mellertson commented 6 years ago

I followed the instructions to install pentest-env, twice actually with the same results. When I run rake an SSL validation error is returned.

$ rake
rm -rf cookbooks
berks vendor cookbooks
Resolving cookbook dependencies...
Fetching 'couchdb' from https://github.com/sliim-cookbooks/couchdb-cookbook (at master)
Fetching 'network_interfaces' from https://github.com/sliim-cookbooks/network_interfaces (at fixes)
Fetching 'pentest-env' from source at cookbook
Fetching cookbook index from https://supermarket.getchef.com...
[2017-11-11T00:32:58-07:00] ERROR: SSL Validation failure connecting to host: supermarket.getchef.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed
/opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/chef-13.6.4/lib/chef/http.rb:446:in `rescue in retrying_http_errors': SSL Error connecting to https://supermarket.getchef.com/universe - SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)
    from /opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/chef-13.6.4/lib/chef/http.rb:403:in `retrying_http_errors'
    from /opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/chef-13.6.4/lib/chef/http.rb:367:in `send_http_request'
    from /opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/chef-13.6.4/lib/chef/http.rb:149:in `request'
    from /opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/chef-13.6.4/lib/chef/http.rb:115:in `get'
    from /opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/berkshelf-6.3.1/lib/berkshelf/ridley_compat.rb:30:in `get'
    from /opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/berkshelf-6.3.1/lib/berkshelf/api_client/connection.rb:46:in `universe'
    from /opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/berkshelf-6.3.1/lib/berkshelf/source.rb:85:in `build_universe'
    from /opt/vagrant/embedded/lib/ruby/gems/2.3.0/gems/berkshelf-6.3.1/lib/berkshelf/installer.rb:24:in `block (2 levels) in build_universe'
rake aborted!
Command failed with status (1): [berks vendor cookbooks...]
/opt/vagrant_servers/pentest-env/Rakefile:5:in `block in <top (required)>'
Tasks: TOP => default => vendor
(See full trace by running task with --trace)

The weird thing is to me is, I am able to grab the HTTP file using wget, like this: wget https://supermarket.getchef.com/universe

I don't really know much about Ruby, so I'm at a bit of a loss here. Does anyone have an idea of how to fix this issue?

Sliim commented 6 years ago

Hi! Can you try to run berkshelf in debug mode please?

berks vendor -d cookbooks

I successfully ran this command in my environment, same version of berkshelf

Sliim commented 6 years ago

Maybe related but should be fixed in berkshelf 6.2.2: hxxps://github.com/berkshelf/berkshelf/issues/1718

Sliim commented 6 years ago

berks was not run with bundler, try with:

bundle exec berks vendor

thewb commented 6 years ago

Macintosh:pentest-env thewb@ibm.com$ bundle exec berks vendor Resolving cookbook dependencies... Fetching 'couchdb' from https://github.com/sliim-cookbooks/couchdb-cookbook (at master) Fetching 'network_interfaces' from https://github.com/sliim-cookbooks/network_interfaces (at fixes) Fetching 'pentest-env' from source at cookbook Fetching cookbook index from https://supermarket.getchef.com... [2018-07-12T16:30:09-07:00] ERROR: SSL Validation failure connecting to host: supermarket.getchef.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

<Thread:0x00007ff75d990820@/Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/berkshelf-7.0.4/lib/berkshelf/installer.rb:21 run> terminated with exception (report_on_exception is true):

Traceback (most recent call last): 8: from /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/berkshelf-7.0.4/lib/berkshelf/installer.rb:24:in block (2 levels) in build_universe' 7: from /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/berkshelf-7.0.4/lib/berkshelf/source.rb:85:inbuild_universe' 6: from /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/berkshelf-7.0.4/lib/berkshelf/api_client/connection.rb:47:in universe' 5: from /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/berkshelf-7.0.4/lib/berkshelf/ridley_compat.rb:35:inget' 4: from /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/chef-14.3.37/lib/chef/http.rb:115:in get' 3: from /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/chef-14.3.37/lib/chef/http.rb:149:inrequest' 2: from /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/chef-14.3.37/lib/chef/http.rb:365:in send_http_request' 1: from /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/chef-14.3.37/lib/chef/http.rb:408:inretrying_http_errors' /Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/chef-14.3.37/lib/chef/http.rb:451:in `rescue in retrying_http_errors': SSL Error connecting to https://supermarket.getchef.com/universe - SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError) OpenSSL::SSL::SSLError SSL Error connecting to https://supermarket.getchef.com/universe - SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) Macintosh:pentest-env thewb@ibm.com$

Sliim commented 6 years ago

On mac, try:

brew install curl-ca-bundle
export SSL_CERT_FILE='/usr/local/opt/curl-ca-bundle/share/ca-bundle.crt'

From https://github.com/berkshelf/berkshelf/issues/378

thewb commented 6 years ago

That didn't work, it's deprecated.

ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE" export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem

And now I get this error:

Fetching cookbook index from https://supermarket.getchef.com... Unable to satisfy the following requirements:

couchdb (= 0.0.0) required by user-specified dependency Unable to find a solution for demands: apache2 (>= 0.0.0), apt (>= 0.0.0), aws (>= 0.0.0), beef (>= 0.0.0), bricks (>= 0.0.0), build-essential (>= 0.0.0), chef-server (>= 0.0.0), couchdb (0.0.0), database (>= 0.0.0), dvwa (>= 0.0.0), elite (>= 0.0.0), faraday (>= 0.0.0), gruyere (>= 0.0.0), hostname (>= 0.0.0), hostsfile (>= 0.0.0), kali (>= 0.0.0), mysql (>= 0.0.0), nessus (>= 0.0.0), network_interfaces (0.0.0), nexpose (>= 0.0.0), openssl (>= 0.0.0), pentest-env (1.1.0), pentester (>= 0.0.0), php (= 4.6.0), postgresql (>= 0.0.0), proxychains (>= 0.0.0), tor-full (>= 0.0.0), vicnum (>= 0.0.0), webgoat (>= 0.0.0), xfs (>= 0.0.0), xml (>= 0.0.0)

Sliim commented 6 years ago

Ok, the SSL issue is now resolved. Can you create an other issue about this error please? I will check that, cookbook dependencies surely require an update.. (Try removing the Berksfile.lock if exists, then rerun your berks vendor command, maybe this will fix this error, otherwise i will provide a fix this week end) Thanks for reporting that!

Sliim / pentest-env

SSL Error connecting to https://supermarket.getchef.com/universe #40

<Thread:0x00007ff75d990820@/Users/thewb@ibm.com/Repos/pentest-env/vendor/bundle/ruby/2.5.0/gems/berkshelf-7.0.4/lib/berkshelf/installer.rb:21 run> terminated with exception (report_on_exception is true):