[Owasp-orizon] ubuntu 9.10 (sun java)

Matt Tesauro mtesauro at gmail.com
Thu Nov 26 01:00:14 EST 2009 

Wow - I think I just figured out the problem Brad was having.  I guess I
should stay up late more often.

Back to the point - I was puzzled that Brad was having problems as I
didn't have any problems on my Ubuntu boxes - either here or at work.  I
was also thinking that we'd not really specifically said what the 'fix'
was nor the cause in Brad's case.

Then I remembered something important I saw in his post:
"/media/daStick/orizon-1.19"

So I'd guess that Brad was running this off a USB drive.  If that's a
drive he shares between Linux and Windows, I doubt that it is formated
ext3 or another file system that supports symbolic links like I have on
my Linux box:
mtesauro at moya:~/downloads/programs/toolz/orizon/orizon-1.19/lib$ ls -lah
total 4.4M
drwxr-xr-x 2 mtesauro mtesauro 4.0K 2009-07-13 08:30 .
drwxr-xr-x 4 mtesauro mtesauro 4.0K 2009-08-24 04:29 ..
-rw-r--r-- 1 mtesauro mtesauro 6.1K 2009-05-29 04:54 .DS_Store
-rw-r--r-- 1 mtesauro mtesauro  86K 2009-06-15 04:19 jline-0.9.94.jar
lrwxrwxrwx 1 mtesauro mtesauro   16 2009-11-24 17:43 jline.jar ->
jline-0.9.94.jar
-rw-r--r-- 1 mtesauro mtesauro 383K 2009-05-29 04:54 log4j-1.2.15.jar
lrwxrwxrwx 1 mtesauro mtesauro   16 2009-11-24 17:43 log4j.jar ->
log4j-1.2.15.jar
-rw-r--r-- 1 mtesauro mtesauro 361K 2009-08-24 08:42
orizon-core-1.19.jar
[snip]

add that to the the .sh script which looks for the presence of those
files (not if they are broken sym links) and I think that's our problem.
<aside>Looks like the project lead has a Mac due to .DS_Store</aside>

I confirmed this by getting a vfat formatted USB drive I had about and
tried to extract the tarball.  The tar command bomb out due to:
tar: orizon-1.19/lib/jline.jar: Cannot create symlink to
`jline-0.9.94.jar': Operation not permitted

So I tried just copying the source from where I'd extracted it on my
hard drive which complains but copies the rest of the files:
$ cp -a /home/mtesauro/downloads/programs/toolz/orizon/orizon-1.19 ./
cp: cannot create symbolic link `./orizon-1.19/lib/jline.jar': Operation
not permitted
cp: cannot create symbolic link `./orizon-1.19/lib/log4j.jar': Operation
not permitted
$ ls orizon-1.19/
AUTHORS  bin  Changelog  COPYING  CREDITS  java_collector.txt  lib
README  VERSION

So all this begs a question which is beyond the .sh script.

Does this get fixed by the orizon.sh script?
  OR
Should Orizon ship libraries without explicit version numbers or
otherwise work around the use of symbolic links?

Have I missed something?  

Brad: What was the USB stick formated in?

Paolo: What's your preference?

-  
-- Matt Tesauro
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site


On Wed, 2009-11-25 at 17:17 +0100, Paolo Perego wrote:
> You've got it Matt.
> Maybe it's a good idea to put scripts also in the repository so you  
> can directly manage it.
> 
> I'm defintely thinking that having svn repo hosted by goggle code can  
> be the solution for the future
> 
> Next days I will setup all the things.
> 
> Matt when you've got the patch to the script you can share it to the  
> list.
> 
> Thank you guys
> 
> Ciao ciao
> Paolo
> 
> "static analysis is fun... again"
> Owasp Orizon project leader: http://orizon.sf.net
> Owasp Italy R&D director
> 
> On 25/nov/2009, at 14.47, Matt Tesauro <mtesauro at gmail.com> wrote:
> 
> > Paolo,
> >
> > If you need the .sh script to be adjusted to handle this situation,  
> > I'm
> > officially volunteering to make it work - at least for Brad ;)
> >
> > -
> > -- Matt Tesauro
> > OWASP Live CD Project Lead
> > http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> > http://AppSecLive.org - Community and Download site
> >
> >
> > On Wed, 2009-11-25 at 11:13 +0100, Paolo Perego wrote:
> >> Hi there. Sorry for the delay but I'm on line just by my phone :)
> >>
> >> The problem is when we build dependency info in orizon jars. We can
> >> choose to statically rename jline and log4j.
> >>
> >> Federico your batch script will be released with 1.20 at the end of
> >> the year just before the big movement toward 2.0
> >>
> >>
> >> Ciao ciao
> >> Paolo
> >>
> >> "static analysis is fun... again"
> >> Owasp Orizon project leader: http://orizon.sf.net
> >> Owasp Italy R&D director
> >>
> >> On 25/nov/2009, at 09.06, Federico Casani <f.casani at owasp.org> wrote:
> >>
> >>> Hi!..
> >>> I think that you have to rename jline-<version>.jar, log4j-
> >>> <version>.jar into
> >>> respectively jline.jar and log4j.jar.
> >>>
> >>> But I ask: Orizon will continue to be issued in this way?
> >>> We always have to rename these jar file?
> >>>
> >>> Bye ;)
> >>>
> >>> Federico
> >>>
> >>>
> >>> On Wed, Nov 25, 2009 at 2:30 AM, Brad Causey <bradcausey at owasp.org>
> >>> wrote:
> >>>>
> >>>> Guys,
> >>>>
> >>>> I'm running Orizon on Ubuntu 9.10. When I execute it via the shell
> >>>> script in the bin directory it fails and exists before I get a
> >>>> chance to read the output.
> >>>>
> >>>> Here is an example console session:
> >>>> brad at brad-ubuntu:/media/daStick/orizon-1.19$ ls
> >>>> AUTHORS  Changelog  CREDITS             lib     VERSION
> >>>> bin      COPYING    java_collector.txt  README
> >>>> brad at brad-ubuntu:/media/daStick/orizon-1.19$ /usr/bin/java - 
> >>>> Xms32m -
> >>>> Xmx512m -jar ./lib/orizon-core-1.19.jar
> >>>> Exception in thread "main" java.lang.NoClassDefFoundError: jline/
> >>>> Completor
> >>>> Caused by: java.lang.ClassNotFoundException: jline.Completor
> >>>>    at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
> >>>>    at java.security.AccessController.doPrivileged(Native Method)
> >>>>    at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
> >>>>    at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
> >>>>    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
> >>>>    at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
> >>>>    at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
> >>>> Could not find the main class: org.owasp.orizon.tools.osh.Osh.
> >>>> Program will exit.
> >>>> brad at brad-ubuntu:/media/daStick/orizon-1.19$ which java
> >>>> /usr/bin/java
> >>>> brad at brad-ubuntu:/media/daStick/orizon-1.19$ java -version
> >>>> java version "1.6.0_16"
> >>>> Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
> >>>> Java HotSpot(TM) Server VM (build 14.2-b01, mixed mode)
> >>>>
> >>>>
> >>>> Any ideas? Thanks!
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> -Brad Causey
> >>>> CISSP, MCSE, C|EH, CIFI, CGSP
> >>>>
> >>>> http://www.owasp.org
> >>>> --
> >>>> Never underestimate the time, expense, and effort an opponent will
> >>>> expend to break a code. (Robert Morris)
> >>>> --
> >>>>
> >>>> _______________________________________________
> >>>> Owasp-orizon mailing list
> >>>> Owasp-orizon at lists.owasp.org
> >>>> https://lists.owasp.org/mailman/listinfo/owasp-orizon
> >>>>
> >>> _______________________________________________
> >>> Owasp-orizon mailing list
> >>> Owasp-orizon at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-orizon
> >> _______________________________________________
> >> Owasp-orizon mailing list
> >> Owasp-orizon at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-orizon
> >
> > _______________________________________________
> > Owasp-orizon mailing list
> > Owasp-orizon at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-orizon
> _______________________________________________
> Owasp-orizon mailing list
> Owasp-orizon at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-orizon

More information about the Owasp-orizon mailing list