SamuraiWTF 2.0 SVN Repository & Bug Tracker

With the recent release of SamuraiWTF 2.0 we have introduced significant changes to the official SamuraiWTF SVN repository, available at  http://svn.code.sf.net/p/samurai/code/trunk/ (check the new SourceForge.net project code section). This repository was mainly used in the past by the development team, thus these changes try to open up the repository to any user interested on updating the latest official SamuraiWTF version available from the project downloads section. As part of all these 2.0 related changes, we have also migrated the project to the new SourceForge.net (SF.net) platform, so the project web page look & feel and layout have changed, as well as some project's links (all the links in this post point to the new platform).

The idea is to use the SVN repository to provide fixes for known bugs between major SamuraiWTF releases, as well as updates for new features and tools (in future SVN revisions). Therefore, the current SVN repository contents include fixes for a few well known bugs associated to the SamuraiWTF 2.0 version in the form of individual bash scripts. These fixes will be included in the next SamuraiWTF version, 2.1, but meanwhile you can apply them to your private SamuraiWTF 2.0 instance.

The SVN repository contains a main script to apply all the available fixes ("fix.sh"), and a "fixes" directory. The "fixes" directory contains two types of scripts, those starting with "fix_" and a number, which corresponds to the ID associated to the bug the script fixes from the official SamuraiWTF bug tracker (eg. 25, after the migration), plus a descriptive text at the end of the filename, and those without a number, as the fix applies to a bug that has not been reported through the bug tracker.

In order to apply all the available fixes you simply need to follow these steps:
1. Start with a clean SamuraiWTF 2.0 instance (Live DVD or VM; take a look at the previous blog posts explaining how to create a SamuraiWTF 2.0 virtual machine in VMware Fusion, Workstation, and Player).
2. Perform an initial checkout to retrieve the current SVN trunk contents from the official SamuraiWTF repository:
$ svn co http://svn.code.sf.net/p/samurai/code/trunk samurai
3. Step into the new local SVN copy and run the "fix.sh" script using sudo:
$ cd samurai
$ sudo ./fix.sh

The following screenshot shows the initial SVN process:

The main "fix.sh" script keeps a log of the fixes already applied, with the idea of avoiding applying the same fix every time the "fix.sh" script is executed. Thus, you can periodically update your local SVN copy ("svn up") with the most recent SVN contents and fixes, and run the script again:
$ cd samurai
$ svn up
$ sudo ./fix.sh

The following screenshot shows the SVN update process:

As new bugs are discovered and reported in the official SamuraiWTF bug tracker (please use the "v2.0" group to report all SamuraiWTF 2.0 issues), the plan is to create fix scripts for them and add those to the SVN repository. Bugs (or tickets) will remain in the "open" status till we find a solution for them, and once we have a fix script ready, they will be moved to the "pending" status till they are implemented on the next release, such as 2.1.

Additionally, in a near future we plan to add to SVN a similar "update.sh" script, plus the corresponding "updates" directory, to be able to provide updates for other SamuraiWTF features and tools (that you can request and report via the official SamuraiWTF feature requests tracker). When adding new feature requests use the "Next Release" milestone so that we can evaluate what release it will be added to.

We encourage you to use SamuraiWTF 2.0, apply the fixes from the SVN repository, and help us by reporting bugs and solutions to the mailing-list, and more importantly, though the bug tracker and feature requests tracker. In order to create new bug and feature requests tickets you need to authenticate in the SF.net platform.

An interesting conclusion from the weekly stats download count: Although the SamuraiWTF 2.0 ISO image has been downloaded 1,169 times, the corresponding MD5 file has been downloaded only 19 times. It seems that less than 2% of users check the ISO image MD5 hash (...unless you know it from the top of your head) :o)

Appendix: SVN SamuraiWTF Commands

With the recent project migration to the new SourceForge.net platform it is possible to perform a checkout of the SVN contents using SVN or HTTP (both unencrypted):
$ svn co svn://svn.code.sf.net/p/samurai/code/trunk samurai
$ svn co http://svn.code.sf.net/p/samurai/code/trunk samurai

Unfortunately, there is no encrypted alternative to checkout the SVN contents anonymously, as there was in the past (the command below, based on HTTPS, doesn't work anymore and requests user credentials):
$ svn co https://svn.code.sf.net/p/samurai/code/trunk samurai

However, the encrypted option that still works (I don't know for how long it will be available...) is the one that retrieves the contents from the old SVN repository via HTTPS (I recommend you NOT to use it - I included it here just for documentation purposes):
$ svn co https://samurai.svn.sourceforge.net/svnroot/samurai/trunk/ samurai

Additionally, as a project developer, it is possible to get encrypted and authenticated read-write (RW) SVN checkout access via SVN+SSH (replace USER with your SF.net username; check all these new options in the project code section):
$ svn checkout --username=USER svn+ssh://USER@svn.code.sf.net/p/samurai/code/trunk samurai