0003626: metasploit-framework package does not depend strongly enough on a ruby version - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0003626	Kali Linux	Kali Package Bug	public	2016-09-24 15:36	2016-10-04 07:37

Reporter	busterbcook	Assigned To	sbrun
Priority	normal	Severity	major	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	2016.2
Fixed in Version	2017.1

Summary	0003626: metasploit-framework package does not depend strongly enough on a ruby version
Description	There is a trap that users get into that breaks people using 'msfupdate' to upgrade metasploit. If you just upgrade the 'metasploit-framework' package, that latest version of ruby is not installed. Instead, you end up with whatever version of ruby came with the system
Steps To Reproduce	Install the pre-build Kali 2016.1 VM (as of this filing, 2016.2 VMs are not available) Run 'msfupdate' Run 'msfconsole' What ends up happening is ruby 2.2.4 remains the system Ruby interpreter, but the 2.3.1 gems are packaged with the latest Metasploit-framework package. This causes msfconsole to not have the correct gem versions to match the system interpreter. I think the 'ruby' dependency needs to be specifically on the latest ruby package. I see libruby is more specific, but that does not seem sufficient.
Additional Information	Alternate fixes could include: Changing 'msfupdate' to inform the user he should run 'dist-upgrade' when running on Kali instead. Changing 'msfupdate' to literally run 'apt-get dist-upgrade', or 'apt-get install metasploit-framework ruby' so everything is updated Removing 'msfupdate' since it doesn't really do anything that can't be done with the system package tools.

rhertzog 2016-09-26 13:47 administrator ~0005995	I think dropping msfupdate is the right approach (or changing it into a no-op telling the user to run a system upgrade with "apt update && apt install metasploit-framework").

sbrun 2016-10-04 07:37 manager ~0006023	We kept msfupdate as it uses apt when /usr/share/metasploit-framework/.apt exists (it's the case when metasploit is installed via apt in Kali). We added a stronger dependency on ruby version in new metasploit version 4.12.29-0kali1

Date Modified	Username	Field	Change
2016-09-24 15:36	busterbcook	New Issue
2016-09-26 13:45	rhertzog	Assigned To	=> sbrun
2016-09-26 13:45	rhertzog	Status	new => assigned
2016-09-26 13:47	rhertzog	Note Added: 0005995
2016-10-04 07:37	sbrun	Note Added: 0006023
2016-10-04 07:37	sbrun	Status	assigned => resolved
2016-10-04 07:37	sbrun	Resolution	open => fixed
2016-10-04 07:37	sbrun	Fixed in Version	=> 2017.1