rpminspect SIGSEGV on microdnf in annocheck inspection

[dcantrell]

$ rpminspect-redhat microdnf-3.9.1-2.el9
rpminspect: libannocheck_init error: version number too small
/usr/bin/rpminspect-redhat: line 2: 166032 Segmentation fault      (core dumped) /usr/bin/rpminspect -c /usr/share/rpminspect/redhat.yaml $*

[msrb]

$ rpm -qa |grep rpminspect
rpminspect-data-centos-1.2-0.1.202210241900git6f9d334.fc37.noarch
rpminspect-data-fedora-1.10-0.1.202210271518git4429e19.fc37.noarch
rpminspect-data-redhat-1.7-0.1.202211071626git69ef2e6.fc37.noarch
librpminspect-1.11-0.1.202211231559git683d045.fc37.x86_64
rpminspect-1.11-0.1.202211231559git683d045.fc37.x86_64

$ rpm -q annobin-annocheck
annobin-annocheck-10.93-1.fc37.x86_64

@dcantrell Would it be possible to prioritize this bug please? We cannot easily rebuild the container without updating dependencies and thus breaking rpminspect in CI. Note the problem is not specific to microdnf, it affects other components as well:

$ rpminspect-redhat sscg-3.0.0-7.el9
rpminspect: libannocheck_init error: version number too small
/usr/bin/rpminspect-redhat: line 2: 383506 Segmentation fault      (core dumped) /usr/bin/rpminspect -c /usr/share/rpminspect/redhat.yaml $*

[dcantrell]

OK, just verified this is due to the latest rpminspect not being built for EPEL-9 right now because of the lack of annobin-libannocheck. The latest successful build on EPEL-9 won't work without that package. I have asked for updates on those repos.

If you revert to build 5043479 of rpminspect (1.11-0.1.202211162101gitb55a223), that was before I merged the libannocheck change. Also that's the last known stable build in Copr.

[martinpitt]

@dcantrell : Unfortunately the 1116 build lost its binaries, presumably because it hasn't been current for more than two weeks. I tried to use that in https://github.com/fedora-ci/rpminspect-runner/pull/83. The current build was the 1123 one until yesterday.

[msrb]

@dcantrell Note I am able to reproduce this problem on my Fedora 37 laptop (i.e. without EPEL in the picture).

[martinpitt]

FTR, I tried the latest 1.11-0.1.202212091747git65a52f9 build, and it still crashes the same way.

[martinpitt]

There was a new build today. I tried with rpminspect-1.11-0.1.202212121448gita800bcd.fc37.x86_64 and it still crashes the same way.

# rpminspect -c /usr/share/rpminspect/fedora.yaml ./gnome-chess-42.0-1.fc37.x86_64.rpm 
rpminspect: libannocheck_init error: version number too small
Segmentation fault (core dumped)

# rpm -qa | grep  rpminspect
librpminspect-1.11-0.1.202212121448gita800bcd.fc37.x86_64
rpminspect-1.11-0.1.202212121448gita800bcd.fc37.x86_64
rpminspect-data-fedora-1.10-0.1.202210271518git4429e19.fc37.noarch

[dcantrell]

OK, I have verified what I thought the problem was. It's a libannocheck bug that I have reported upstream. For now I will be defaulting rpminspect back to the /usr/bin/annocheck method for that inspection.

The issue is the libannocheck_init() function which you have to call before using the library. The first parameter is LIBANNOCHECK_VERSION which is defined in libannocheck.h. In the code the init function checks if that first parameter is < LIBANNOCHECK_VERSION and if so errors out saying the version is too small. What this is effectively reporting is that you are trying to run an rpminspect executable built with an older version of libannocheck. So if Copr builds against libannocheck 10.92 and then an update to 10.93 is made, rpminspect has to be rebuilt as well. This is unnecessary and I've asked upstream to refactor the init code so we can have an API version or something.