From 04e7e3c4f922dcdff2228886bfc5429feb53e8b1 Mon Sep 17 00:00:00 2001 From: Andreas Oberritter Date: Thu, 4 Jul 2024 10:28:46 +0200 Subject: [PATCH] kali: A distribution based on Debian: https://www.kali.org/ Kali includes many packages suitable for offensive security tasks. It follows a rolling release model and serves fewer architectures than Debian. Building a kali image requires installing kali-archive-keyring: - Source: https://gitlab.com/kalilinux/packages/kali-archive-keyring - Packages: https://pkg.kali.org/pkg/kali-archive-keyring --- docs/bootable.md | 16 ++ mkosi.conf.d/20-kali/mkosi.conf | 14 ++ .../20-kali/mkosi.conf.d/20-arm64.conf | 8 + .../20-kali/mkosi.conf.d/20-x86-64.conf | 8 + mkosi.conf.d/20-kali/mkosi.conf.d/20-x86.conf | 8 + .../mkosi.conf | 1 + .../mkosi.conf.d/20-ext4-orphan-file.conf | 0 .../mkosi.conf.d/20-x86-64.conf | 0 .../lib/systemd/system-preset/00-mkosi.preset | 2 +- .../lib/systemd/system-preset/99-mkosi.preset | 2 +- mkosi.postinst | 2 +- mkosi/distributions/__init__.py | 5 +- mkosi/distributions/kali.py | 60 ++++++++ mkosi/installer/apt.py | 4 +- .../mkosi.conf | 1 + .../mkosi.conf.d/10-libtss.conf | 3 + .../mkosi.conf | 2 + mkosi/resources/mkosi.md | 145 +++++++++--------- 18 files changed, 204 insertions(+), 77 deletions(-) create mode 100644 mkosi.conf.d/20-kali/mkosi.conf create mode 100644 mkosi.conf.d/20-kali/mkosi.conf.d/20-arm64.conf create mode 100644 mkosi.conf.d/20-kali/mkosi.conf.d/20-x86-64.conf create mode 100644 mkosi.conf.d/20-kali/mkosi.conf.d/20-x86.conf rename mkosi.conf.d/{30-debian-ubuntu => 30-debian-kali-ubuntu}/mkosi.conf (96%) rename mkosi.conf.d/{30-debian-ubuntu => 30-debian-kali-ubuntu}/mkosi.conf.d/20-ext4-orphan-file.conf (100%) rename mkosi.conf.d/{30-debian-ubuntu => 30-debian-kali-ubuntu}/mkosi.conf.d/20-x86-64.conf (100%) create mode 100644 mkosi/distributions/kali.py rename mkosi/resources/mkosi-initrd/mkosi.conf.d/{10-debian-ubuntu => 10-debian-kali-ubuntu}/mkosi.conf (97%) rename mkosi/resources/mkosi-initrd/mkosi.conf.d/{10-debian-ubuntu => 10-debian-kali-ubuntu}/mkosi.conf.d/10-libtss.conf (88%) rename mkosi/resources/mkosi-tools/mkosi.conf.d/{10-debian-ubuntu => 10-debian-kali-ubuntu}/mkosi.conf (94%) diff --git a/docs/bootable.md b/docs/bootable.md index ba13558ade..8887a59179 100644 --- a/docs/bootable.md +++ b/docs/bootable.md @@ -69,6 +69,22 @@ Packages=linux-image-generic dbus ``` +## Kali + +```conf +[Distribution] +Distribution=kali + +[Content] +Bootable=yes +Packages=linux-image-generic + systemd + systemd-boot + systemd-sysv + udev + dbus +``` + ## Ubuntu ```conf diff --git a/mkosi.conf.d/20-kali/mkosi.conf b/mkosi.conf.d/20-kali/mkosi.conf new file mode 100644 index 0000000000..fa40944966 --- /dev/null +++ b/mkosi.conf.d/20-kali/mkosi.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=kali + +[Distribution] +Repositories=non-free-firmware + +[Host] +ToolsTreeDistribution=kali + +[Content] +Packages= + linux-perf diff --git a/mkosi.conf.d/20-kali/mkosi.conf.d/20-arm64.conf b/mkosi.conf.d/20-kali/mkosi.conf.d/20-arm64.conf new file mode 100644 index 0000000000..af923fa442 --- /dev/null +++ b/mkosi.conf.d/20-kali/mkosi.conf.d/20-arm64.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=arm64 + +[Content] +Packages= + linux-image-cloud-arm64 diff --git a/mkosi.conf.d/20-kali/mkosi.conf.d/20-x86-64.conf b/mkosi.conf.d/20-kali/mkosi.conf.d/20-x86-64.conf new file mode 100644 index 0000000000..615de52499 --- /dev/null +++ b/mkosi.conf.d/20-kali/mkosi.conf.d/20-x86-64.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=x86-64 + +[Content] +Packages= + linux-image-cloud-amd64 diff --git a/mkosi.conf.d/20-kali/mkosi.conf.d/20-x86.conf b/mkosi.conf.d/20-kali/mkosi.conf.d/20-x86.conf new file mode 100644 index 0000000000..fe0c4dcb31 --- /dev/null +++ b/mkosi.conf.d/20-kali/mkosi.conf.d/20-x86.conf @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Architecture=x86 + +[Content] +Packages= + linux-image-686 diff --git a/mkosi.conf.d/30-debian-ubuntu/mkosi.conf b/mkosi.conf.d/30-debian-kali-ubuntu/mkosi.conf similarity index 96% rename from mkosi.conf.d/30-debian-ubuntu/mkosi.conf rename to mkosi.conf.d/30-debian-kali-ubuntu/mkosi.conf index 6b7813c6a7..8612e47adf 100644 --- a/mkosi.conf.d/30-debian-ubuntu/mkosi.conf +++ b/mkosi.conf.d/30-debian-kali-ubuntu/mkosi.conf @@ -2,6 +2,7 @@ [Match] Distribution=|debian +Distribution=|kali Distribution=|ubuntu [Content] diff --git a/mkosi.conf.d/30-debian-ubuntu/mkosi.conf.d/20-ext4-orphan-file.conf b/mkosi.conf.d/30-debian-kali-ubuntu/mkosi.conf.d/20-ext4-orphan-file.conf similarity index 100% rename from mkosi.conf.d/30-debian-ubuntu/mkosi.conf.d/20-ext4-orphan-file.conf rename to mkosi.conf.d/30-debian-kali-ubuntu/mkosi.conf.d/20-ext4-orphan-file.conf diff --git a/mkosi.conf.d/30-debian-ubuntu/mkosi.conf.d/20-x86-64.conf b/mkosi.conf.d/30-debian-kali-ubuntu/mkosi.conf.d/20-x86-64.conf similarity index 100% rename from mkosi.conf.d/30-debian-ubuntu/mkosi.conf.d/20-x86-64.conf rename to mkosi.conf.d/30-debian-kali-ubuntu/mkosi.conf.d/20-x86-64.conf diff --git a/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset index bf67c94f14..8b53cbb388 100644 --- a/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset +++ b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset @@ -4,7 +4,7 @@ disable ssh.service disable sshd.service -# Make sure dbus-broker is started by default on Debian/Ubuntu. +# Make sure dbus-broker is started by default on Debian/Kali/Ubuntu. enable dbus-broker.service # Make sure we have networking available. diff --git a/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset index 710ee7c6f9..40873d345a 100644 --- a/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset +++ b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset @@ -1,4 +1,4 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -# Make sure that services are disabled by default (primarily for Debian/Ubuntu). +# Make sure that services are disabled by default (primarily for Debian/Kali/Ubuntu). disable * diff --git a/mkosi.postinst b/mkosi.postinst index 2d62c471bc..d5bd991bd8 100755 --- a/mkosi.postinst +++ b/mkosi.postinst @@ -2,7 +2,7 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if [[ "$DISTRIBUTION" =~ ubuntu|debian ]]; then +if [[ "$DISTRIBUTION" =~ ubuntu|kali|debian ]]; then SUDO_GROUP=sudo else SUDO_GROUP=wheel diff --git a/mkosi/distributions/__init__.py b/mkosi/distributions/__init__.py index 5bd334f674..5d07b719c5 100644 --- a/mkosi/distributions/__init__.py +++ b/mkosi/distributions/__init__.py @@ -76,6 +76,7 @@ class Distribution(StrEnum): # of the mkosi maintainers before implementing a new distribution. fedora = enum.auto() debian = enum.auto() + kali = enum.auto() ubuntu = enum.auto() arch = enum.auto() opensuse = enum.auto() @@ -98,7 +99,7 @@ def is_centos_variant(self) -> bool: ) def is_apt_distribution(self) -> bool: - return self in (Distribution.debian, Distribution.ubuntu) + return self in (Distribution.debian, Distribution.ubuntu, Distribution.kali) def is_rpm_distribution(self) -> bool: return self in ( @@ -180,7 +181,7 @@ def detect_distribution() -> tuple[Optional[Distribution], Optional[str]]: if d is not None: break - if d in {Distribution.debian, Distribution.ubuntu} and version_codename: + if d in {Distribution.debian, Distribution.ubuntu, Distribution.kali} and version_codename: version_id = version_codename return d, version_id diff --git a/mkosi/distributions/kali.py b/mkosi/distributions/kali.py new file mode 100644 index 0000000000..90df33e5a0 --- /dev/null +++ b/mkosi/distributions/kali.py @@ -0,0 +1,60 @@ +# SPDX-License-Identifier: LGPL-2.1+ + +from collections.abc import Iterable +from pathlib import Path + +from mkosi.config import Architecture +from mkosi.context import Context +from mkosi.distributions import Distribution, debian +from mkosi.installer.apt import AptRepository +from mkosi.log import die +from mkosi.util import listify + + +class Installer(debian.Installer): + @classmethod + def pretty_name(cls) -> str: + return "Kali Linux" + + @classmethod + def default_release(cls) -> str: + return "kali-rolling" + + @classmethod + def default_tools_tree_distribution(cls) -> Distribution: + return Distribution.kali + + @staticmethod + @listify + def repositories(context: Context, local: bool = True) -> Iterable[AptRepository]: + if context.config.local_mirror and local: + yield AptRepository( + types=("deb",), + url=context.config.local_mirror, + suite=context.config.release, + components=("main",), + signedby=None, + ) + return + + yield AptRepository( + types=("deb", "deb-src"), + url=context.config.mirror or "http://http.kali.org/kali", + suite=context.config.release, + components=("main", *context.config.repositories), + signedby=Path("/usr/share/keyrings/kali-archive-keyring.gpg"), + ) + + @classmethod + def architecture(cls, arch: Architecture) -> str: + a = { + Architecture.arm64: "arm64", + Architecture.arm: "armhf", + Architecture.x86_64: "amd64", + Architecture.x86: "i386", + }.get(arch) + + if not a: + die(f"Architecture {arch} is not supported by {cls.pretty_name()}") + + return a diff --git a/mkosi/installer/apt.py b/mkosi/installer/apt.py index 7722575576..59effcb327 100644 --- a/mkosi/installer/apt.py +++ b/mkosi/installer/apt.py @@ -128,8 +128,8 @@ def setup(cls, context: Context, repos: Iterable[AptRepository]) -> None: if repo.signedby and not repo.signedby.exists(): die( f"Keyring for repo {repo.url} not found at {repo.signedby}", - hint="Make sure the right keyring package (e.g. debian-archive-keyring or ubuntu-keyring) is " - "installed", + hint="Make sure the right keyring package (e.g. debian-archive-keyring, kali-archive-keyring " + "or ubuntu-keyring) is installed", ) with sources.open("w") as f: diff --git a/mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf similarity index 97% rename from mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-ubuntu/mkosi.conf rename to mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf index 6ea07f5164..63b2b458f5 100644 --- a/mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +++ b/mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf @@ -2,6 +2,7 @@ [Match] Distribution=|debian +Distribution=|kali Distribution=|ubuntu [Content] diff --git a/mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-libtss.conf b/mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf.d/10-libtss.conf similarity index 88% rename from mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-libtss.conf rename to mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf.d/10-libtss.conf index 5578e218ff..1e6a8bc552 100644 --- a/mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-libtss.conf +++ b/mkosi/resources/mkosi-initrd/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf.d/10-libtss.conf @@ -3,6 +3,9 @@ [TriggerMatch] Distribution=debian +[TriggerMatch] +Distribution=kali + [TriggerMatch] Distribution=ubuntu Release=!focal diff --git a/mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf similarity index 94% rename from mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-ubuntu/mkosi.conf rename to mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf index 575187f734..53a43bc8c9 100644 --- a/mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +++ b/mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf @@ -2,11 +2,13 @@ [Match] Distribution=|debian +Distribution=|kali Distribution=|ubuntu [Content] Packages= ?exact-name(distribution-gpg-keys) + ?exact-name(kali-archive-keyring) ?exact-name(grub-pc-bin) ?exact-name(systemd-boot) ?exact-name(systemd-repart) diff --git a/mkosi/resources/mkosi.md b/mkosi/resources/mkosi.md index 5820d50332..e67d9951ac 100644 --- a/mkosi/resources/mkosi.md +++ b/mkosi/resources/mkosi.md @@ -392,8 +392,8 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`, `Distribution=`, `--distribution=`, `-d` : The distribution to install in the image. Takes one of the following - arguments: `fedora`, `debian`, `ubuntu`, `arch`, `opensuse`, `mageia`, - `centos`, `rhel`, `rhel-ubi`, `openmandriva`, `rocky`, `alma`, + arguments: `fedora`, `debian`, `kali`, `ubuntu`, `arch`, `opensuse`, + `mageia`, `centos`, `rhel`, `rhel-ubi`, `openmandriva`, `rocky`, `alma`, `custom`. If not specified, defaults to the distribution of the host or `custom` if the distribution of the host is not a supported distribution. @@ -402,8 +402,8 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`, : The release of the distribution to install in the image. The precise syntax of the argument this takes depends on the distribution used, and is either a numeric string (in case of Fedora Linux, CentOS, …, - e.g. `29`), or a distribution version name (in case of Debian, Ubuntu, - …, e.g. `artful`). Defaults to a recent version of the chosen + e.g. `29`), or a distribution version name (in case of Debian, Kali, + Ubuntu, …, e.g. `artful`). Defaults to a recent version of the chosen distribution, or the version of the distribution running on the host if it matches the configured distribution. @@ -432,6 +432,7 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`, | `debian` | http://deb.debian.org/debian | | | `arch` | https://geo.mirror.pkgbuild.com | http://mirror.archlinuxarm.org | | `opensuse` | http://download.opensuse.org | | + | `kali` | http://http.kali.org/kali | | | `ubuntu` | http://archive.ubuntu.com | http://ports.ubuntu.com | | `centos` | https://mirrors.centos.org | | | `rocky` | https://mirrors.rockylinux.org | | @@ -467,11 +468,12 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`, up locally regardless of the value of this setting. To make the distribution GPG keys for distributions available without enabling this setting, the corresponding package has to be installed on the host. This is usually one of `archlinux-keyring`, - `debian-keyring`, `ubuntu-keyring` or `distribution-gpg-keys` (for rpm-based distributions). + `debian-keyring`, `kali-archive-keyring`, `ubuntu-keyring` or `distribution-gpg-keys` + (for rpm-based distributions). `Repositories=`, `--repositories=` : Enable package repositories that are disabled by default. This can be used to enable the EPEL repos for - CentOS or different components of the Debian/Ubuntu repositories. + CentOS or different components of the Debian/Kali/Ubuntu repositories. `CacheOnly=`, `--cache-only=` : Takes one of `auto`, `metadata`, `always` or `never`. Defaults to @@ -1493,62 +1495,63 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`, packages are defined and which packages are included in those default tools trees: - | | Fedora | CentOS | Debian | Ubuntu | Arch | openSUSE | - |-------------------------|:------:|:------:|:------:|:------:|:----:|:--------:| - | `acl` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `apt` | ✓ | ✓ | ✓ | ✓ | ✓ | | - | `archlinux-keyring` | ✓ | ✓ | ✓ | ✓ | ✓ | | - | `attr` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `bash` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `btrfs-progs` | ✓ | | ✓ | ✓ | ✓ | ✓ | - | `bubblewrap` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `ca-certificates` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `coreutils` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `cpio` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `curl` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `debian-keyring` | ✓ | ✓ | ✓ | ✓ | ✓ | | - | `diffutils` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `distribution-gpg-keys` | ✓ | ✓ | | | ✓ | ✓ | - | `dnf` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `dnf-plugins-core` | ✓ | ✓ | | | | ✓ | - | `dnf5` | ✓ | | | | | | - | `dnf5-plugins` | ✓ | | | | | | - | `dosfstools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `e2fsprogs` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `edk2-ovmf` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `erofs-utils` | ✓ | | ✓ | ✓ | ✓ | ✓ | - | `findutils` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `git` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `grep` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `grub-tools` | ✓ | ✓ | ✓ | ✓ | ✓ | | - | `jq` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `kmod` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `less` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `mtools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `nano` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `openssh` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `openssl` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `sed` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `pacman` | ✓ | ✓ | ✓ | ✓ | ✓ | | - | `pesign` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `policycoreutils` | ✓ | ✓ | ✓ | ✓ | | ✓ | - | `qemu` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `sbsigntools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `socat` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `squashfs-tools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `strace` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `swtpm` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `systemd` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `ukify` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `tar` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `ubuntu-keyring` | ✓ | ✓ | ✓ | ✓ | ✓ | | - | `util-linux` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `virtiofsd` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `virt-firmware` | ✓ | ✓ | | | ✓ | | - | `xfsprogs` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `xz` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `zstd` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | - | `zypper` | ✓ | | ✓ | ✓ | ✓ | | + | | Fedora | CentOS | Debian | Kali | Ubuntu | Arch | openSUSE | + |-------------------------|:------:|:------:|:------:|:----:|:------:|:----:|:--------:| + | `acl` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `apt` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | + | `archlinux-keyring` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | + | `attr` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `bash` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `btrfs-progs` | ✓ | | ✓ | ✓ | ✓ | ✓ | ✓ | + | `bubblewrap` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `ca-certificates` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `coreutils` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `cpio` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `curl` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `debian-keyring` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | + | `diffutils` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `distribution-gpg-keys` | ✓ | ✓ | | | | ✓ | ✓ | + | `dnf` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `dnf-plugins-core` | ✓ | ✓ | | | | | ✓ | + | `dnf5` | ✓ | | | | | | | + | `dnf5-plugins` | ✓ | | | | | | | + | `dosfstools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `e2fsprogs` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `edk2-ovmf` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `erofs-utils` | ✓ | | ✓ | ✓ | ✓ | ✓ | ✓ | + | `findutils` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `git` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `grep` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `grub-tools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | + | `jq` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `kali-archive-keyring` | | | | ✓ | | | | + | `kmod` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `less` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `mtools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `nano` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `openssh` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `openssl` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `sed` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `pacman` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | + | `pesign` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `policycoreutils` | ✓ | ✓ | ✓ | ✓ | ✓ | | ✓ | + | `qemu` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `sbsigntools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `socat` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `squashfs-tools` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `strace` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `swtpm` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `systemd` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `ukify` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `tar` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `ubuntu-keyring` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | + | `util-linux` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `virtiofsd` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `virt-firmware` | ✓ | ✓ | | | | ✓ | | + | `xfsprogs` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `xz` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `zstd` | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | + | `zypper` | ✓ | | ✓ | ✓ | ✓ | ✓ | | `ToolsTreeDistribution=`, `--tools-tree-distribution=` : Set the distribution to use for the default tools tree. By default, @@ -1895,6 +1898,8 @@ distributions: * *Debian* +* *Kali Linux* + * *Ubuntu* * *Arch Linux* @@ -1921,7 +1926,7 @@ In theory, any distribution may be used on the host for building images containing any other distribution, as long as the necessary tools are available. Specifically, -any distribution that packages `apt` may be used to build *Debian* or *Ubuntu* images. +any distribution that packages `apt` may be used to build *Debian*, *Kali* or *Ubuntu* images. Any distribution that packages `dnf` may be used to build images for any of the rpm-based distributions. Any distro that packages `pacman` may be used to build *Arch Linux* images. Any distribution that packages `zypper` may be used to build *openSUSE* images. @@ -2683,7 +2688,7 @@ In this scenario, the kernel is loaded from the ESP in the image by `systemd-boo # REQUIREMENTS -mkosi is packaged for various distributions: Debian, Ubuntu, Arch +mkosi is packaged for various distributions: Debian, Kali, Ubuntu, Arch Linux, Fedora Linux, OpenMandriva, Gentoo. Note that it has been a while since the last release and the packages shipped by distributions are very out of date. We currently recommend running mkosi from git until a @@ -2698,19 +2703,19 @@ necessary dependencies. For example, on *Fedora Linux* you need: # dnf install bubblewrap btrfs-progs apt dosfstools mtools edk2-ovmf e2fsprogs squashfs-tools gnupg python3 tar xfsprogs xz zypper sbsigntools ``` -On Debian/Ubuntu it might be necessary to install the `ubuntu-keyring`, -`ubuntu-archive-keyring` and/or `debian-archive-keyring` packages explicitly, -in addition to `apt`, depending on what kind of distribution images you want -to build. +On Debian/Kali/Ubuntu it might be necessary to install the `ubuntu-keyring`, +`ubuntu-archive-keyring`, `kali-archive-keyring` and/or `debian-archive-keyring` +packages explicitly, in addition to `apt`, depending on what kind of distribution +images you want to build. Note that the minimum required Python version is 3.9. # Frequently Asked Questions (FAQ) -- Why does `mkosi qemu` with KVM not work on Debian/Ubuntu? +- Why does `mkosi qemu` with KVM not work on Debian/Kali/Ubuntu? While other distributions are OK with allowing access to `/dev/kvm`, on - Debian/Ubuntu this is only allowed for users in the `kvm` group. Because + Debian/Kali/Ubuntu this is only allowed for users in the `kvm` group. Because mkosi unshares a user namespace when running unprivileged, even if the calling user was in the kvm group, when mkosi unshares the user namespace to run unprivileged, it loses access to the `kvm` group and by