add kali variant of debian base

thelamer · thelamer · commit ce41349585c5 · 2024-07-18T17:15:04.000-04:00
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -24,7 +24,7 @@
 ## Readme
 
 If you would like to change our readme, please __**do not**__ directly edit the readme, as it is auto-generated on each commit.
-Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-baseimage-debian/edit/master/readme-vars.yml).
+Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-baseimage-debian/edit/kali/readme-vars.yml).
 
 These variables are used in a template for our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) as part of an ansible play.
 Most of these variables are also carried over to [docs.linuxserver.io](https://docs.linuxserver.io)
@@ -115,7 +115,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Update the changelog
 
-If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-baseimage-debian/tree/master/root), add an entry to the changelog
+If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-baseimage-debian/tree/kali/root), add an entry to the changelog
 
 ```yml
 changelogs:
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -21,7 +21,7 @@
 
 ------------------------------
 
- - [ ] I have read the [contributing](https://github.com/linuxserver/docker-baseimage-debian/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications
+ - [ ] I have read the [contributing](https://github.com/linuxserver/docker-baseimage-debian/blob/kali/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications
 
 ------------------------------
 
diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml
@@ -4,13 +4,13 @@ on:
   workflow_dispatch:
 
 jobs:
-  external-trigger-master:
+  external-trigger-kali:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4.1.1
 
       - name: External Trigger
-        if: github.ref == 'refs/heads/master'
+        if: github.ref == 'refs/heads/kali'
         run: |
           echo "**** No external release, exiting ****"
           echo "No external release, exiting" >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml
@@ -9,5 +9,5 @@ jobs:
     - uses: actions/first-interaction@v1
       with:
         issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
-        pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-baseimage-debian/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
+        pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-baseimage-debian/blob/kali/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml
@@ -4,28 +4,28 @@ on:
   workflow_dispatch:
 
 jobs:
-  package-trigger-master:
+  package-trigger-kali:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4.1.1
 
       - name: Package Trigger
-        if: github.ref == 'refs/heads/master'
+        if: github.ref == 'refs/heads/kali'
         run: |
-          if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_MASTER }}" ]; then
-            echo "**** Github secret PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_MASTER is set; skipping trigger. ****"
-            echo "Github secret \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
+          if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_KALI }}" ]; then
+            echo "**** Github secret PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_KALI is set; skipping trigger. ****"
+            echo "Github secret \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_KALI\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
-          if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-debian/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
+          if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-debian/job/kali/lastBuild/api/json | jq -r '.building') == "true" ]; then
             echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
             echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
-          echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_MASTER\". ****"
-          echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_MASTER\`" >> $GITHUB_STEP_SUMMARY
+          echo "**** Package trigger running off of kali branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_KALI\". ****"
+          echo "Package trigger running off of kali branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_BASEIMAGE_DEBIAN_KALI\`" >> $GITHUB_STEP_SUMMARY
           response=$(curl -iX POST \
-            https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-debian/job/master/buildWithParameters?PACKAGE_CHECK=true \
+            https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-debian/job/kali/buildWithParameters?PACKAGE_CHECK=true \
             --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
           echo "**** Jenkins job queue url: ${response%$'\r'} ****"
           echo "**** Sleeping 10 seconds until job starts ****"
diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml
@@ -5,6 +5,8 @@ on:
       - '**/run'
       - '**/finish'
       - '**/check'
+      - 'root/migrations/*'
+
 jobs:
   permission_check:
     uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1
diff --git a/Dockerfile b/Dockerfile
@@ -1,30 +1,47 @@
 # syntax=docker/dockerfile:1
 
-FROM alpine:3.18 as rootfs-stage
+FROM debian:testing AS rootfs-stage
 
 # environment
-ENV REL=bookworm
 ENV ARCH=amd64
 
 # install packages
 RUN \
-  apk add --no-cache \
-    bash \
+  apt-get update && \
+  apt-get install -y \
     curl \
-    tzdata \
-    xz
+    debootstrap \
+    xz-utils
 
-# grab base tarball
+# create base image with debootstrap
 RUN \
-  mkdir /root-out && \
+  echo "**** modify repo ****" && \
+  echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
+  echo "deb-src http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
   curl -o \
-    /rootfs.tar.gz -L \
-    https://github.com/debuerreotype/docker-debian-artifacts/raw/dist-${ARCH}/${REL}/slim/rootfs.tar.xz && \
-  tar xf \
-    /rootfs.tar.gz -C \
-    /root-out && \
+    /etc/apt/trusted.gpg.d/kali-archive-keyring.asc -L \
+    "https://archive.kali.org/archive-key.asc" && \
+  gpg -o \
+    /usr/share/keyrings/kali-archive-keyring.gpg --dearmor \
+    /etc/apt/trusted.gpg.d/kali-archive-keyring.asc && \
+  rm -f /etc/apt/sources.list.d/debian.sources && \
+  apt-get update && \
+  mkdir /root-out && \
+  debootstrap \
+    --variant=minbase \
+    --components=main,contrib,non-free,non-free-firmware \
+    --arch="${ARCH}" \
+    --include=kali-archive-keyring \
+    kali-rolling /root-out http://http.kali.org/kali && \
   rm -rf \
-    /root-out/var/log/*
+    /root-out/tmp/* \
+    /root-out/var/lib/apt/lists/* \
+    /root-out/var/cache/* \
+    /root-out/var/tmp/* \
+    /root-out/var/log/* && \
+  echo "**** modify layer repo ****" && \
+  echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" >> /root-out/etc/apt/sources.list && \
+  echo "deb-src http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" >> /root-out/etc/apt/sources.list 
 
 # set version for s6 overlay
 ARG S6_OVERLAY_VERSION="3.1.6.2"
@@ -108,24 +125,15 @@ RUN \
     apt-utils \
     locales && \
   echo "**** install packages ****" && \
-  apt-get install -y \
+  apt-get install -y --no-install-recommends \
     catatonit \
     cron \
     curl \
     gnupg \
     jq \
+    kali-defaults \
     netcat-traditional \
     tzdata && \
-  echo "**** add all sources ****" && \
-  echo "deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware" > /etc/apt/sources.list && \
-  echo "deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb-src http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  rm -f /etc/apt/sources.list.d/debian.sources && \
   echo "**** generate locale ****" && \
   locale-gen en_US.UTF-8 && \
   echo "**** create abc user and make our folders ****" && \
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
@@ -1,30 +1,47 @@
 # syntax=docker/dockerfile:1
 
-FROM alpine:3.18 as rootfs-stage
+FROM debian:testing AS rootfs-stage
 
 # environment
-ENV REL=bookworm
-ENV ARCH=arm64v8
+ENV ARCH=arm64
 
 # install packages
 RUN \
-  apk add --no-cache \
-    bash \
+  apt-get update && \
+  apt-get install -y \
     curl \
-    tzdata \
-    xz
+    debootstrap \
+    xz-utils
 
-# grab base tarball
+# create base image with debootstrap
 RUN \
-  mkdir /root-out && \
+  echo "**** modify repo ****" && \
+  echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
+  echo "deb-src http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
   curl -o \
-    /rootfs.tar.gz -L \
-    https://github.com/debuerreotype/docker-debian-artifacts/raw/dist-${ARCH}/${REL}/slim/rootfs.tar.xz && \
-  tar xf \
-    /rootfs.tar.gz -C \
-    /root-out && \
+    /etc/apt/trusted.gpg.d/kali-archive-keyring.asc -L \
+    "https://archive.kali.org/archive-key.asc" && \
+  gpg -o \
+    /usr/share/keyrings/kali-archive-keyring.gpg --dearmor \
+    /etc/apt/trusted.gpg.d/kali-archive-keyring.asc && \
+  rm -f /etc/apt/sources.list.d/debian.sources && \
+  apt-get update && \
+  mkdir /root-out && \
+  debootstrap \
+    --variant=minbase \
+    --components=main,contrib,non-free,non-free-firmware \
+    --arch="${ARCH}" \
+    --include=kali-archive-keyring \
+    kali-rolling /root-out http://http.kali.org/kali && \
   rm -rf \
-    /root-out/var/log/*
+    /root-out/tmp/* \
+    /root-out/var/lib/apt/lists/* \
+    /root-out/var/cache/* \
+    /root-out/var/tmp/* \
+    /root-out/var/log/* && \
+  echo "**** modify layer repo ****" && \
+  echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" >> /root-out/etc/apt/sources.list && \
+  echo "deb-src http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" >> /root-out/etc/apt/sources.list 
 
 # set version for s6 overlay
 ARG S6_OVERLAY_VERSION="3.1.6.2"
@@ -108,24 +125,15 @@ RUN \
     apt-utils \
     locales && \
   echo "**** install packages ****" && \
-  apt-get install -y \
+  apt-get install -y --no-install-recommends \
     catatonit \
     cron \
     curl \
     gnupg \
     jq \
+    kali-defaults \
     netcat-traditional \
     tzdata && \
-  echo "**** add all sources ****" && \
-  echo "deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware" > /etc/apt/sources.list && \
-  echo "deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  echo "deb-src http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
-  rm -f /etc/apt/sources.list.d/debian.sources && \
   echo "**** generate locale ****" && \
   locale-gen en_US.UTF-8 && \
   echo "**** create abc user and make our folders ****" && \
diff --git a/Jenkinsfile b/Jenkinsfile
diff --git a/README.md b/README.md
diff --git a/jenkins-vars.yml b/jenkins-vars.yml
