Mac for Hackers: How to Install RVM to Maintain Ruby Environments in macOS

How to Install RVM to Maintain Ruby Environments in macOS

Mac for Hackers: How to Install RVM to Maintain Ruby Environments in macOS

We're almost there to completing the setup of your Mac for hacking! Now that we have Git and Homebrew under our belts, it's time to take on something fairly easy, but very important for our hacking needs.

Ruby is an object-oriented scripting language used to write powerful projects such as Metasploit and WPScan. Although Ruby ships with macOS, there isn't a clean way included in the operating system to update and manage Ruby environments (i.e., gem files and Ruby versions).

Why is that so important? The version of Ruby that ships with macOS is usually out of date, and since we're going to need at least the latest version of Ruby—and will have to manage gems (Ruby libraries)—some form of Ruby version management is required. Plus, in some cases, our hacking tools will require a specific Ruby version to run properly, and that means we'll need more than one functioning Ruby version.

There are two leading options for this: rbenv and RVM (Ruby Version Manager). Rbenv is lightweight and modular, which fits more with the Unix philosophy of do one thing and do it well, but I personally prefer RVM. It's an all-encompassing solution to managing environments that meets almost all needs out of the box. It also doesn't hurt that it's the recommended Ruby version manager for working with the Metasploit Framework.

In this tutorial, we'll be looking at installing RVM on macOS and updating to the latest version of Ruby.

Step 1: Install GPG

The current RVM version signs and verifies all releases and the rvm-installer script. In most cases, it's all automated and the installer will check if the downloaded files are signed.

First, we will need to install GPG, an open-source encryption tool which allows us to encrypt and sign data communications. You should have Homebrew installed already, if you've been following this series, so simply execute this command:

  • brew install gpg

Step 2: Install RVM

Next, we will execute the RVM installer with the command:

This command tells cURL to get the script, and to follow any location changes reported by the host (-L). It is then piped (|)into bash. The options select the stable version of RVM, enable auto-dependency resolution, and, finally, --ruby installs the latest version of Ruby. Once that completes, we will close the terminal window and open a new one.

Step 3: Check Our Ruby Version

Now we'll check the default version of Ruby on our machine using RVM:

  • rvm list

As you can see, our Ruby install is now up to date and ready to go!

Step 4: Install Older Ruby Versions

When we need an older Ruby version to run a tool, RVM makes that a piece of cake. First, open up iTerm and then enter the command:

  • rvm install 2.2.5

Swap out "2.2.5" with whatever version number you want.

I selected 2.2.5, since it was a binary version of Ruby, meaning no compile time. You can use the following command to get a list of easy-to-pull-down Ruby versions.

  • rvm list known

The list isn't definitive, but a little checking around on the RVM site will give a more complete list.

Step 5: Switch Between Ruby Versions

Now that we have multiple versions of Ruby installed, we can view which versions are installed with the command:

  • rvm list

In order to switch between them, use the command:

  • rvm use 2.2.5

Change "2.2.5" to the version of Ruby to the one you want to use.

Step 6: Remove an Unused Ruby Version

If tools update to the latest version of Ruby, you may want to remove the outdated and unused versions on your machine. Simply enter the command:

  • rvm remove 2.2.5

Replace "2.2.5" with whatever version of Ruby you are trying to remove.

If you only want to remove Ruby itself, and not everything related to that version of Ruby, use the command:

  • rvm uninstall 2.2.5

Substitute "2.2.5" with the version of Ruby you are trying to remove.

And Now You've Got Ruby All Ready

RVM is a powerful tool and has many more features geared towards developers. If you have any interest in development with Ruby, I recommend reading through this series. In order to get a firm grasp of what RVM is capable of I recommend using the command "man rvm". With RVM installed on macOS, we can now easily work with GitHub projects that are written in Ruby, and we won't need to worry about multiple versions of Ruby on our machine conflicting.

Stay tuned to future guides in this series on getting a Mac ready for hacking, which will include installing Kali and Metasploit, organizing your tools, and the basics of Vim.

Cover image by cherniga/123RF; Screenshots by Barrow/Null Byte

4 Comments

Is it possible to use vmware indtead???

You could run multiple guest OS's with different Ruby versions, but that seems much more intensive.

i might need help

Jellekoks-MacBook-Pro:~ Jellekok2002$ curl -L https://get.rvm.io | bash -s stable --autolibs=enabled --ruby
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 194 100 194 0 0 292 0 --:--:-- --:--:-- --:--:-- 292
100 24063 100 24063 0 0 18058 0 0:00:01 0:00:01 --:--:-- 160k
Downloading https://github.com/rvm/rvm/archive/1.29.1.tar.gz
Downloading https://github.com/rvm/rvm/releases/download/1.29.1/1.29.1.tar.gz.asc
gpg: Signature made Sun Feb 19 21:02:47 2017 CET
gpg: using RSA key 62C9E5F4DA300D94AC36166BE206C29FBF04FF17
gpg: Can't check signature: No public key

Warning, RVM 1.26.0 introduces signed releases and automated check of signatures when GPG software found. Assuming you trust Michal Papis import the mpapis public key (downloading the signatures).

GPG signature verification failed for '/Users/Jellekok2002/.rvm/archives/rvm-1.29.1.tgz' - 'https://github.com/rvm/rvm/releases/download/1.29.1/1.29.1.tar.gz.asc'! Try to install GPG v2 and then fetch the public key:

gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3

or if it fails:

command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -

the key can be compared with:

https://rvm.io/mpapis.asc
https://keybase.io/mpapis

NOTE: GPG version 2.1.17 have a bug which cause failures during fetching keys from remote server. Please downgrade or upgrade to newer version (if available) or use the second method described above.

Did you read the error? It gives the solution.
I ran into this too and the 2nd option fixed it.

Share Your Thoughts

  • Hot
  • Latest