From 51e3fbe99feef538f07b9eaf60aaf784af06ed4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <raphael@offensive-security.com>
Date: Thu, 9 Jan 2020 15:48:43 +0100
Subject: [PATCH] Add --installer option to build images with simple-cdd

---
 .gitignore                                    |   2 +
 build.sh                                      | 171 +++++++++++++-----
 .../package-lists/kali.list.chroot            |   4 +
 simple-cdd/disc-end-hook                      |  51 ++++++
 simple-cdd/profiles/default.downloads         |   1 +
 simple-cdd/profiles/default.excludes          |   1 +
 simple-cdd/profiles/default.packages          |   1 +
 simple-cdd/profiles/default.preseed           |   1 +
 simple-cdd/profiles/default.udebs             |   2 +
 simple-cdd/simple-cdd.conf                    | 101 +++++++++++
 10 files changed, 293 insertions(+), 42 deletions(-)
 create mode 100644 kali-config/variant-netinst/package-lists/kali.list.chroot
 create mode 100755 simple-cdd/disc-end-hook
 create mode 120000 simple-cdd/profiles/default.downloads
 create mode 120000 simple-cdd/profiles/default.excludes
 create mode 100644 simple-cdd/profiles/default.packages
 create mode 120000 simple-cdd/profiles/default.preseed
 create mode 100644 simple-cdd/profiles/default.udebs
 create mode 100644 simple-cdd/simple-cdd.conf

diff --git a/.gitignore b/.gitignore
index bbe7ed3..05652b8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,5 @@ config/binary
 config/bootstrap
 config/common
 config/source
+simple-cdd/profiles/kali.downloads
+simple-cdd/tmp
diff --git a/build.sh b/build.sh
index e62526c..777a802 100755
--- a/build.sh
+++ b/build.sh
@@ -6,6 +6,7 @@ set -o pipefail  # Bashism
 KALI_DIST="kali-rolling"
 KALI_VERSION=""
 KALI_VARIANT="default"
+IMAGE_TYPE="live"
 TARGET_DIR="$(dirname $0)/images"
 TARGET_SUBDIR=""
 SUDO="sudo"
@@ -13,17 +14,34 @@ VERBOSE=""
 HOST_ARCH=$(dpkg --print-architecture)
 
 image_name() {
-	local arch=$1
+	case "$IMAGE_TYPE" in
+		live)
+			live_image_name
+		;;
+		installer)
+			installer_image_name
+		;;
+	esac
+}
+
 
-	case "$arch" in
+live_image_name() {
+	case "$KALI_ARCH" in
 		i386|amd64)
-			IMAGE_TEMPLATE="live-image-ARCH.hybrid.iso"
+			echo "live-image-$KALI_ARCH.hybrid.iso"
 		;;
 		armel|armhf)
-			IMAGE_TEMPLATE="live-image-ARCH.img"
+			echo "live-image-$KALI_ARCH.img"
 		;;
 	esac
-	echo $IMAGE_TEMPLATE | sed -e "s/ARCH/$arch/"
+}
+
+installer_image_name() {
+	if [ "$KALI_VARIANT" = "default" ]; then
+		echo "simple-cdd/images/kali-$KALI_VERSION-$KALI_ARCH-DVD-1.iso"
+	else
+		echo "simple-cdd/images/kali-$KALI_VERSION-$KALI_ARCH-NETINST-1.iso"
+	fi
 }
 
 target_image_name() {
@@ -34,10 +52,18 @@ target_image_name() {
 	if [ "$IMAGE_EXT" = "$IMAGE_NAME" ]; then
 		IMAGE_EXT="img"
 	fi
-	if [ "$KALI_VARIANT" = "default" ]; then
-		echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-$KALI_ARCH.$IMAGE_EXT"
+	if [ "$IMAGE_TYPE" = "live" ]; then
+		if [ "$KALI_VARIANT" = "default" ]; then
+			echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-$KALI_ARCH.$IMAGE_EXT"
+		else
+			echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-$KALI_VARIANT-$KALI_ARCH.$IMAGE_EXT"
+		fi
 	else
-		echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-$KALI_VARIANT-$KALI_ARCH.$IMAGE_EXT"
+		if [ "$KALI_VARIANT" = "default" ]; then
+			echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-installer-$KALI_ARCH.$IMAGE_EXT"
+		else
+			echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-installer-$KALI_VARIANT-$KALI_ARCH.$IMAGE_EXT"
+		fi
 	fi
 }
 
@@ -58,18 +84,15 @@ default_version() {
 }
 
 failure() {
-	# Cleanup update-kali-menu that might stay around so that the
-	# build chroot can be properly unmounted
-	$SUDO pkill -f update-kali-menu || true
-	echo "Build of $KALI_DIST/$KALI_VARIANT/$KALI_ARCH live image failed (see build.log for details)" >&2
+	echo "Build of $KALI_DIST/$KALI_VARIANT/$KALI_ARCH $IMAGE_TYPE image failed (see build.log for details)" >&2
 	exit 2
 }
 
 run_and_log() {
 	if [ -n "$VERBOSE" ]; then
-		"$@" 2>&1 | tee -a build.log
+		"$@" 2>&1 | tee -a $BUILD_LOG
 	else
-		"$@" >>build.log 2>&1
+		"$@" >>$BUILD_LOG 2>&1
 	fi
 	return $?
 }
@@ -77,7 +100,7 @@ run_and_log() {
 . $(dirname $0)/.getopt.sh
 
 # Parsing command line options
-temp=$(getopt -o "$BUILD_OPTS_SHORT" -l "$BUILD_OPTS_LONG,get-image-path" -- "$@")
+temp=$(getopt -o "$BUILD_OPTS_SHORT" -l "$BUILD_OPTS_LONG,get-image-path,installer,no-clean" -- "$@")
 eval set -- "$temp"
 while true; do
 	case "$1" in
@@ -86,10 +109,12 @@ while true; do
 		-a|--arch) KALI_ARCH="$2"; shift 2; ;;
 		-v|--verbose) VERBOSE="1"; shift 1; ;;
 		-s|--salt) shift; ;;
+		--installer) IMAGE_TYPE="installer"; shift 1 ;;
 		--variant) KALI_VARIANT="$2"; shift 2; ;;
 		--version) KALI_VERSION="$2"; shift 2; ;;
 		--subdir) TARGET_SUBDIR="$2"; shift 2; ;;
 		--get-image-path) ACTION="get-image-path"; shift 1; ;;
+		--no-clean) NO_CLEAN="1"; shift 1 ;;
 		--) shift; break; ;;
 		*) echo "ERROR: Invalid command-line option: $1" >&2; exit 1; ;;
         esac
@@ -118,6 +143,7 @@ fi
 
 # Build parameters for lb config
 KALI_CONFIG_OPTS="--distribution $KALI_DIST -- --variant $KALI_VARIANT"
+CODENAME=$KALI_DIST  # for simple-cdd/debian-cd
 if [ -n "$OPT_pu" ]; then
 	KALI_CONFIG_OPTS="$KALI_CONFIG_OPTS --proposed-updates"
 	KALI_DIST="$KALI_DIST+pu"
@@ -126,24 +152,33 @@ fi
 # Set sane PATH (cron seems to lack /sbin/ dirs)
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-# Either we use a git checkout of live-build
-# export LIVE_BUILD=/srv/cdimage.kali.org/live/live-build
-
-# Or we ensure we have proper version installed
-ver_live_build=$(dpkg-query -f '${Version}' -W live-build)
-if dpkg --compare-versions "$ver_live_build" lt 1:20151215kali1; then
-	echo "ERROR: You need live-build (>= 1:20151215kali1), you have $ver_live_build" >&2
-	exit 1
-fi
+case "$IMAGE_TYPE" in
+	live)
+		ver_live_build=$(dpkg-query -f '${Version}' -W live-build)
+		if dpkg --compare-versions "$ver_live_build" lt 1:20151215kali1; then
+			echo "ERROR: You need live-build (>= 1:20151215kali1), you have $ver_live_build" >&2
+			exit 1
+		fi
+		ver_debootstrap=$(dpkg-query -f '${Version}' -W debootstrap)
+		if dpkg --compare-versions "$ver_debootstrap" lt "1.0.97"; then
+			echo "ERROR: You need debootstrap (>= 1.0.97), you have $ver_debootstrap" >&2
+			exit 1
+		fi
+	;;
+	installer)
+		ver_debian_cd=$(dpkg-query -f '${Version}' -W debian-cd)
+		if dpkg --compare-versions "$ver_debian_cd" lt 3.1.28~kali1; then
+			echo "ERROR: You need debian-cd (>= 3.1.28~kali1), you have $ver_debian_cd" >&2
+			exit 1
+		fi
+		ver_simple_cdd=$(dpkg-query -f '${Version}' -W simple-cdd)
+		if dpkg --compare-versions "$ver_simple_cdd" lt 0.6.8~kali1; then
+			echo "ERROR: You need simple-cdd (>= 0.6.8~kali1), you have $ver_simple_cdd" >&2
+			exit 1
+		fi
 
-# Check we have a good debootstrap
-ver_debootstrap=$(dpkg-query -f '${Version}' -W debootstrap)
-if dpkg --compare-versions "$ver_debootstrap" lt "1.0.97"; then
-	if ! echo "$ver_debootstrap" | grep -q kali; then
-		echo "ERROR: You need debootstrap >= 1.0.97 (or a Kali patched debootstrap). Your current version: $ver_debootstrap" >&2
-		exit 1
-	fi
-fi
+	;;
+esac
 
 # We need root rights at some point
 if [ "$(whoami)" != "root" ]; then
@@ -165,15 +200,67 @@ mkdir -p $TARGET_DIR/$TARGET_SUBDIR
 
 IMAGE_NAME="$(image_name $KALI_ARCH)"
 set +e
-: > build.log
-run_and_log $SUDO lb clean --purge
-[ $? -eq 0 ] || failure
-run_and_log lb config -a $KALI_ARCH $KALI_CONFIG_OPTS "$@"
-[ $? -eq 0 ] || failure
-run_and_log $SUDO lb build
-if [ $? -ne 0 ] || [ ! -e $IMAGE_NAME ]; then
-	failure
-fi
+BUILD_LOG=$(pwd)/build.log
+: > $BUILD_LOG
+
+case "$IMAGE_TYPE" in
+	live)
+		if [ "$NO_CLEAN" = "" ]; then
+			run_and_log $SUDO lb clean --purge
+		fi
+		[ $? -eq 0 ] || failure
+		run_and_log lb config -a $KALI_ARCH $KALI_CONFIG_OPTS "$@"
+		[ $? -eq 0 ] || failure
+		run_and_log $SUDO lb build
+		if [ $? -ne 0 ] || [ ! -e $IMAGE_NAME ]; then
+			failure
+		fi
+	;;
+	installer)
+		if [ "$NO_CLEAN" = "" ]; then
+			run_and_log $SUDO rm -rf simple-cdd/tmp
+		fi
+
+		# Override some debian-cd environment variables
+		export ARCHES=$KALI_ARCH
+		export ARCH=$KALI_ARCH
+		export DEBVERSION=$KALI_VERSION
+
+		if [ "$KALI_VARIANT" = "netinst" ]; then
+		    export DISKTYPE="NETINST"
+		else
+		    export DISKTYPE="DVD"
+		fi
+		if [ -e .mirror ]; then
+		    kali_mirror=$(cat .mirror)
+		else
+		    kali_mirror=http://archive.kali.org/kali/
+		fi
+		if ! echo "$kali_mirror" | grep -q '/$'; then
+		    kali_mirror="$kali_mirror/"
+		fi
+
+		# Configure the kali profile with the packages we want
+		grep -v '^#' kali-config/variant-$KALI_VARIANT/package-lists/kali.list.chroot \
+		    >simple-cdd/profiles/kali.downloads
+
+		# Run simple-cdd
+		cd simple-cdd
+		run_and_log build-simple-cdd \
+		    --verbose \
+		    --debug \
+		    --force-root \
+		    --conf simple-cdd.conf \
+		    --dist $CODENAME \
+		    --debian-mirror $kali_mirror
+		res=$?
+		cd ..
+		if [ $res -ne 0 ] || [ ! -e $IMAGE_NAME ]; then
+			failure
+		fi
+	;;
+esac
+
 set -e
 mv -f $IMAGE_NAME $TARGET_DIR/$(target_image_name $KALI_ARCH)
-mv -f build.log $TARGET_DIR/$(target_build_log $KALI_ARCH)
+mv -f $BUILD_LOG $TARGET_DIR/$(target_build_log $KALI_ARCH)
diff --git a/kali-config/variant-netinst/package-lists/kali.list.chroot b/kali-config/variant-netinst/package-lists/kali.list.chroot
new file mode 100644
index 0000000..5dba29c
--- /dev/null
+++ b/kali-config/variant-netinst/package-lists/kali.list.chroot
@@ -0,0 +1,4 @@
+# Empty list because netinst has no embedded packages
+#
+# This variant is not meant to be used with live-build but only with
+# simple-cdd and thus ./build.sh --installer --variant netinst
diff --git a/simple-cdd/disc-end-hook b/simple-cdd/disc-end-hook
new file mode 100755
index 0000000..bfe2baa
--- /dev/null
+++ b/simple-cdd/disc-end-hook
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+TDIR=$1
+MIRROR=$2
+DISKNUM=$3
+CDDIR=$4
+ARCHES=$5
+
+cd $CDDIR
+
+# Rebrand Debian into Kali
+sed -i -e 's|Debian GNU/Linux|Kali Linux|g' \
+    -e 's|Kali GNU/Linux|Kali Linux|g' \
+    -e 's|Debian kali-rolling|Kali Rolling|g' \
+    -e 's|Debian|Kali|g' \
+    -e 's|DEBIAN|KALI|g' \
+    ../boot$DISKNUM/isolinux/menu.cfg \
+    ../boot$DISKNUM/isolinux/*.txt \
+    boot/grub/theme/* \
+    autorun.inf
+
+# Replace Debian specific documentation
+rm -rf css
+cat >README.txt <<EOF
+This disc contains an installer for Kali Linux.
+
+Read more at: https://www.kali.org
+EOF
+cat >README.html <<EOF
+<html>
+<head><title>Kali Linux Installer Disc</title></head>
+<body>
+This disc contains an installer for Kali Linux.
+
+Read more at: <a href="https://www.kali.org">www.kali.org</a>
+</body>
+</html>
+EOF
+
+# Replace kali-last-snapshot with kali-rolling
+if [ -e dists/kali-last-snapshot ]; then
+    mv dists/kali-last-snapshot dists/kali-rolling
+    rm -f dists/stable && ln -sf kali-rolling dists/stable
+    sed -i -e 's|kali-last-snapshot|kali-rolling|g' \
+	dists/kali-rolling/Release
+fi
+
+# Redo the md5sum.txt due to our changes
+find . -type f | grep -v ./md5sum.txt | xargs md5sum | sort -uk2 > md5sum.txt
diff --git a/simple-cdd/profiles/default.downloads b/simple-cdd/profiles/default.downloads
new file mode 120000
index 0000000..024fb11
--- /dev/null
+++ b/simple-cdd/profiles/default.downloads
@@ -0,0 +1 @@
+/usr/share/simple-cdd/profiles/default.downloads
\ No newline at end of file
diff --git a/simple-cdd/profiles/default.excludes b/simple-cdd/profiles/default.excludes
new file mode 120000
index 0000000..0b5629f
--- /dev/null
+++ b/simple-cdd/profiles/default.excludes
@@ -0,0 +1 @@
+/usr/share/simple-cdd/profiles/default.excludes
\ No newline at end of file
diff --git a/simple-cdd/profiles/default.packages b/simple-cdd/profiles/default.packages
new file mode 100644
index 0000000..8bc8527
--- /dev/null
+++ b/simple-cdd/profiles/default.packages
@@ -0,0 +1 @@
+# Disable default packages from simple-cdd
diff --git a/simple-cdd/profiles/default.preseed b/simple-cdd/profiles/default.preseed
new file mode 120000
index 0000000..26deeec
--- /dev/null
+++ b/simple-cdd/profiles/default.preseed
@@ -0,0 +1 @@
+../../kali-config/common/includes.installer/preseed.cfg
\ No newline at end of file
diff --git a/simple-cdd/profiles/default.udebs b/simple-cdd/profiles/default.udebs
new file mode 100644
index 0000000..a437f75
--- /dev/null
+++ b/simple-cdd/profiles/default.udebs
@@ -0,0 +1,2 @@
+# Disable default udebs from simple-cdd
+# We don't want simple-cdd-profiles, we want to use tasksel
diff --git a/simple-cdd/simple-cdd.conf b/simple-cdd/simple-cdd.conf
new file mode 100644
index 0000000..d307db4
--- /dev/null
+++ b/simple-cdd/simple-cdd.conf
@@ -0,0 +1,101 @@
+# simple-cdd.conf detailed configuration file
+
+# Note: this is an example list of configuration options: it is *strongly*
+# advised to merely create a new file using only the options you actually need.
+
+# Note: Variables in lowercase are only used by simple-cdd.
+
+# Profile Selection
+#
+# The following four files get included on the CD if present:
+# $profile.preseed  
+#   Debconf selections.
+# $profile.packages  
+#   Packages to be installed with the profile. Dependencies also will 
+#   be installed.
+# $profile.downloads  
+#   Additional packages to be included on the CD with this profile, but 
+#   not installed by default.
+# $profile.postinst  
+#   Post-install script that is run after installing packages.
+#
+# During the install after base system setup, it will give you the 
+# options to determine which profiles you want to install.
+
+
+# Profiles to include on the CD
+#profiles=""
+#profiles="x-basic ltsp"
+
+# To automatically select profiles (must also be listed in profiles):
+# auto_profiles="foo bar baz"
+
+# To include profiles which only effect the CD build
+build_profiles="kali"
+
+# Mirror tools
+mirror_tools="reprepro download"
+mirror_files=""  # Don't try to download README doc/ tools/
+require_optional_packages="true"
+ignore_missing_checksums="true"
+
+# Mirror variables
+server="http.kali.org"
+debian_mirror=${debian_mirror:-http://archive.kali.org/kali/}
+keyring="/usr/share/keyrings/kali-archive-keyring.gpg"
+
+# which components to get from the mirror
+mirror_components="main contrib non-free"
+
+# Disable *-security and *-updates repositories
+security_mirror=""
+updates_mirror=""
+
+# Random other variables
+export default_desktop="xfce"
+export DISKINFO_DISTRO="Kali"
+export DEBVERSION=${DEBVERSION:-rolling}
+export OFFICIAL="Official"
+export VOLID_BASE="Kali Linux"
+export CDNAME="kali"
+
+export OMIT_MANUAL=1
+export OMIT_RELEASE_NOTES=1
+export OMIT_DOC_TOOLS=1
+export DOJIGDO=0
+export NORECOMMENDS=0
+export NONFREE=1
+export CONTRIB=1
+export FORCE_FIRMWARE=1
+export ARCHIVE_KEYRING_PACKAGE=kali-archive-keyring
+export DESKTOP=xfce
+export DISKTYPE=${DISKTYPE:-DVD}
+
+# Configure a hook to apply our customization via debian-cd
+export DISC_END_HOOK=$(pwd)/disc-end-hook
+
+# Extra files to include onto the CD
+#   These will get copied to /simple-cdd dir on the CD
+#   Paths starting with '/' are interpreted as absolute, otherwise relative
+#   to the currect directory.
+#all_extras=""
+
+# Generate a simple package repository on the CD with the debs cited
+#   Please insert full paths.
+#local_packages="/path/to/dir/with/deb/packages"
+
+# Call mirror tools at each build- defaults to true.
+#do_mirror="false"
+
+# Set your proxy (if any). 
+#export http_proxy=http://localhost:3128
+
+# Location of debian-cd files
+#debian_cd_dir=/path/to/debian-cd
+
+# Set target architecture for build
+#export ARCH=amd64
+#export ARCHES="amd64 i386"
+
+# Define the CD label
+export DISKINFO="Kali Installer: Kali Linux $DEBVERSION $(date +%Y-%m-%d)"