ScopedPK11Slot GetPublicNSSKeySlotForResourceContext(
     content::ResourceContext* context) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
@@ -24,6 +28,18 @@ crypto::ScopedPK11Slot GetPrivateNSSKeySlotForResourceContext(
 net::NSSCertDatabase* GetNSSCertDatabaseForResourceContext(
     content::ResourceContext* context,
     const base::Callback<void(net::NSSCertDatabase*)>& callback) {
-  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
-  return net::NSSCertDatabase::GetInstance();
+  // This initialization is not thread safe. This CHECK ensures that this code
+  // is only run on a single thread.
+  CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
+  if (!g_nss_cert_database) {
+    // Linux has only a single persistent slot compared to ChromeOS's separate
+    // public and private slot.
+    // Redirect any slot usage to this persistent slot on Linux.
+    g_nss_cert_database = new net::NSSCertDatabase(
+        crypto::ScopedPK11Slot(
+            crypto::GetPersistentNSSKeySlot()) /* public slot */,
+        crypto::ScopedPK11Slot(
+            crypto::GetPersistentNSSKeySlot()) /* private slot */);
+  }
+  return g_nss_cert_database;
 }