Metasploit is changing from using their own SVN server to host their repository to GitHub and by this move to Git as their tool for managing the main repository available to the public for getting access to the Framework source code. This also changes the way commits are done, if any none Rapid7 employee or contractor member of the development team wants to contribute code it will have to be thru GitHub pull request feature. This will allow Rapid7 better control over who commits and the quality of the commits making sure that their commercial products Metasploit Community, Pro and Express do not get affected by a contribution that did not go thru a proper test procedure and quality assurance. In addition the shift from SVN to Git will allow greater flexibility to the Rapid7 team to make modification to the the framework on forks and branches on their own systems allowing them to keep the main repository as stable as possible and changes to be pushed in a less risky manner. This is great business move since it will reduce risk and accelerate development of the base foundation of their products, allowing the team to focus more on the technical an engineering aspects of the projects and less on the over heads of managing code on their machines. In terms of management of community commits the pull requests will centralize the process from Redmine and the emails to msfdev mailing list making it easier for them to get contributions for the Framework. I do have to say I will miss the ability to be able to push my own changes and fixes and will have to rely like everybody else to the fork process and GitHub pull request method like everybody else but in the long run this a better solution for the stability of the code, faster innovation and risk reduction allowing Rapid7 to further advanced the Framework that is base of some of their commercial products.
Now this does changes my workflow for the code I write for use in Metasploit. I do have a GitHub account that I used as my temporary account for plugins and modules, I will be consolidating this one in to one single project in GitHub and making sure it follows the folder structure as in the framework so I can just have it in my machine under ~/.msf4 that way I can test modify and test modules and plugins without the need of putting them in the framework folder it self and move them in to the forked version if I wish to contribute them to Rapid7 if not they will still be accessible for sharing under my GitHub page.
So there are now 2 new ways to use the framework repository depending on your need, If you are only to consume the code in it and do not wish to contribute your code to Rapid7 you just need to have Git on your system and clone the repository. You first start by installing Git
Installing Git
On OS X you only need to install the latest Xcode Tools from the AppStore
On CentOS 6 and latest Fedora Systems you would run as root
yum updateyum install gitOn Ubuntu and Debian systems you would run as root
apt-get updateapt-get install git-coreCloning the Repository
Iâm a person who likes having several copies of the Framework to work in, I tend to keep in my home folder on my boxes a folder call dev where I keep all the project repositories I use. So I recommend you start by creating the folder to host the project and its copies if you later decide to fork and work on coding inside the Framework.
mkdir -p ~/devcd ~/devOnce the folder is create you only need to clone the Git repository that is on GitHub
git clone git://github.com/rapid7/metasploit-framework.gitNow you should be able to use and work from inside the metasploit-framework folder created there. To keep you copy updated you only need to run from the folder
git pullThis will fetch the latest changes and merge them together.
Forking the Project
If you are planning on contributing to the project then it is recommended that you fork the project so you can issue pull request from GitHub. To be able to do this you must first have a GitHub account at http://github.com once you have an account there you can navigate to https://github.com/rapid7/metasploit-framework and from there click on the fork button on the page to create a fork under your account
Once it has been forked you can now clone it your development system by running the following command in your dev folder, In the example bellow you will see I amed it msf-fork so I can quickly see this is my forked copy
git clone [email protected]:<your username>/metasploit-framework.git msf-forkNext I want to be able to update from the main Framework repository so I will set the one managed by Rapid7 as upstream and test updating
git remote add upstream git://github.com/rapid7/metasploit-framework.gitgit fetch upstreamOnce you have done several commits to the clone in your machine you can push those to the fork on your GitHub account by doing running the following command
git push origin masterAny time the framework is updated and you want to merge those changes in to your forked copy you would run
git fetch upstreamgit merge upstream/masterTo send a pull request to Rapid7 so as to contribute your code or changes you would follow the GitHub guide that would do a better job than me explaining it in this blog post
http://help.github.com/send-pull-requests/
I also recommend the use of branches so you can have several branches of the fork you have so you can later merge those in to your local clone of the fork and push for latter submitting for pull requests a great guide for this is on Online Git Book http://book.git-scm.com/3_basic_branching_and_merging.html
For further reading on the use of Git I recommend
Pro Git Book (http://progit.org/book/
Git Community Book http://book.git-scm.com/index.htmlI hope you find this post useful and look forward to people contributing to the Framework.
