So it looks like you are compiling yourself, right?

What does:
LD_LIBRARY_PATH=./out/Release/lib.target:$LD_LIBRARY_PATH ldd out/Release/chrome | 
grep nss
have to say? Is it pointing at the right nss lib or picking up something else?

Bleargh ... I see I only half-read what you wrote as you did run ldd on the binary but 
the wrapper script does mess with LD_LIBRARY_PATH so it _may_ be picking up something 
different if you have some other version around .. please check anyway.

Nope, this is with the PPA builds. I had a quick look at the code, and tried doing my
own minimal test program, which is attached. NSS_VersionCheck appears to get really
weird results i.e. fails when it really shouldn't. The parse routine was just a
double check with a copy+paste of NSS_VersionCheck's internal versioning routines.

nss.tar.gz 593 bytes Download

Also note that the chrome-wrapper script makes some symbolic links if it thinks some 
of the libs are missing and the actual LD_LIBRARY_PATH longer than I posted ...

find out -name 'libnss*'

might be useful.

Ah ... missed you nss test prog thingy when I typed my previous reply. Tried that now 
and it works for me:

[nss]$ ./test 
all ok
Version: 3,12,3,0

I had to include ctype.h btw. and point it at nss3/nss.h on my box.

I'm unfortunately unfamiliar with the ubuntu versions of things. Is there a newer nss 
you can try upgrading to?

Failing that, we can elicit the help of some more knowledgeable ppl ...

Right, I've whinged to upstream at
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/512847 who might be able to help
sort this one out as there isn't a newer version of the package currently available.

It's a bit strange that this isn't working ... I was under the impression that the 
internal goobuntu stuff was sort-of 8.04 so I would have expected this to have been 
found pretty much immediately unless they use a different nss.

Cc'ing Evan btw.

Wan-teh: does NSS_VersionCheck not do what I think it does?

Random comment found online about NSS_VersionCheck failing:
https://bugzilla.redhat.com/show_bug.cgi?id=545779#c4

Wild guessing follows ... read skeptically.

palfrey: is your libnspr up-to-scratch btw.?

I see that NSS_VersionCheck calls PR_VersionCheck(PR_VERSION) and PR_VERSION appears 
to be determined at compile time from prinit.h

Maybe fta's build machine had a newer nspr package than you have and that is why you 
see this problem?

Errr ... Nevermind the mumbling about the build machine. I think a mismatch on your machine between 
nss and napr would make it fail.

evan: the only issue I can think of is the PR_VersionCheck(PR_VERSION)
that craig.schlenter pointed out.

I'm agree with issue. After update I'm become:
[26574:26584:19355992778:FATAL:base/nss_util.cc(84)] Check failed: NSS_VersionCheck
("3.12.3"). We depend on NSS >= 3.12.3
Trace/breakpoint trap

Resolved with:
apt-get install libnss3-1d libnss3-1d-dbg libnss3-dev libnss3-0d libnss3-tools

libnspr4-0d was at version 4.7.1+1.9-0ubuntu0.8.04.5. Upgrading this to
4.7.5-0ubuntu0.8.04.1 fixed the issue. One thing to do here might be to run
PR_VersionCheck as well when NSS_VersionCheck fails, and print out some sort of
"check your nspr version is up to date" if PR_VersionCheck fails.

The only problem with running PR_VersionCheck is I'm not sure what version we should 
pass it ... we don't really know what version libnss is going to ask for inside 
NSS_VersionCheck, do we? i.e. maybe it differs slightly from one distribution to the 
next and choosing the lowest version still isn't the right answer.

We could beef up the error message to mumble about checking both NSS and NSPR though 
(without checking PR_VersionCheck) which should be sufficient.

Arguably this may be a packaging error on the distribution side of things ... 
shouldn't it include some dependencies to upgrade nspr appropriately if nss is 
upgraded (although maybe it does do that and you forced the package install)?

No forcing of packages occured. libnss3-1d depends on libnspr4-0d >= 1.8.0.10, but that's a 
fairly minimal dep, and should probably be a lot tighter. I've noted this on the Ubuntu bug, 
and I'm also going to complain about the same issue to Debian, who have a similarly loose dep 
(and who tend to respond to stuff like this a lot faster and will eventually result in Ubuntu 
porting in the fix...)

Also, you can know what version to check! Use PR_VersionCheck(PR_VERSION), and then it'll 
include the nspr version from your buildbot, which should be sufficient.

The ubuntu package depends on libnss3-1d >= 3.12.3 which is available in hardy-updates.
http://packages.ubuntu.com/search?keywords=libnss3-1d&searchon=names&suite=all&section=all

$ apt-cache show chromium-browser | grep Depends: | tr ',' '\n' | grep libnss
 libnss3-1d (>= 3.12.3)

fta: I *had* 3.12.3.1-0ubuntu0.8.04.2 installed (version in hardy-updates), the problem here 
is with a lack of a sufficient dependency between that and libnspr4-0d (reported to Ubuntu at 
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/512847)

Thanks for filing the bugs upstream!

The buildbot's version of PR_VERSION is not necessarily the same PR_VERSION buried 
inside the nss lib on your machine (inside NSS_VersionCheck) AFAICS so to me it seems 
more useful just to unconditionally tell the user to check both libs rather than 
trying to be fancy about it and possibly get it wrong.

I'll tweak the error message later to mention nspr if no-one beats me to it and if 
I'm not stuck to a monitor drooling at the apple tablet :)

If we can't make this work easily, I'm ok with demoting this to a warning.  I was just 
trying to reduce bug reports from people who don't have 3.12.3, but most people use 
Google's or fta's package which already force at least that version.

Best way to solve this for most people is probably to make both Google's and fta's packages 
also depend on libnspr4-0d>=4.7.5, which would stop this from occurring.

FYI, this has also been submitted to Debian as http://bugs.debian.org/cgi-bin/bugreport.cgi?
bug= 567136 

Here is a slightly improved error message:

http://codereview.chromium.org/558002/show

(not demoted to a warning ... still fatal)

Re: comment 16
palfrey: thanks for the info.  1.8.0.10 is the old way of
versioning NSPR packages, when NSPR was treated as simply
a Mozilla component.  (1.8.0.10 is actually a Mozilla/Gecko
version number.)  Please tell the Linux distros that they
should version NSPR packages using NSPR's own version
numbers, which should be 4.7.x or 4.8.x today.

To avoid issue with NSS_VersionCheck, the NSS package
should require the version of the NSPR package it is
compiled against.

Mike Hommey (Primary mozilla maintainer for Debian) just filed 
https://bugzilla.mozilla.org/show_bug.cgi?id=542741 which indicates that he thinks the failing 
check for PR_VersionCheck is very much broken. Also, he's going to remove this check entirely 
in the Debian packages (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567136#10) unless 
upstream comes up with a good reason not to do so.

Short version: this problem should hopefully go away entirely in the nearby future.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=37401 

------------------------------------------------------------------------
r37401 | craig.schlenter@chromium.org | 2010-01-28 06:41:10 -0800 (Thu, 28 Jan 2010) | 10 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/base/nss_util.cc?r1=37401&r2=37400

Mention NSPR libs in NSS version check error message.

Some Linux distributions don't have tightly controlled dependencies
and allow older nspr libs in conjunction with newer nss libs that
can lead to confusion.

BUG= 33163 
TEST=none

Review URL: http://codereview.chromium.org/558002
------------------------------------------------------------------------

I have to say that since January I suffer from the same annoyance. The browser starts
normally then it crashes with the reported messages. 
I run RedHat 5.3, I have nss-3.12.3.99.3-1.el5 and nspr-4.7.3-2.el5.
I also tried to download and compile latest nss with nspr from mozilla
nss-3.12.5-with-nspr-4.8.2 but I get the same thing.
I'm pretty confident that when ldd points to the original or to the new libraries,
the behavior is the same.

Any advise ?

Thanks
Daniel

Update:

Sorry for a small mistake, I hade some mixed .0d links generated by the wrapper that
was looking only in the standard places.

1) With the standard RedHat libraries the browser build 37931 crashes only when
visiting https pages
2) With the latest nss+nspr from mozilla everything seems to be stable

Daniel

Daniel: that suggests you should file an bug with Redhat, maybe after having double-
checked with palfrey's test program from comment #3. I assume by 'crash' you mean 
"exits with the NSS error message" btw.

So in summary, I think there are a couple of possible scenario's here:

1. NSS version too low - the error message should encourage people to do the right 
thing here and upgrade.

2. Distribution NSS dependencies weakly specified - catered for by the updated error 
message that suggests upgrading nspr. For chromium binaries that target specific 
versions of distributions, specifying an appropriate minimum nspr dependency on the 
chromium package may help as palfrey suggested but ideally the distribution should 
fix the nss dependency properly or other users of NSS_VersionCheck will be similarly 
affected.

3. Distributions where the most up-to-date libraries are presumably built incorrectly 
ito. NSS_VersionCheck - this will result in the error message and users can wait for 
upstream fixes or run a second set of libs in the interim as in comment #28.

I'm thus tempted to mark this as "upstream".

Daniel: I presume you had to hack some other bits and pieces to work on RH 5.3 to get 
the right libraries? Maybe that is something worth putting on the wiki somewhere...

Clearly, we need a mechanism that reports to a user "feature [x] is broken on your 
computer, please upgrade software [y]".  We could use it for this, and the compiz-
breaking-maximize bug, and the metacity-breaking-window-beeps bug, and...

I'm kidding, but only kinda.

daniel.boca: You should not need to build NSPR and NSS yourself.
Sorry about the trouble.  Can you update your nspr package to
the latest version?  I did a search for "Red Hat Enterprise Linux
5 nspr package", and it shows the version of nss you're using
(3.12.3.99) should go with nspr 4.7.4.  You have nspr 4.7.3.

http://rhn.redhat.com/errata/RHBA-2009-1161.html
http://www.redhat.com/docs/en-
US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/nsprandnss.html

Thanks wtc ... I had assumed in comment #29 that nss and nspr had already been 
updated.

I see Evan is making the error non-fatal:

http://codereview.chromium.org/562039

Using an automated filter to classify this issue into an area...gulp

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=39436 

------------------------------------------------------------------------
r39436 | evan@chromium.org | 2010-02-19 04:21:48 -0800 (Fri, 19 Feb 2010) | 7 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/base/nss_util.cc?r1=39436&r2=39435

linux: make NSS version check non-fatal

It broke too many people for reasons outside of their control.

BUG= 33163 

Review URL: http://codereview.chromium.org/562039
------------------------------------------------------------------------

Same problem here!  Chrome totally fails on linux due to this bug.

This isn't fixed.
5.0.307.11-r39572
I just had this failure with debian package downloaded today.

Using ubuntu/8.04

Hi,

I have the following line in my apt sources 
deb http://dl.google.com/linux/deb/ stable main

I have installed google-chrome-beta

#apt-get install google-chrome-beta

While running google-chrome Getting error asking for NSS higher version 
#google-chrome
[6923:6936:3775184399:FATAL:/usr/local/google/b/slave/chrome-official-linux/build/src/base/nss_util.cc(84)]
Check failed: NSS_VersionCheck("3.12.3"). We depend on NSS >= 3.12.3
Trace/breakpoint trap
#

But I dnt have problem with older version of google-chrome which I downloaded and
installed during the release time of Linux beta chrome.

That package was 12 MB in size and new one is 13MB in size. 

I was trying to upgrade but waste of time and energy and bandwidth too.

My OS is Ubuntu 8.10

Any help in this regard is appreciated.

Raj.

Hi,

I am ready to use google-chrome now!

I have installed google-chrome-unstable !! 

#apt-get install google-chrome-unstable

the fatal error about the NSS version is ignored in this version

#google-chrome
[7484:7497:4227793288:ERROR:/usr/local/google/b/slave/chrome-official-linux/build/src/base/nss_util.cc(96)]
NSS_VersionCheck("3.12.3") failed.  We depend on NSS >= 3.12.3, and this error is not
fatal only because many people have busted NSS setups (for example, using the wrong
version of NSPR). Please upgrade to the latest NSS and NSPR, and if you still get
this error, contact your distribution maintainer.
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed


Thanks & Regards.
Raj.

rajaol: you just need to update the NSS and NSPR packages on your
Linux computer.

This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.