Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add install instruction: Fetch RVM PGP key #1467

Closed
0xmachos opened this issue Nov 8, 2017 · 2 comments
Closed

Add install instruction: Fetch RVM PGP key #1467

0xmachos opened this issue Nov 8, 2017 · 2 comments
Labels
Documentation Install

Comments

@0xmachos
Copy link
Contributor

0xmachos commented Nov 8, 2017

Environment

What version/revision of BeEF are you using?

Not applicable

On what version of Ruby?

Not applicable

On what browser?

Not applicable

On what operating system?

Kali Linux Light prebuilt VMWare image

Configuration

Are you using a non-default configuration?

Not applicable

Have you enabled or disabled any BeEF extensions?

Not applicable

Summary

While following the Debian / Ubuntu section of the install instructions on the Github Wiki the step which should install RVM fails.

Expected Behaviour

The RVM install starts.

Actual Behaviour

The RVM install does not start. RVM tries to validate the PGP signature of the downloaded RVM archive, this fails as the local PGP keying does not have the public key of the RVM signing key.

Steps to Reproduce

sudo apt-get update
sudo apt-get install curl git nodejs
curl -sSL https://get.rvm.io | bash -s stable

Additional Information

Downloading https://github.com/rvm/rvm/archive/1.29.3.tar.gz
Downloading https://github.com/rvm/rvm/releases/download/1.29.3/1.29.3.tar.gz.asc
gpg: Signature made aca 10 way 2017  4:59:21 carra EDT
gpg:                using RSA key E206C29FBF04FF17
gpg: Can't check signature: No public key
Warning, RVM 1.26.0 introduces signed releases and automated check of signatures when GPG software found. Assuming you trust Michal Papis import the mpapis public key (downloading the signatures).

GPG signature verification failed for '/usr/local/rvm/archives/rvm-1.29.3.tgz' - 'https://github.com/rvm/rvm/releases/download/1.29.3/1.29.3.tar.gz.asc'! Try to install GPG v2 and then fetch the public key:

    gpg2 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3

or if it fails:

    command curl -sSL https://rvm.io/mpapis.asc | gpg --import -

the key can be compared with:

    https://rvm.io/mpapis.asc
    https://keybase.io/mpapis

NOTE: GPG version 2.1.17 have a bug which cause failures during fetching keys from remote server. Please downgrade or upgrade to newer version (if available) or use the second method described above.

Suggested Fix

Add the following command to the Debian / Ubuntu section of the install instructions.

curl -sSL https://rvm.io/mpapis.asc | gpg --import -
@iufuenza
Copy link

iufuenza commented Feb 6, 2018

Thanks for the fix!

@bcoles
Copy link
Collaborator

bcoles commented Mar 7, 2018

Thanks @0xmachos

I've opted to remove the rvm installation from the installation instructions, and instead advised the reader to manage their own Ruby environment / versions, with links the relevant rvm and rbenv websites.

The Installation page on the wiki hasn't been updated yet. Updating the documentation, including the wiki, is being tracked in #1477.

Closing this issue.

@bcoles bcoles closed this as completed Mar 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Documentation Install
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcoles @iufuenza @0xmachos