From 10dd52e63953dc7cd9cd10bde2d405b2ff123901 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <raphael@offensive-security.com>
Date: Thu, 9 Jan 2020 15:48:43 +0100
Subject: [PATCH] Add --installer option to build images with debian-cd
---
CONF.sh | 472 ++++++++++++++++++
build.sh | 145 ++++--
.../package-lists/kali.list.chroot | 4 +
3 files changed, 591 insertions(+), 30 deletions(-)
create mode 100644 CONF.sh
create mode 100644 kali-config/variant-netinst/package-lists/kali.list.chroot
diff --git a/CONF.sh b/CONF.sh
new file mode 100644
index 0000000..a3529f8
--- /dev/null
+++ b/CONF.sh
@@ -0,0 +1,472 @@
+#
+# This file will have to be sourced where needed
+
+# To prevent sourcing this file twice when using scripts to build CD images,
+# use the following code at the top of your script:
+# CF=CONF.sh
+# . $CF
+# export DEBIAN_CD_CONF_SOURCED=true
+
+# Allow to prevent double sourcing of this file
+if [ "$DEBIAN_CD_CONF_SOURCED" = true ]; then
+ return 0
+fi
+
+# Unset all optional variables first to start from a clean state
+unset NONFREE || true
+unset CONTRIB || true
+unset EXTRANONFREE || true
+unset LOCAL || true
+unset LOCALDEBS || true
+unset SECURITY || true
+unset PROPOSED_UPDATES || true
+unset UNRELEASED || true
+unset BOOTDIR || true
+unset SYMLINK || true
+unset COPYLINK || true
+unset MKISOFS || true
+unset MKISOFS_OPTS || true
+unset ISOLINUX || true
+unset EXCLUDE || true
+unset NORECOMMENDS || true
+unset NOSUGGESTS || true
+unset IMAGESUMS || true
+unset JIGDOTEMPLATEURL || true
+unset JIGDOFALLBACKURLS || true
+unset JIGDOINCLUDEURLS || true
+unset JIGDOSCRIPT || true
+unset JIGDO_OPTS || true
+unset PUBLISH_URL || true
+unset PUBLISH_PATH || true
+unset UDEB_INCLUDE || true
+unset UDEB_EXCLUDE || true
+unset BASE_INCLUDE || true
+unset BASE_EXCLUDE || true
+unset INSTALLER_CD || true
+unset MAXCDS || true
+unset MAXISOS || true
+unset MAXJIGDOS || true
+unset SPLASHPNG || true
+unset OMIT_MANUAL || true
+unset OMIT_RELEASE_NOTES || true
+unset OMIT_DOC_TOOLS || true
+unset MAX_PKG_SIZE || true
+unset DEBOOTSTRAP_OPTS || true
+unset ARCHIVE_KEYRING_PACKAGE || true
+unset ARCHIVE_KEYRING_FILE || true
+
+# The debian-cd dir
+# Where I am (hoping I'm in the debian-cd dir)
+export BASEDIR=/usr/share/debian-cd
+
+# Name of the distribution for the image filename (Defaults to 'debian')
+export CDNAME=kali
+
+# Building $codename cd set ...
+# export CODENAME=buster # set by build.sh
+
+# By default use Debian installer packages from $CODENAME
+if [ -z "$DI_CODENAME" ]; then
+ export DI_CODENAME=$CODENAME
+fi
+# If you want backported d-i (e.g. by setting
+# DI_CODENAME=jessie-backports, then you'll almost definitely also
+# want to enable BACKPORTS below as well
+
+# Should we include some packages from backports? If so, point at a
+# file containing a list of binary packages to include here. Packages
+# contained in that list will be chosen by preference from
+# ${CODENAME}-backports rather than just ${CODENAME}, along with
+# dependencies if they're needed as well
+#export BACKPORTS=backports-list
+
+# If set, controls where the d-i components are downloaded from.
+# This may be an url, or "default", which will make it use the default url
+# for the daily d-i builds. If not set, uses the official d-i images from
+# the Debian mirror.
+#export DI_WWW_HOME=default
+
+# Version number, "2.2 r0", "2.2 r1" etc.
+# export DEBVERSION="10.0.0" # set by build.sh
+
+# Official or non-official set.
+# NOTE: THE "OFFICIAL" DESIGNATION IS ONLY ALLOWED FOR IMAGES AVAILABLE
+# ON THE OFFICIAL DEBIAN CD WEBSITE https://cdimage.debian.org
+#export OFFICIAL="Unofficial"
+export OFFICIAL="Official"
+#export OFFICIAL="Official Beta"
+
+# ... for arch
+if [ -z "$ARCHES" ]; then
+ CPU=`dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null || true`
+ if [ -z "$CPU" ]; then
+ CPU=`dpkg-architecture -qDEB_HOST_ARCH`
+ fi
+ KERNEL=`dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null || true`
+ if [ -z "$KERNEL" ]; then
+ KERNEL=linux
+ fi
+ if [ $KERNEL = linux ] ; then
+ ARCHES=$CPU
+ else
+ ARCHES="$KERNEL-$CPU"
+ fi
+ export ARCHES
+fi
+
+# IMPORTANT : The 4 following paths must be on the same partition/device.
+# If they aren't then you must set COPYLINK below to 1. This
+# takes a lot of extra room to create the sandbox for the ISO
+# images, however. Also, if you are using an NFS partition for
+# some part of this, you must use this option.
+# Paths to the mirrors
+
+# XXX: All set by build.sh
+
+# Do I want to have NONFREE merged in the CD set
+export NONFREE=1
+
+# Do I want to have CONTRIB merged in the CD set
+export CONTRIB=1
+
+# Do I want to have NONFREE on a separate CD (the last CD of the CD set)
+# WARNING: Don't use NONFREE and EXTRANONFREE at the same time !
+# export EXTRANONFREE=1
+
+# Do I want to force (potentially non-free) firmware packages to be
+# placed on disc 1? Will make installation much easier if systems
+# contain hardware that depends on this firmware
+export FORCE_FIRMWARE=1
+
+# If you have a $MIRROR/dists/$CODENAME/local/binary-$ARCH dir with
+# local packages that you want to put on the CD set then
+# uncomment the following line
+# export LOCAL=1
+
+# If your local packages are not under $MIRROR, but somewhere else,
+# you can uncomment this line and edit to to point to a directory
+# containing dists/$CODENAME/local/binary-$ARCH
+# export LOCALDEBS=/home/joey/debian/va/debian
+
+# Where to find the security patches. This directory should be the
+# top directory of a security.debian.org mirror.
+#export SECURITY="$TOPDIR"/debian/debian-security
+
+# Include proposed updates
+# Note that on the CDs it will not be visible where packages came from:
+# from the released archive or from proposed updates archive.
+# NOTE: intended to be used for pre-release testing, not for publication!
+#export PROPOSED_UPDATES=$CODENAME-proposed-updates
+
+# Include packages from Debian Ports unreleased
+#export UNRELEASED=1
+
+# Sparc only : bootdir (location of cd.b and second.b)
+# export BOOTDIR=/boot
+
+# Symlink farmers should uncomment this line :
+# export SYMLINK=1
+
+# Use this to force copying the files instead of symlinking or hardlinking
+# them. This is useful if your destination directories are on a different
+# partition than your source files.
+# export COPYLINK=1
+
+# Options
+# export MKISOFS=mkisofs
+# export MKISOFS_OPTS="-r" #For normal users
+# export MKISOFS_OPTS="-r -F ." #For symlink farmers
+
+# Override for i386 and amd64 to use xorriso instead of
+# mkisofs/genisoimage. Allows creation of isohybrid images: ISO images
+# that will burn correctly onto a CD and also can be written raw to a
+# USB stick. xorriso 0.6.5 and later has working support for this.
+#export i386_MKISOFS="xorriso"
+#export i386_MKISOFS_OPTS="-as mkisofs -r -checksum_algorithm_iso sha256,sha512"
+#export amd64_MKISOFS="xorriso"
+#export amd64_MKISOFS_OPTS="-as mkisofs -r -checksum_algorithm_iso sha256,sha512"
+
+# Keyring (defaults):
+ARCHIVE_KEYRING_PACKAGE=kali-archive-keyring
+# The path to the keyring file relative to $TDIR/archive-keyring/
+ARCHIVE_KEYRING_FILE=usr/share/keyrings/kali-archive-keyring.gpg
+
+# By default we use debootstrap --no-check-gpg to find out the minimal set
+# of packages because there's no reason to not trust the local mirror. But
+# you can be paranoid and then you need to indicate the keyring to use to
+# validate the mirror.
+#export DEBOOTSTRAP_OPTS="--keyring $TDIR/archive-keyring/$ARCHIVE_KEYRING_FILE"
+
+# ISOLinux support for multiboot on CD1 for i386
+export ISOLINUX=1
+
+# uncomment this to if you want to see more of what the Makefile is doing
+#export VERBOSE_MAKE=1
+
+# The maximum size allowed for an individual package, in bytes; if
+# larger than this, it will be excluded (and all dependents, of
+# course). We'll create a README.excluded in the root of CD1 listing
+# them too
+export MAX_PKG_SIZE=600000000
+
+# Should build_all.sh try to build a simple CD image if the proper official
+# CD run does not work?
+ATTEMPT_FALLBACK=yes
+
+# Set your disk type here. Known types are:
+# BC (businesscard): 650 MiB max (should be limited elsewhere,
+# should never fill a CD anyway)
+# NETINST: 650 MiB max (ditto)
+# CD: standard 74-min CD (650 MiB)
+# CD700: (semi-)standard 80-min CD (700 MiB)
+# DVD: standard 4.7 GB DVD
+# DLDVD: standard 8.5 GB dual-layer DVD
+# BD: standard 25 GB blu-ray
+# DLBD: standard 50 GB dual-layer blu-ray
+# STICK<X>GB: <X>GB USB stick or similar
+# CUSTOM: up to you - specify a size to go with it (in 2K blocks)
+#export DISKTYPE=CD
+#export DISKTYPE=CUSTOM
+#export CUSTOMSIZE=XXXX
+# If you want to over-ride this choice (e.g. to make a larger version of a given disk),
+# you can do the following:
+# export FORCE_CD_SIZE=<type> to change all the sizes in a given run
+# export FORCE_CD_SIZE1=<type> to change the size of disk 1 (only)
+
+# Extra variants to enable. See docs/README.variants for more information.
+export VARIANTS=
+
+# We don't want certain packages to take up space on CD1...
+#export EXCLUDE1=exclude
+# ...but they are okay for other CDs (UNEXCLUDEx == may be included
+# on CD x if not already covered)
+#export UNEXCLUDE2=unexclude-CD2
+# Any packages listed in EXCLUDEx but not in any UNEXCLUDE will be
+# excluded completely. The same goes for packages listed in EXCLUDE.
+
+# Set this if the recommended packages should be skipped when adding
+# package on the CD. The default is 'true'.
+export NORECOMMENDS=0
+
+# Set this if the suggested packages should be skipped when adding
+# package on the CD. The default is 'true'.
+export NOSUGGESTS=1
+
+# Set to 1 to generate checksum files for generated images
+export IMAGESUMS=1
+
+# And define the set of checksum algorithms you want here. Default is
+# sha512 sha256
+# export CHECKSUMS="sha512 sha256"
+
+# We may have to extract files from packages to put them onto the CD
+# (e.g. bootloader files). If you make those packages (and their
+# sources) available somewhere, list it here so that README.source
+# can point to it. Note that your mirror must have repositories of
+# source packages if you enable this option.
+# export ARCHIVE_EXTRACTED_SOURCES="https://cdimage.debian.org/cdimage/cd-sources/"
+
+# Produce iso/jigdo files: specify how many iso/jigdo files should be
+# produced in your set. If not set or when the value is "ALL" they will
+# be created for all images. One of the variables can be set to zero if
+# either iso or jigdo files are not wanted.
+# Replaces the old "DOJIGDO" setting with something much more flexible.
+export MAXISOS=1
+export MAXJIGDOS=0
+
+# HTTP/FTP URL for directory where you intend to make the templates
+# available. You should not need to change this; the default value ""
+# means "template in same dir as the .jigdo file", which is usually
+# correct. If it is non-empty, it needs a trailing slash. "%ARCH%"
+# will be substituted by the current architecture.
+#export JIGDOTEMPLATEURL=""
+#
+# Name of a directory on disc to create data for a fallback server in.
+# Should later be made available by you at the URL given in
+# JIGDOFALLBACKURLS. In the directory, two subdirs named "Debian" and
+# "Non-US" will be created, and filled with hard links to the actual
+# files in your FTP archive. Because of the hard links, the dir must
+# be on the same partition as the FTP archive! If unset, no fallback
+# data is created, which may cause problems - see README.
+#export JIGDOFALLBACKPATH="$(OUT)/snapshot/"
+#
+# Space-separated list of label->URL mappings for "jigdo fallback
+# server(s)" to add to .jigdo file. If unset, no fallback URL is
+# added, which may cause problems - see README.
+#export JIGDOFALLBACKURLS="Debian=http://myserver/snapshot/Debian/ Non-US=http://myserver/snapshot/Non-US/"
+#
+# Space-separated list of "include URLs" to add to the .jigdo file.
+# The included files are used to provide an up-to-date list of Debian
+# mirrors to the jigdo _GUI_application_ (_jigdo-lite_ doesn't support
+# "[Include ...]").
+export JIGDOINCLUDEURLS="https://cdimage.debian.org/debian-cd/debian-servers.jigdo"
+#
+# $JIGDOTEMPLATEURL and $JIGDOINCLUDEURLS are passed to
+# "tools/jigdo_header", which is used by default to generate the
+# [Image] and [Servers] sections of the .jigdo file. You can provide
+# your own script if you need the .jigdo file to contain different
+# data.
+#export JIGDOSCRIPT="myscript"
+
+# A couple of things used only by publish_cds, so it can tweak the
+# jigdo files, and knows where to put the results.
+# You need to run publish_cds manually, it is not run by the Makefile.
+export PUBLISH_URL="https://cdimage.debian.org/jigdo-area"
+export PUBLISH_PATH="/home/jigdo-area/"
+
+# Specify files and directories to *exclude* from jigdo processing. These
+# files on each CD are expected to be different to those on the mirror, or
+# are often subject to change. Any files matching entries in this list will
+# simply be placed straight into the template file.
+export JIGDO_EXCLUDE="'README*' /doc/ /md5sum.txt /.disk/ /pics/ 'Release*' 'Packages*' 'Sources*'"
+
+# Specify files that MUST match entries in the externally-supplied
+# md5-list. If they do not, the CD build process will fail; something
+# must have been corrupted. Replaces the old mirrorcheck code.
+export JIGDO_INCLUDE="/pool/"
+
+# Specify the minimum file size to consider for jigdo processing. Any files
+# smaller than this will simply be placed straight into the template file.
+export JIGDO_OPTS="-jigdo-min-file-size 1024"
+
+for EXCL in $JIGDO_EXCLUDE; do
+ JIGDO_OPTS="$JIGDO_OPTS -jigdo-exclude $EXCL"
+done
+
+for INCL in $JIGDO_INCLUDE; do
+ JIGDO_OPTS="$JIGDO_OPTS -jigdo-force-md5 $INCL"
+done
+
+# Base link for snapshot.debian.org or similar
+# "SNAPDATETIME" will be replaced at runtime with the correct data
+# Leave this unset to not add this entry
+export SNAPURL=Debian=https://snapshot.debian.org/archive/debian/SNAPDATETIME/
+
+# File with list of packages to include when fetching modules for the
+# first stage installer (debian-installer). One package per line.
+# Lines starting with '#' are comments. The package order is
+# important, as the packages will be installed in the given order.
+#export UDEB_INCLUDE="$BASEDIR"/data/$CODENAME/udeb_include
+
+# File with list of packages to exclude as above.
+#export UDEB_EXCLUDE="$BASEDIR"/data/$CODENAME/udeb_exclude
+
+# File with list of packages to include when running debootstrap from
+# the first stage installer (currently only supported in
+# debian-installer). One package per line. Lines starting with '#'
+# are comments. The package order is important, as the packages will
+# be installed in the given order.
+#export BASE_INCLUDE="$BASEDIR"/data/$CODENAME/base_include
+
+# File with list of packages to exclude as above.
+#export BASE_EXCLUDE="$BASEDIR"/data/$CODENAME/base_exclude
+
+# Only put the installer onto the cd (set NORECOMMENDS,... as well,
+# and if you're not using build.sh then also make sure you set TASK
+# appropriately here)
+# INSTALLER_CD=0: nothing special (default)
+# INSTALLER_CD=1: just add debian-installer (use TASK=debian-installer)
+# INSTALLER_CD=2: add d-i and base (use TASK=debian-installer+kernel)
+export INSTALLER_CD=2
+export TASK=kali
+
+# Parameters to pass to kernel (or d-i) when the CD boots. Not currently
+# supported for all architectures.
+#export KERNEL_PARAMS="DEBCONF_PRIORITY=critical"
+
+# Default desktop (currently only used by win32-loader)
+export DESKTOP=xfce
+
+# If set, limits the number of images to produce. The maximum
+# value of MAXISOS and MAXJIGDOS are limited to this setting.
+export MAXCDS=1
+
+# If set, overrides the boot picture used.
+#export SPLASHPNG="$BASEDIR/data/$CODENAME/splash-img.png"
+
+# Set to 1 to save space by omitting the installation manual.
+# If so the README will link to the manual on the web site.
+export OMIT_MANUAL=1
+
+# Set to 1 to save space by omitting the release notes
+# If so we will link to them on the web site.
+export OMIT_RELEASE_NOTES=1
+
+# Set this to override the default location
+#export RELEASE_NOTES_LOCATION="https://www.debian.org/releases/$CODENAME"
+
+# Set to 1 to not include the doc/tools directories on CD1
+# Useful to save space and avoids failures if you have a mirror
+# without those directories.
+export OMIT_DOC_TOOLS=1
+
+case "$OFFICIAL" in
+ "Official")
+ export OFFICIAL_VAL=2
+ ;;
+ "Official Beta")
+ export OFFICIAL_VAL=1
+ ;;
+ *)
+ export OFFICIAL_VAL=0
+ ;;
+esac
+
+# Add options to wget to include support for the Debian CA, so
+# https://d-i.debian.org et al will work.
+if [ -d "/etc/ssl/ca-debian" ]; then
+ export WGET_OPTS="--ca-directory /etc/ssl/ca-debian/"
+fi
+export WGET="wget $WGET_OPTS"
+
+# Set this to force the Release file(s) to say "stable". Used in first
+# Etch builds to allow us to build before the archive updated
+#EARLY_BUILD_HACK=1
+
+##################################
+# LOCAL HOOK DEFINITIONS
+##################################
+#
+# Set these to point to scripts/programs to be called at various
+# points in the debian-cd image-making process. This is the ideal place
+# to customise what's on the CDs, for example to add extra files or
+# modify existing ones. Each will be called with the arguments in order:
+#
+# $TDIR (the temporary dir containing the build tree)
+# $MIRROR (the location of the mirror)
+# $DISKNUM (the image number in the set)
+# $CDDIR (the root of the temp disc tree)
+# $ARCHES (the set of architectures chosen)
+#
+# BE CAREFUL about what you do at each point: in the first couple of
+# cases, files and directories you're looking to use may not exist yet,
+# you may need to worry about adding entries into md5sum.txt yourself
+# and (in the last couple of cases) if you add any extra files you may
+# end up over-filling the disc. If you *do* need to add files at the end
+# of the process, see RESERVED_BLOCKS_HOOK below. It's strongly
+# recommended to do this kind of customisation up-front if you can, it's
+# much simpler that way!
+
+# The disc_start hook. This will be called near the beginning of the
+# start_new_disc script, just after the directory tree has been created
+# but before any files have been added
+#export DISC_START_HOOK=/bin/true
+
+# The disc_pkg hook. This will be called just after the
+# start_new_disc script has finished, just before make_disc_trees.pl
+# starts to add package files.
+#export DISC_PKG_HOOK=/bin/true
+
+# The reserved_blocks hook; if set, this script should print the
+# number of 2K blocks that need to be reserved for data to be added
+# *after* a disc tree is filled with packages.
+#export RESERVED_BLOCKS_HOOK=/bin/true
+
+# The disc_finish hook. This will be called once a disc image is full,
+# just after the last package rollback but before the last bits of
+# cleanup are done on the temp disc tree
+#export DISC_FINISH_HOOK=/bin/true
+
+# The disc_end hook. This will be called *right* at the end of the
+# image-making process in make_disc_trees.pl.
+#export DISC_END_HOOK=/bin/true
diff --git a/build.sh b/build.sh
index e62526c..04a22de 100755
--- a/build.sh
+++ b/build.sh
@@ -6,13 +6,27 @@ set -o pipefail # Bashism
KALI_DIST="kali-rolling"
KALI_VERSION=""
KALI_VARIANT="default"
+IMAGE_TYPE="live"
TARGET_DIR="$(dirname $0)/images"
TARGET_SUBDIR=""
SUDO="sudo"
VERBOSE=""
HOST_ARCH=$(dpkg --print-architecture)
+MIRROR=${MIRROR:-/srv/mirror/kali}
image_name() {
+ case "$IMAGE_TYPE" in
+ live)
+ live_image_name "$@"
+ ;;
+ installer)
+ installer_image_name "$@"
+ ;;
+ esac
+}
+
+
+live_image_name() {
local arch=$1
case "$arch" in
@@ -26,6 +40,10 @@ image_name() {
echo $IMAGE_TEMPLATE | sed -e "s/ARCH/$arch/"
}
+installer_image_name() {
+ echo "debian-cd/out/kali-$KALI_VERSION-ARCH-1.iso"
+}
+
target_image_name() {
local arch=$1
@@ -34,10 +52,20 @@ target_image_name() {
if [ "$IMAGE_EXT" = "$IMAGE_NAME" ]; then
IMAGE_EXT="img"
fi
- if [ "$KALI_VARIANT" = "default" ]; then
- echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-$KALI_ARCH.$IMAGE_EXT"
+ if [ "$IMAGE_TYPE" = "live" ]; then
+ if [ "$KALI_VARIANT" = "default" ]; then
+ echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-$KALI_ARCH.$IMAGE_EXT"
+ else
+ echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-$KALI_VARIANT-$KALI_ARCH.$IMAGE_EXT"
+ fi
else
- echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-$KALI_VARIANT-$KALI_ARCH.$IMAGE_EXT"
+ if [ "$KALI_VARIANT" = "default" ]; then
+ echo
+ "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-installer-$KALI_ARCH.$IMAGE_EXT"
+ else
+ echo
+ "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-installer-$KALI_VARIANT-$KALI_ARCH.$IMAGE_EXT"
+ fi
fi
}
@@ -58,10 +86,7 @@ default_version() {
}
failure() {
- # Cleanup update-kali-menu that might stay around so that the
- # build chroot can be properly unmounted
- $SUDO pkill -f update-kali-menu || true
- echo "Build of $KALI_DIST/$KALI_VARIANT/$KALI_ARCH live image failed (see build.log for details)" >&2
+ echo "Build of $KALI_DIST/$KALI_VARIANT/$KALI_ARCH $IMAGE_TYPE image failed (see build.log for details)" >&2
exit 2
}
@@ -77,7 +102,7 @@ run_and_log() {
. $(dirname $0)/.getopt.sh
# Parsing command line options
-temp=$(getopt -o "$BUILD_OPTS_SHORT" -l "$BUILD_OPTS_LONG,get-image-path" -- "$@")
+temp=$(getopt -o "$BUILD_OPTS_SHORT" -l "$BUILD_OPTS_LONG,get-image-path,installer" -- "$@")
eval set -- "$temp"
while true; do
case "$1" in
@@ -86,6 +111,7 @@ while true; do
-a|--arch) KALI_ARCH="$2"; shift 2; ;;
-v|--verbose) VERBOSE="1"; shift 1; ;;
-s|--salt) shift; ;;
+ --installer) IMAGE_TYPE="installer"; shift 1 ;;
--variant) KALI_VARIANT="$2"; shift 2; ;;
--version) KALI_VERSION="$2"; shift 2; ;;
--subdir) TARGET_SUBDIR="$2"; shift 2; ;;
@@ -118,6 +144,7 @@ fi
# Build parameters for lb config
KALI_CONFIG_OPTS="--distribution $KALI_DIST -- --variant $KALI_VARIANT"
+CODENAME=$KALI_DIST # for debian-cd
if [ -n "$OPT_pu" ]; then
KALI_CONFIG_OPTS="$KALI_CONFIG_OPTS --proposed-updates"
KALI_DIST="$KALI_DIST+pu"
@@ -129,21 +156,37 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Either we use a git checkout of live-build
# export LIVE_BUILD=/srv/cdimage.kali.org/live/live-build
-# Or we ensure we have proper version installed
-ver_live_build=$(dpkg-query -f '${Version}' -W live-build)
-if dpkg --compare-versions "$ver_live_build" lt 1:20151215kali1; then
- echo "ERROR: You need live-build (>= 1:20151215kali1), you have $ver_live_build" >&2
- exit 1
-fi
+case "$IMAGE_TYPE" in
+ live)
+ # Or we ensure we have proper version installed
+ ver_live_build=$(dpkg-query -f '${Version}' -W live-build)
+ if dpkg --compare-versions "$ver_live_build" lt 1:20151215kali1; then
+ echo "ERROR: You need live-build (>= 1:20151215kali1), you have $ver_live_build" >&2
+ exit 1
+ fi
-# Check we have a good debootstrap
-ver_debootstrap=$(dpkg-query -f '${Version}' -W debootstrap)
-if dpkg --compare-versions "$ver_debootstrap" lt "1.0.97"; then
- if ! echo "$ver_debootstrap" | grep -q kali; then
- echo "ERROR: You need debootstrap >= 1.0.97 (or a Kali patched debootstrap). Your current version: $ver_debootstrap" >&2
- exit 1
- fi
-fi
+ # Check we have a good debootstrap
+ ver_debootstrap=$(dpkg-query -f '${Version}' -W debootstrap)
+ if dpkg --compare-versions "$ver_debootstrap" lt "1.0.97"; then
+ if ! echo "$ver_debootstrap" | grep -q kali; then
+ echo "ERROR: You need debootstrap >= 1.0.97 (or a Kali patched debootstrap). Your current version: $ver_debootstrap" >&2
+ exit 1
+ fi
+ fi
+ ;;
+ installer)
+ ver_debian_cd=$(dpkg-query -f '${Version}' -W debian-cd)
+ if dpkg --compare-versions "$ver_live_build" lt 3.1.27; then
+ echo "ERROR: You need live-build (>= 3.1.27), you have $ver_live_build" >&2
+ exit 1
+ fi
+
+ if [ ! -d $MIRROR ]; then
+ echo "ERROR: You need to have a local Kali mirror and indicate its location in the MIRROR environment variable." >&2
+ exit 1
+ fi
+ ;;
+esac
# We need root rights at some point
if [ "$(whoami)" != "root" ]; then
@@ -166,14 +209,56 @@ mkdir -p $TARGET_DIR/$TARGET_SUBDIR
IMAGE_NAME="$(image_name $KALI_ARCH)"
set +e
: > build.log
-run_and_log $SUDO lb clean --purge
-[ $? -eq 0 ] || failure
-run_and_log lb config -a $KALI_ARCH $KALI_CONFIG_OPTS "$@"
-[ $? -eq 0 ] || failure
-run_and_log $SUDO lb build
-if [ $? -ne 0 ] || [ ! -e $IMAGE_NAME ]; then
- failure
-fi
+
+case "$IMAGE_TYPE" in
+ live)
+ run_and_log $SUDO lb clean --purge
+ [ $? -eq 0 ] || failure
+ run_and_log lb config -a $KALI_ARCH $KALI_CONFIG_OPTS "$@"
+ [ $? -eq 0 ] || failure
+ run_and_log $SUDO lb build
+ if [ $? -ne 0 ] || [ ! -e $IMAGE_NAME ]; then
+ failure
+ fi
+ ;;
+ installer)
+ # Configure debian-cd with the runtime parameters
+ export CF=$(pwd)/CONF.sh
+ . $CF
+ export DEBIAN_CD_CONF_SOURCED=true
+ export ARCHES=$KALI_ARCH
+ export DEBVERSION=$KALI_VERSION
+ export CODENAME # set earlier
+ if [ "$KALI_VARIANT" = "netinst" ]; then
+ export DISKTYPE="netinst"
+ else
+ export DISKTYPE="DVD"
+ fi
+
+ # Setup the required paths
+ mkdir -p debian-cd/tmp/apt debian-cd/out debian-cd/basedir
+ cp -a /usr/share/debian-cd/* debian-cd/basedir/
+ export MIRROR # set by the user
+ export BASEDIR=$(pwd)/debian-cd/basedir
+ export TDIR=$(pwd)/debian-cd/tmp
+ export APTTMP=$TDIR/apt
+ export OUT=$(pwd)/debian-cd/out
+
+ # Configure the task with the packages we want
+ mkdir -p $BASEDIR/tasks/$CODENAME
+ (
+ echo "#include <debian-installer+kernel>";
+ grep -v '^#' kali-config/variant-$KALI_VARIANT/package-lists/kali.list.chroot
+ ) >$BASEDIR/tasks/$CODENAME/kali
+ export TASK=kali
+
+ run_and_log $BASEDIR/build.sh $KALI_ARCH
+ if [ $? -ne 0 ] || [ ! -e $IMAGE_NAME ]; then
+ failure
+ fi
+ ;;
+esac
+
set -e
mv -f $IMAGE_NAME $TARGET_DIR/$(target_image_name $KALI_ARCH)
mv -f build.log $TARGET_DIR/$(target_build_log $KALI_ARCH)
diff --git a/kali-config/variant-netinst/package-lists/kali.list.chroot b/kali-config/variant-netinst/package-lists/kali.list.chroot
new file mode 100644
index 0000000..affd284
--- /dev/null
+++ b/kali-config/variant-netinst/package-lists/kali.list.chroot
@@ -0,0 +1,4 @@
+# Empty list because netinst has no embedded packages
+#
+# This variant is not meant to be used with live-build but only with
+# debian-cd and thus ./build.sh --installer --variant netinst