Results 1 to 1 of 1

Thread: HOWTO: Custom Build Kali ISO on Ubuntu

  1. #1
    Join Date
    Mar 2010
    Beans
    16

    Lightbulb HOWTO: Custom Build Kali ISO on Ubuntu

    First off, I will tell you that while the official guide is good, it's aimed more at straight Debian users. Even though Ubuntu is based on Debian, there are some differences that may cause problems.

    That being said, I had significant trouble getting this to work, but in the end, I have a process which I believe should work.

    Getting Started

    First off, I am using Ubuntu 14.04.1 x64 but this process should work on almost any version (or subversion) of Ubuntu and Mint. In order to keep your "main" system clean, I recommend creating a virtual install, so for this guide, I will be using LXC. If you haven't already, install LXC. You can use the Software Centre or Synaptic if you like. Being old school, I prefer using the terminal and everything I do will be in ~$ standard terminal command notation:

    Code:
    ~$ sudo apt-get install -y lxc
    Creating A Container

    Next, you will need to create a container to run it all in. Since Kali's baseline is much closer to Debian than Ubuntu, you will need to build a Debian environment ("Wheezy" at the time of this writing), but with some minor changes. Fortunately, I have a custom template available here if you wish to use it. If not, create a Debian container and add the Kali sources. Important to remember is that only the root user should create containers, so I will make gratuitous use of sudo in this guide. Once inside the container using the password LXC gives you during the container creation stage, however, you will be running as root, SO BE CAREFUL!

    Using the Debian template:
    Code:
    ~$ sudo lxc-create -n kali -t debian
    ~$ sudo lxc-start -n kali
    Once it's done getting set up (it does take a little time, after all), you will need to add the Kali repositories to your container's sources in /etc/apt/sources.list:

    Code:
    deb http://http.kali.org/kali kali main contrib non-free
    deb-src http://http.kali.org/kali kali main contrib non-free
    deb http://security.kali.org/kali-security kali/updates main contrib non-free
    deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
    Then apply the finishing touches:

    Code:
    ~# apt-key adv --keyserver pgpkeys.mit.edu --recv-keys ED444FF07D8D0BF6
    ~# apt-get update
    ~# apt-get install kali-archive-keyring
    If you opt to use my tweaked custom install, it will do all that for you. All you have to do is run it:

    Code:
    ~# sudo lxc-create -n kali -t kali
    ~# sudo lxc-start -n kali
    In both cases, you may wish to add Oracle's Java instead of OpenJDK (see "Trouble In Paradise" at the end):

    Code:
    ~$ su -
    ~# echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
    ~# echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
    ~# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
    ~# apt-get update
    ~# apt-get install oracle-java8-installer
    At this point, you should have a working container with access to the current Debian baseline and the Kali repositories. If not, sudo lxc-destroy -n kali will nuke your old container so you can go back to "Creating a Container" and try again.

    Getting Ready

    Now we need to prepare the Kali ISO build environment:

    Code:
    ~# apt-get install git live-build cdebootstrap kali-archive-keyring
    ~# git clone git://git.kali.org/live-build-config.git
    ~# cd live-build-config
    ~# lb config
    Configuring the Kali ISO Build (Optional)

    Through the config directory, your ISO build supports significant customization options, which are well documented on the Debian live build 3.x page. However, for the impatient, the following configuration files are of particular interest:
    config/package-lists/kali.list.chroot – contains the list of packages to install in the Kali ISO. You can choose specific packages to be installed, while dropping others. This is also where you can change your Kali ISO Desktop Environment (KDE, Gnome, XFCE, LXDE, etc).
    hooks/ – The hooks directory allows us to hook scripts in various stages of the Kali ISO live build. For more information about hooks, refer to the live build manual. As an example, Kali adds its forensic menu this way:

    Code:
    ~# cat config/hooks/forensic-menu.binary
    #!/bin/sh
    
    cat >>binary/isolinux/live.cfg <<END
    
    label live-forensic
    menu label ^Live (forensic mode)
    linux /live/vmlinuz
    initrd /live/initrd.img
    append boot=live noconfig username=root hostname=kali noswap noautomount
    END
    Building the ISO

    Before you generate your ISO, you can specify your required architecture, choosing either amd64 or i386. Also note that lb build requires root rights. If you do not specify an architecture, live build will generate an ISO with the same architecture as the host machine. If you want to build a 64 bit ISO on a 32 bit Kali system, make sure you enable multi-arch support:

    Code:
    ~# dpkg --add-architecture amd64
    ~# apt-get update
    Configure live-build to generate with a 64 bit:

    Code:
    ~# lb config --architecture amd64
    ~# lb build
    ...or 32 bit:

    Code:
    ~# lb config --architecture i386 # for 32 bit
    ~# lb build
    The last command will take a while to complete, as it downloads all of the required packages needed to create your ISO. Good time for a coffee.

    Building Kali Linux for older i386 architecture

    The Kali Linux i386 ISO has PAE enabled. If you require a default kernel for older hardware, like I did, you need to rebuild a Kali Linux ISO. The rebuilding process is much the same as above, other than the 686-pae parameter that needs to be changed to 486 in auto/config:

    Code:
    ~# apt-get install git live-build cdebootstrap kali-archive-keyring
    ~# git clone git://git.kali.org/live-build-config.git
    ~# cd live-build-config
    ~# sed -i 's/686-pae/486/g' auto/config
    ~# lb clean
    ~# lb config --architecture i386
    ~# lb build
    Speeding up future builds

    If you plan to build custom ISOs often, you might want to cache kali packages locally for future builds. I didn't bother, but you might, right? This can easily be done by installing apt-cacher-ng, and configuring the http_proxy environment variable before every build.

    Code:
    ~# apt-get install apt-cacher-ng
    ~# /etc/init.d/apt-cacher-ng start
    ~# export http_proxy=http://localhost:3142/
    ... ### setup and configure your live build
    ~# lb config --apt-http-proxy http://127.0.0.1:3142/
    ~# lb build
    Trouble In Paradise

    The problem I kept running into was packages failing to install or configure properly, getting message like this:

    Code:
    Adding 'diversion of /usr/share/dict/words to /usr/share/dict/words.pre-dictionaries-common by dictionaries-common'
    dpkg: unrecoverable fatal error, aborting:
     failed to fstat previous diversions file: No such file or directory
    E: Sub-process /usr/bin/dpkg returned an error code (2)
    P: Begin unmounting filesystems...
    P: Saving caches...
    E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.
    Not to worry. This error may pop up a few times, but it can be fixed. The problem I had when I set out on this adventure was preventing the error in the first place. Every time it stops with an error, you can fix it like this:

    Code:
    ~# chroot chroot
    (kali) ~# dpkg --configure -a
    (kali) ~# exit
    ... ### Use the same lb config you used the first time: lb config --architecture i386 or lb config --architecture amd64 or just lb config ###
    ~# lb build
    LiveBuild uses a chroot inside the container so I've used (kali) to show being "inside" the chroot. On my system, dpkg kept spitting out errors, so I had to keep repeating this "trouble in paradise" section until I finally got a clean build. But now it works!

    On one test system, I kept running into dependency problems with OpenJDK, so I replaced it with Oracle's Java. Should dpkg fail inside the chroot, you may wish to just directly edit the chroot's sources, and there's two ways to do that. The first way involves using your favourite text editor (gedit, kate, leafpad, mousepad) as root, and editing the sources directly (it's located at /var/lib/lxc/kali/rootfs/root/live-build-config/chroot/etc/apt/sources.list, assuming you called your live build "kali"), or you can follow the directions below to install the command-line editor VIM.

    Code:
    ~# chroot chroot
    (kali) ~# dpkg --configure -a    ### first allow dpkg to resume and fix the initial error
    (kali) ~# apt-get install -y vim    ### the chroot doesn't have a text editor installed by default so we need to install one, unless you edited from the host
    (kali) ~# apt-get remove --purge openjdk*  ### clean out OpenJDK
    (kali) ~# vim /etc/apt/sources.list   ### edit /etc/apt/sources.list unless you already edited from the host
     ### Use the sources.list below
    (kali) ~# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886   ### add the webupd8 java PPA key
    (kali) ~# apt-get update   ### update APT so it can see and use the Java PPA
    (kali) ~# apt-get install -y oracle-java8-installer   ### install Java
    (kali) ~# exit
    ~# lb build
    This should get you over any hurdles:

    Code:
    ###### sources.list ######:
    
    ## Kali's Repositories
    deb http://archive.kali.org/kali kali main contrib non-free
    deb-src http://archive.kali.org/kali kali main contrib non-free
    deb http://archive.kali.org/kali-security kali/updates main contrib non-free
    deb-src http://archive.kali.org/kali-security kali/updates main contrib non-free
    
    ## Debian Security updates
    deb http://security.debian.org/ wheezy/updates main contrib non-free
    deb-src http://security.debian.org/ wheezy/updates main contrib
    
    ## Debian Regular updates
    deb http://ftp.debian.org/debian/ wheezy main contrib non-free
    deb-src http://ftp.debian.org/debian/ wheezy main contrib
    
    ## Debian Proposed Updates
    deb http://ftp.debian.org/debian/ wheezy-proposed-updates main contrib non-free
    deb-src http://ftp.debian.org/debian/ wheezy-proposed-updates main contrib
    
    ## Oracle Java Repository from Webupd8
    deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main
    deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main
    And that's it! Good luck!
    Last edited by sdgiffin; March 5th, 2015 at 03:25 AM. Reason: Added clarification about Java, chroot sources.list, solutions for possible errors

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •