On this page
I didn’t understand the “8.Replace conflicted packages to work around dependency issues” part of this page.
Can anyone help me understand this?
Hi @kzlz,
I don’t know why you’re trying to build a Kali template, and if your goal is to learn how to build it, I’m sorry I’m not answering your question.
If all you want is to use Kali, however, are you aware that a community template is available?
The community template is woefully outdated ,and will require a full dist
upgrade.
I have a newer build here
@kzlz, if you do want to build the template yourself, just say so, and
we can walk you through the process.
2 Likes
No matter how many times I download qubes-template-kali-4.0.6-202304291232.noarch.rpm, it shows digests SIGNATURES NOT OK.
What do you think I did wrong?
How are you downloading it @kzlz?
What program is telling you that the signature is not OK, is it rpm, is it gpg?
I suspect that if the key used for signing the template wasn’t added to the rpm keyring, then rpm would fail to verify the signature (and default to the safer option of assuming it is not OK).
See the begining of this post of you suspect that’s the issue you’re facing:
(You’ll need to use the key that was used to sign the Kali template, which may not be the same as the ine used for the templates in that thead!)
I used rpm.
Which is the correct place to copy the downloaded key?
/etc/qubes/repo-templates/key
or
/etc/pki/rpm-gpg/
Also, should the name of the unman key be RPM-GPG-KEY-unman or whatever?
I changed the name of unman’s key to RPM-GPG-KEY-unman and copied it to /etc/pki/rpm-gpg/.
One question out of context: WHy install a kali Template if the apps of kali can be directly installed in a debian template?
Why not install wireshark, wifite (for example) directly in debian-11-clone?
Did you read the page from which you downloaded the template?
This is covered there, as well as important notes on installing large
templates like Kali, and dealing with potential problems when updating.
If there’s anything there that isnt clear, please say so.
You can name my key whatever you like - it sort of makes sense to me to
be consistent with other keys and to name it after the originator, but
whatever.
1 Like
Nice handle.
It’s a good question.
You can install any of the tools in to a debian-11 clone.
If you just want a few tools, install them in to a stock template.
Kali is based off debian testing, currently debian-12, and provides
curated (eeew) bundles of tools - for convenience its easier to use a
ready made Template.
I prefer Parrot, so I provide that template too.
I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
1 Like
Why Parrot instead of Kali?
I was wondering… a simples script is able to install many of Kali tools throw debian-11 without changing from stable to testing.
I find it better in many respects.
Then you are installing tools from stable, and not from testing. They
will be older versions, and may not be updated by security team.
There are few “Kali tools” - just tools included in Kali
Yes I read this page: Index of /Templates
I thought I was following the support.
No matter how many times I try with
digests SIGNATURES NOT OK.
I’m having trouble verifying templates with unman’s key too. I tried a recent key from the Ubuntu key server to verify parrot templates and a kali template. I did this successfully for a kali template maybe a week ago but now I wanted to try parrot after reinstalling qubes today.
Any one else having trouble?
I got it to work. I found this helpfull How to verify Unman's template
Particularly this command helped
rpmkeys --import PATH_TO_KEY
I didn’t see any mention of this step on unmans website.
edit: instead it said to move the key to /etc/pki/rpm-gpg/RPM-GPG-KEY-unman
@fiddler (and @kzlz), this is exactly what I meant when I said:
I could have been more explicit, I’m sorry about that!
I’m glad you found the way to do it and that it allowed you to move forward 
(Edit to add: unless I’m wrong, where you place the keys doesn’t matter as long as you add them (import them) to the rpm keyring. Consistency is good when naming files though, and the /etc/pki/rpm-gpg directory is a good place to store them.)
I also succesed. thank you 
