-
Notifications
You must be signed in to change notification settings - Fork 315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kali: A distribution based on Debian: https://www.kali.org/ #2917
Conversation
@mtdcr Can you write a little more on why you'd like mkosi to support Kali? In other words, what's your specific use case for this? |
I use it to build custom tailored images for penetration testing. Kali contains a huge amount of useful packages that aren't available in Debian or any other supported distribution. Using mkosi makes it easy to share the build instructions with my team and allows them to customize their images easily. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is missing updates to the documentation, the tools tree definitions in mkosi/resources/mkosi-tools
, initramfs definitions in mkosi/resources/mkosi-initrd
and the default image in mkosi.conf.d
. The documentation should be updated to mention Kali where we mention the other distributions. The definitions should be updated to make sure the shared Debian/Ubuntu configs also apply to Kali Linux where applicable.
The end result should be that I can run mkosi -d kali --tools-tree -t disk -f qemu
from the mkosi repository and get a root shell in the booted Kali image just like I can do with the other distributions.
@mtdcr Please rebase on the git main branch as well and squash your commits |
bb6cc2d
to
26bdda2
Compare
|
@DaanDeMeyer do you see any relation between the two failing tests and my patch? |
Is the keyring not available in a package in debian/ubuntu? If not, we should get it uploaded |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah we're not adding the kali archive keyring to the mkosi repository. Please install the relevant package instead.
Right. I can't reproduce the failure I previously ran into without the key file anymore. Probably something that was only relevant to a prior state of the patch. With your requested changes applied, it looks good to me now. |
We're running both Debian and Ubuntu and even thought it seems somewhat wasteful, we should run Kali as well, when we add it, otherwise we will regress, probably sooner rather than later. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kali-archive-keyring
should be installed in the default Kali tools tree and this should be reflected in the tools tree installed packages documentation
I am not going to investigate Kali specific failures though. I'll fix any breakages introduced by the PR itself, but if Kali starts failing for any other reason not introduced by my PRs, I'll disable the CI again rather than investigating. Maintaining the existing distributions is enough work as it is. So I'm OK with adding Kali specific CI, but if it starts failing for reasons unrelated to changes in mkosi, I won't spend time investigating why. |
It looks like I was fooled by a cache yesterday. Putting the keyring into the tools image is actually required. To avoid putting the key into the repository, I added a mkosi.prepare script to copy it from the user-installed package kali-archive-keyring package on the host. I also added kali-archive-keyring to the list of packages to install (for kali tools images only, due to limited availability; also edited the table as requested). The following tests were perfomed successfully with the current version:
|
@DaanDeMeyer I've pushed a new version again, this time removing mkosi.prepare and setting ToolsTreeDistribution=kali for kali instead. Contrary to the documentation, the default is not the same distribution as the image that's being built, but it gets derived from the host distribution. This is why Debian was used, even though With kali now being the default tools tree distribution for kali images, all requirements should be met, right? Other distributions will become usable for building kali once somebody convinces them to include kali-archive-keyring in their repositories. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One more small change and then it LGTM
Kali includes many packages suitable for offensive security tasks. It follows a rolling release model and serves fewer architectures than Debian. Building a kali image requires installing kali-archive-keyring: - Source: https://gitlab.com/kalilinux/packages/kali-archive-keyring - Packages: https://pkg.kali.org/pkg/kali-archive-keyring
Thank you! |
Kali includes many packages suitable for offensive security tasks. It follows a rolling release model and serves fewer architectures than Debian.