Qubes Builder. Kali Template

I have been unable to build my own kali template for a long time now, I have looked at many of the guides but found no information on this.
Also tried to build archlinux template but it gives error of key mismatch, namely error about absence of public key of one of gpg keys.

You have not said what is stopping you from building kali.
Have you tried running ./setup.sh in qubes-builder.
What errors do you see?

The key mismatch is a known issue, and a fix is in the pipeline. (I
suspect that this is a mistake at the Arch end, but we shall see.)
In the meantime you can search for the missing key at a keyserver, copy
it into your build qube, and move it to qubes-src/builder-archlinux/keys

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
1 Like

I also built kali template and kali everything, but no kali packages were installed on them and no kali repositories were added. This template was regular debian. Or I don’t understand something and it was enough just to add repositories like in regular debian template? Then I just don’t understand the meaning of template building.

Creating config file /etc/perl/XML/SAX/ParserDetails.ini with new version
Replacing config file /etc/perl/XML/SAX/ParserDetails.ini with new version
Replacing config file /etc/perl/XML/SAX/ParserDetails.ini with new version
Warning: apt-key output should not be parsed (stdout is not a terminal)
‘qubes-mgmt-salt_4.1.16-1+deb11u1_amd64.buildinfo’ looks like architecture ‘amd64’, but this is not listed in the Architecture-Header!
Ignoring as --ignore=surprisingarch given.
→ Building template bullseye (logfile: build-logs/template-bullseye.log)…
make: *** [Makefile:352: template-local-bullseye+kali+standard] Error 1

My steps:
make remount
./setup

  1. Selecting version 4.1
  2. Not selecting any of the repositories
    I don’t select any templates (because there is no kali in templates yet)
  3. In the last step I select debian-builder and kali-template
  4. I issue the commands
    make install-deps
    make get-sources
    make qubes-vm
  5. Going into ./setup again
  6. Now I select both current repositories and tested repositories
  7. Choose kali template or kali-everything (tried twice)
  8. Select debian-builder and kali-template
  9. I typed the commands
    make install-deps
    make get-sources
    make qubes-vm
    make template
    Build goes well
    I flip the template to dom0 and install.
    But on startup it looks like there are no packages and no kali packages anywhere in /etc/apt/*, so it looks like I made a normal debian template
    I am building a Fedora37 appVM.

→ Preparing GnuPG to verify tarball…
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option “–allow-weak-key-signatures” to override)
gpg: key 3348882F6AC6A4C2: 1 bad signature
gpg: key 3348882F6AC6A4C2: “Pierre Schmitz (Arch Linux Master Key) pierre@master-key.archlinux.org” not changed
gpg: key 5184252D824B18E8: 1 signature not checked due to a missing key
gpg: key 5184252D824B18E8: “Thomas Bächler (Arch Linux Master Key) thomas@master-key.archlinux.org” not changed
gpg: key 7EFD567D4C7EA887: 1 signature not checked due to a missing key
gpg: key 7EFD567D4C7EA887: “Ionut Biru (Arch Linux Master Key) ionut@master-key.archlinux.org” not changed
gpg: key BA1DFB64FFF979E7: 4 signatures not checked due to missing keys
gpg: key BA1DFB64FFF979E7: “Allan McRae (Arch Linux Master Key) allan@master-key.archlinux.org” not changed
gpg: key A04F9397CDFD6BB0: 2 signatures not checked due to missing keys
gpg: key A04F9397CDFD6BB0: “Dan McGee (Arch Linux Master Key) dan@master-key.archlinux.org” not changed
gpg: key 7F2D434B9741E8AC: 9 signatures not checked due to missing keys
gpg: key 7F2D434B9741E8AC: 5 bad signatures
gpg: key 7F2D434B9741E8AC: “Pierre Schmitz pierre@archlinux.de” not changed
gpg: Total number processed: 6
gpg: unchanged: 6
→ Verifying tarball…
gpg: Signature made Sat Apr 1 02:10:29 2023 EDT
gpg: using EDDSA key 3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C
gpg: issuer “pierre@archlinux.org
gpg: Can’t check signature: No public key
→ Unbinding INSTALLDIR…
umount: /home/user/qubes-builder/cache/archlinux/bootstrap/mnt: no mount point specified.
make[1]: *** [/home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:88: /home/user/qubes-builder/chroot-vm-archlinux/home/user/.prepared_base] Error 1
make: *** [Makefile:265: vmm-xen-vm] Error 1

I did this but it didn’t work, I found his key at Search results for '0x3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C' and made gpg --keyserver keyserver.ubuntu.com --recv-keys 0x3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C then I exported it and added it to the folder but it didn’t help, same error

I tried this solution and it worked
mkdir newkeys
gpg --homedir newkeys --recv-keys 91FFE0700E80619CEB73235CA88E23E377514E00
gpg --homedir newkeys --recv-keys D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C
gpg --homedir newkeys --recv-keys 2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E
gpg --homedir newkeys --recv-keys 75BD80E4D834509F6E740257B1B73B02CC52A02A
gpg --homedir newkeys --recv-keys 69E6471E3AE065297529832E6BA0F5A2037F4F41
gpg --homedir newkeys --recv-keys 3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C
gpg --homedir newkeys --armor --export > keys.asc
cp keys.asc qubes-src/builder-archlinux/keys/archlinux-master-keys.asc