From cca91666d041abb500604997b0a5235018217b3f Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Tue, 12 Feb 2013 05:14:34 +0200
Subject: [PATCH] Failure to initialize crypto is fatal

- Almost nothing works if crypto fails to initialize for whatever reason,
  check and propagate rpmInitCrypto() failure from rpmReadConfigFiles().
- Logging the error left for individual crypto backends to let them
  identify themselves: beecrypt requires no initialization whatsoever
  so it cannot fail at all, but NSS can fail in a number of entertaining
  ways due to missing dlopen()'ed bits and pieces, this should help
  avoiding wild-goose chases in such cases (RhBug:909627, RhBug:909618...)
---
 lib/rpmrc.c        | 3 ++-
 rpmio/digest_nss.c | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/rpmrc.c b/lib/rpmrc.c
index 7638e8114..ef5c2a007 100644
--- a/lib/rpmrc.c
+++ b/lib/rpmrc.c
@@ -1607,7 +1607,8 @@ int rpmReadConfigFiles(const char * file, const char * target)
 {
     /* Force preloading of dlopen()'ed libraries in case we go chrooting */
     (void) gethostbyname("localhost");
-    (void) rpmInitCrypto();
+    if (rpmInitCrypto())
+	return -1;
 
     /* Preset target macros */
    	/* FIX: target can be NULL */
diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c
index 8f6116ccd..777615a24 100644
--- a/rpmio/digest_nss.c
+++ b/rpmio/digest_nss.c
@@ -62,6 +62,7 @@ int rpmInitCrypto(void)
 #else
 	if (NSS_NoDB_Init(NULL) != SECSuccess) {
 #endif
+	    rpmlog(RPMLOG_ERR, _("Failed to initialize NSS library\n"));
 	    rc = -1;
 	} else {
 	    _crypto_initialized = 1;