yum/rpm Failed to initialize NSS library in chroot

centos yum rpm chroot nss

I am performing a yum update from CentOS 7.4 to CentOS 7.5, when nspr and nss soft-softoken receive the updates, I am left with the following error:

yum update nspr
error: Failed to initialize NSS library
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

   cannot import name ts

Please install a package which provides this module, or
verify that the module is installed correctly.

It's possible that the above module doesn't match the
current version of Python, which is:
2.7.5 (default, Apr 11 2018, 07:36:10) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

If you cannot solve this problem yourself, please go to 
the yum faq at:
  http://yum.baseurl.org/wiki/Faq

The packages that are updated to:

nss                         3.34.0-4.el7                                           
nss-softokn                 3.34.0-2.el7                                           
nss-softokn-freebl          3.34.0-2.el7                                           
nss-sysinit                 3.34.0-4.el7                                           
nss-tools                   3.34.0-4.el7                                           
nss-util                    3.34.0-2.el7

Troubleshoot attempts: It should be noted by the reader, the upgraded filesystem is version controlled. Each of the following steps were performed at the same point in time, and reverted before moving on to the next troubleshooting step.

  • To attempt to fix this issue, I have performed these steps: https://access.redhat.com/solutions/3134931
  • Followed all the different solutions here: error: Failed to initialize NSS library
  • I have updated glibc.i686 and nspr prior to the update.
  • rpm -e --nodeps --justdb nspr
  • rpm -e --nodeps --justdb nss nss-softokn nss-softokn-freebl nspr
  • https://bugzilla.redhat.com/show_bug.cgi?id=1477308

Each of these articles and solutions have not provided fix my particular issue.

Thank you for your time.


Special thank you to TrevorH and jhodrien on #centos.

The problem was that chroot prevents access to /dev/urandom (as desgined). The update installed to succeeded required those random bits to initialize GnuTLS.

The solution is:

mount -o bind /dev dev/

to the chroot and proceed with the update as usual.

Or if you don't want to mount the entire /dev directory, you may create your own!

mknod -m 666 /dev/random c 1 8
mknod -m 666 /dev/urandom c 1 9

Problem fixed.

Related

Limiting memory usage and minimizing swap thrashing on Unix / Linux
Migrate 200 Domains from Win2003 DNS server to another
Listing Users using RDP
unattended BIOS configuration for HP server (DL160SE G6)
Persuading openldap to work with SSL on Ubuntu with cn=config
SQL Server 2008 failover strategy - Log shipping or replication?
sshd - specify different ciphers based on incoming host
When should I use UNSIGNED and SIGNED INT in MySQL?
Break out of a While...Wend loop
Connection to SQL Server Works Sometimes
For what value of i does while (i == i + 1) {} loop forever?
Preferred way to create a Scala list