Kali template available

quantumrascal01 · May 27, 2024, 6:33am

I just wanted to share my own solution to this on the latest version of Qubes and the latest Kali template - took me a while to work out so thought I’d help avoid other people having the same issue

** Edit the existing Qubes 4.2 repo below, the key should already be in your installation
sudo nano /etc/yum.repos.d/qubes-templates.repo

[qubes-templates-community-testing]
name=Qubes Templates Community Testing
#baseurl=https://yum.qubes-os.org/r4.2/templates-community-testing
metalink=https://yum.qubes-os.org/r4.2/templates-community-testing/repodata/repomd.xml.metalink
skip_if_unavailable=False
enablegroups=0
metadata_expire=7d
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4.2-templates-community

** To do a clean download of all templates but takes a while - sudo qubes-dom0-update --clean
** To update with your new community repo defined - sudo qubes-dom0-update
** Below to download the new qubes template need to adjust by looking at the latest on https://yum.qubes-os.org/r4.2/templates-community-testing/rpm/
sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing qubes-template-kali-core-4.2.0-202402081323
** To show available and installed templates
qvm-template list
** Now create your new Qube from the new Kali template

quantumrascal01 · May 27, 2024, 7:33am

@TheGardner firstly I would like to thankyou for being part of an amazing team that has produced this OS - I have made it my main operating system now and am hopefully getting to grips with it
Essentially I have installed the latest kali community template on Qubes 4.2.1 as per my previous post however I have updated the distro to the latest kali-rolling one, everything is working fine and I can copy/paste etc with the global clipboard between Qubes which makes me think the Qubes agent is working ok, however I can’t attach any usb device to my kali app vm.
I have looked in journalctl and can’t see anything specific to sys-usb.
I know you are probably a very busy person but if you had any pointers it would be hugely appreciated.

UPDATE: I think it was the kali distro update that messed it up re-installed the community core image template and USB attached fine, one I will be aware of in the future and probably jumping the gun updating your community rpm’s apologies

quantumrascal01 · May 27, 2024, 7:54am

I get this from the kali-latest Qube for an agent status and can’t see any errors:

● qubes-qrexec-agent.service - Qubes remote exec agent
Loaded: loaded (/usr/lib/systemd/system/qubes-qrexec-agent.service; enabled; preset: enabled)
Active: active (running) since Mon 2024-05-27 12:57:30 +07; 1h 47min ago
Process: 773 ExecStartPre=/bin/sh -c [ -e /dev/xen/evtchn ] || modprobe xen_evtchn (code=exited, status=0/SUCCESS)
Main PID: 777 (qrexec-agent)
Tasks: 1 (limit: 383)
Memory: 1.0M (peak: 3.1M)
CPU: 409ms
CGroup: /system.slice/qubes-qrexec-agent.service
└─777 /usr/lib/qubes/qrexec-agent

May 27 14:10:55 kali-latest qrexec-agent[3489]: 2024-05-27 14:10:55.257 qrexec-agent[3489]: qrexec-agent-data.c:324:handle_new_process_common: pid 3492 exited with 255
May 27 14:14:37 kali-latest qrexec-agent[3565]: 2024-05-27 14:14:37.997 qrexec-agent[3565]: qrexec-agent-data.c:293:handle_new_process_common: executed: root:QUBESRPC qubes.USBAttach dom0 (pid 3567)
May 27 14:14:37 kali-latest qrexec-agent[3567]: pam_unix(qrexec:session): session opened for user root(uid=0) by (uid=0)
May 27 14:14:40 kali-latest qrexec-agent[3565]: 2024-05-27 14:14:40.071 qrexec-agent[3565]: qrexec-agent-data.c:324:handle_new_process_common: pid 3567 exited with 255
May 27 14:19:54 kali-latest qrexec-agent[3642]: 2024-05-27 14:19:54.222 qrexec-agent[3642]: qrexec-agent-data.c:293:handle_new_process_common: executed: root:QUBESRPC qubes.USBAttach dom0 (pid 3645)
May 27 14:19:54 kali-latest qrexec-agent[3645]: pam_unix(qrexec:session): session opened for user root(uid=0) by (uid=0)
May 27 14:19:56 kali-latest qrexec-agent[3642]: 2024-05-27 14:19:56.720 qrexec-agent[3642]: qrexec-agent-data.c:324:handle_new_process_common: pid 3645 exited with 255
May 27 14:28:36 kali-latest qrexec-agent[3729]: 2024-05-27 14:28:36.446 qrexec-agent[3729]: qrexec-agent-data.c:293:handle_new_process_common: executed: root:QUBESRPC qubes.USBAttach dom0 (pid 3732)
May 27 14:28:36 kali-latest qrexec-agent[3732]: pam_unix(qrexec:session): session opened for user root(uid=0) by (uid=0)
May 27 14:28:38 kali-latest qrexec-agent[3729]: 2024-05-27 14:28:38.524 qrexec-agent[3729]: qrexec-agent-data.c:324:handle_new_process_common: pid 3732 exited with 255

And I get this from the dom0 journal

May 27 14:47:27 dom0 kernel: audit: type=1105 audit(1716796047.008:814): pid=24005 uid=1000 auid=1000 ses=2 msg=‘op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix acct=“root” exe=“/usr/bin/sudo” hostname=? addr=? terminal=/dev/pts/7 res=success’
May 27 14:47:47 dom0 qrexec-policy-daemon[2939]: warning: !compat-4.0 directive in file /etc/qubes/policy.d/35-compat.policy line 16 is transitional and will be deprecated
May 27 14:47:47 dom0 qrexec-policy-daemon[2939]: qrexec: qubes.USB+2-9: kali-latest → sys-usb: allowed to sys-usb

andyleitermann · November 5, 2024, 4:06am

Has anyone had better luck than I have doing any updates on the Kali template on R4.2.3? Everything I’ve tried seems to fail at some step along the way. I’m just using a standalone VM in the meantime, and even that was a pain to get working, so I’m thinking this all has more to do with Kali’s dev process than a Qubes issue.

apparatus · November 5, 2024, 5:23am

Did you try this?

andyleitermann · November 5, 2024, 10:39pm

No I missed this one thanks, I’ll give it a try!

Edit: Works perfectly, thanks again @apparatus!

fiddler · December 6, 2024, 2:35am

The new kali template built on 22 Nov 2024 doesn’t update properly even with he trixie fix. If I update with qubes update tool I get a template that will fail to launch a terminal. Anyone else getting this problem?

fiddler · December 22, 2024, 8:19pm

was able to install the older kali-core template with

qvm-template install --enablerepo=qubes-templates-community-testing kali-core-4.2.0-202402081323

with the trixie fix I was able to upgrade to linux-kali-default on the older template

one difference between the old and new template is “/etc/apt/sources.list.d/kali.list” is missing and it looks like that file is used for the kali-rolling repository.

fepitre · February 6, 2025, 1:33pm

I’ll take a look at this problem.

ddevz · February 21, 2025, 11:04pm

looks like the public key for the distribution is missing too

fepitre · February 22, 2025, 4:28pm

No it’s key being expired. I’ve some branch fixing that but we need to add Trixie build first.

arkenoi · February 27, 2025, 1:04pm

Sooo, still not usable out of the box? Is there any ETA?
UPD: even more strange! I installed qubes-template-kali-core-0:4.2.0-202411221432 and it appears to be original non-kalified debian. Why?

HardcodedNonce · March 14, 2025, 5:38am

Bump.

Is there any ETA? Why is kali-core not kali anymore?

I kinda need this for work and this long ongoing situation is very suboptimal.

At this point it would be more reasonable to wipe my work laptop and switch to ubuntu with kvm like any sane person. Then i could use a windows vm and would have a working kali instead of dealing with this.

anone381 · March 14, 2025, 5:57am

Why you can’t just install software which is required for your work? kali-core already contains kali linux repos

HardcodedNonce · March 14, 2025, 6:03am

Because kali-core is broken for over half a year now with dependency conflicts. I just installed a fresh kali-core template and as @arkenoi mentioned, it is a plain debian without kali repos.

I can however convert a fedora or debian to a pentest machine, which will force me to work through this weekend.

However as there is a kali-core template i expect it to work. Otherwise the template should be removed.

As this thread has 17k+ views i suspect that i am not the only one interested in a working kali template.

renehoj · March 14, 2025, 6:56am

The only official templates, which you can expect to work, are Debian and Fedora.

Kali are not even mentioned in the documentation as a community template, but that could just be the documentation not being updated.

HardcodedNonce · March 14, 2025, 7:18am

Sure i can’t “expect” it to work. Of course open source software in general comes with no warranty.

Then i want to rephrase it: I am very sad that kali ceased to function, after years of working properly and angry at me for trusting a community-template to be maintained. I am switching to debian right now.

It is just a bad situation pitching qubes to my collegues and putting hours and hours of free time in my setup and now having to strongly recommend any pentester to not use QubeOS.

alimirjamali · March 14, 2025, 8:40am

A fresh set of Kali Core (testing) templates were built 2 days ago:

For both r4.2 & r4.3
You may please wait a little for them to be available for download & installation.

fepitre · March 14, 2025, 8:55am

Yes but they have been unpublished. I remain silent because there were issues with Trixie and testing repositories.

fepitre · March 14, 2025, 8:56am

Please understand that providing Kali is absolutely not the top priority in the context of it’s not an official template at all. If you absolutely need a working Kali template without waiting half a year, clone Debian template, install Kali repository and its metadata package and that’s all.