Starting msfgui3 and going to help - about metasploit causes the gui to crash. Also going to help - online brings up this page http://metasploit3.com/msf/support which doesn't exist. I also tried setting the ESVN_REVISION to head and the problems still persisted. Reproducible: Always Steps to Reproduce: 1. emerge metasploit 2. run msfgui3 and go to help - about or help -online 3. Actual Results: crash Expected Results: shown the about page chadgentoo Desktop # emerge --info WARNING: repository at /usr/local/portage is missing a repo_name entry Portage 2.2_rc8 (default/linux/amd64/2008.0/desktop, gcc-4.3.1, glibc-2.8_p20080602-r0, 2.6.26-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.26-gentoo-r1-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_4400+-with-glibc2.2.5 Timestamp of tree: Fri, 19 Sep 2008 07:00:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [disabled] app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7, 2.1.6-r1 dev-lang/python: 2.4.4-r14, 2.5.2-r7 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 dev-util/confcache: 0.4.2-r1 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.2.5 sys-apps/sandbox: 1.2.18.1-r3 sys-devel/autoconf: 2.13, 2.62-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 2.2.4 virtual/os-headers: 2.6.26 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -msse3 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/NX/etc /usr/NX/home /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=k8 -msse3 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks parallel-fetch preserve-libs sandbox sfperms strict unmerge-orphans user-sandbox userfetch userpriv" GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://www.gtlib.gatech.edu/pub/gentoo ftp://mirror.iawnet.sandia.gov/pub/gentoo/ ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://cudlug.cudenver.edu/gentoo/ http://gentoo.mirrors.pair.com/ http://open-systems.ufl.edu/mirrors/gentoo http://mirror.datapipe.net/gentoo http://mirror.mcs.anl.gov/pub/gentoo/ http://gentoo.mirrors.easynews.com/linux/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/ http://gentoo.chem.wisc.edu/gentoo/ http://lug.mtu.edu/gentoo/" LANG="en_US.utf-8" LDFLAGS="-Wl,-O1" LINGUAS="en_US en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X Xaw3d a52 aac aalib acct acl acpi adns aften aio alsa amd64 amr amrnb amrwb apache2 apm archive asf athena bash-completion berkdb binary-drivers blas blender-game bluetooth branding bullet bzip2 cairo caps captury cblas ccache cdda cddb cdparanoia cdr cgi chroot cli color-console commercial connectionstatus cracklib crypt css cups curl cvs daap dbus divx djbfft dnd dri dts dvd dvdnav dvdr dvdread eds emboss emerald encode escreen esd evo exif extensions extrafilters fam fame fat ffmpeg fftw firefox firefox3 flac fortran gcrypt gd gdbm geoip gif git glitz glx gmedia gnome gnutls gpm graphviz gstreamer gtk hal hddtemp hdri hpn httpd iconv ieee1394 imagemagick ipod isdnlog java joystick jpeg kde kdeenablefinal kdehiddenvisibility kdenablefinal kerberos lame lcms ldap libcaca libnotify lm_sensors logitech-mouse lzo mad md5sum mdnsresponder-compat midi mikmod mjpeg mmap mmx mmxext moonlight mp2 mp3 mp4 mpeg mpeg2 mpi mplayer mplayer-bin mpm-worker mudflap multilib mysql ncurses netmeeting network network-cron nls nptl nptlonly nsplugin nvidia nxclient ocaml offensive ogg openal openexr opengl openmp pam passwdqc pcre pdf perl php pic player plugins png ppds pppd python qt3 qt3support qt4 quicktime rdesktop readline realmedia reflection reiserfs rtc rtsp sdl session sftplogging shout smi smp sms snmp spell spl sqlite3 sse sse2 ssh ssl startup-notification stream subversion svg sysfs tcpd theora threads tiff tk toolbar truetype unicode upnp usb visualization vlm vorbis winpopup wmp x264 xcb xcomposite xml xml2 xorg xprint xscreensaver xulrunner xv xvid xvmc yv12 zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev mouse keyboard joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_US en" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
this pops up near the end of the strace rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 open("/usr/lib/metasploit3/documentation/LICENSE", O_RDONLY) = -1 ENOENT (No such file or directory) rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 creating /usr/lib/metasploit3/documentation and then touching /usr/lib/metasploit3/documentation/LICENSE clears the problem right up. But I'm not sure how to fix as we definately dont want docs or licence files installed there I guess we could patch out the line that refers to this file in the source or something.
Crash is fixed in metasploit-3.1_p5699. CC'ing upstream so they could fix URL issue. H.D. Moore, could you fix http://metasploit3.com/msf/support URI UPSTREAM, to make online button workable again. Thank you in advance.
Are you kidding me? You deleted the license from our software, which violates our license to start with, and then expect us to fix it, when the change was made by your packager? Please restore the installation directory to exactly match the package we distribute (did you read the LICENSE file that you removed?). no, you can't just patch out the code, just like you can't delete the LICENSE.
(In reply to comment #3) Per the Gentoo devmanual that would not be acceptable. /usr/lib is not a place to be putting documentation or licence files. Why would you want these here in the first place as this would also violate the Linux FHS? /usr/share/${P} would be much more appropriate for docs. Licenses on Gentoo are located in portage /usr/portage/licenses/MSF-1.2 by default why would it need to be redundantly placed somewhere else where the FHS specifies as a location for libraries?
Packaging policies are secondary to the software license itself, please read the Metasploit Framework License, or better yet, just remove the package from Gentoo. The next version of the framework will be provided under a much looser license, but I still don't like the idea of the Gentoo packagers breaking our software because they don't like the directory layout.
(In reply to comment #3) > Are you kidding me? You deleted the license from our software, which violates > our license to start with, and then expect us to fix it, when the change was > made by your packager? No. Sorry, possibly I was not enough clear. I asked you to fix *only* URL which is called when you press Online. So in lib/msf/ui/gtk2/app.rb change http://metasploit3.com/msf/support to something existent in the internet... That's all I've asked you about. > Please restore the installation directory to exactly > match the package we distribute (did you read the LICENSE file that you > removed?). no, you can't just patch out the code, just like you can't delete > the LICENSE. Sure I've read license. And now I did that another time. I suppose you are speaking about clause 3a. Correct? IMNAL, so I definitely can be wrong here but two thoughts: 1. That clause claims not to modify "Software" which is "both object code and source code". So I think that having documentation separated from the code does not violates the license as we don't modify any source or object code. 2. We do not distribute metasploit package. We distribute ebuild which are scripts which helps user to install metasploit into his/her system. So actually we do no repackaging and distribution of modified software. Do you still think we violate MFS-1.2 license? (In reply to comment #5) > Packaging policies are secondary to the software license itself Of course. I agree with you here. But word "package" in Gentoo means different then in all other distributions. User which uses Gentoo is supposed to know what he is doing and ebuilds are easy to read... > better yet, just remove the package from Gentoo. If this is official request I'll start this process immediately. > The next version of the framework will be provided under a much looser > license, but I still don't like the idea of the Gentoo packagers breaking our > software because they don't like the directory layout. Again if you really want this, we can *keep* directory layout. But first, please, take into account, why we modified that layout. It's considered good practice in Gentoo to put documentation at /usr/share/doc/$PF location. Consistent location makes it much easier to find files of interest. Also we *do not* hide any license from users. All users have license in $(portageq portdir)/license/MFS-1.2 file. To avoid having two and more copies of the same (exactly same) file (which is not supposed to be edited) our policy suggests not to install License from the package. Of course my current solution to the problem is not best solution, but since users are free to chose different location for portage tree (and thus no fixed location for MFS-1.2 license file), I decided to install license in /usr/share/doc in this case. Last note, since users install and upgrade package using portage they'll receive documentation updates too even if files are installed in different location.
The help URL is now fixed, but the GUI will still crash since the LICENSE file is not where the framework expects it to be. If you ship a local patch in the ebuild which changes the location, this fits within the license, but it isn't something that will be fun to maintain. The issue with the framework directory layout is that there is no easy to configure an alternate layout. The data/ and documentation/ directories are actually used by the code and modules, so if this directory moves, lots of things will break. The long-term solution is have a system-wide configuration file which specifies things like the directory layout and default options. Right now, we don't have support for this, but I will do what I can to get this into 3.2. Regarding the license -- its not really a big deal, I was just making the point that changing code you don't agree with isn't the long-term solution to this and can run up against the license if done wrong. The next major release of the framework will be relicensed as BSD, so this really is a moot point in the near future.
Ok, I've backported changes in URI from trunk into 3.1 branch. Thanks. Also crash as I wrote in #2 was already fixed. But now I modified that fix a bit (which was plain sed) and now also we still install documentation into /usr/share/doc/${PF} I've created symlink at /usr/lib/metasploit3 to point at that location. I think all issues are FIXED. Thank you both, Chad and H D Moore.
