Open Alan-Daniels opened 1 year ago
Same issue. I've isolated the php_545 output I got and pasted below.
qemu: Recipe: metasploitable::php_545
qemu: * execute[install prereqs] action run
qemu: - execute apt-get install -y gcc make build-essential libxml2-dev libcurl4-openssl-dev libpcre3-dev libbz2-dev libjpeg-dev libpng12-dev libfreetype6-dev libt1-dev libmcrypt-dev libmhash-dev freetds-dev libmysqlclient-dev unixodbc-dev libxslt1-dev apache2-dev
qemu: * execute[fix freetype bug] action run
qemu: - execute mkdir -pv /usr/include/freetype2/freetype && ln -sf /usr/include/freetype2/freetype.h /usr/include/freetype2/freetype/freetype.h
qemu: * remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz] action create_if_missing
qemu: - create new file /tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz
qemu: - update content in file /tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz from none to 46be2d
qemu: (file sizes exceed 10000000 bytes, diff output suppressed)
qemu: - change mode from '' to '0644'
qemu: * remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/libxml29_compat.patch] action create_if_missing[2023-03-19T17:07:31+00:00] ERROR: SSL Validation failure connecting to host: mail.gnome.org - SSL_connect returned=1 errno=0 state=error: certificate verify failed
qemu: [2023-03-19T17:07:31+00:00] ERROR: SSL Validation failure connecting to host: mail.gnome.org - SSL_connect returned=1 errno=0 state=error: certificate verify failed
qemu:
qemu:
qemu: ================================================================================
qemu: Error executing action `create_if_missing` on resource 'remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/libxml29_compat.patch]'
qemu: ================================================================================
qemu:
qemu: OpenSSL::SSL::SSLError
qemu: ----------------------
qemu: SSL Error connecting to https://mail.gnome.org/archives/xml/2012-August/txtbgxGXAvz4N.txt - SSL_connect returned=1 errno=0 state=error: certificate verify failed
qemu:
qemu: Resource Declaration:
qemu: ---------------------
qemu: # In /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/metasploitable/recipes/php_545.rb
qemu:
qemu: 32: remote_file "#{Chef::Config[:file_cache_path]}/libxml29_compat.patch" do
qemu: 33: source "https://mail.gnome.org/archives/xml/2012-August/txtbgxGXAvz4N.txt"
qemu: 34: mode '0644'
qemu: 35: action :create_if_missing
qemu: 36: not_if 'apache2ctl -M | grep -q php5'
qemu: 37: end
qemu: 38:
qemu:
qemu: Compiled Resource:
qemu: ------------------
qemu: # Declared in /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/metasploitable/recipes/php_545.rb:32:in `from_file'
qemu:
qemu: remote_file("/tmp/packer-chef-solo/local-mode-cache/cache/libxml29_compat.patch") do
qemu: provider Chef::Provider::RemoteFile
qemu: action [:create_if_missing]
qemu: default_guard_interpreter :default
qemu: source ["https://mail.gnome.org/archives/xml/2012-August/txtbgxGXAvz4N.txt"]
qemu: use_etag true
qemu: use_last_modified true
qemu: declared_type :remote_file
qemu: cookbook_name "metasploitable"
qemu: recipe_name "php_545"
qemu: mode "0644"
qemu: remote_domain nil
qemu: remote_user nil
qemu: path "/tmp/packer-chef-solo/local-mode-cache/cache/libxml29_compat.patch"
qemu: owner nil
qemu: group nil
qemu: checksum nil
qemu: verifications []
qemu: not_if "apache2ctl -M | grep -q php5"
qemu: end
qemu:
qemu: System Info:
qemu: ------------
qemu: chef_version=13.8.5
qemu: platform=ubuntu
qemu: platform_version=14.04
qemu: ruby=ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
qemu: program_name=chef-solo worker: ppid=1058;start=17:05:34;
qemu: executable=/opt/chef/bin/chef-solo
qemu:
qemu: Recipe: iptables::default
qemu: * execute[rebuild-iptables] action run
qemu: - execute /usr/sbin/rebuild-iptables
qemu:
qemu: Running handlers:
qemu: [2023-03-19T17:07:31+00:00] ERROR: Running exception handlers
qemu: [2023-03-19T17:07:31+00:00] ERROR: Running exception handlers
qemu: Running handlers complete
qemu: [2023-03-19T17:07:31+00:00] ERROR: Exception handlers complete
qemu: [2023-03-19T17:07:31+00:00] ERROR: Exception handlers complete
qemu: Chef Client failed. 89 resources updated in 01 minutes 56 seconds
qemu: [2023-03-19T17:07:31+00:00] FATAL: Stacktrace dumped to /tmp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
qemu: [2023-03-19T17:07:31+00:00] FATAL: Stacktrace dumped to /tmp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
qemu: [2023-03-19T17:07:31+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
qemu: [2023-03-19T17:07:31+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
qemu: [2023-03-19T17:07:31+00:00] ERROR: remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/libxml29_compat.patch] (metasploitable::php_545 line 32) had an error: OpenSSL::SSL::SSLError: SSL Error connecting to https://mail.gnome.org/archives/xml/2012-August/txtbgxGXAvz4N.txt - SSL_connect returned=1 errno=0 state=error: certificate verify failed
qemu: [2023-03-19T17:07:31+00:00] ERROR: remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/libxml29_compat.patch] (metasploitable::php_545 line 32) had an error: OpenSSL::SSL::SSLError: SSL Error connecting to https://mail.gnome.org/archives/xml/2012-August/txtbgxGXAvz4N.txt - SSL_connect returned=1 errno=0 state=error: certificate verify failed
qemu: [2023-03-19T17:07:31+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
qemu: [2023-03-19T17:07:31+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
==> qemu: Provisioning step had errors: Running the cleanup provisioner, if present...
==> qemu: Deleting output directory...
Build 'qemu' errored after 6 minutes 33 seconds: Error executing Chef: Non-zero exit status: 1
==> Wait completed after 6 minutes 33 seconds
==> Some builds didn't complete successfully and had errors:
--> qemu: Error executing Chef: Non-zero exit status: 1
==> Builds finished but no artifacts were created.
Same issue. Try to modify php_545.rb. Go to metasploitable3/chef/cookbooks/metasploitable/recipes directory and find php_545.rb. Find:
remote_file "#{Chef::Config[:file_cache_path]}/libxml29_compat.patch" do
source "https://mail.gnome.org/archives/xml/2012-August/txtbgxGXAvz4N.txt"
mode '0644'
action :create_if_missing
not_if 'apache2ctl -M | grep -q php5'
end
Change link to this https://gist.githubusercontent.com/tassoevan/74a65692bd1ddccec5fb/raw/14d4bd547b022ed80737688d0e7f48bac3c1c951/libxml29_compat.patch.
Just like that:
remote_file "#{Chef::Config[:file_cache_path]}/libxml29_compat.patch" do
source "https://gist.githubusercontent.com/tassoevan/74a65692bd1ddccec5fb/raw/14d4bd547b022ed80737688d0e7f48bac3c1c951/libxml29_compat.patch"
mode '0644'
action :create_if_missing
not_if 'apache2ctl -M | grep -q php5'
end
In my case it works.
virtualbox-iso: * remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz] action create_if_missing[2023-06-19T14:57:43+00:00] ERROR: SSL Validation failure connecting to host: museum.php.net - SSL_connect returned=1 errno=0 state=error: certificate verify failed
virtualbox-iso: [2023-06-19T14:57:43+00:00] ERROR: SSL Validation failure connecting to host: museum.php.net - SSL_connect returned=1 errno=0 state=error: certificate verify failed
virtualbox-iso:
virtualbox-iso:
virtualbox-iso: ================================================================================
virtualbox-iso: Error executing action 'create_if_missing' on resource 'remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz]'
virtualbox-iso: ================================================================================
virtualbox-iso:
virtualbox-iso: OpenSSL::SSL::SSLError
virtualbox-iso: ----------------------
virtualbox-iso: SSL Error connecting to http://museum.php.net/php5//php-5.4.5.tar.gz - SSL Error connecting to https://museum.php.net/php5/php-5.4.5.tar.gz - SSL_connect returned=1 errno=0 state=error: certificate verify failed
virtualbox-iso:
virtualbox-iso: Resource Declaration:
virtualbox-iso: ---------------------
virtualbox-iso: # In /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/metasploitable/recipes/php_545.rb
virtualbox-iso:
virtualbox-iso: 25: remote_file "#{Chef::Config[:file_cache_path]}/#{php_tar}" do
virtualbox-iso: 26: source "#{node[:php545][:download_url]}/#{php_tar}"
virtualbox-iso: 27: mode '0644'
virtualbox-iso: 28: action :create_if_missing
virtualbox-iso: 29: not_if 'apache2ctl -M | grep -q php5'
virtualbox-iso: 30: end
virtualbox-iso: 31:
virtualbox-iso:
virtualbox-iso: Compiled Resource:
virtualbox-iso: ------------------
virtualbox-iso: # Declared in /tmp/packer-chef-solo/local-mode-cache/cache/cookbooks/metasploitable/recipes/php_545.rb:25:in 'from_file'
virtualbox-iso:
virtualbox-iso: remote_file("/tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz") do
virtualbox-iso: provider Chef::Provider::RemoteFile
virtualbox-iso: action [:create_if_missing]
virtualbox-iso: default_guard_interpreter :default
virtualbox-iso: source ["http://museum.php.net/php5//php-5.4.5.tar.gz"]
virtualbox-iso: use_etag true
virtualbox-iso: use_last_modified true
virtualbox-iso: declared_type :remote_file
virtualbox-iso: cookbook_name "metasploitable"
virtualbox-iso: recipe_name "php_545"
virtualbox-iso: mode "0644"
virtualbox-iso: remote_domain nil
virtualbox-iso: remote_user nil
virtualbox-iso: path "/tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz"
virtualbox-iso: owner nil
virtualbox-iso: group nil
virtualbox-iso: checksum nil
virtualbox-iso: verifications []
virtualbox-iso: not_if "apache2ctl -M | grep -q php5"
virtualbox-iso: end
virtualbox-iso:
virtualbox-iso: System Info:
virtualbox-iso: ------------
virtualbox-iso: chef_version=13.8.5
virtualbox-iso: platform=ubuntu
virtualbox-iso: platform_version=14.04
virtualbox-iso: ruby=ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
virtualbox-iso: program_name=chef-solo worker: ppid=1092;start=14:55:06;
virtualbox-iso: executable=/opt/chef/bin/chef-solo
virtualbox-iso:
virtualbox-iso: Recipe: iptables::default
virtualbox-iso: * execute[rebuild-iptables] action run
virtualbox-iso: - execute /usr/sbin/rebuild-iptables
virtualbox-iso:
virtualbox-iso: Running handlers:
virtualbox-iso: [2023-06-19T14:57:43+00:00] ERROR: Running exception handlers
virtualbox-iso: [2023-06-19T14:57:43+00:00] ERROR: Running exception handlers
virtualbox-iso: Running handlers complete
virtualbox-iso: [2023-06-19T14:57:43+00:00] ERROR: Exception handlers complete
virtualbox-iso: [2023-06-19T14:57:43+00:00] ERROR: Exception handlers complete
virtualbox-iso: Chef Client failed. 88 resources updated in 02 minutes 36 seconds
virtualbox-iso: [2023-06-19T14:57:43+00:00] FATAL: Stacktrace dumped to /tmp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
virtualbox-iso: [2023-06-19T14:57:43+00:00] FATAL: Stacktrace dumped to /tmp/packer-chef-solo/local-mode-cache/cache/chef-stacktrace.out
virtualbox-iso: [2023-06-19T14:57:43+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
virtualbox-iso: [2023-06-19T14:57:43+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
virtualbox-iso: [2023-06-19T14:57:43+00:00] ERROR: remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz] (metasploitable::php_545 line 25) had an error: OpenSSL::SSL::SSLError: SSL Error connecting to http://museum.php.net/php5//php-5.4.5.tar.gz - SSL Error connecting to https://museum.php.net/php5/php-5.4.5.tar.gz - SSL_connect returned=1 errno=0 state=error: certificate verify failed
virtualbox-iso: [2023-06-19T14:57:43+00:00] ERROR: remote_file[/tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz] (metasploitable::php_545 line 25) had an error: OpenSSL::SSL::SSLError: SSL Error connecting to http://museum.php.net/php5//php-5.4.5.tar.gz - SSL Error connecting to https://museum.php.net/php5/php-5.4.5.tar.gz - SSL_connect returned=1 errno=0 state=error: certificate verify failed
virtualbox-iso: [2023-06-19T14:57:43+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
virtualbox-iso: [2023-06-19T14:57:43+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
==> virtualbox-iso: Provisioning step had errors: Running the cleanup provisioner, if present...
==> virtualbox-iso: Cleaning up floppy disk...
==> virtualbox-iso: Deregistering and deleting VM...
==> virtualbox-iso: Deleting output directory...
Build 'virtualbox-iso' errored: Error executing Chef: Non-zero exit status: 1
==> Some builds didn't complete successfully and had errors:
--> virtualbox-iso: Error executing Chef: Non-zero exit status: 1
==> Builds finished but no artifacts were created.
in my case it cusses on another php file. I tried to change the source in https://github.com/rapid7/metasploitable3/issues/590#issuecomment-1508467752 to https://prototype.php.net/distributions/php-5.4.5.tar.gz (it's from the official php website). It didn't work for me. Still have this problem.
getting the same error as @stasguma trying to build on Ubuntu 22.04. updating Manjaro box and will try building on that and see what happens
edit: tried on manjaro and getting the same there. have tried running it while connected to VPN and not and can download through browser on both
I found a workaround. You need to change the source on line 25 chef\cookbooks\metasploitable\recipes\php_545.rb
to https://github.com/php/php-src/archive/refs/tags/#{php_tar}
. After that use this https://github.com/rapid7/metasploitable3/issues/590#issuecomment-1508467752 answer.
The final result should look like:
remote_file "#{Chef::Config[:file_cache_path]}/#{php_tar}" do
source "https://github.com/php/php-src/archive/refs/tags/#{php_tar}"
mode '0644'
action :create_if_missing
not_if 'apache2ctl -M | grep -q php5'
end
remote_file "#{Chef::Config[:file_cache_path]}/libxml29_compat.patch" do
source "https://gist.githubusercontent.com/tassoevan/74a65692bd1ddccec5fb/raw/14d4bd547b022ed80737688d0e7f48bac3c1c951/libxml29_compat.patch"
mode '0644'
action :create_if_missing
not_if 'apache2ctl -M | grep -q php5'
end
but now I have another error.
virtualbox-iso: * execute[patch php] action nothing (skipped due to action :nothing)
virtualbox-iso: * execute[extract php] action run
virtualbox-iso: - execute tar -xvzf /tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5.tar.gz -C /tmp/packer-chef-solo/local-mode-cache/cache
virtualbox-iso: * execute[patch php] action run
virtualbox-iso:
virtualbox-iso: ================================================================================
virtualbox-iso: Error executing action `run` on resource 'execute[patch php]'
virtualbox-iso: ================================================================================
virtualbox-iso:
virtualbox-iso: Mixlib::ShellOut::ShellCommandFailed
virtualbox-iso: ------------------------------------
virtualbox-iso: Expected process to exit with [0], but received '1'
virtualbox-iso: ---- Begin output of patch -p0 -b < ../libxml29_compat.patch ----
virtualbox-iso: STDOUT:
virtualbox-iso: STDERR: /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/mixlib-shellout-2.3.2/lib/mixlib/shellout/unix.rb:185:in `chdir': No such file or directory @ dir_chdir - /tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5 (Errno::ENOENT)
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/mixlib-shellout-2.3.2/lib/mixlib/shellout/unix.rb:185:in `set_cwd'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/mixlib-shellout-2.3.2/lib/mixlib/shellout/unix.rb:337:in `block in fork_subprocess'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/mixlib-shellout-2.3.2/lib/mixlib/shellout/unix.rb:318:in `fork'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/mixlib-shellout-2.3.2/lib/mixlib/shellout/unix.rb:318:in `fork_subprocess'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/mixlib-shellout-2.3.2/lib/mixlib/shellout/unix.rb:95:in `run_command'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/mixlib-shellout-2.3.2/lib/mixlib/shellout.rb:263:in `run_command'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/mixin/shell_out.rb:171:in `shell_out_command'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/mixin/shell_out.rb:125:in `shell_out_with_systems_locale'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/mixin/shell_out.rb:129:in `shell_out_with_systems_locale!'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/provider/execute.rb:58:in `block in action_run'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/mixin/why_run.rb:52:in `add_action'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/provider.rb:202:in `converge_by'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/provider/execute.rb:56:in `action_run'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/provider.rb:171:in `run_action'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/resource.rb:591:in `run_action'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/runner.rb:70:in `run_action'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/runner.rb:78:in `block in run_action'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/runner.rb:76:in `each'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/runner.rb:76:in `run_action'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/runner.rb:98:in `block (2 levels) in converge'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/runner.rb:98:in `each'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/runner.rb:98:in `block in converge'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/resource_collection/resource_list.rb:94:in `block in execute_each_resource'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/resource_collection/resource_list.rb:92:in `execute_each_resource'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/runner.rb:97:in `converge'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/client.rb:718:in `block in converge'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/client.rb:713:in `catch'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/client.rb:713:in `converge'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/client.rb:752:in `converge_and_save'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/client.rb:286:in `run'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application.rb:292:in `block in fork_chef_client'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application.rb:280:in `fork'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application.rb:280:in `fork_chef_client'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application.rb:245:in `block in run_chef_client'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/local_mode.rb:44:in `with_server_connectivity'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application.rb:233:in `run_chef_client'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application/client.rb:469:in `sleep_then_run_chef_client'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application/client.rb:458:in `block in interval_run_chef_client'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application/client.rb:457:in `loop'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application/client.rb:457:in `interval_run_chef_client'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application/client.rb:441:in `run_application'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application.rb:59:in `run'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/lib/chef/application/solo.rb:225:in `run'
virtualbox-iso: from /opt/chef/embedded/lib/ruby/gems/2.4.0/gems/chef-13.8.5/bin/chef-solo:25:in `<top (required)>'
virtualbox-iso: from /usr/bin/chef-solo:59:in `load'
virtualbox-iso: from /usr/bin/chef-solo:59:in `<main>'
virtualbox-iso: ---- End output of patch -p0 -b < ../libxml29_compat.patch ----
virtualbox-iso: Ran patch -p0 -b < ../libxml29_compat.patch returned 1
TLDR; The SSL issue for museum.php.net is due to this distro being on openssl 1.0.1 and due to the DST Root CA X3
certificate expiring on 2021-09-30. To bypass the error, we can modify the chef provisioner to no longer reference that expired CA.
I looked into this a bit. @stasguma your most recent error is /tmp/packer-chef-solo/local-mode-cache/cache/php-5.4.5 (Errno::ENOENT)
because the tarball from github extracts to something more verbose like php-src-php-5.4.5
or something -- but fixing that path leads to an error about a missing ./configure
script because something to do with the tarballs from github src not including a ./configure
file and instead requiring it to be manually force-built with I-can't-remember-it-was-late-at-night other-script-in-that-bundle-first at which point I table-flipped and went back to figuring out the original SSL error.
The original SSL error for me was complaining about an expired certificate:
==> default: [2023-07-12T22:49:06+00:00] FATAL: OpenSSL::SSL::SSLError: remote_file[/var/chef/cache/php-5.4.5.tar.gz] (midterm-vuln::php_545 line 27) had an error: OpenSSL::SSL::SSLError: SSL Error connecting to http://museum.php.net/php5//php-5.4.5.tar.gz - SSL Error connecting to https://museum.php.net/php5/php-5.4.5.tar.gz - SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)
(some of my paths and possibly my error messages are different because I build directly using vagrant provision
instead of packer)
This is happening because this ubuntu image is using openssl 1.0.1f, which has the same issue as described here for openssl 1.0.2, quoted below:
The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
And that's the issue with museum.php.net, as shown below. An expired cert on DST Root CA X3. (Script below run from a partly-provisioned box):
vagrant@vagrant:~$ openssl s_client -CApath /etc/ssl/certs/ -connect museum.php.net:443
CONNECTED(00000003)
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
---
Certificate chain
0 s:/CN=*.php.net
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
So following the guidance in that openssl site, and reading from man update-ca-certificates
, I removed the DST Root CA X3
from the distro's trusted cert store as follows:
/etc/ca-certificates.conf
to add a !
before mozilla/DST_Root_CA_X3.crt
update-ca-certificates
:
vagrant@vagrant:~$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs... 0 added, 1 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
openssl
, verify no more error:
vagrant@vagrant:~$ openssl s_client -CApath /etc/ssl/certs/ -connect museum.php.net:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = *.php.net
verify return:1
---
But then the chef provisioner includes its own bundled ca certificates, so I needed to tell it to instead use the distro's list of certs, which I'm currently doing by modifying the chef_solo binary with an environment variable, which was hinted at in a chef github issue:
chef.binary_env = "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"
(chef fixed their bundled certs in a later chef version (that cert removed from its own bundled list), but we're stuck on 15.1.36 with this distro.)
Provisioning works without an SSL error for the php545 recipe this way, without modifying that recipe. I don't have issues fetching that patch file :shrug:
I'll play with this a bit more and maybe think of a more elegant way to remove that cert from the trusted store, probably by modifying an early chef script.
I think this will work:
diff --git a/chef/cookbooks/metasploitable/recipes/system_config.rb b/chef/cookbooks/metasploitable/recipes/system_config.rb
new file mode 100644
index 0000000..c672ca4
--- /dev/null
+++ b/chef/cookbooks/metasploitable/recipes/system_config.rb
@@ -0,0 +1,11 @@
+# See https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ and https://github.com/chef/chef/issues/12126
+
+bash 'disable expired DST Root CA X3 certificate' do
+ code <<-EOS
+ sed -i 's:^mozilla/DST_Root_CA_X3.crt:!mozilla/DST_Root_CA_X3.crt:' /etc/ca-certificates.conf
+ update-ca-certificates
+ EOS
+ not_if "grep -q '^!mozilla/DST_Root_CA_X3.crt' /etc/ca-certificates.conf"
+end
+
+ENV['SSL_CERT_FILE'] = '/etc/ssl/certs/ca-certificates.crt'
\ No newline at end of file
diff --git a/chef/dev/ub1404/Vagrantfile b/chef/dev/ub1404/Vagrantfile
index ed1859d..02be423 100644
--- a/chef/dev/ub1404/Vagrantfile
+++ b/chef/dev/ub1404/Vagrantfile
@@ -24,6 +24,7 @@ Vagrant.configure("2") do |config|
chef.add_recipe "apt::default"
chef.add_recipe "iptables::default"
+ chef.add_recipe "metasploitable:system_config"
chef.add_recipe "metasploitable::users"
chef.add_recipe "metasploitable::mysql"
chef.add_recipe "metasploitable::apache_continuum"
diff --git a/packer/templates/ubuntu_1404.json b/packer/templates/ubuntu_1404.json
index b6c995b..f99a091 100644
--- a/packer/templates/ubuntu_1404.json
+++ b/packer/templates/ubuntu_1404.json
@@ -158,6 +158,8 @@
],
"run_list": [
"apt::default",
+ "iptables::default",
+ "metasploitable::system_config",
"metasploitable::users",
"metasploitable::mysql",
"metasploitable::apache_continuum",
Issue Description
Please check the General Issues section in the wiki before you submit the issue. If you didn't find your issue mentioned, please give a thorough description of the issue you're seeing. Also, please be sure to include any troubleshooting steps that you've already attempted.
I've tried the vagrant automatic build for ubuntu 3 times and had the same failure while installing php5. The url it complains about seems fine when loading in my browser (https://mail.gnome.org/archives/xml/2012-August/txtbgxGXAvz4N.txt) so not sure what's wrong there.
In my third attempt, I also installed the winrm & winrm-fs plugins as per the General Issues but that didn't seem to help.
Thanks for any help!
Host System
Command Output
https://pastebin.com/YjwcbN67