These packages were added at a time when debian-cd didn't resolve
Recommends to the end, so we needed to list it explicitly there. But
it's been fixed now, in debian-cd 3.1.36 (cf. #601203), so we can drop
those lines.
usr-is-merged is included in simple-cdd offline.downloads's since
version 0.6.9. Not sure why I needed to list it in installer-netinst as
well at the time, but after testing, I can confirm it's not needed
anymore.
This reverts commit 7bb52e4991.
I wanted to make sure firmware are included in the installer image, but
I missed it, I modified a config file that is only for live images, it
seems...
Also, note that the previous commit message
Kali purple: install kali-system-gui (instead of core)
Should have been:
Kali purple: include kali-system-gui (instead of core) in the installer
Because this commit is really about having the package available in the
installer, but it doesn't "install it" on the system. Sorry for the
confusion.
The dep chain is kali-system-gui > kali-system-cli > kali-system-core.
kali-system-cli contains wget and curl, which we probably want to have,
and will fix https://gitlab.com/kalilinux/kali-purple/documentation/-/issues/9
I'm not sure about kali-system-gui, but I have the impression that it
was the intention to install it in Kali Purple, but at some point it was
forgotten and we install kali-system-core instead.
The package exploitdb-papers was removed from kali-tools-identify in
src:kali-meta 2023.1.11, so there's no need to exclude it here anymore.
As a consequence, no need for the network during installation anymore.
Even though it's currently empty, we want users to have this component
enabled so that they don't miss on updates when we start to move
packages from non-free to non-free-firmware.
Other things that I tried, but that didn't work, below:
I tried adding the preseed to simple-cdd/profiles/kali-purple.preseed,
however that didn't work, I guess that this preseed file is loaded only
later during installation, and that at this point the GUI was already
loaded and it's too late to set the theme.
I also tried to do this in simple-cdd.conf:
# Theming
if echo " $profiles " | grep -q " kali-purple "; then
export KERNEL_PARAMS="${KERNEL_PARAMS} debian-installer/theme=Clearlooks-Purple "
fi
But it doesn't work, seemingly 'profiles' is not set when simple-cdd
loads the conf, and even though we build with the command:
build-simple-cdd [...] --profiles "$profiles" [...]
Given the fact that uppercase variables are exported, and what we
actually want to change is KERNEL_PARAMS, it seems that the most
straightforward is just to preset it from build.sh.
This profile does the following:
- it enables the elastic apt repo
- it also enables the network during installation
- finally, it makes sure to exclude the very big package
exploitdb-papers, otherwise the iso is too big (~ 6 GB)
I'm a bit surprised that we need to enable the network via a preseed
file. I thought that it would be enough to just make sure that the
installer-purple variant does NOT include the offline profile, but in
practice no, it's not enough.
build.sh:
Note that the installer-purple variant does NOT include the offline
profile, that's on purpose. There's no requirement for this installer to
work offline, and on top of that, we can't include all the packages in
the iso at the moment (the package exploitdb-papers is too big). So we
very much expect to have network, and to download big packages during
the installation.
See next commits for more details.
kali-config/installer-purple/packages:
Unlike other variants, the "base" metapackage is kali-system-core,
which is a very stripped down metapackage with no offensive tools.
(kali-system-core is basically what used to be kali-linux-core, minus
the few offensive tools that were in there).
With this change, we do NOT set profiles based on DISKTYPE anymore.
Instead, we set profiles (and auto_profiles) in build.sh, depending on
the variant.
This change is in preparation for next commit, where we'll introduce a
new installer variant.
Otherwise we get plenty of error messages:
DEBUG build/debian-cd stderr: Use of uninitialized value
$ENV{"NONFREE_COMPONENTS"} in split at
<<DIR>>/simple-cdd/debian-cd/tools/which_deb line 23.
Installation from the weekly installer image fails (2022-W40 and
2022-W41). From syslog:
in-target: The following packages have unmet dependencies:
in-target: king-phisher : Depends: python3-matplotlib (>= 1.4.3) but it is not installable
in-target: Recommends: python3-mpltoolkits.basemap (>= 1.0.7) but it is not installable
From a manual install, using the iso packages set in sources.list:
# apt install king-phisher
[...]
The following packages have unmet dependencies:
python3-fonttools : Depends: python3-unicodedata2 (>= 14.0.0) but it is not installable or
python3-all (>= 3.11.0) but 3.10.6-1 is to be installed
E: Unable to correct problems, you have held broken packages.
Dependency chain is as follow:
king-phisher
+-- python3-matplotlib
+-- python3-fonttools
+-- python3-unicodedata2 (>= 14.0.0) | python3-all (>= 3.11.0)
In the set of packages that are available in the iso, we don't have
python3-unicodedata2 , however we have python3-all , BUT it's at version
3.10.6-1 ... So nothing can satisfy the dependency.
For now, let's manually force python3-unicodedata2 in the iso, as a
workaround.
This reverts commit 8bd6060b07.
Actually --firmware-binary is also affected by the same issue and there
I'd rather not remove the logic to include the firmwares in the
installer. So instead I went for a temporary solution where I excluded
nvidia-graphics-drivers-tesla-470 from Kali entirely.
Ths first line ('... boolean true') is needed to trick debian-cd into
believing that the type of the question is a boolean.
Otherwise debian-cd will think that the question doesn't exist, probably
because it doesn't know the type, probably because there's no type to
start with (this is an error message, not a question).
FTR, without the first line, it fails with:
2022-08-04 10:05:37,846 DEBUG Checking configuration...
error: Cannot find a question for encfs/security-information
2022-08-04 10:05:38,016 ERROR preseed file invalid:
<<LBDIR>>/simple-cdd/profiles/kali.preseed
The function get_user_list returns a list of users on stdout, so
obviously it can't use stdout to also display messages. Use stderr
instead.
Note that we could also silently skip if we find a directory in /home
that is not a user. Does it happen in practice?
The vboxsf group is created by the postinst script of the package
virtualbox-guest-utils. The kali user needs to be part of this group
in order to access VirtualBox's shared folders.
This change does just that. It's effective for all the Live images
(where VirtualBox guest additions are installed unconditionnally),
and for the systems installed by the Installer image where VirtualBox
was detected (and therefore VirtualBox guest additions were installed).
Ref: <https://bugs.kali.org/view.php?id=7643>
Up to now, it was fine to use a command such as:
usermod -a -G group1,group2,... kali
However a limitation is that all the groups that are given to the option
-G must exist. If that's not the case, usermod fails (return code: 6)
without doing anything, and the user is not added to any group.
So with this commit, we prepare the code to support optional groups,
that might or might not exist. If ever a group does not exist, it's
skipped silently.
Changes:
- order groups alphabetically
- use the same comment "Ensure those groups exist" consistently in the 2
scripts, and also drop the comment regarding a "generically named"
function.
- adds "|| true" to the usermod command in kali-user-setup (only for
consistency, the script is not run with "set -e" anyway).
After those changes, the two functions "configure_usergroups()" are very
similar, and it's very easy to spot the differences between both.
This was introduced in 5989ec37de, and
probably that was not the intention.
Adding root to groups doesn't break anything, but I don't think it makes
any sense either.
Arnaud Rebillout
Ben Wilson
Raphaël Hertzog
Daniel Ruiz de Alegría
Raphaël Hertzog
Daniel Ruiz de Alegría