Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
Hi Daniel, On Nov 25, 2007 11:04 PM, Daniel Holbach [EMAIL PROTECTED] wrote: Nobody followed up on the lintian/linda errors on: http://revu.tauware.de/details.py?package=metasploit I submitted patches to H.D. Moore and the Metasploit team to fix many of the errors. However, they decided that they were too busy to modify metasploit for inclusion in Debian/Ubuntu. The Metasploit license non-standard and does not allow modification of the source by anyone other than the msf developers, but does allow redistribution in an unaltered form. With this in mind, H.D. said they would sort it out when they draw up a new license for a future release of msf, possibly version 4.0. As it stands now, we are tied by that license and cannot proceed. H.D. Moore did integrate some of my patches, but not all of them that were required to fix this package for inclusion in Ubuntu :-( -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
I agree with everything you mentioned here, especially braking up the packages. I am actually glad that Ubuntu is rejecting it :-) it shows me that people care about what packages make it into the repositories and results in a high quality system for the users. I am a long time user since Warty :-) So, looks like we need to puch this back to the MSF team so they can clean up their act. They may not even want to, and for that, we can do nothing. So, for myself, I will just continue pulling down sources manually until they work out a new license and/or ways to deal with these issues. They may not care, since it is their tool for their use, and we have the fringe benefit of being able to use it. Oh well...we tried. I won't work on this any more. I'll let you guys take over if you like. The MSF guys don't seen to have time or want to fix these things, at least as far as I can tell. Maybe they do, but they don't care if it makes it into a distro or not... On 8/29/07, Justin M. Wray [EMAIL PROTECTED] wrote: I said that .svn dirs must be removed ;) A package for being accepted must be lintian *clean*, so i think, as i prev said: 1) we get a good package from dev team 2) we get an execption from ubuntu-dev Completely agree, we were just trying to see if we could get past this for the time being. I think the best solution is as follows: 1) We split metasploit into the following packages - * metasploit-core (Containing all the core components, including CLI) * metasploit-web (Containing all of the msfweb files) * metasploit-gui (Containing all of the msfgui and needed files) * metasploit-data (Containing all exploits, modules, etc.) 2) Offer a way to automatically update the exploits and modules only (leaving core, web, and gui to be updated in future releases or with security concerns). Although we need to discuss how this should be approached, specific SVN, repackaging to the archive, a download script, etc. The problem again, is how to we gain the ability to do such. The options are MSF distributes the upstream package as we have outlined above, or they allow an exception to the license that grants Ubuntu the right to modify the package and distribute in the way stated above. But it is a long shot that they would repackage just to please one distro (even though other distros could benefit from such a release). Worse it is unlikely any license exception or change will be seen until the next major release which should be accompanied by a new license. Which leaves us hanging without a metasploit release again...feedback? I wonder if the MSF team would be willing to create a separate SVN trunk for Ubuntu specifically, in which they release under the layout above? Thanks, Justin M. Wray -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
On 8/27/07, Justin M. Wray [EMAIL PROTECTED] wrote: ** Changed in: ubuntu Status: In Progress = Fix Committed I just updated my Gutsy install, but I don't see it. Has it made it into multiverse yet? This is the last day. Do you want me to get on #ubuntu-motu and coordinate this with you? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
So is it officially in Gutsy now? Can I sudo aptitude update sudo aptitude install metasploit3 ?? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 (multiverse)
On 8/27/07, Justin M. Wray [EMAIL PROTECTED] wrote: Not yet, I have uploaded to my PPA, (not sure the status of that system yet). I will upload to REVU now...time to face the fire. I know some of the packaging people at Canonical/Ubuntu. If they give you a hard time, mention Kristian Erik Hermansen from Cisco aka The Clonezilla Dude :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/21/07, Justin M. Wray [EMAIL PROTECTED] wrote: Pulled the latest snapshot from (Rev:5080), however all of the permission issues are still present. The permissions issues are able to be modified, and do not fall under the relevant source code changes policy. They did fix the ruby files though, right? So, let me know if you need help modifying the permissions. We can do it manually for this first build, and talk to the msf boys again later. Do you want me to take over the package upload from here, or do you want to finish up with the permission issues and submit it? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/20/07, Justin M. Wray [EMAIL PROTECTED] wrote: I'll be packaging tonight, and will place the package online for testing etc. Let me know if you are interested in testing. Great! Sure, I will test it. I think we should make the 'subversion' package a RECOMMENDS. What do you think? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Okay, so in general, I would agree that an application that doesn,t normall have a web feature, should seperated. I would also apply this rule to a GUI interface. But where do we draw the line? Just because MSF2 didn't have a GUI or a webinterface, doesn't mean that people using version 3 won't want it. Then again, are really the ones who should make that decision? I do not believe so. But do we really want a metaspolit-core, metasploit-gui, and metasploit- web. I do see a benifit, as dependencies would be diffrent etc. And I for one rearly use the web interface, and the GUI is far from mature. But then enters the legality issue. Can we really split the package up? That would require upstream approval, or for them to alter the way they distribute the package, and I see no benifit for them to do either. Do you? Last but I am sure not least, updates. Metasploit is updated with SVN, which would replace the missing files, so the first time the user updates his metaspolit installation (core) he ends up with the same thing he would have gotten with -web and -gui. Where is the point in that? Of course we could modifiy the package further, and make it only update part of the package, based on what they install. But all of that would come far after Gutst, and be more likely after Metasploit LLC releases a license change, which is in the works. So, I do agree, that split packages could be benifitial, however, I do not this that should be the focus of this release. Instead, I think a solid package from SVN with all compoents is in order. Thanks, Justin M. Wray Sent via BlackBerry by ATT -Original Message- From: Kristian Hermansen [EMAIL PROTECTED] Date: Mon, 20 Aug 2007 19:57:22 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/20/07, Alessandro Tanasi [EMAIL PROTECTED] wrote: I consider to deploy a separate package with web interface, in my packages. So, if we can't modify the package, does that mean that you want the same package in repositories twice, one with the web interface dependencies, and on without? I think the web interface is a huge part of msf3, especially for people who will be using it on Ubuntu. If we left that out, it would be a major detriment. Otherwise, we would need th same package in the repos twice (metasploit3 and metasploit3-web)... Are you a kind of pedantic guy? svn stay for nickname of subversion ;) I just wanted to make sure the package name was termed correctly. If you make the package RECOMMEND 'svn' apt will not resolve this package, as it is not valid. svn is the command name and not the package name. Yes, pedantics are my specialty :-p -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
I never noticed that msf2 had a GUI, then again I am much more of a CLI guy. Anyhow, I agree, we will add all depends, submit to Gutsy, and deal with the ideal situations down the road when they are possible. Thanks, Justin M. Wray Sent via BlackBerry by ATT -Original Message- From: Kristian Hermansen [EMAIL PROTECTED] Date: Mon, 20 Aug 2007 21:38:54 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/20/07, Justin M. Wray [EMAIL PROTECTED] wrote: Okay, so in general, I would agree that an application that doesn,t normall have a web feature, should seperated. I would also apply this rule to a GUI interface. But where do we draw the line? Yes, I also agree that under ideal circumstances this would be the case. However, we are working with a restrictive license so this become a larger issue. Suggest deferring until license is changed... Just because MSF2 didn't have a GUI or a webinterface, doesn't mean that people using version 3 won't want it. Then again, are really the ones who should make that decision? I do not believe so. msf2 did has a GUI as well :-) It just wasn't as easy to use as it is today. I use both the cli and gui, depending on how lazy I am and if I am screening the session, etc. Sometimes for n00bs, a GUI helps them learn enough that they can feel comfortable with the cli at a later point... But do we really want a metaspolit-core, metasploit-gui, and metasploit- web. I do see a benifit, as dependencies would be diffrent etc. And I for one rearly use the web interface, and the GUI is far from mature. But then enters the legality issue. Can we really split the package up? That would require upstream approval, or for them to alter the way they distribute the package, and I see no benifit for them to do either. Do you? Yes, there is a benefit, but not at the cost of delaying the package inclusion and/or dealing with license issues... Last but I am sure not least, updates. Metasploit is updated with SVN, which would replace the missing files, so the first time the user updates his metaspolit installation (core) he ends up with the same thing he would have gotten with -web and -gui. Where is the point in that? This is the best point to have been made. It makes no sense to break it up if you will pull the files right back in :-) Of course we could modifiy the package further, and make it only update part of the package, based on what they install. But all of that would come far after Gutst, and be more likely after Metasploit LLC releases a license change, which is in the works. So, I do agree, that split packages could be benifitial, however, I do not this that should be the focus of this release. Instead, I think a solid package from SVN with all compoents is in order. Agreed, so please include the dependencies for the web interface as well as I have listed. This will be great. 10 days left to cut off :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/17/07, Justin M. Wray [EMAIL PROTECTED] wrote: Kristian, I know you have been attempting to speak with the MSF Dev's. Any chance they will apply the patches upstream? Alessandro is right, it would make things a lot easier, because then we would have no need to edit the source. hdm is back it seems. Why don't you send an email to [EMAIL PROTECTED], let them know what we are trying to do, and about the issues we encountered. He hasn't gotten back yet about applying my script to the source. So, they may not want to do it. But let's make the list as short as possible. Maybe we can just ask him to change the Ruby paths instead, and do it manually? I think he might have been weary of using my script on the source blindly... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Justin M. Wray [EMAIL PROTECTED] wrote: Okay, well, we should be good to go, I was able to integrate the needed permission changes into the build. The Ruby patch applies as well. Excellent. Any other needed changes? Not that I can think of! I'll post linda/lintian without SVN errors, so we can review. Anything major? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Alessandro Tanasi [EMAIL PROTECTED] wrote: hello guys, i was away this days for the CCCamp. I heard it was a good time from my hackers on a plane friends :-) I see that you done a good work, but remember that tha msf sources can't modified. So you can't apply any sort of patches. The only file we modified was the ruby paths from '/usr/local/bin/ruby' to '/usr/bin/env ruby'. This is not intellectual property... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Justin M. Wray [EMAIL PROTECTED] wrote: Let's break down the License, and see where we fall. OK. So let's do this. Will msf3 work unmodified? And will Ubuntu allow msf3 to slip in unmodified into multiverse? If so, I say we just add it to Gutsy ASAP and then worry about cleaning it up for the next release. We could easily get into many days of interpretation of the license. If we can just place it in multiverse now, we can worry about all that stuff later and get more feedback from hdm when he is not so busy... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Justin M. Wray [EMAIL PROTECTED] wrote: You are right, and none of us (as far as I know) are lawyers, nor Dev's for MSF. But it is clear to me that modifications are allowed, and they would result in a cleaner package. Just throwing everything together, without fixing the current linda/lintian issue, will most likely get the package rejected, meaning it may not make it in Gutsy at all. Agreed. But if the Metasploit license requires that any changes must NOT be distributed, then we may have an issue. I think we know the license's intention, but we are not allowed to take a risk on behalf of Ubuntu regarding this. The guidelines are there to protect them. So, if we want to default to the least amount of risk, let's go with unmodified. Your only issue with adding it unmodified is that it may be rejected. When we submit it, we could let them know that the issues are only warnings at that they will be resolved in Gutsy+1. If they reject it then, we can send the modified version... But to answer the question at hand, Yes. Metasploit runs fine, exactly the way it is packaged, even with the Ruby path issues, and the permissions etc. We would still have a .desktop (Menu Entry) and everything else, so it works. Excellent... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/16/07, Alessandro Tanasi [EMAIL PROTECTED] wrote: I think that we need a law expert, and as i say in the first posts of this bug the only easy way is that the msf dev team start to distribute good archive. Yes ok, but that law does not come into play unless the package is modified, right? So we can worry about fixing the package later. We only have 12 more days to get msf3 in for Gutsy... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: We need to check into this a bit more, as I asked about the policy (when I started working on MSF), and was told, it is not against policy, just frowned upon. The problem, without the SVN updates, the user would be unable to pull the new exploits and modules. And its almost pointless to repackage and distribute the entire binary deb every time one exploit is released, which may only be 15 lines of Ruby. If we do decide to scrap the SVN update capability, we will need to come up with a update path for exploits/modules. You have a good point. If it is not against policy, and since this package with be in multiverse anyways, and having updates is a good thing obviously, let's leave them in! Thanks for making a valid point to convince me. You are right. If it is not a hard rule for Debian, it really does amkes sense to leave them in if we won't be penalized for it -- due to the nature of security products and how quickly they are updated. 6 months would be a long time to wait for a new release :-) Seems in this case we just ignore the SVN issue. Yup. Let's do it. Btw, the cutoff date for multiverse is August 30th. So, if we get the package in before that time, it will be in Gutsy. I checked with #ubuntu-motu. Also, I asked them about the license issues, and the only requirement for multiverse is that the package is allowed to be redistributed. So, we will have metasploit in Gutsy if we hurry up and get this done :-) Also, some of the errors linda/lintian is producing are due to the windows files packaged within MSF and the fact that some of the ruby modules aren't set as executable. This can easily be fixed by a patch (if not safely ignored). Just take my script, and comment out the clean_svn function at the bottom. Run the other two cleanup routines, and let me know how linda/lintian handles the result. Can you do that today? Can you create a diff patch of the end result of your script. That it what we would use in the Package, as well as what the MSF devs would want to see. The only files that need to be modified are the invalid Ruby script paths (/usr/local/bin/ruby). In my script, I fix them to be (/usr/bin/env ruby). I highly doubt that this constitutes a breach of the Metasploit license agreement, as this portion of the code is not the intellectual property. If we started to modify the logic, that would be a problem, and that's what the license is trying to prevent. All the other changes my script does are dealing with executable permissions and trying to determine which files should or should not be set. I think it worked fairly well. So, get back to me when you have a moment. Maybe we can check in our package into Gutsy before the weekend :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Okay, I am away from my desk at the moment, I'll run the scrip as soon as I get back, creat the patch, and repackage. Then we can take a look at the linda/lintian output. Thanks, Justin M. Wray Sent via BlackBerry by ATT -Original Message- From: Kristian Hermansen [EMAIL PROTECTED] Date: Wed, 15 Aug 2007 13:33:04 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: We need to check into this a bit more, as I asked about the policy (when I started working on MSF), and was told, it is not against policy, just frowned upon. The problem, without the SVN updates, the user would be unable to pull the new exploits and modules. And its almost pointless to repackage and distribute the entire binary deb every time one exploit is released, which may only be 15 lines of Ruby. If we do decide to scrap the SVN update capability, we will need to come up with a update path for exploits/modules. You have a good point. If it is not against policy, and since this package with be in multiverse anyways, and having updates is a good thing obviously, let's leave them in! Thanks for making a valid point to convince me. You are right. If it is not a hard rule for Debian, it really does amkes sense to leave them in if we won't be penalized for it -- due to the nature of security products and how quickly they are updated. 6 months would be a long time to wait for a new release :-) Seems in this case we just ignore the SVN issue. Yup. Let's do it. Btw, the cutoff date for multiverse is August 30th. So, if we get the package in before that time, it will be in Gutsy. I checked with #ubuntu-motu. Also, I asked them about the license issues, and the only requirement for multiverse is that the package is allowed to be redistributed. So, we will have metasploit in Gutsy if we hurry up and get this done :-) Also, some of the errors linda/lintian is producing are due to the windows files packaged within MSF and the fact that some of the ruby modules aren't set as executable. This can easily be fixed by a patch (if not safely ignored). Just take my script, and comment out the clean_svn function at the bottom. Run the other two cleanup routines, and let me know how linda/lintian handles the result. Can you do that today? Can you create a diff patch of the end result of your script. That it what we would use in the Package, as well as what the MSF devs would want to see. The only files that need to be modified are the invalid Ruby script paths (/usr/local/bin/ruby). In my script, I fix them to be (/usr/bin/env ruby). I highly doubt that this constitutes a breach of the Metasploit license agreement, as this portion of the code is not the intellectual property. If we started to modify the logic, that would be a problem, and that's what the license is trying to prevent. All the other changes my script does are dealing with executable permissions and trying to determine which files should or should not be set. I think it worked fairly well. So, get back to me when you have a moment. Maybe we can check in our package into Gutsy before the weekend :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: E: metasploit: wrong-path-for-ruby ./usr/share/metasploit/external /ruby-pcapx/examples/tcpdump.rb #!/usr/local/bin/ruby Your script does _NOT_ seem to fix this error. However, I do not get that output with or without your patch. It should! The clean_ruby_paths function should change three files which have this issue. Does it not? I basically just do a sed on the files and replace with (/usr/bin/env ruby). You could fix my script, if it is broken, but don't think it is! Or you could write another script/patch which does this. Or manually. Then we can get it packaged and uploaded for Gutsy. We only have two weeks though. So, let's hustle :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Yeah I looked over the script, should have worked. I just wanted to let you know. I will fix this, correct the rules, and repackage. Thanks, Justin M. Wray Sent via BlackBerry by ATT -Original Message- From: Kristian Hermansen [EMAIL PROTECTED] Date: Wed, 15 Aug 2007 15:31:45 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: E: metasploit: wrong-path-for-ruby ./usr/share/metasploit/external /ruby-pcapx/examples/tcpdump.rb #!/usr/local/bin/ruby Your script does_NOT_ seem to fix this error. However, I do not get that output with or without your patch. It should! The clean_ruby_paths function should change three files which have this issue. Does it not? I basically just do a sed on the files and replace with (/usr/bin/env ruby). You could fix my script, if it is broken, but don't think it is! Or you could write another script/patch which does this. Or manually. Then we can get it packaged and uploaded for Gutsy. We only have two weeks though. So, let's hustle :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: Here is the diff patch to correct Ruby paths... ** Attachment added: Ruby Path Correction (diff/patch) http://launchpadlibrarian.net/8841542/ruby.patch Great! So is it ready to be uploaded for Gutsy??? :-) -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: The Ruby issue has been resolved, but the scripts method for determining the correct permissions only partial worked. We still have plenty of permissions issues. So we need to decide how we will proceed with those. Can you post the warning messages? In addition, I have setup a symlink to /usr/bin/ for all of the executables (msfcli, msfgui, etc). And created a menu link with the MSF (#) logo. This is all working great, with no issue. The question however, were should we install the metasploit files? I was thinking /usr/local/metasploit/framework-3.0 I think /usr/share/package name is better... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: Can you post the warning messages? W: metasploit; Executable /usr/local/metasploit/framework-3.0/external/source/meterpreter/source/extensions/stdapi/server/net/net.h with perms 0755 is not an ELF file or script. Seems this should have been covered by the script? Should have! Did you first drop the script into the root directory of metasploit? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
When packaging you cannot modify the source package at all, other then through patches. As such I added the patch to the debian/rules. Let me check something. Thanks, Justin M. Wray Sent via BlackBerry by ATT -Original Message- From: Kristian Hermansen [EMAIL PROTECTED] Date: Wed, 15 Aug 2007 19:09:13 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: Can you post the warning messages? W: metasploit; Executable /usr/local/metasploit/framework-3.0/external/source/meterpreter/source/extensions/stdapi/server/net/net.h with perms 0755 is not an ELF file or script. Seems this should have been covered by the script? Should have! Did you first drop the script into the root directory of metasploit? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: When packaging you cannot modify the source package at all, other then through patches. As such I added the patch to the debian/rules. Let me check something. My file is a shell script, not a patch made with diff. And I made the script require to be run from the root directory. You can change that to suit the Debian rules if you like. I am not familiar with everything they enforce... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: Right, I made a diff, after running your script, thats the RUBY patch above. Of course :-) I saw that... However, 'diff' doesn't catch the change in file permissions etc. Yup! Therefore, within the debian/rules I used part of your script, but that doesn't seem to be working. What I am saying is that if you put the other parts of my script into another directory (debian/rules) and run it, it will fail to catch all the files I believe. It starts searching from the current directory and recursively downward... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
Oh okay, didn't catch what you mean't. Sorry. Yes, I changed the directory, to back to the root. I think there is a build function to do this, I just need to find it I am on the road, will be back on the PC in 45. Thanks, Justin M. Wray Sent via BlackBerry by ATT -Original Message- From: Kristian Hermansen [EMAIL PROTECTED] Date: Wed, 15 Aug 2007 20:31:10 To:[EMAIL PROTECTED] Subject: Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0 On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: Right, I made a diff, after running your script, thats the RUBY patch above. Of course :-) I saw that... However, 'diff' doesn't catch the change in file permissions etc. Yup! Therefore, within the debian/rules I used part of your script, but that doesn't seem to be working. What I am saying is that if you put the other parts of my script into another directory (debian/rules) and run it, it will fail to catch all the files I believe. It starts searching from the current directory and recursively downward... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a direct subscriber of the bug. -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: I think there is a build function to do this, I just need to find it Let me know if you find it... I am on the road, will be back on the PC in 45. No problem. I just got back from the BeanSec security meetup in Boston. Fun times... -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 102212] Re: [needs-packaging] Metasploit Framework 3.0
On 8/15/07, Justin M. Wray [EMAIL PROTECTED] wrote: Okay, so I got it working, sort of. I am now getting an error from you function, looking into this. Post the output? -- Kristian Erik Hermansen -- [needs-packaging] Metasploit Framework 3.0 https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
