First, we need to set up our development environment by installing some necessary tools:
# This script updates and upgrades the system, and installs necessary tools for development.
# The -y flag automatically answers yes to any prompts during installation.
# Update and upgrade the system
sudo apt update && sudo apt upgrade -y
# Install packaging tools for building packages
sudo apt install -y packaging-dev
# Install sbuild for building packages in a clean environment
sudo apt install -y sbuild
# Install apt-file for searching for files within packages
sudo apt install -y apt-file
# Install gitk for visualizing git history
sudo apt install -y gitk
# Install git-lfs for handling large files in git
sudo apt install -y git-lfs
# Install myrepos for managing multiple repositories
sudo apt install -y myrepos
Next, let’s generate SSH and GPG keys. These are important for packaging as they will allow us to access our files on GitLab easily and ensure the work is ours:
# This script generates SSH and GPG keys for packaging purposes on GitLab.
# Use sudo to run the command as a superuser.
sudo ssh-keygen -t rsa
# Follow the prompts to create a new key pair.
# Press Enter when prompted to use the default file location and name.
# This will create a new SSH key pair using the RSA algorithm.
# The private key will be saved in ~/.ssh/id_rsa and the public key in ~/.ssh/id_rsa.pub.
# Note: It is recommended to use a passphrase for added security.
# Press Enter when prompted to skip setting a passphrase.
# Note: The passphrase will be required every time the key is used, so choose a strong and memorable one.
# If a passphrase is set, it will be encrypted and stored in ~/.ssh/id_rsa.pub.
# If no passphrase is set, the key will be stored in plain text.
# It is recommended to set a passphrase for added security.
# Copy the public key to the clipboard using xclip or another tool of your choice.
# The public key is needed to access files on GitLab.
# The command below uses cat to read the contents of the public key file and pipes it to xclip.
# This will copy the contents of the file to the clipboard.
cat ~/.ssh/id_rsa.pub | xclip
Then, add the SSH key to GitLab’s web page:
1. Go to https://gitlab.com/profile/keys and click on “Add a new SSH Key” button.
2. Paste your public key into the text box and give it a name (e.g., “My Kali Linux Key”).
3. Click on “Add Key” button to save it.
Now, let’s set up git-buildpackage/gbp buildpackage:
#!/bin/bash
# This script sets up git-buildpackage/gbp buildpackage by creating a configuration file.
# Create a new file named ".gbp.conf" in the user's home directory and add the following configurations to it.
cat << EOF > ~/.gbp.conf
# Set the "pristine-tar" option to true, which enables the use of pristine-tar for creating tarballs.
[DEFAULT]
pristine-tar = true
# Set the "cleaner" option to "/bin/true", which disables the cleaning of the source tree before building.
cleaner = /bin/true
# Set the "sign-tags" option to true, which enables the signing of git tags.
[buildpackage]
sign-tags = true
# Set the "export-dir" option to the user's home directory followed by "/kali/build-area/", which specifies the directory where the built packages will be exported.
export-dir = $HOME/kali/build-area/
# Set the "ignore-branch" option to true, which ignores the current git branch when building.
ignore-branch = true
# Set the "ignore-new" option to true, which ignores new files when building.
ignore-new = true
# Set the "filter-pristine-tar" option to true, which filters out the pristine-tar branch when importing an upstream tarball.
[import-orig]
filter-pristine-tar = true
# Set the "patch-numbers" option to false, which disables the automatic numbering of patches.
[pq]
patch-numbers = false
# Set the "multimaint-merge" option to true, which enables the merging of changelog entries from multiple maintainers.
[dch]
multimaint-merge = true
# Set the "ignore-branch" option to true, which ignores the current git branch when creating a new changelog entry.
ignore-branch = true
EOF
This configuration file tells git-buildpackage to use pristine-tar (which stores a copy of the upstream tarball in Git), cleaner (to remove any unnecessary files after building packages), sign-tags (to add GPG signatures to package tags), export-dir (to set the build area outside of the Git checkout directory), ignore-branch and ignore-new (to avoid conflicts with other branches or new commits).
Finally, let’s customize some useful tools provided by devscripts:
# This script is used to customize some useful tools provided by devscripts.
# It sets the DEBRELEASE_UPLOADER, DEBRELEASE_DEBS_DIR, DEBCHANGE_RELEASE_HEURISTIC, DEBCHANGE_MULTIMAINT_MERGE, DEBCHANGE_PRESERVE, and DEBUILD_LINTIAN_OPTS variables.
# Set the DEBRELEASE_UPLOADER variable to dput, which is used to upload Debian packages.
DEBRELEASE_UPLOADER=dput
# Set the DEBRELEASE_DEBS_DIR variable to the build area outside of the Git checkout directory.
DEBRELEASE_DEBS_DIR=$HOME/kali/build-area/
# Set the DEBCHANGE_RELEASE_HEURISTIC variable to changelog, which is used to determine the release version from the changelog file.
DEBCHANGE_RELEASE_HEURISTIC=changelog
# Set the DEBCHANGE_MULTIMAINT_MERGE variable to yes, which allows multiple maintainers to merge their changes into the same package.
DEBCHANGE_MULTIMAINT_MERGE=yes
# Set the DEBCHANGE_PRESERVE variable to yes, which preserves the original changelog entry when making changes.
DEBCHANGE_PRESERVE=yes
# Set the DEBUILD_LINTIAN_OPTS variable to "--color always", which enables colored output for lintian.
DEBUILD_LINTIAN_OPTS="--color always"
# The following code block creates a file called .devscripts in the home directory and adds the above variables to it.
cat << EOF > ~/.devscripts
DEBRELEASE_UPLOADER=dput
DEBRELEASE_DEBS_DIR=$HOME/kali/build-area/
DEBCHANGE_RELEASE_HEURISTIC=changelog
DEBCHANGE_MULTIMAINT_MERGE=yes
DEBCHANGE_PRESERVE=yes
DEBUILD_LINTIAN_OPTS="--color always"
EOF
This configuration file tells devscripts to use dput (to upload packages to the official repositories), set DEBS_DIR to $HOME/kali/build-area/, enable changelog heuristics, merge changes from multiple maintainers, preserve existing changelogs, and add color output.
That’s it! You can now start packaging upstream versions using DH in Kali Linux.