You are not logged in.
I am making a PKGBUILD for metasploit dev version and I'm having some trouble. Here's what I have came up with so far: https://gist.github.com/axper/a6bb4884fd3c575c82e1 .
This program depends on:
Ruby version 1.9 (latest is ruby 2.1.2)
60+ ruby 1.9 gems. Not always the latest versions of them
Current route I took is to make a PKGBUILD for every single one of these gems (by automating, of course). But it makes maintenance hard as versions of dependency gems change quickly.
Another route is to follow the official instructions and run "gem install bundle && bundle install" from the source directory during the installation script. This approach has problems as well:
These bundles aren't managed with pacman
It prints an ugly warning message about "bundle" getting run as root
Bundles don't get uninstalled when the package is uninstalled
What's the best solution of making a PKGBUILD for a program like this?
Last edited by axper (2014-09-06 17:41:24)
Offline
For diaspora I run bundle install --deployment at build time, which installs the gems to vendor/bundle and include that in the package. Then I make sure that all commands go through bundle exec, in the metasploit case you probably want to ship wrappers ensuring that. Make sure to depend on ruby1.9-bundler and use bundle-1.9 here if you go that route.
Offline
Yes, current stable metasploit package runs "bundle install" via the .install file as well. I don't like that solution very much because the installed gems are not handled by pacman and are left lying on the file system when the package is uninstalled. I am not sure what you mean by "ship wrappers" though.
Offline
No, not in the .install file, in the build() function with the --path or --deployment (which sets the --path) option. That installs the gems to a local side dir that gets added to the load path by require "bundler/setup" or bundle exec.
Offline
Out of curiosity, why this application required the ancient version of ruby? Why it does not work on the latest stable version?
Personally I would stay away for application that were not able to migrate to ruby 2.1, especially as migration is mostly trivial.
Read it before posting http://www.catb.org/esr/faqs/smart-questions.html
Ruby gems repository done right https://bbs.archlinux.org/viewtopic.php?id=182729
Fast initramfs generator with security in mind https://wiki.archlinux.org/index.php/Booster
Offline
@MrZYX
Nope, that's not a solution either. Installing something locally at build time makes the package impossible to ship (or add to repos). Besides, building the package more than once will cause conflicts.
@anatolik
Not really sure why devs don't make the switch, but metasploit is one irreplacable app.
Offline
I think you still don't understand what it does, try it out! If for example your build dir is /tmp/metasploit-package and metasploit is extracted at /tmp/metasploit-package/src/metasploit and you run bundle-1.9 install --deployment there, the gems will be installed to /tmp/metasploit-package/src/metasploit/vendor/bundle/ruby/1.9.1/gems. You can then safely copy vendor/ in the packaging step if you copy .bundle too, let's say to /tmp/metasploit-package/pkg/metasploit/pkg/opt/metasploit/ alongside the rest of the project. All you need to add now is a wrapper for the executables, let's say /tmp/metasploit-package/pkg/metasploit/usr/bin/msf with
#!/bin/sh
cd /opt/metasploit
exec /usr/bin/bundle1.9 exec bin/msfIf you don't want to change the working directory, setting the BUNDLE_GEMFILE environment variable in the wrapper should work as well.
If this is about gems with native extensions, this is not different from doing a make for a compiled application in the build function, the package is tailored to a target distribution and architecture after all.
I don't see how this would cause any conflicts. If rerunning build on the extracted source bundler will just pick up the already to the local site dir installed gems.
Last edited by MrZYX (2014-09-20 11:23:15)
Offline
@MrZYX
Ohhhhh... thanks, now I get it, I'll try soon.
Offline
@MrZYX
I finally did it!
https://aur.archlinux.org/packages/metasploit-git/
Would like some feedback.
Offline