search

BlackArch / blackarch

An ArchLinux based distribution for penetration testers and security researchers.
https://www.blackarch.org
Other
2.79k stars 556 forks source link

Arachni Broken #1863

Closed insan1k closed 6 years ago

insan1k commented 6 years ago

Hey guys, first of congrats for the distro, its great I'm loving it already. However, while I'm installing on an existing arch linux, I come across this issue:

Installed using:

sudo pacman -Syyu blackarch --force

while installing Arachni caught this error:

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/puma-2.14.0/ext/puma_http11
/opt/ruby2.3/bin/ruby-2.3 -r ./siteconf20180217-6422-152lmkb.rb extconf.rb
checking for BIO_read() in -lcrypto... yes
checking for SSL_CTX_new() in -lssl... yes
checking for openssl/bio.h... yes
creating Makefile

To see why this extension failed to compile, please check the mkmf.log which can be found here:

  /usr/share/arachni/vendor/bundle/ruby/2.3.0/extensions/x86_64-linux/2.3.0/puma-2.14.0/mkmf.log

current directory: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/puma-2.14.0/ext/puma_http11
make "DESTDIR=" clean

current directory: /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/puma-2.14.0/ext/puma_http11
make "DESTDIR="
compiling http11_parser.c
compiling puma_http11.c
compiling mini_ssl.c
In file included from mini_ssl.c:4:0:
/opt/ruby2.3/include/ruby-2.3.0/ruby/backward/rubyio.h:2:2: warning: #warning use "ruby/io.h" instead of "rubyio.h" [-Wcpp]
 #warning use "ruby/io.h" instead of "rubyio.h"
  ^~~~~~~
mini_ssl.c: In function ‘get_dh1024’:
mini_ssl.c:80:5: error: dereferencing pointer to incomplete type ‘DH {aka struct dh_st}’
   dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
     ^~
mini_ssl.c: In function ‘engine_init_client’:
mini_ssl.c:182:3: warning: ‘DTLSv1_method’ is deprecated [-Wdeprecated-declarations]
   conn->ctx = SSL_CTX_new(DTLSv1_method());
   ^~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from mini_ssl.c:9:
/usr/include/openssl/ssl.h:1642:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */
 ^
make: *** [Makefile:239: mini_ssl.o] Error 1

make failed, exit code 2

Gem files will remain installed in /usr/share/arachni/vendor/bundle/ruby/2.3.0/gems/puma-2.14.0 for inspection.
Results logged to /usr/share/arachni/vendor/bundle/ruby/2.3.0/extensions/x86_64-linux/2.3.0/puma-2.14.0/gem_make.out

An error occurred while installing puma (2.14.0), and Bundler cannot continue.
Make sure that `gem install puma -v '2.14.0'` succeeds before bundling.

In Gemfile:
  arachni was resolved to 1.5.1, which depends on
    puma
error: command failed to execute correctly

In inspecting the mkmf.log hinted in the output above got:

ensions/x86_64-linux/2.3.0/puma-2.14.0/mkmf.log
have_library: checking for BIO_read() in -lcrypto... -------------------- yes

"gcc -o conftest -I/opt/ruby2.3/include/ruby-2.3.0/x86_64-linux -I/opt/ruby2.3/include/ruby-2.3.0/ruby/backward -I/opt/ruby2.3/include/ruby-2.3.0 -I. -D_FORTIFY_SOURCE=2   -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -fPIC conftest.c  -L. -L/opt/ruby2.3/lib -L. -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -fstack-protector -rdynamic -Wl,-export-dynamic     -lruby  -lpthread -lgmp -ldl -lcrypt -lm   -lc"
checked program was:
/* begin */
1: #include "ruby.h"
2: 
3: int main(int argc, char **argv)
4: {
5:   return 0;
6: }
/* end */

"gcc -o conftest -I/opt/ruby2.3/include/ruby-2.3.0/x86_64-linux -I/opt/ruby2.3/include/ruby-2.3.0/ruby/backward -I/opt/ruby2.3/include/ruby-2.3.0 -I. -D_FORTIFY_SOURCE=2   -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -fPIC conftest.c  -L. -L/opt/ruby2.3/lib -L. -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -fstack-protector -rdynamic -Wl,-export-dynamic     -lruby -lcrypto  -lpthread -lgmp -ldl -lcrypt -lm   -lc"
conftest.c: In function ‘t’:
conftest.c:13:57: error: ‘BIO_read’ undeclared (first use in this function); did you mean ‘pread’?
 int t(void) { void ((*volatile p)()); p = (void ((*)()))BIO_read; return !p; }
                                                         ^~~~~~~~
                                                         pread
conftest.c:13:57: note: each undeclared identifier is reported only once for each function it appears in
checked program was:
/* begin */
 1: #include "ruby.h"
 2: 
 3: /*top*/
 4: extern int t(void);
 5: int main(int argc, char **argv)
 6: {
 7:   if (argc > 1000000) {
 8:     printf("%p", &t);
 9:   }
10: 
11:   return 0;
12: }
13: int t(void) { void ((*volatile p)()); p = (void ((*)()))BIO_read; return !p; }
/* end */

"gcc -o conftest -I/opt/ruby2.3/include/ruby-2.3.0/x86_64-linux -I/opt/ruby2.3/include/ruby-2.3.0/ruby/backward -I/opt/ruby2.3/include/ruby-2.3.0 -I. -D_FORTIFY_SOURCE=2   -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -fPIC conftest.c  -L. -L/opt/ruby2.3/lib -L. -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -fstack-protector -rdynamic -Wl,-export-dynamic     -lruby -lcrypto  -lpthread -lgmp -ldl -lcrypt -lm   -lc"
checked program was:
/* begin */
 1: #include "ruby.h"
 2: 
 3: /*top*/
 4: extern int t(void);
 5: int main(int argc, char **argv)
 6: {
 7:   if (argc > 1000000) {
 8:     printf("%p", &t);
 9:   }
10: 
11:   return 0;
12: }
13: extern void BIO_read();
14: int t(void) { BIO_read(); return 0; }
/* end */

--------------------

have_library: checking for SSL_CTX_new() in -lssl... -------------------- yes

"gcc -o conftest -I/opt/ruby2.3/include/ruby-2.3.0/x86_64-linux -I/opt/ruby2.3/include/ruby-2.3.0/ruby/backward -I/opt/ruby2.3/include/ruby-2.3.0 -I. -D_FORTIFY_SOURCE=2   -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -fPIC conftest.c  -L. -L/opt/ruby2.3/lib -L. -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -fstack-protector -rdynamic -Wl,-export-dynamic    -lcrypto  -lruby -lssl -lcrypto  -lpthread -lgmp -ldl -lcrypt -lm   -lc"
conftest.c: In function ‘t’:
conftest.c:13:57: error: ‘SSL_CTX_new’ undeclared (first use in this function)
 int t(void) { void ((*volatile p)()); p = (void ((*)()))SSL_CTX_new; return !p; }
                                                         ^~~~~~~~~~~
conftest.c:13:57: note: each undeclared identifier is reported only once for each function it appears in
checked program was:
/* begin */
 1: #include "ruby.h"
 2: 
 3: /*top*/
 4: extern int t(void);
 5: int main(int argc, char **argv)
 6: {
 7:   if (argc > 1000000) {
 8:     printf("%p", &t);
 9:   }
10: 
11:   return 0;
12: }
13: int t(void) { void ((*volatile p)()); p = (void ((*)()))SSL_CTX_new; return !p; }
/* end */

"gcc -o conftest -I/opt/ruby2.3/include/ruby-2.3.0/x86_64-linux -I/opt/ruby2.3/include/ruby-2.3.0/ruby/backward -I/opt/ruby2.3/include/ruby-2.3.0 -I. -D_FORTIFY_SOURCE=2   -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -fPIC conftest.c  -L. -L/opt/ruby2.3/lib -L. -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -fstack-protector -rdynamic -Wl,-export-dynamic    -lcrypto  -lruby -lssl -lcrypto  -lpthread -lgmp -ldl -lcrypt -lm   -lc"
checked program was:
/* begin */
 1: #include "ruby.h"
 2: 
 3: /*top*/
 4: extern int t(void);
 5: int main(int argc, char **argv)
 6: {
 7:   if (argc > 1000000) {
 8:     printf("%p", &t);
 9:   }
10: 
11:   return 0;
12: }
13: extern void SSL_CTX_new();
14: int t(void) { SSL_CTX_new(); return 0; }
/* end */

--------------------

have_header: checking for openssl/bio.h... -------------------- yes

"gcc -E -I/opt/ruby2.3/include/ruby-2.3.0/x86_64-linux -I/opt/ruby2.3/include/ruby-2.3.0/ruby/backward -I/opt/ruby2.3/include/ruby-2.3.0 -I. -D_FORTIFY_SOURCE=2   -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -fPIC  conftest.c -o conftest.i"
checked program was:
/* begin */
1: #include "ruby.h"
2: 
3: #include <openssl/bio.h>
/* end */

--------------------

Seems related to:

https://github.com/puma/puma/issues/1181

NovaCygni commented 6 years ago

Not a problem with Arachni this a problem with the users installed Ruby installations, I would suggest removing the offending installed ruby packages, then reinstall them as a normal user, as after all if you didn't know about the existing Ruby permissions issues your likely quicker to simply remove all traces of the installed Ruby, and reinstall it. Flags Tool not broken, invalid/incorrect named "BugReport". Issue with users Ruby Installation

insan1k commented 6 years ago

@NovaCygni thanks I'll keep that in mind, this was a fresh install of arch then blackarch on top. So I'm absolutely clueless where these packages could have come from. I'll do as you suggested and report back.

noptrix commented 6 years ago

fixed now