Exercise 2, Chapter 10 – Creating a Kali Repository
- Create a Kali Repository. Host the packages you created in it (SET, kali-menu, kernel packages).
Now that you have a custom package, you can distribute it through an APT package repository. Use reprepro to create the desired repository and to fill it.
A package repository is typically hosted on a server. To properly separate it from other services running on the server, it is best to create a user dedicated to this service. In the dedicated user account, you will be able to host the repository files and also the GnuPG key that will be used to sign the package repository:
1 2 3 4 5 6 7 |
apt install reprepro gnupg2 adduser --system --group pkgrepo chown pkgrepo $(tty) # gpg requires write access to the terminal su - -s /bin/bash pkgrepo gpg2 --gen-key # Don't enter password |
Note that we don’t enter a passphrase so that we can sign in non-interactively.
Next, set up the repository structure. A dedicated directory is necessary for reprepro and inside that directory you have to create a conf/distributions file documenting which distributions are available in the package repository:
1 2 3 4 |
mkdir -p reprepro/conf cd reprepro |
Next, edit conf/distributions..
1 2 3 |
nano conf/distributions |
.. to look like this:
1 2 3 4 5 6 7 8 9 |
Codename: offsec-internal AlsoAcceptFor: unstable Origin: Offensive Security Description: Offsec's Internal packages Architectures: source amd64 i386 Components: main SignWith: F8FE22F74F1B714E38DA6181B27F74F7B4EF2D0D |
With this basic setup in place, you can let reprepro generate an empty repository:
1 2 3 |
$ reprepro export |
Ask reprepro to include the package. Use the .changes file from your previous custom package!
1 2 3 |
reprepro include offsec-internal /tmp/offsec-defaults_1.0_amd64.changes |
Notice that reprepro added the files into its own package pool in a pool sub-directory:
1 2 3 |
find pool |
The dists and pool directories are the two directories that you need to make (publicly) available over HTTP to finish the setup of your APT repository. They contain all the files that APT will want to download.
Assuming that you want to host this on a virtual host named pkgrepo.offsec.com, you could create the following 2 configuration file, save it to /etc/apache2/sites-available/pkgrepo.offsec.com.conf, and enable it with a2ensite pkgrepo.offsec.com):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<VirtualHost *:80> ServerName pkgrepo.offsec.com ServerAdmin repoadmin@offsec.com ErrorLog /var/log/apache2/pkgrepo.offsec.com-error.log CustomLog /var/log/apache2/pkgrepo.offsec.com-access.log "%h %l %u %t \"%r\" %>s %O" DocumentRoot /home/pkgrepo/reprepro <Directory "/home/pkgrepo/reprepro"> Options Indexes FollowSymLinks MultiViews Require all granted AllowOverride All </Directory> </VirtualHost> |
And the corresponding sources.list entry to add on machines that need packages from this repository would look like this:
1 2 3 4 5 |
deb http://pkgrepo.offsec.com offsec-internal main # Enable next line if you want access to source packages too # deb-src http://pkgrepo.offsec.com offsec-internal main |
Your package is now published and should be available to your networked hosts.
1 2 3 4 5 6 |
pkgrepo@kali:~/reprepro$gpg2 --export --armor muts@offsec.com > /tmp/wot.asc cat /tmp/wot.asc | apt-key add - apt-key list apt-key del KEYHERE |