metasploit (msf) : create a wrapper to overwrite Gemfile.lock file

[GoogleCodeExporter]

Gemfile.lock has a very strict list of dep-packages.
After upgrading to a next minor version of any deps, msf refuses to run.

A simple workaround is to re-emerge metasploit and re-generate the lock file.

As a possible solution for this problem we could create a wrapper which would 
make Gamefile.lock blank, so buldler:setup would re-generate it on a startup. 
And that requires a world-writable (or user-writable) permission for this file.

Original issue reported on code.google.com by blshkv on 27 Aug 2013 at 10:15

[GoogleCodeExporter]

world-writable doesn't help, because if the file is world-writable but 
populated it won't regenerate.

we have to actually remove the file or it won't regenerate.

user-writable by default won't help much either, because if root starts 
metasploit the new file will be owned by root and not user writable.

It may be possible to write a wrapper that creates the new file and chmod 666's 
it, but if the user ever ran metasploit without the wrapper as root they would 
have a root owned lockfile again.

Honestly, I'm not sure this is worth it at all.

Original comment by sidhayn on 27 Aug 2013 at 2:01

• Changed state: New
• Added labels: Priority-Low, Type-Enhancement
• Removed labels: Priority-Medium, Type-Defect

[GoogleCodeExporter]

no, they won't. It does not overwrite the existing file with locked deps.

Even if it would, it's easy to check the ownership in a wrapper and spit out an 
error.

Original comment by blshkv on 27 Aug 2013 at 4:02

[GoogleCodeExporter]

finish your bundler joy

Original comment by blshkv on 28 Aug 2013 at 1:12

[GoogleCodeExporter]

no idea how to make this usable at this time.

Original comment by sidhayn on 28 Aug 2013 at 1:37

• Changed state: WontFix

[GoogleCodeExporter]

users hit the error after upgrading dev-ruby/json -> 1.8.0

19:32 < bill_e_ghote> Metasploit msfconsole refuses to run unless it finds 
json-1.7.7, apparently.

The solution is the same: echo > Gemfile.lock. It will be re-created with the 
updated list on the next run

Original comment by blshkv on 4 Sep 2013 at 3:11

• Changed title: metasploit (msf) : create a wrapper to overwrite Gemfile.lock file
• Changed state: Accepted

[GoogleCodeExporter]

As I told you before I closed it, you want it, you fix it. re-assigning bug.

Original comment by sidhayn on 4 Sep 2013 at 3:16

[GoogleCodeExporter]

#!/bin/sh
#normally msf makes this dir, however, this script runs first
if [ ! -d ~/.msf4 ]; then
    mkdir ~/.msf4
fi

#we cannot control if msfconsole exits normally so always start with cleanup
if [ -f ~/.msf4/Gemfile ]; then
    rm ~/.msf4/Gemfile
fi
if [ -f ~/.msf4/Gemfile.lock ]; then
    rm ~/.msf4/Gemfile.lock
fi

#fetch the latest Gemfile from the selected version of msf
cp /usr/lib/metasploit/Gemfile ~/.msf4
#load metasploit with the copied Gemfile
BUNDLE_GEMFILE=~/.msf4/Gemfile msfconsole "$@"
#profit

thoughts?

Original comment by sidhayn on 24 Apr 2014 at 2:22

[GoogleCodeExporter]

added to gentoo in eselect-metasploit-0.12 and improved in 0.13, I think we are 
good here.

Original comment by sidhayn on 26 Apr 2014 at 11:43

• Changed state: Fixed