Metasploit mailing list archives
packaging issue: how to update?
From: hdm at metasploit.com (H D Moore)
Date: Fri, 1 Feb 2008 17:52:35 -0600
Hi Peter, comments inline. On Wednesday 30 January 2008, Peter Volkov wrote:
Thus providing package with installs Framework with .svn files is not a viable solution for package manager in Gentoo (and I suppose in other distributions too). But what alternatives do we have? Is it possible to release Framework more frequently whenever required updates were added?
It should be possible to duplicate the same method used by the Windows installer: The package installs any required dependencies, a launch wrapper, and a tarball of the stable release, which itself includes the .svn directories. The first time the user runs the framework (through any of the launch wrappers), a local copy of the framework is extracted from the tarball, in their home directory, and the launcher redirects execution to the extracted interface (console, gui, etc). To update the framework, the user just enters the directory containing their local copy, and runs svn update (or a wrapper script does the same). While this method does waste disk space (~100mb per user), it solves a number of problems, including licensing issues, package management, and permissions.
Is it possible to separate and update exploit database separately for the program itself?
Exploits often depend on changes made to the code as well -- for example, if a new SMB-related flaw comes out, and the existing SMB library is unable to provide access to that feature, then the exploit module and the library update would be pushed to the branch tree together. At some point in the future we may freeze the exploit API, but theres no guarantee of a new module working with a non-updated tree at this time. The 3.1 brought us closer, but it may not be until 3.2 (~6 months) before we can provide a versioned API for exploit modules. As a happy Gentoo user, I would like to see this resolved as well ;-) -HD
Current thread:
- packaging issue: how to update? Peter Volkov (Jan 30)
- packaging issue: how to update? H D Moore (Feb 01)
- packaging issue: how to update? H D Moore (Feb 01)