Skip to content

Instantly share code, notes, and snippets.

@FreddieOliveira

FreddieOliveira/Dockerfile

Last active January 27, 2023 07:47
Show Gist options
  • Save FreddieOliveira/634354725b5c32b214292cf5402ca214 to your computer and use it in GitHub Desktop.
Save FreddieOliveira/634354725b5c32b214292cf5402ca214 to your computer and use it in GitHub Desktop.
Download ZIP
Steps to build an ARM Kali Linux docker image from within Termux app in Android.
Raw
build-rootfs.sh
#!/bin/sh
distro=${1:-kali-rolling}
mirror=${2:-http://http.kali.org/kali}
rootfsDir=rootfs-$distro
debootstrap=${DEBOOTSTRAP:-debootstrap}
rootfs_chroot() {
PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
chroot "$rootfsDir" "$@"
}
if [ ! -e /usr/share/debootstrap/scripts/$distro ]; then
echo "ERROR: debootstrap has no script for $distro"
echo "ERROR: use a newer debootstrap"
exit 1
fi
if [ ! -e /usr/share/keyrings/kali-archive-keyring.gpg ]; then
echo "ERROR: you need /usr/share/keyrings/kali-archive-keyring.gpg"
echo "ERROR: install kali-archive-keyring"
exit 1
fi
rm -rf $rootfsDir $distro.tar.xz
debootstrap --variant=minbase --components=main,contrib,non-free \
--include=kali-archive-keyring,kali-defaults \
$distro $rootfsDir $mirror
rootfs_chroot apt-get clean
# Inspired by /usr/share/docker.io/contrib/mkimage/debootstrap
cat > "$rootfsDir/usr/sbin/policy-rc.d" <<-'EOF'
#!/bin/sh
exit 101
EOF
chmod +x "$rootfsDir/usr/sbin/policy-rc.d"
echo 'force-unsafe-io' > $rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup
aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
cat > "$rootfsDir/etc/apt/apt.conf.d/docker-clean" <<-EOF
DPkg::Post-Invoke { ${aptGetClean} };
Dir::Cache::pkgcache "";
Dir::Cache::srcpkgcache "";
EOF
echo 'Acquire::Languages "none";' >$rootfsDir/etc/apt/apt.conf.d/docker-no-languages
cat > $rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes <<-'EOF'
Acquire::GzipIndexes "true";
Acquire::CompressionTypes::Order:: "gz";
EOF
echo 'Apt::AutoRemove::SuggestsImportant "false";' >$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests
rm -rf $rootfsDir/var/lib/apt/lists/*
mkdir $rootfsDir/var/lib/apt/lists/partial
echo "Creating $distro.tar.xz"
tar -C $rootfsDir -cf $distro.tar.xz .
Raw
docker-build.sh
#!/data/data/com.termux/files/usr/bin/bash
set -e
DISTRO=${1:-kali-rolling}
TARBALL=$DISTRO.tar.xz
CHROOT=rootfs-$DISTRO
CI_REGISTRY_IMAGE=${CI_REGISTRY_IMAGE:-kalilinux}
BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
BUILD_VERSION=$(date -u +"%Y-%m-%d")
IMAGE=$DISTRO
VERSION=$BUILD_VERSION
RELEASE_DESCRIPTION="$DISTRO"
echo Building...
docker build --pull -t $CI_REGISTRY_IMAGE/$IMAGE:$VERSION \
--build-arg TARBALL=$TARBALL \
--build-arg BUILD_DATE=$BUILD_DATE \
--build-arg VERSION=$VERSION \
--build-arg RELEASE_DESCRIPTION="$RELEASE_DESCRIPTION" \
.
Raw
Dockerfile
FROM scratch
# Metadata params
ARG BUILD_DATE
ARG VERSION
ARG TARBALL
ARG RELEASE_DESCRIPTION
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
LABEL org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.vendor='Offensive Security' \
org.opencontainers.image.version=$VERSION \
org.opencontainers.image.title="Kali Linux ($RELEASE_DESCRIPTION release)" \
org.opencontainers.image.description="Unofficial Kali Linux docker image for $RELEASE_DESCRIPTION" \
org.opencontainers.image.url='https://www.kali.org/' \
org.opencontainers.image.authors="Kali Developers <[email protected]>"
ADD $TARBALL /
CMD ["bash"]
Raw
kali.md

Intro

Unfortunately Kali devs only offer a docker container for amd64 architecture. That means if you want to run a Kali container in a Raspberry or any other ARM system that won't be possible.

I opened an issue in the Kali official repo, but I got no answer so far. Maybe I didn't open it in the right repo. In any case, all that was left to us was to build our own container. We'll be using the same steps the official docker images follows and the scripts used here are a slightly modified version of the originals.

Note that the building process bellow was created having Android in mind, meant to be executed inside the Termux app. You'll also need to already have docker running in your phone, since an auxiliary Ubuntu container will be used.

Steps

Creating the rootfs

The first step is to create the minimal rootfs. This step will be executed inside an Ubuntu container, because running debootstrap directly on Termux would involve some additional steps and extra configuration.

Start the container with a shared volume with the host:

$ sudo docker run \
    -it \
    --rm \
    -w /root \
    -v $TMPDIR/docker-share:/root/docker-share \
    ubuntu

This will start a container with the same architecture of your phone. If instead, you have a 64 bit system and want to build a 32 bit Kali image, you can start a 32 bit Ubuntu container using the command bellow:

$ sudo docker run \
    -it \
    --rm \
    -w /root \
    -v $TMPDIR/docker-share:/root/docker-share \
    --platform=linux/arm \
    arm32v7/ubuntu

Now from within the container install the prerequisite tools and build the rootfs:

# echo 'APT::Sandbox::User "root";' > /etc/apt/apt.conf
# apt update
# apt install debootstrap wget binutils xz-utils
# wget https://gist.githubusercontent.com/FreddieOliveira/634354725b5c32b214292cf5402ca214/raw/3020ff7f3f7ce5250c3f1461041ab2a08b8e72d7/build-rootfs.sh
# wget https://http.kali.org/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb
# ar x kali-archive-keyring_2020.2_all.deb
# tar xf data.tar.xz -C /
# chmod +x build-rootfs.sh
# ./build-rootfs.sh

If everything went well, a kali-rolling.tar.xz file should exist in the working directory. Just copy it to the shared volume (cp kali-rolling.tar.xz ~/docker-share) so we can use it from outside the container to finish the process. You can now exit from the container and it will be automatically deleted.

Note: if you're getting the Required key not available error when copying the kali-rolling.tar.xz file to the shared volume, check here on how to proceed.

Creating the docker image

Now that we have the compressed rootfs, it's just a matter of building the docker image with it. Inside Termux terminal let's structure the working directory and run the docker-build.sh script:

$ sudo mkdir -p $TMPDIR/docker-share/kali-image
$ cd $TMPDIR/docker-share/kali-image
$ sudo mv ../kali-roling.tar.xz .
$ sudo wget https://gist.githubusercontent.com/FreddieOliveira/634354725b5c32b214292cf5402ca214/raw/3020ff7f3f7ce5250c3f1461041ab2a08b8e72d7/Dockerfile
$ sudo wget https://gist.github.com/FreddieOliveira/634354725b5c32b214292cf5402ca214/raw/3020ff7f3f7ce5250c3f1461041ab2a08b8e72d7/docker-build.sh
$ sudo chmod +x docker-build.sh
$ sudo ./docker-build.sh

And that's it. The image should've been created and stored under /data/docker/lib/docker (or whatever directory you configured it). You can now delete the $TMPDIR/docker-share/kali-image dir if desired.

Running sudo docker image ls shows the newly created image:

REPOSITORY               TAG          IMAGE ID       CREATED         SIZE
kalilinux/kali-rolling   2021-01-25   1f1a7238f21e   2 minutes ago   135MB

You can chage the metadata like REPOSITORY, TAG, etc by modifying the docker-build.sh before running it to build the image.

To run a container of your image use REPOSITORY:TAG:

$ sudo socker run -it kalilinux/kali-rolling:2021-01-25

or the IMAGE ID:

$ sudo docker run -it 1f1a7238f21e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment