After installing PentestBox for installing penetration testing tools on windows 10 It was working great but some of the tools was outdated like metasploit, so I tried updating all using PentestBox Update Manager, but after finishing the update msfconsole keeps giving me this error
Bundler could not find compatible versions for gem "sysrandom":
In Gemfile:
metasploit-framework x86-mingw32 was resolved to 5.0.0, which depends on sysrandom x86-mingw32
Could not find gem 'sysrandom', which is required by gem 'metasploit-framework', in any of the sources.
and i literally suck in ruby language on general so what should i do ?
The version of metasploit you linked to doesn't appear to have been updated in a few years. It doesn't list sysrandom as a dependency in the Gemfile.
There's a newer version which does have sysrandom as a dependency, here:
https://github.com/rapid7/metasploit-framework/blob/master/metasploit-framework.gemspec#L106
I'm not sure why pentestbox is using such an old version, but I'm assuming the "update" actually updates to the rapid7 version of metasploit (because it's looking for sysrandom which only exists there).
There are a few things you can try:
bundle install should install all the dependencies (without using the console tool built for pentestbox)
Deleting the Gemfile.lock and running bundle install. I don't usually recommend this but if there seems to be a version mismatch somewhere and sometimes this resolves dependencies errors. You should be able to re-check this file out again (assuming it's versioned locally)
If you can post the git commit hash of the metasploit version you've downloaded that might help provide additional suggestions for resolving.
Related
I use bundler to manage my dependencies' versions.
The question I am asking myself now, is: how to manage bundler's version itself. I mean, "bundler install/update/outdated" helps me understand what I am holding back, update them optimistically or pessimistically ... but I am not sure what's the best practice / procedure to decide about bundler itself.
In other words, is there a gem- or bundler-based workflow that ensures that I and my coworkers do use the latest (or the to-be-specified) version. Bundler gives us this workflow for all the other gems, but what about bundler itself ?
I hope this might be of some help to you here.
First, you need to install the appropriate version of bundler:
% gem install bundler -v '~> 1.12.5'
Successfully installed bundler-1.12.5
Then force RubyGems to use the version you want.
% bundle _1.12.5_ install
This pattern gem-binary _gem-version_ works for any gem binary.
You can check the available versions for Bundler from here.
I ran bundle update, and something broke in my app because of one specific gem. I want to revert back to whatever version of that gem I was using before, but I don't know what the version number was. Is there a way I can check what gem versions I was using previously?
The Gemfile.lock that is generated by bundler stores the gem version numbers along with all of its dependencies version numbers.
I want so use libsass for compiling my scss (considering positive testimonials about it's speed against ruby native compiler). The compiling ends with an error, and my searching have driven me here: (my bourbon was 4.x): https://github.com/sass/libsass/issues/365. the current version of libsass cannot compile bourbon 4.x. and the issue is closed. Okay, lets install bourbon 3.x.
gem install bourbon -v 3
and then
gem install neat
and the damn thing installs the latest neat (1.7.x) and bourbon 4.x as a dependency for it (along with already installed bourbon 3.x). I cannot make it install neat precisely for bourbon 3.x, and I couldn't ever find any info about which neat version is compatible with bourbon 3.x. Not on bourbon.io, not on github.com, not on stackoverflow.com, not anywhere... Maybe it's just a matter of SASS version, but why gem installs the latest bourbon then? If there is already one in the system? Or maybe there is any gem option exists which tells gem to lower the version of requested package, if dependent packages versions indicate so?
The compatibility issues that Bourbon had with Libsass got sorted out quite some time ago, and that thread is from last year.
Do you mind posting your compiling error?
If you try to install a gem without a version, it will grab the newest one, so you would want to install a version of Neat that required a 3.x version of Bourbon. I don't think that should be necessary though if we can solve your compiling problem. Those commands also install the gems to your local system, rather than in your project directory, so you will want to use a Gemfile (for Ruby projects) or something like package.json (for npm projects).
I am working on a gem and it's on github.
When I include the gem in an application, do a capistrano deploy, and (on the server) run:
bundle outdated
I see:
* authengine (0.0.1 d8baa49 > 0.0.1 de43dfa)
which tells me that a more recent commit is available. Why doesn't the bundle update (part of capistrano deploy) pull the more recent version? There is no version constraint in the Gemfile of the host application, and anyway they have the same version number, just different commits.
Even if I log into the server and run
bundle update authengine
I get the same "outdated" result afterwards.
What am I missing here?
One thing I've found that can cause this is if other gems in the bundle make requirements on gems by version that are incompatible. Bundler tries to reconcile these by selecting versions of gems such that their requirements can all be satisfied. The result is that it quietly refuses to update gems.
The way to check this is to set an explicit version requirement in your Gemfile. Something like
gem "authengine", "> 0.0.2" #(you'll need to bump the version to make this work)
#or
gem "authengine", :ref => "d8baa49"
Then run
bundle update authengine
You should see something like (this is taken from my particular case):
Bundler could not find compatible versions for gem "json": In
Gemfile:
chef (> 10.8) ruby depends on
json (<= 1.6.1, >= 1.4.4) ruby
logical-construct (>= 0) ruby depends on
json (1.7.5)
So, in my case it's a problem with explicitly requiring a newer version of json.
The author, André Arko, stated in 2014 that:
The Bundler resolver is definitely a work in progress, and we adjust
the tradeoffs between specific versions and resolving quickly based on
user feedback.
Bundler has consistently not provided the newest possible version of
every gem for the entirety of its existence, and it does result in a
lot of tickets being opened. In most cases, it turns out to be the
result of Bundler having to pick between the newest version of one gem
or a different gem, and Bundler picks the gem the user doesn’t care
about having the newest version of. That’s why it’s so important to
make your Gemfile version requirements accurately reflect your actual
requirements.
I recognize that your assumption that Bundler would give you the
newest possible version seemed valid at the time, but the docs only
say that you will get a version that meets your requirements, not the
latest. Is there anywhere we could expand the docs to make it clearer
that the newest versions of everything simply isn’t feasible?
What is the output returned when you run bundle update authengine? Does it actually say it updated the gem? Or does it ignore the gem?
You can try using the --source parameter to specifically tell Bundler to use the git repository. That, or your
bundle update authengine --source https://github.com/mustardseeddatabase/authengine.git
Also, when unexpected things like this happen, I like to clean up my gemlist in general. It could be that you still have older versions of the gem laying around, not using in bundler.
So you could do:
gem list
gem check
gem cleanup
Or do a complete reinstall
gem uninstall authengine
bundle install
I tried searching for this several times, but if this question has been answered already I didn't find it.
So, let's say I've developed a plain old gem (not a Rails app). I already know how to use Bundler for development, so I have a Gemfile and everything in my repository. However, I want this gem to use Bundler for dependency resolution when I install it, not just when I work on it.
Is there a way to do so, or would I have to resort to running its commands from a git checkout with bundle exec?
Bundler resolves dependencies not only for development. Just run bundle install on production server after deployment and it will install all needed gems there too.
If you need to install gems from several repositories, add row in you Gemfile:
source 'http://you_repository.com