yum/rpm Failed to initialize NSS library in chroot
I am performing a yum update from CentOS 7.4 to CentOS 7.5, when nspr and nss soft-softoken receive the updates, I am left with the following error:
yum update nspr
error: Failed to initialize NSS library
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:
cannot import name ts
Please install a package which provides this module, or
verify that the module is installed correctly.
It's possible that the above module doesn't match the
current version of Python, which is:
2.7.5 (default, Apr 11 2018, 07:36:10)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
If you cannot solve this problem yourself, please go to
the yum faq at:
http://yum.baseurl.org/wiki/Faq
The packages that are updated to:
nss 3.34.0-4.el7
nss-softokn 3.34.0-2.el7
nss-softokn-freebl 3.34.0-2.el7
nss-sysinit 3.34.0-4.el7
nss-tools 3.34.0-4.el7
nss-util 3.34.0-2.el7
Troubleshoot attempts: It should be noted by the reader, the upgraded filesystem is version controlled. Each of the following steps were performed at the same point in time, and reverted before moving on to the next troubleshooting step.
- To attempt to fix this issue, I have performed these steps: https://access.redhat.com/solutions/3134931
- Followed all the different solutions here: error: Failed to initialize NSS library
- I have updated glibc.i686 and nspr prior to the update.
- rpm -e --nodeps --justdb nspr
- rpm -e --nodeps --justdb nss nss-softokn nss-softokn-freebl nspr
- https://bugzilla.redhat.com/show_bug.cgi?id=1477308
Each of these articles and solutions have not provided fix my particular issue.
Thank you for your time.
Special thank you to TrevorH and jhodrien on #centos.
The problem was that chroot prevents access to /dev/urandom (as desgined). The update installed to succeeded required those random bits to initialize GnuTLS.
The solution is:
mount -o bind /dev dev/
to the chroot and proceed with the update as usual.
Or if you don't want to mount the entire /dev directory, you may create your own!
mknod -m 666 /dev/random c 1 8
mknod -m 666 /dev/urandom c 1 9
Problem fixed.