kali: A distribution based on Debian: https://www.kali.org/ #2917
Conversation
|
@mtdcr Can you write a little more on why you'd like mkosi to support Kali? In other words, what's your specific use case for this? |
|
I use it to build custom tailored images for penetration testing. Kali contains a huge amount of useful packages that aren't available in Debian or any other supported distribution. Using mkosi makes it easy to share the build instructions with my team and allows them to customize their images easily. |
There was a problem hiding this comment.
This is missing updates to the documentation, the tools tree definitions in mkosi/resources/mkosi-tools, initramfs definitions in mkosi/resources/mkosi-initrd and the default image in mkosi.conf.d. The documentation should be updated to mention Kali where we mention the other distributions. The definitions should be updated to make sure the shared Debian/Ubuntu configs also apply to Kali Linux where applicable.
The end result should be that I can run mkosi -d kali --tools-tree -t disk -f qemu from the mkosi repository and get a root shell in the booted Kali image just like I can do with the other distributions.
|
@mtdcr Please rebase on the git main branch as well and squash your commits |
mtdcr
force-pushed
the
kali
branch
2 times, most recently
from
bb6cc2d
to
26bdda2
Compare
|
|
@DaanDeMeyer do you see any relation between the two failing tests and my patch? |
Is the keyring not available in a package in debian/ubuntu? If not, we should get it uploaded |
Right. I can't reproduce the failure I previously ran into without the key file anymore. Probably something that was only relevant to a prior state of the patch. With your requested changes applied, it looks good to me now. |
|
We're running both Debian and Ubuntu and even thought it seems somewhat wasteful, we should run Kali as well, when we add it, otherwise we will regress, probably sooner rather than later. |
I am not going to investigate Kali specific failures though. I'll fix any breakages introduced by the PR itself, but if Kali starts failing for any other reason not introduced by my PRs, I'll disable the CI again rather than investigating. Maintaining the existing distributions is enough work as it is. So I'm OK with adding Kali specific CI, but if it starts failing for reasons unrelated to changes in mkosi, I won't spend time investigating why. |
It looks like I was fooled by a cache yesterday. Putting the keyring into the tools image is actually required. To avoid putting the key into the repository, I added a mkosi.prepare script to copy it from the user-installed package kali-archive-keyring package on the host. I also added kali-archive-keyring to the list of packages to install (for kali tools images only, due to limited availability; also edited the table as requested). The following tests were perfomed successfully with the current version:
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
@DaanDeMeyer I've pushed a new version again, this time removing mkosi.prepare and setting ToolsTreeDistribution=kali for kali instead. Contrary to the documentation, the default is not the same distribution as the image that's being built, but it gets derived from the host distribution. This is why Debian was used, even though With kali now being the default tools tree distribution for kali images, all requirements should be met, right? Other distributions will become usable for building kali once somebody convinces them to include kali-archive-keyring in their repositories. |
Kali includes many packages suitable for offensive security tasks. It follows a rolling release model and serves fewer architectures than Debian. Building a kali image requires installing kali-archive-keyring: - Source: https://gitlab.com/kalilinux/packages/kali-archive-keyring - Packages: https://pkg.kali.org/pkg/kali-archive-keyring
|
Thank you! |
Kali includes many packages suitable for offensive security tasks. It follows a rolling release model and serves fewer architectures than Debian.