Kali template available

fepitre · February 4, 2022, 10:09pm

I’m waiting we finish to build bookworm packages in order to build a new Kali template with the core metapackage only. It would be smaller than the standard one.

Quser59 · February 7, 2022, 4:53am

To confirm: is there no recommended/safe way to resize the partititon?
Will this be a problem with future ISOs?

fiddler · February 7, 2022, 7:35am

I can easily increase the amount of system storage in qubes settings for any qubes template. I have my kali template set to 50gb and haven’t had any issues. I can’t decrease it though but it will still only allocate storage from the physical drive when needed so that saves space.

fepitre · February 7, 2022, 7:47am

We have attempted to optimize dom0 pool size so normally if you don’t have too much extra kernels, there should be enough space to allow dom0 to unpack the RPM then copy it on the fly to the vm pool.

Take a look at your disk space usage or / in dom0. What is the free space currently?

Quser59 · February 7, 2022, 7:52pm

approx 9G on / available,

@fepitre

anon1 · March 17, 2022, 11:38pm

When I tried to install the Kali template I get suspicious returns:
[user@dom0 ~]$ rpm -q qubescore-dom0-linux
qubes-core-dom0-linux-4.1.18.fc32.x86_64
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing qubes-template-kali
Redirecting to ‘qvm-template install --enablerepo=qubes-templates-community-testing qubes-template-kali’
Downloading ‘qubes-template-kali-0:4.0.6-202106171816’…
qubes-template-kali-0:4.0.6-202106171816: 4%| | 149M/3.32G [12:16<4:21:35, 202
Error canoncalizing file: Payload forged!
ERROR: [errno 2] No such file or directory: ‘/root/.cache/qvm-template/tmp4xa4_2h_/qubes-template-kali-0:4.0.6-202106171816.rpm.UNTRUSTED’

I tried the
sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing qubes-template-kali
command again and it reached 90% before returning the same as ab0ve.

fepitre · March 18, 2022, 9:32am

Space problem issue?

Quser59 · March 18, 2022, 12:35pm

Don’t know if you’re aware @fepitre but the repos included in the template are http and fail (probably due to mitm attack on http repos) with mismatch errors.

Easily resolved by using https repos.

fepitre · March 18, 2022, 12:51pm

This is somewhere on my backlog…I’m welcoming any help for that too

Quser59 · March 18, 2022, 1:01pm

For anybody interested.
You need to:

cd /etc/apt/sources.list.d/
nano kali.list

Old, repos included with template (DO NOT USE).
# deb http://http.kali.org/kali kali-rolling main non-free contrib

New Repos:
deb https://kali.download/kali kali-rolling main non-free contrib

I used kali.download as kali.org was extremely slow for me.

anon1 · March 18, 2022, 5:24pm

They are using http servers!!! That’s insanity, especially for an offensive distro…

Your response looks promising but when trying the directory you mentioned in terminal emulator it does not exist. I tried editing the file path even.

fepitre · March 18, 2022, 5:51pm

If packages are signed…who cares?

anon1 · March 18, 2022, 11:48pm

Were you able to find a way to safely install Kali template by resizing dom0 pool or another method?

Quser59 · March 19, 2022, 12:09am

Denial of Service, see earlier reply:

–

Used lvresize to resize /deb/qubes_dom0/root

–

Can you clarify, do you have the kali template installed & are you executing this command in the kali template?

anon1 · March 19, 2022, 12:50am

Thank you for your reply. I was and still am a little concerned about the errors I was getting “Payload forged!” and “…rpm.UNTRUSTED”, but I retried the initial install command several times and it eventually completed the template download. I was able to fix the subsequent dom0 small pool issue with the command suggested here by fepitre: sudo journalctl --vacuum-time=1d

Szewcu · March 19, 2022, 9:24am

…rpm.UTRUSTED is a temporary name of downloaded rpm package. It is first downloaded with that name, then SHA is calculated and checked. If it is ok it is then renamed to the same name without .UNTRUSTED postfix and installation begins. This is the “Qubes way” of downloading the packages. So that what You se is IMO corruption during download. Then checksum not match, yo see message “Payload forged!” and installation not start.

TheGardner · July 29, 2022, 3:44pm

Recently tried to install unmans latest kali template, but it failed.

Anyone, argue, what I doing wrong / is missing here?

unman · July 29, 2022, 4:01pm

Can you tell me what is the issue?

TheGardner · July 30, 2022, 12:54am

Installation breaks after 10 seconds of file check with “Error: Signature verification failed: -: digests SIGNATURES NOT OK”

unman.pub is your certificate, which I installed before, but looks like I didn’t oversee all, cause I get an error in the end, but very quick after the install command. It’s just checking the 3,xx GB rpm and then stops. File should be okay, must be a wrong setting of the certificate I assume.

unman · July 30, 2022, 10:36am

My key is only valid for 2 years, and recently updated.
Check the key against current keyservers and/or GitHub.
Could be some key/package discrepancy.