First off, I will tell you that while the official guide is good, it's aimed more at straight Debian users. Even though Ubuntu is based on Debian, there are some differences that may cause problems.
That being said, I had significant trouble getting this to work, but in the end, I have a process which I believe should work.
Getting Started
First off, I am using Ubuntu 14.04.1 x64 but this process should work on almost any version (or subversion) of Ubuntu and Mint. In order to keep your "main" system clean, I recommend creating a virtual install, so for this guide, I will be using LXC. If you haven't already, install LXC. You can use the Software Centre or Synaptic if you like. Being old school, I prefer using the terminal and everything I do will be in ~$ standard terminal command notation:
Creating A Container
Next, you will need to create a container to run it all in. Since Kali's baseline is much closer to Debian than Ubuntu, you will need to build a Debian environment ("Wheezy" at the time of this writing), but with some minor changes. Fortunately, I have a custom template available here if you wish to use it. If not, create a Debian container and add the Kali sources. Important to remember is that only the root user should create containers, so I will make gratuitous use of sudo in this guide. Once inside the container using the password LXC gives you during the container creation stage, however, you will be running as root, SO BE CAREFUL!
Using the Debian template:
Once it's done getting set up (it does take a little time, after all), you will need to add the Kali repositories to your container's sources in /etc/apt/sources.list:
Then apply the finishing touches:
If you opt to use my tweaked custom install, it will do all that for you. All you have to do is run it:
In both cases, you may wish to add Oracle's Java instead of OpenJDK:
At this point, you should have a working container with access to the current Debian baseline and the Kali repositories. If not, sudo lxc-destroy -n kali will nuke your old container so you can go back to "Creating a Container" and try again. :)
Getting Ready
Now we need to prepare the Kali ISO build environment:
Configuring the Kali ISO Build (Optional)
Through the config directory, your ISO build supports significant customization options, which are well documented on the Debian live build 3.x page. However, for the impatient, the following configuration files are of particular interest:
config/package-lists/kali.list.chroot – contains the list of packages to install in the Kali ISO. You can choose specific packages to be installed, while dropping others. In my case, I dropped open-jdk in favour of the official Oracle Java from the Webupd8 repositories. This is also where you can change your Kali ISO Desktop Environment (KDE, Gnome, XFCE, LXDE, etc).
hooks/ – The hooks directory allows us to hook scripts in various stages of the Kali ISO live build. For more information about hooks, refer to the live build manual. As an example, Kali adds its forensic menu this way:
Building the ISO
Before you generate your ISO, you can specify your required architecture, choosing either amd64 or i386. Also note that lb build requires root rights. If you do not specify an architecture, live build will generate an ISO with the same architecture as the host machine. If you want to build a 64 bit ISO on a 32 bit Kali system, make sure you enable multi-arch support:
Configure live-build to generate with a 64 bit:
...or 32 bit:
The last command will take a while to complete, as it downloads all of the required packages needed to create your ISO. Good time for a coffee.
Building Kali Linux for older i386 architecture
The Kali Linux i386 ISO has PAE enabled. If you require a default kernel for older hardware, like I did, you need to rebuild a Kali Linux ISO. The rebuilding process is much the same as above, other than the 686-pae parameter that needs to be changed to 486 in auto/config:
Speeding up future builds
If you plan to build custom ISOs often, you might want to cache kali packages locally for future builds. I didn't bother, but you might, right? This can easily be done by installing apt-cacher-ng, and configuring the http_proxy environment variable before every build.
Trouble In Paradise
The problem I kept running into was packages failing to install or configure properly, getting message like this:
Not to worry. This error may pop up a few times, but it can be fixed every time. The problem I had when I set out on this adventure was preventing the error in the first place. Every time it stops with an error, you can fix it like this:
LiveBuild uses a chroot inside the container so I've used (kali) to show being "inside" the chroot. On my system, dpkg kept spitting out errors, so I had to keep repeating this "trouble in paradise" section until I finally got a clean build. But now it works!
That being said, I had significant trouble getting this to work, but in the end, I have a process which I believe should work.
Getting Started
First off, I am using Ubuntu 14.04.1 x64 but this process should work on almost any version (or subversion) of Ubuntu and Mint. In order to keep your "main" system clean, I recommend creating a virtual install, so for this guide, I will be using LXC. If you haven't already, install LXC. You can use the Software Centre or Synaptic if you like. Being old school, I prefer using the terminal and everything I do will be in ~$ standard terminal command notation:
Code:
~$ sudo apt-get install -y lxcNext, you will need to create a container to run it all in. Since Kali's baseline is much closer to Debian than Ubuntu, you will need to build a Debian environment ("Wheezy" at the time of this writing), but with some minor changes. Fortunately, I have a custom template available here if you wish to use it. If not, create a Debian container and add the Kali sources. Important to remember is that only the root user should create containers, so I will make gratuitous use of sudo in this guide. Once inside the container using the password LXC gives you during the container creation stage, however, you will be running as root, SO BE CAREFUL!
Using the Debian template:
Code:
~$ sudo lxc-create -n kali -t debian
~$ sudo lxc-start -n kaliCode:
deb http://http.kali.org/kali kali main contrib non-free
deb-src http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-freeCode:
~# apt-key adv --keyserver pgpkeys.mit.edu --recv-keys ED444FF07D8D0BF6
~# apt-get update
~# apt-get install kali-archive-keyringCode:
~# sudo lxc-create -n kali -t kali
~# sudo lxc-start -n kaliCode:
~$ su -
~# echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
~# echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
~# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
~# apt-get update
~# apt-get install oracle-java8-installerGetting Ready
Now we need to prepare the Kali ISO build environment:
Code:
~# apt-get install git live-build cdebootstrap kali-archive-keyring
~# git clone git://git.kali.org/live-build-config.git
~# cd live-build-config
~# lb configThrough the config directory, your ISO build supports significant customization options, which are well documented on the Debian live build 3.x page. However, for the impatient, the following configuration files are of particular interest:
config/package-lists/kali.list.chroot – contains the list of packages to install in the Kali ISO. You can choose specific packages to be installed, while dropping others. In my case, I dropped open-jdk in favour of the official Oracle Java from the Webupd8 repositories. This is also where you can change your Kali ISO Desktop Environment (KDE, Gnome, XFCE, LXDE, etc).
hooks/ – The hooks directory allows us to hook scripts in various stages of the Kali ISO live build. For more information about hooks, refer to the live build manual. As an example, Kali adds its forensic menu this way:
Code:
~# cat config/hooks/forensic-menu.binary
#!/bin/sh
cat >>binary/isolinux/live.cfg <<END
label live-forensic
menu label ^Live (forensic mode)
linux /live/vmlinuz
initrd /live/initrd.img
append boot=live noconfig username=root hostname=kali noswap noautomount
ENDBefore you generate your ISO, you can specify your required architecture, choosing either amd64 or i386. Also note that lb build requires root rights. If you do not specify an architecture, live build will generate an ISO with the same architecture as the host machine. If you want to build a 64 bit ISO on a 32 bit Kali system, make sure you enable multi-arch support:
Code:
~# dpkg --add-architecture amd64
~# apt-get updateCode:
~# lb config --architecture amd64
~# lb buildCode:
~# lb config --architecture i386 # for 32 bit
~# lb buildBuilding Kali Linux for older i386 architecture
The Kali Linux i386 ISO has PAE enabled. If you require a default kernel for older hardware, like I did, you need to rebuild a Kali Linux ISO. The rebuilding process is much the same as above, other than the 686-pae parameter that needs to be changed to 486 in auto/config:
Code:
~# apt-get install git live-build cdebootstrap kali-archive-keyring
~# git clone git://git.kali.org/live-build-config.git
~# cd live-build-config
~# sed -i 's/686-pae/486/g' auto/config
~# lb clean
~# lb config --architecture i386
~# lb buildIf you plan to build custom ISOs often, you might want to cache kali packages locally for future builds. I didn't bother, but you might, right? This can easily be done by installing apt-cacher-ng, and configuring the http_proxy environment variable before every build.
Code:
~# apt-get install apt-cacher-ng
~# /etc/init.d/apt-cacher-ng start
~# export http_proxy=http://localhost:3142/
... ### setup and configure your live build
~# lb config --apt-http-proxy http://127.0.0.1:3142/
~# lb buildThe problem I kept running into was packages failing to install or configure properly, getting message like this:
Code:
Adding 'diversion of /usr/share/dict/words to /usr/share/dict/words.pre-dictionaries-common by dictionaries-common'
dpkg: unrecoverable fatal error, aborting:
failed to fstat previous diversions file: No such file or directory
E: Sub-process /usr/bin/dpkg returned an error code (2)
P: Begin unmounting filesystems...
P: Saving caches...
E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.Code:
~# chroot chroot
(kali) ~# dpkg --configure -a
(kali) ~# exit
~# lb clean
... ### Use the same lb config you used the first time: lb config --architecture i386 or lb config --architecture amd64 or just lb config ###
~# lb build