From 550dec5d7054ad1d19f7f0464b27ba130a20aa51 Mon Sep 17 00:00:00 2001 From: adfoster-r7 Date: Sat, 18 Nov 2023 02:57:27 +0000 Subject: [PATCH] Build Ruby 3.1 --- .github/workflows/verify.yml | 48 ++++++-- Gemfile | 2 +- Gemfile.lock | 110 +++++++++--------- Makefile | 10 +- README.md | 2 +- config/patches/ruby/ruby-fast-load_31.patch | 16 +++ config/software/metasploit-framework.rb | 9 +- config/software/openssl.rb | 46 ++++++-- config/software/pcaprub.rb | 17 ++- config/software/ruby-windows-devkit.rb | 4 + config/software/ruby-windows.rb | 6 +- config/software/ruby.rb | 61 ++++++---- config/software/winpcap-devpack.rb | 2 +- local/cache | 2 +- omnibus.rb | 2 +- .../metasploit-framework/msi/source.wxs.erb | 28 ++++- 16 files changed, 257 insertions(+), 108 deletions(-) create mode 100644 config/patches/ruby/ruby-fast-load_31.patch diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 8710a1f4..18f24dc2 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -28,8 +28,7 @@ jobs: # The job checkout structure is: # . # ├── metasploit-omnibus - # └── metasploit-framework (Only if ARM/Windows builds) - # For windows we additionally move metasploit-framework into the omnibus local cache + # └── metasploit-framework (Only if ARM or Windows builds) # docker_arm: runs-on: ${{ matrix.os }} @@ -264,12 +263,27 @@ jobs: fail-fast: false matrix: os: - - windows-2019 + - windows-2022 ruby: - 3.0.6 name: ${{ matrix.os }} steps: + # https://github.com/actions/runner-images/issues/5143 + # https://github.com/actions/runner-images/issues/9701 + - name: Install visual studio components + run: | + Set-Location "C:\Program Files (x86)\Microsoft Visual Studio\Installer\" + $InstallPath = "C:\Program Files\Microsoft Visual Studio\2022\Enterprise" + $componentsToRemove= @( + "Microsoft.VisualStudio.Component.VC.Redist.MSM" + ) + [string]$workloadArgs = $componentsToRemove | ForEach-Object {" --add " + $_} + $Arguments = ('/c', "vs_installer.exe", 'modify', '--installPath', "`"$InstallPath`"",$workloadArgs, '--quiet', '--norestart', '--nocache') + # should be run twice + $process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden + $process = Start-Process -FilePath cmd.exe -ArgumentList $Arguments -Wait -PassThru -WindowStyle Hidden + - name: Checkout omnibus uses: actions/checkout@v4 with: @@ -289,6 +303,20 @@ jobs: # https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows bundler: 2.2.33 + # We need to create the pcaprub gem ourselves until 0.13.2 is released (https://github.com/pcaprub/pcaprub/issues/67) + - name: Checkout pcaprub + uses: actions/checkout@v4 + with: + repository: pcaprub/pcaprub + path: pcaprub + ref: '5440ca93dafd15e7d3bb009fc1bb9a15e80d03f9' + + - name: Create pcaprub gem + run: | + cd pcaprub + bundle + rake gem + # Checkout framework - name: Checkout metasploit-framework code uses: actions/checkout@v4 @@ -300,12 +328,16 @@ jobs: run: | cd metasploit-omnibus xz -d local/cache/*.xz + ls local/cache - name: Run omnibus + shell: cmd + env: + MSYSTEM: MINGW64 run: | - # mkdir -p metasploit-omnibus/local/cache/git_cache/c - # mv metasploit-framework/ metasploit-omnibus/local/cache/git_cache/c - # dir metasploit-omnibus/local/cache/git_cache/c - # dir metasploit-omnibus/local/cache/git_cache/c/metasploit-framework cd metasploit-omnibus - make + make dependencies + + rem Don't run the main build itslef under `make`, as the process will be spawned under msys2 + rem and the ridk.cmd Ruby installer will forcibly kill the msys2 process before attempting to install ruby + ruby bin/omnibus build metasploit-framework diff --git a/Gemfile b/Gemfile index 7c2d116e..31aeedb7 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' # Install omnibus # gem 'omnibus', '~> 4.0' -gem 'omnibus', git: 'https://github.com/rapid7/omnibus', branch: 'r7_8.2.4_custom' +gem 'omnibus', git: 'https://github.com/rapid7/omnibus', branch: 'r7_9.0.23_custom' # Use Chef's software definitions. It is recommended that you write your own # software definitions, but you can clone/fork Chef's to get you started. diff --git a/Gemfile.lock b/Gemfile.lock index 4cc97596..3f031e17 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,10 @@ GIT remote: https://github.com/rapid7/omnibus - revision: 5b238e62088797782f6b7ca1ddda3a0e7128c224 - branch: r7_8.2.4_custom + revision: c6dc312d985e85fb35b8e9f8e49b607abd91665c + branch: r7_9.0.23_custom specs: - omnibus (8.2.4) - aws-sdk-s3 (~> 1) + omnibus (9.0.23) + aws-sdk-s3 (~> 1.116.0) chef-cleanroom (~> 1.0) chef-utils (>= 15.4) contracts (>= 0.16.0, < 0.17.0) @@ -12,113 +12,117 @@ GIT license_scout (~> 1.0) mixlib-shellout (>= 2.0, < 4.0) mixlib-versioning - ohai (>= 15, < 17) + ohai (>= 16, < 19) pedump + rexml (~> 3.2) ruby-progressbar (~> 1.7) thor (>= 0.18, < 2.0) GEM remote: https://rubygems.org/ specs: - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.6) + public_suffix (>= 2.0.2, < 6.0) awesome_print (1.9.2) - aws-eventstream (1.2.0) - aws-partitions (1.522.0) - aws-sdk-core (3.121.5) - aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.520.1) - aws-sigv4 (~> 1.1) - jmespath (~> 1.0) - aws-sdk-kms (1.50.0) - aws-sdk-core (~> 3, >= 3.121.2) + aws-eventstream (1.3.0) + aws-partitions (1.916.0) + aws-sdk-core (3.192.1) + aws-eventstream (~> 1, >= 1.3.0) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.8) + jmespath (~> 1, >= 1.6.1) + aws-sdk-kms (1.79.0) + aws-sdk-core (~> 3, >= 3.191.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.104.0) - aws-sdk-core (~> 3, >= 3.121.2) + aws-sdk-s3 (1.116.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) - aws-sigv4 (1.4.0) + aws-sigv4 (1.8.0) aws-eventstream (~> 1, >= 1.0.2) byebug (11.1.3) chef-cleanroom (1.0.5) - chef-config (16.16.13) + chef-config (18.4.12) addressable - chef-utils (= 16.16.13) + chef-utils (= 18.4.12) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) tomlrb (~> 1.2) - chef-utils (16.16.13) + chef-utils (18.4.12) + concurrent-ruby citrus (3.0.2) coderay (1.1.3) + concurrent-ruby (1.2.3) contracts (0.16.1) - ffi (1.15.4) - ffi-yajl (2.4.0) + ffi (1.16.3) + ffi-yajl (2.6.0) libyajl2 (>= 1.2) fuzzyurl (0.9.0) - iostruct (0.0.4) + iostruct (0.0.5) ipaddress (0.8.3) jmespath (1.6.2) - json (2.6.1) + json (2.7.2) libyajl2 (2.1.0) - license_scout (1.2.13) + license_scout (1.3.7) ffi-yajl (~> 2.2) mixlib-shellout (>= 2.2, < 4.0) toml-rb (>= 1, < 3) method_source (1.0.0) mixlib-cli (2.1.8) - mixlib-config (3.0.9) + mixlib-config (3.0.27) tomlrb mixlib-log (3.0.9) - mixlib-shellout (3.2.5) + mixlib-shellout (3.2.7) chef-utils mixlib-versioning (1.2.12) - multipart-post (2.1.1) - net-scp (3.0.0) - net-ssh (>= 2.6.5, < 7.0.0) - net-ssh (6.1.0) - ohai (16.13.0) - chef-config (>= 12.8, < 17) - chef-utils (>= 16.0, < 17) + multipart-post (2.4.0) + net-scp (4.0.0) + net-ssh (>= 2.6.5, < 8.0.0) + net-ssh (7.2.3) + ohai (18.1.3) + chef-config (>= 14.12, < 19) + chef-utils (>= 16.0, < 19) ffi (~> 1.9) ffi-yajl (~> 2.2) ipaddress mixlib-cli (>= 1.7.0) mixlib-config (>= 2.0, < 4.0) mixlib-log (>= 2.0.1, < 4.0) - mixlib-shellout (>= 2.0, < 4.0) + mixlib-shellout (~> 3.2, >= 3.2.5) plist (~> 3.1) train-core wmi-lite (~> 1.0) - pedump (0.6.2) + pedump (0.6.7) awesome_print iostruct (>= 0.0.4) multipart-post (>= 2.0.0) rainbow zhexdump (>= 0.0.2) - plist (3.6.0) - pry (0.13.1) + plist (3.7.1) + pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) - pry-byebug (3.9.0) + pry-byebug (3.10.1) byebug (~> 11.0) - pry (~> 0.13.0) - public_suffix (4.0.6) - rainbow (3.0.0) - ruby-progressbar (1.11.0) - thor (1.1.0) - toml-rb (2.1.0) + pry (>= 0.13, < 0.15) + public_suffix (5.0.5) + rainbow (3.1.1) + rexml (3.2.6) + ruby-progressbar (1.13.0) + thor (1.3.1) + toml-rb (2.2.0) citrus (~> 3.0, > 3.0) tomlrb (1.3.0) - train-core (3.8.1) + train-core (3.12.3) addressable (~> 2.5) ffi (!= 1.13.0) json (>= 1.8, < 3.0) mixlib-shellout (>= 2.0, < 4.0) - net-scp (>= 1.2, < 4.0) - net-ssh (>= 2.9, < 7.0) - wmi-lite (1.0.5) - zhexdump (0.0.2) + net-scp (>= 1.2, < 5.0) + net-ssh (>= 2.9, < 8.0) + wmi-lite (1.0.7) + zhexdump (0.1.0) PLATFORMS ruby @@ -128,4 +132,4 @@ DEPENDENCIES pry-byebug BUNDLED WITH - 2.1.4 + 2.2.33 diff --git a/Makefile b/Makefile index c4ec730c..d1682201 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,14 @@ .DEFAULT_GOAL := all .PHONY: all -all: certs/ca-certificates.crt +all: certs/ca-certificates.crt dependencies # export SSL_CERT_FILE=${PWD}/certs/ca-certificates.crt + # build the metasploit-framework package + ruby bin/omnibus build metasploit-framework + +.PHONY: dependencies +dependencies: # Ensure consistent bundler versions gem install bundler -v 2.2.3 @@ -13,9 +18,6 @@ all: certs/ca-certificates.crt gem install win32-process -v 0.9.0 - # build the metasploit-framework package - ruby bin/omnibus build metasploit-framework - certs/ca-certificates.crt: mkdir -p certs curl -L -o certs/ca-certificates.crt https://curl.haxx.se/ca/cacert.pem diff --git a/README.md b/README.md index 183c9c20..07c38373 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ docker build --tag metasploit-omnibus-builder - < ./docker/ubuntu1204-x86/Docker Or on OSX you can use the following script to build all images following the latest Docker image naming convention: ```shell -export BUILD_DATE=$(date "+%Y_%m"); ls ./docker | xargs -I IMAGE_NAME /bin/bash -x -c "docker build --tag rapid7/IMAGE_NAME-omnibus:$BUILD_DATE -f ./docker/IMAGE_NAME/Dockerfile ./docker/IMAGE_NAME" +export BUILD_DATE=$(date "+%Y_%m_%d"); ls ./docker | xargs -I IMAGE_NAME /bin/bash -x -c "docker build --tag rapid7/IMAGE_NAME-omnibus:$BUILD_DATE -f ./docker/IMAGE_NAME/Dockerfile ./docker/IMAGE_NAME" ``` You can then run a new container using the above tagged image, whilst mounting the current directory as a volume: diff --git a/config/patches/ruby/ruby-fast-load_31.patch b/config/patches/ruby/ruby-fast-load_31.patch new file mode 100644 index 00000000..9743a3b8 --- /dev/null +++ b/config/patches/ruby/ruby-fast-load_31.patch @@ -0,0 +1,16 @@ +diff --git a/load.c b/load.c +index a2b9da4..05ea96e 100644 +--- a/load.c ++++ b/load.c +@@ -981,6 +981,11 @@ search_required(rb_vm_t *vm, VALUE fname, volatile VALUE *path, feature_func rb_ + if (loading) *path = rb_filesystem_str_new_cstr(loading); + return 'r'; + } ++ else if ((ft = rb_feature_p(vm, ftptr, 0, FALSE, FALSE, &loading)) == 's') { ++ if (loading) *path = rb_filesystem_str_new_cstr(loading); ++ return 's'; ++ } ++ + tmp = fname; + type = rb_find_file_ext(&tmp, ft == 's' ? ruby_ext : loadable_ext); + switch (type) { \ No newline at end of file diff --git a/config/software/metasploit-framework.rb b/config/software/metasploit-framework.rb index 880d2d77..438c2f55 100644 --- a/config/software/metasploit-framework.rb +++ b/config/software/metasploit-framework.rb @@ -2,6 +2,9 @@ if linux? && File.exist?("/metasploit-framework") # supply current version of metasploit-framework at root of filesystem source path: "/metasploit-framework" +elsif windows? && File.exist?('../metasploit-framework') + # supply current version of metasploit-framework relative to the current directory + source path: "../metasploit-framework" else source git: "https://github.com/rapid7/metasploit-framework.git" default_version "master" @@ -19,7 +22,7 @@ dependency "postgresql" end -ruby_abi_version = "3.0.0" +ruby_abi_version = "3.1.0" # This depends on extra system libraries on OS X whitelist_file "#{install_dir}//embedded/framework/data/isight.bundle" @@ -77,7 +80,9 @@ end bundle "config set force_ruby_platform true", env: env - bundle "install", env: env + bundle_env = with_standard_compiler_flags(with_embedded_path) + bundle_env['MAKE'] = 'make -j4' + bundle "install --jobs=4", env: bundle_env if windows? delete "#{install_dir}/embedded/msys64" diff --git a/config/software/openssl.rb b/config/software/openssl.rb index b55c5b4f..4402b5a2 100644 --- a/config/software/openssl.rb +++ b/config/software/openssl.rb @@ -23,29 +23,50 @@ dependency "cacerts" dependency "openssl-fips" if fips_mode? -default_version "1.1.1m" +default_version "1.1.1t" # # do not remove - Rapid7 custom - do not remove # Openssl builds engines as libraries into a special directory. We need to include # that directory in lib_dirs so omnibus can sign them during macOS deep signing. lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines"]) lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines-1.1"]) if version.start_with?("1.1") +if version.start_with?("3.") + lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/engines-3"]) + lib_dirs lib_dirs.concat(["#{install_dir}/embedded/lib/ossl-modules"]) +end # 1.0.2u was the last public release of 1.0.2. Subsequent releases come from a support contract with OpenSSL Software Services if version.satisfies?("< 1.1.0") source url: "https://s3.amazonaws.com/chef-releng/openssl/openssl-#{version}.tar.gz", extract: :lax_tar + internal_source url: "#{ENV["ARTIFACTORY_REPO_URL"]}/#{name}/#{name}-#{version}.tar.gz", extract: :lax_tar, + authorization: "X-JFrog-Art-Api:#{ENV["ARTIFACTORY_TOKEN"]}" else # As of 2020-09-09 even openssl-1.0.0.tar.gz can be downloaded from /source/openssl-VERSION.tar.gz # However, the latest releases are not in /source/old/VERSION/openssl-VERSION.tar.gz. # Let's stick with the simpler one for now. source url: "https://www.openssl.org/source/openssl-#{version}.tar.gz", extract: :lax_tar + internal_source url: "#{ENV["ARTIFACTORY_REPO_URL"]}/#{name}/#{name}-#{version}.tar.gz", extract: :lax_tar, + authorization: "X-JFrog-Art-Api:#{ENV["ARTIFACTORY_TOKEN"]}" end -version("1.1.1m") { source sha256: "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96" } -version("1.1.1l") { source sha256: "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" } -version("1.1.1f") { source sha256: "186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35" } +version("3.0.5") { source sha256: "aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7a" } +version("3.0.4") { source sha256: "2831843e9a668a0ab478e7020ad63d2d65e51f72977472dc73efcefbafc0c00f" } +version("3.0.3") { source sha256: "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" } +version("3.0.1") { source sha256: "c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1" } # only ruby 3.1 supports openssl-3.0.1 + +version("1.1.1t") { source sha256: "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b" } +version("1.1.1q") { source sha256: "d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca" } +version("1.1.1p") { source sha256: "bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f" } +version("1.1.1o") { source sha256: "9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f" } +version("1.1.1m") { source sha256: "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96" } +version("1.1.1l") { source sha256: "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" } +version("1.1.1w") { source sha256: "cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8" } +version("1.0.2zg") { source sha256: "09f8372eaede77ec8e6945e2d2d8eeb1b91662980cf23fe95f627b377162296c" } version("1.0.2zb") { source sha256: "b7d8f8c895279caa651e7f3de9a7b87b8dd01a452ca3d9327f45a9ef31d0c518" } version("1.0.2za") { source sha256: "86ec5d2ecb53839e9ec999db7f8715d0eb7e534d8a1d8688ef25280fbeee2ff8" } +version("1.0.2ze") { source sha256: "796624c593c361c695bd16314bc6f944184f5d2ff87efcf0bfa0545aa84c4d88" } +version("1.0.2zf") { source sha256: "85d2242b7d11a33d5f239f1f34a1ff7eb37431a554b7df99c52c646b70b14b2e" } +version("1.0.2zi") { source sha256: "80b6c07995fc92456e31c61cf1b2a18f75e314063189bb183af6ae66d0261d84" } relative_path "openssl-#{version}" @@ -55,9 +76,6 @@ env["M4"] = "/opt/freeware/bin/m4" elsif mac_os_x? && arm? env["CFLAGS"] << " -Qunused-arguments" - elsif freebsd? - # Should this just be in standard_compiler_flags? - env["LDFLAGS"] += " -Wl,-rpath,#{install_dir}/embedded/lib" elsif windows? # XXX: OpenSSL explicitly sets -march=i486 and expects that to be honored. # It has OPENSSL_IA32_SSE2 controlling whether it emits optimized SSE2 code @@ -77,15 +95,21 @@ "no-mdc2", "no-rc5", "no-ssl2", - "enable-ssl3", + "no-ssl3", "no-zlib", "shared", ] + configure_args += ["--libdir=#{install_dir}/embedded/lib"] if version.satisfies?(">=3.0.1") + # https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ configure_args += [ "-DOPENSSL_TRUSTED_FIRST_DEFAULT" ] if version.satisfies?(">= 1.0.2zb") && version.satisfies?("< 1.1.0") - configure_args += ["--with-fipsdir=#{install_dir}/embedded", "fips"] if fips_mode? + if version.satisfies?("< 3.0.0") + configure_args += ["--with-fipsdir=#{install_dir}/embedded", "fips"] if fips_mode? + else + configure_args += ["-enable-fips"] if fips_mode? + end configure_cmd = if aix? @@ -135,6 +159,8 @@ patch source: "openssl-1.0.1f-do-not-build-docs.patch", env: patch_env elsif version.start_with? "1.1" patch source: "openssl-1.1.0f-do-not-install-docs.patch", env: patch_env + elsif version.start_with? "3.0" + patch source: "openssl-3.0.1-do-not-install-docs.patch", env: patch_env end if version.start_with?("1.0.2") && mac_os_x? && arm? @@ -148,7 +174,7 @@ # Out of abundance of caution, we put the feature flags first and then # the crazy platform specific compiler flags at the end. - configure_args << env["CFLAGS"] << env["LDFLAGS"] + configure_args << env["CFLAGS"] configure_command = configure_args.unshift(configure_cmd).join(" ") diff --git a/config/software/pcaprub.rb b/config/software/pcaprub.rb index f5b9dc56..952decd0 100644 --- a/config/software/pcaprub.rb +++ b/config/software/pcaprub.rb @@ -15,7 +15,7 @@ # name "pcaprub" -default_version "0.12.4" +default_version "0.13.1" if windows? dependency "ruby-windows" @@ -32,6 +32,17 @@ build do env = with_standard_compiler_flags(with_embedded_path) env['SSL_CERT_FILE'] = "#{install_dir}/embedded/ssl/cert.pem" - gem "install pcaprub" \ - " --version '#{version}' --no-document", env: env + + # We need to create the pcaprub gem ourselves until 0.13.2 is released (https://github.com/pcaprub/pcaprub/issues/67) + # Use version of pcaprub relative to the current directory + local_pcaprub_checkout = File.expand_path(File.join(Dir.pwd, "..", "pcaprub")) + command "echo checking for path: #{local_pcaprub_checkout}", env: env + if File.exist?(local_pcaprub_checkout) + gem "install --local #{local_pcaprub_checkout}/pkg/pcaprub-#{version}.gem", env: env + command "echo after new pcaprub code", env: env + else + command "echo before old pcaprub code", env: env + gem "install pcaprub" \ + " --version '#{version}' --no-document", env: env + end end diff --git a/config/software/ruby-windows-devkit.rb b/config/software/ruby-windows-devkit.rb index bc9134bf..046f69c5 100644 --- a/config/software/ruby-windows-devkit.rb +++ b/config/software/ruby-windows-devkit.rb @@ -27,5 +27,9 @@ embedded_dir = "#{install_dir}/embedded" + # Ruby Installer for windows: + # 1 - MSYS2 base installation + # 2 - MSYS2 system update (optional) + # 3 - MSYS2 and MINGW development toolchain command "#{embedded_dir}/bin/ridk.cmd install 2 3", env: env, cwd: embedded_dir end diff --git a/config/software/ruby-windows.rb b/config/software/ruby-windows.rb index b5e01d39..d5b60b21 100644 --- a/config/software/ruby-windows.rb +++ b/config/software/ruby-windows.rb @@ -15,7 +15,7 @@ # name "ruby-windows" -default_version "3.0.2-1" +default_version "3.1.4-1" if windows_arch_i386? relative_path "rubyinstaller-#{version}-x86" @@ -54,6 +54,10 @@ source sha256: "92894c0488ec7eab02b2ffc61a8945c4bf98d69561e170927ec30d60bee57898" end + version "3.1.4-1" do + source sha256: "6701088607ea4b587a31af76d75cb3fe9f7bcd75fc175cffcca22369ebb6331d" + end + source url: "https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-#{version}/rubyinstaller-#{version}-x64.7z" end diff --git a/config/software/ruby.rb b/config/software/ruby.rb index ab5a1d8d..ca66aeac 100644 --- a/config/software/ruby.rb +++ b/config/software/ruby.rb @@ -26,29 +26,50 @@ # the default versions should always be the latest release of ruby # if you consume this definition it is your responsibility to pin # to the desired version of ruby. don't count on this not changing. -default_version "3.0.2" +default_version "3.1.4" dependency "zlib" dependency "openssl" dependency "libffi" dependency "libyaml" +# we build omnibus packages on freebsd 11 and use the packages on freebsd 11, 12 and 13. +# the ruby executable has been linking to freebsds system's ncurses library files. +# freebsd 13 system's ncurses library files have a different name than freebsd 11 and 12 +# which causes the ruby executable to fail. +# adding ncurses as a dependency for freebsd prevents the ruby executable from linking to the +# system's ncurses library files thereby allowing the package built on freebsd 11 to work on freebsd 13. +dependency "ncurses" if freebsd? + # version_list: url=https://cache.ruby-lang.org/pub/ruby/ filter=*.tar.gz +version("3.2.2") { source sha256: "96c57558871a6748de5bc9f274e93f4b5aad06cd8f37befa0e8d94e7b8a423bc" } +version("3.2.0") { source sha256: "daaa78e1360b2783f98deeceb677ad900f3a36c0ffa6e2b6b19090be77abc272" } +version("3.1.4") { source sha256: "a3d55879a0dfab1d7141fdf10d22a07dbf8e5cdc4415da1bde06127d5cc3c7b6" } +version("3.1.3") { source sha256: "5ea498a35f4cd15875200a52dde42b6eb179e1264e17d78732c3a57cd1c6ab9e" } +version("3.1.2") { source sha256: "61843112389f02b735428b53bb64cf988ad9fb81858b8248e22e57336f24a83e" } +version("3.1.1") { source sha256: "fe6e4782de97443978ddba8ba4be38d222aa24dc3e3f02a6a8e7701c0eeb619d" } + +version("3.0.6") { source sha256: "6e6cbd490030d7910c0ff20edefab4294dfcd1046f0f8f47f78b597987ac683e" } +version("3.0.5") { source sha256: "9afc6380a027a4fe1ae1a3e2eccb6b497b9c5ac0631c12ca56f9b7beb4848776" } +version("3.0.4") { source sha256: "70b47c207af04bce9acea262308fb42893d3e244f39a4abc586920a1c723722b" } +version("3.0.3") { source sha256: "3586861cb2df56970287f0fd83f274bd92058872d830d15570b36def7f1a92ac" } version("3.0.2") { source sha256: "5085dee0ad9f06996a8acec7ebea4a8735e6fac22f22e2d98c3f2bc3bef7e6f1" } version("3.0.1") { source sha256: "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727" } -version("3.0.0") { source sha256: "a13ed141a1c18eb967aac1e33f4d6ad5f21be1ac543c344e0d6feeee54af8e28" } +version("2.7.7") { source sha256: "e10127db691d7ff36402cfe88f418c8d025a3f1eea92044b162dd72f0b8c7b90" } +version("2.7.6") { source sha256: "e7203b0cc09442ed2c08936d483f8ac140ec1c72e37bb5c401646b7866cb5d10" } +version("2.7.5") { source sha256: "2755b900a21235b443bb16dadd9032f784d4a88f143d852bc5d154f22b8781f1" } version("2.7.4") { source sha256: "3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b" } version("2.7.3") { source sha256: "8925a95e31d8f2c81749025a52a544ea1d05dad18794e6828709268b92e55338" } -version("2.7.2") { source sha256: "6e5706d0d4ee4e1e2f883db9d768586b4d06567debea353c796ec45e8321c3d4" } -version("2.7.1") { source sha256: "d418483bdd0000576c1370571121a6eb24582116db0b7bb2005e90e250eae418" } +version("2.6.10") { source sha256: "0dc609f263d49c4176d5725deefc337273676395985b5e017789373e8cadf16e" } +version("2.6.9") { source sha256: "eb7bae7aac64bf9eb2153710a4cafae450ccbb62ae6f63d573e1786178b0efbb" } version("2.6.8") { source sha256: "1807b78577bc08596a390e8a41aede37b8512190e05c133b17d0501791a8ca6d" } version("2.6.7") { source sha256: "e4227e8b7f65485ecb73397a83e0d09dcd39f25efd411c782b69424e55c7a99e" } -version("2.6.6") { source sha256: "364b143def360bac1b74eb56ed60b1a0dca6439b00157ae11ff77d5cd2e92291" } -version("2.6.5") { source sha256: "66976b716ecc1fd34f9b7c3c2b07bbd37631815377a2e3e85a5b194cfdcbed7d" } source url: "https://cache.ruby-lang.org/pub/ruby/#{version.match(/^(\d+\.\d+)/)[0]}/ruby-#{version}.tar.gz" +internal_source url: "#{ENV["ARTIFACTORY_REPO_URL"]}/#{name}/#{name}-#{version}.tar.gz", + authorization: "X-JFrog-Art-Api:#{ENV["ARTIFACTORY_TOKEN"]}" # In order to pass notarization we need to sign any binaries and libraries included in the package. # This makes sure we include and bins and libs that are brought in by gems. @@ -63,6 +84,7 @@ env = with_standard_compiler_flags(with_embedded_path) +# do not remove - Rapid7 custom - do not remove: jemalloc_required = linux? || mac_os_x? if jemalloc_required dependency "jemalloc" @@ -121,10 +143,12 @@ patch_env = env.dup patch_env["PATH"] = "/opt/freeware/bin:#{env["PATH"]}" if aix? - if version.satisfies?("~> 3.0") + if version.satisfies?("~> 3.0.0") case version - when "3.0.0", "3.0.1" + when "3.0.1" patch source: "ruby-3.0.1-configure.patch", plevel: 1, env: patch_env + when "3.0.5", "3.0.6" + patch source: "ruby-3.0.5-configure.patch", plevel: 1, env: patch_env else patch source: "ruby-3.0.2-configure.patch", plevel: 1, env: patch_env end @@ -153,7 +177,11 @@ # over the top of it. AFAIK no sane ruby code should need to do that, and the # cost of this behavior in core ruby is enormous. # - patch source: "ruby-fast-load_26.patch", plevel: 1, env: patch_env + if version.satisfies?("< 3.1") + patch source: "ruby-fast-load_26.patch", plevel: 1, env: patch_env + else + patch source: "ruby-fast-load_31.patch", plevel: 1, env: patch_env + end # this removes a checks for windows nano in the win32-ole files. # windows nano is a dead platform and not supported by chef so we can avoid @@ -178,13 +206,6 @@ patch source: "ruby-faster-load_27.patch", plevel: 1, env: patch_env end - # rubygems 3.1.x perf improvements - # this is part of ruby 2.7.3 so skip it - # - if version.satisfies?("~> 2.7") && version.satisfies?("< 2.7.3") - patch source: "ruby-2.7.1-rubygemsperf.patch", plevel: 1, env: patch_env - end - # disable libpath in mkmf across all platforms, it trolls omnibus and # breaks the postgresql cookbook. i'm not sure why ruby authors decided # this was a good idea, but it breaks our use case hard. AIX cannot even @@ -198,6 +219,7 @@ configure_command = ["--with-out-ext=dbm,readline", "--enable-shared", + # do not remove - Rapid7 custom - do not remove: "--enable-load-relative", "--disable-install-doc", "--without-gmp", @@ -206,19 +228,16 @@ "--disable-dtrace", "--disable-jit-support"] configure_command << "--with-bundled-md5" if fips_mode? + # do not remove - Rapid7 custom - do not remove: configure_command << "--with-jemalloc" if jemalloc_required # resolve C99 code accidentally introduced in Ruby 2.6.7 and it's still in 2.6.8 :( - patch source: "ruby-2.6.7_c99.patch", plevel: 1, env: patch_env if version.satisfies?("~> 2.6.7") + patch source: "ruby-2.6.7_c99.patch", plevel: 1, env: patch_env if version.satisfies?("~> 2.6.7", "< 2.6.10") if aix? # need to patch ruby's configure file so it knows how to find shared libraries patch source: "ruby-aix-configure_26_and_later.patch", plevel: 1, env: patch_env - if version.satisfies?("~> 2.6.4") - patch source: "ruby-2.6.4-bug14834.patch", plevel: 1, env: patch_env - end - # have ruby use zlib on AIX correctly patch source: "ruby_aix_openssl.patch", plevel: 1, env: patch_env # AIX has issues with ssl retries, need to patch to have it retry diff --git a/config/software/winpcap-devpack.rb b/config/software/winpcap-devpack.rb index 9e12554c..a47c4b06 100644 --- a/config/software/winpcap-devpack.rb +++ b/config/software/winpcap-devpack.rb @@ -29,7 +29,7 @@ source url: "https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip" build do - ruby_api_version = "3.0.0" + ruby_api_version = "3.1.0" mkdir "#{install_dir}/embedded/lib" if windows_arch_i386? diff --git a/local/cache b/local/cache index fa1082fb..984fcfb6 160000 --- a/local/cache +++ b/local/cache @@ -1 +1 @@ -Subproject commit fa1082fbe2ab785154dba7751cfd6b051f4a9dcf +Subproject commit 984fcfb697151a942583ba831102c584d13773ad diff --git a/omnibus.rb b/omnibus.rb index 63849e6f..fd81006f 100644 --- a/omnibus.rb +++ b/omnibus.rb @@ -27,7 +27,7 @@ # Disable git caching # ------------------------------ -# use_git_caching false +use_git_caching false # Enable S3 asset caching # ------------------------------ diff --git a/resources/metasploit-framework/msi/source.wxs.erb b/resources/metasploit-framework/msi/source.wxs.erb index def052f8..3e76ccf2 100644 --- a/resources/metasploit-framework/msi/source.wxs.erb +++ b/resources/metasploit-framework/msi/source.wxs.erb @@ -76,7 +76,33 @@ - + + + <% + # https://learn.microsoft.com/en-us/cpp/windows/redistributing-visual-cpp-files?view=msvc-170 + # In Visual Studio 2022 and 2019, merge module files are part of an optional installable component named C++ + # Redistributable MSMs in the Visual Studio Installer. The merge modules are installed by default as part of a C++ install + # in Visual Studio 2017 and Visual Studio 2015. When installed in Visual Studio 2022, you'll find the redistributable + # merge modules in %VCINSTALLDIR%Redist\MSVC\v143\MergeModules. In the latest version of Visual Studio 2019, the redistributable + # merge modules are in %VCINSTALLDIR%Redist\MSVC\v142\MergeModules. In both Visual Studio 2019 and Visual Studio 2017, they're + # also found in %VCToolsRedistDir%MergeModules. In Visual Studio 2015, they're found in Program Files [(x86)]\Common Files\Merge Modules. + possible_crt_paths = [ + # Visual studio 2022 enterprise - when installed with vs_installer.exe + 'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Redist\MSVC\v143\MergeModules\Microsoft_VC143_CRT_x64.msm', + # Visual studio 2013 default install + 'C:\Program Files (x86)\Common Files\Merge Modules\microsoft_vc120_crt_x64.msm' + ] + crt_path = possible_crt_paths.find { |path| File.exist?(path) } + raise "Could not find valid CRT path - tried #{possible_crt_paths.join(", ")}." if crt_path.nil? + %> +