Trying to morph Kicksecure on Debian Bullseye

whowasi · December 12, 2021, 11:55am

Hello,

I have a barebones Debian Bullseye install (no graphical desktop) and get the following error when trying to install kicksecure-xfce:

Preparing to unpack …/651-kicksecure-xfce_3%3a23.7-1_all.deb …
Unpacking kicksecure-xfce (3:23.7-1) …
Errors were encountered while processing:
/tmp/apt-dpkg-install-vvzm66/504-security-misc_3%3a22.9-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

In the docs for chroot installation of kicksecure, the option “SECURITY_MISC_INSTALL=force” is mentioned.

Is that something that needs to be implemented here?

Patrick · December 13, 2021, 7:37pm

For example:

sudo DEBDEUG=1 apt install --no-install-recommends kicksecure-cli

Instead of the “normal” installation command. This is to gather debug output.

It shows the bash xtrace (each and every command executed) during package installation.

whowasi · December 16, 2021, 3:44pm

Hello Patrick, thank you for taking time!

We use Whonix and just want to help the community by making the Kicksecure ISO with live-build on debian.

So there are many errors…

This happens in chroot stage of live-build.

Simple config:

#!/bin/sh

set -e

lb config noauto
–distribution bullseye
–architectures amd64
–debian-installer live
–debootstrap-options “–include=apt-transport-https,apt-transport-tor,openssl”
–archive-areas “main contrib non-free”
–apt-recommends true
“${@}”

I tried 2 ways.

1.) adding kicksecure repository + key in config/archives and kicksecure-xfce package in config/package-lists.

2.) adding repository via echo and installing kicksecure-xfce as chroot.hook

Both have the same errors unfortunately.

/var/lib/dpkg/info/tzdata.postinst: 32: cannot create /dev/null: Permission denied

Preconfiguring packages …
/tmp/keyboard-configuration.config.DESJTU: 38010: cannot create /dev/null: Permission denied
/tmp/keyboard-configuration.config.DESJTU: 38050: cannot create /dev/null: Permission denied
/tmp/keyboard-configuration.config.DESJTU: 37946: cannot create /dev/null: Permission denied
/tmp/keyboard-configuration.config.DESJTU: 38775: cannot create /dev/null: Permission denied
/tmp/keyboard-configuration.config.DESJTU: 38781: cannot create /dev/null: Permission denied
/tmp/keyboard-configuration.config.DESJTU: 37879: cannot create /dev/null: Permission denied
/tmp/locales.config.uHpoca: 547: cannot create /dev/null: Permission denied
/tmp/locales.config.uHpoca: 566: cannot create /dev/null: Permission denied
/tmp/locales.config.uHpoca: 570: cannot create /dev/null: Permission denied

/var/lib/dpkg/info/python3.9-minimal.postinst: 20: cannot create /dev/null: Permission denied
/var/lib/dpkg/info/python3.9-minimal.postinst: 21: cannot create /dev/null: Permission denied
/var/lib/dpkg/info/python3.9-minimal.postinst: 22: cannot create /dev/null: Permission denied
/var/lib/dpkg/info/python3.9-minimal.postinst: 26: cannot create /dev/null: Permission denied
/var/lib/dpkg/info/python3.9-minimal.postinst: 27: cannot create /dev/null: Permission denied
/var/lib/dpkg/info/python3.9-minimal.postinst: 28: cannot create /dev/null: Permission denied
/var/lib/dpkg/info/python3.9-minimal.postinst: 31: cannot create /dev/null: Permission denied
/var/lib/dpkg/info/python3.9-minimal.postinst: 43: cannot create /dev/null: Permission denied

The above errors I am not sure about. The install script probably pipes something to /dev/null, but the permission denied makes no sense to me.

Preparing to unpack …/0250-sgml-base_1.30_all.deb …
/var/lib/dpkg/tmp.ci/preinst: 17: cannot create /dev/null: Permission denied
dpkg: error processing archive /tmp/apt-dpkg-install-GrKGGP/0250-sgml-base_1.30_all.deb (–unpack):
new sgml-base package pre-installation script subprocess returned error exit status 2
Selecting previously unselected package libsysfs2:amd64.

Adding group sysfs' (GID 110) ... Done. Adding group cpuinfo’ (GID 111) …
Done.
Adding user root' to group sudo’ …
Adding user root to group sudo
Done.
Adding group console' (GID 112) ... Done. Adding group console-unrestricted’ (GID 113) …
Done.
Adding user root' to group console’ …
Adding user root to group console
Done.
/var/lib/dpkg/tmp.ci/preinst: line 200: /dev/null: Permission denied
/var/lib/dpkg/tmp.ci/preinst: line 211: /dev/null: Permission denied
/var/lib/dpkg/tmp.ci/preinst: line 59: /dev/null: Permission denied
/var/lib/dpkg/tmp.ci/preinst: ERROR: No user is a member of group ‘sudo’. Installation aborted.
/var/lib/dpkg/tmp.ci/preinst: ERROR: You probably want to run:

sudo adduser user sudo
sudo adduser user console

This I understand. Because their is no user account during chroot stage it cannot be added to the groups so root is used instead. I could get around this by adding random user with “adduser username1” and then later using --bootappend-live “…user=username1”

Errors were encountered while processing:
/tmp/apt-dpkg-install-GrKGGP/0250-sgml-base_1.30_all.deb
/tmp/apt-dpkg-install-GrKGGP/0895-security-misc_3%3a22.9-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Patrick · December 17, 2021, 8:48pm

Thank you for your interest!

That won’t be simple at all. There’s no shortcut to a proper ISO build process. Won’t be live-build based.

It was previously contributed for Whonix:

github.com

Whonix/Whonix/blob/master/build-steps.d/2550_convert-raw-to-iso

#!/bin/bash

## Copyright (C) 2019 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -x
set -e

true "INFO: Currently running script: $BASH_SOURCE $@"

MYDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

cd "$MYDIR"
cd ..
cd help-steps

source pre
source colors
source variables

This file has been truncated. show original

But it’s unfinished. Previously that code managed to create a Whonix-Host ISO. Adjustments are probably needed to make it build a Kicksecure ISO. Help is welcome but it requires development skills.

Will be live + calamares installer. (calamares integration source code already included in the project source code.)