Exercise 10-2: Creating a Kali Repository

Exercise 2, Chapter 10 - Creating a Kali Repository

Create a Kali Repository. Host the packages you created in it (SET, kali-menu, kernel packages).

Now that you have a custom package, you can distribute it through an APT package repository. Use reprepro to create the desired repository and to fill it.

A package repository is typically hosted on a server. To properly separate it from other services running on the server, it is best to create a user dedicated to this service. In the dedicated user account, you will be able to host the repository files and also the GnuPG key that will be used to sign the package repository:


apt install reprepro gnupg2
adduser --system --group pkgrepo
chown pkgrepo $(tty) # gpg requires write access to the terminal
su - -s /bin/bash pkgrepo
gpg2 --gen-key # Don't enter password

Note that we don't enter a passphrase so that we can sign in non-interactively.

Next, set up the repository structure. A dedicated directory is necessary for reprepro and inside that directory you have to create a conf/distributions file documenting which distributions are available in the package repository:


mkdir -p reprepro/conf
cd reprepro

Next, edit conf/distributions..


nano conf/distributions

.. to look like this:


Codename: offsec-internal
AlsoAcceptFor: unstable
Origin: Offensive Security
Description: Offsec's Internal packages
Architectures: source amd64 i386
Components: main
SignWith: F8FE22F74F1B714E38DA6181B27F74F7B4EF2D0D

With this basic setup in place, you can let reprepro generate an empty repository:


$ reprepro export

Ask reprepro to include the package. Use the .changes file from your previous custom package!


reprepro include offsec-internal /tmp/offsec-defaults_1.0_amd64.changes

Notice that reprepro added the files into its own package pool in a pool sub-directory:


find pool

The dists and pool directories are the two directories that you need to make (publicly) available over HTTP to finish the setup of your APT repository. They contain all the files that APT will want to download.

Assuming that you want to host this on a virtual host named pkgrepo.offsec.com, you could create the following 2 configuration file, save it to /etc/apache2/sites-available/pkgrepo.offsec.com.conf, and enable it with a2ensite pkgrepo.offsec.com):



    ServerName pkgrepo.offsec.com
    ServerAdmin repoadmin@offsec.com

    ErrorLog /var/log/apache2/pkgrepo.offsec.com-error.log
    CustomLog /var/log/apache2/pkgrepo.offsec.com-access.log "%h %l %u %t \"%r\" %>s %O"

    DocumentRoot /home/pkgrepo/reprepro

    
        Options Indexes FollowSymLinks MultiViews
        Require all granted
        AllowOverride All

And the corresponding sources.list entry to add on machines that need packages from this repository would look like this:


deb http://pkgrepo.offsec.com offsec-internal main
# Enable next line if you want access to source packages too
# deb-src http://pkgrepo.offsec.com offsec-internal main

Your package is now published and should be available to your networked hosts.


pkgrepo@kali:~/reprepro$gpg2 --export --armor muts@offsec.com > /tmp/wot.asc
cat /tmp/wot.asc | apt-key add - 
apt-key list
apt-key del KEYHERE

← Previous Topic Next Topic →

Exercise 2, Chapter 10 - Creating a Kali Repository

NEW FOR 2021