Building a Kali HVM with qubes-tools

[joev...@gmail.com]

I am trying to build a Standalone HVM from the Kali Linux 2018.2 iso. I managed to install the following packages from https://deb.qubes-os.org/r4.0/vm/pool/main/

libqrexec-utils2_4.0.20+deb8u1_amd64.deb
libqubesdb_4.0.8-1+deb8u1_amd64.deb
libqubes-rpc-filecopy2_4.0.20+deb8u1_amd64.deb
libvchan-xen_4.0.3-1+deb8u1_amd64.deb
libvchan-xen-dev_4.0.3-1+deb8u1_amd64.deb
libxen-4.8_4.8.4-1+deb8u1_amd64.deb
libxen-lowlevel1.0_4.8.4-1+deb8u1_amd64.deb
libxenstore3.0_4.8.4-1+deb8u1_amd64.deb
pulseaudio-qubes_4.0.15-1+deb8u1_amd64.deb
python-qubesdb_4.0.8-1+deb8u1_amd64.deb
python-xpyb_1.3.1-1_amd64.deb
qubes-core-agent_4.0.33-1+deb8u1_amd64.deb
qubes-core-agent-nautilus_4.0.33-1+deb8u1_amd64.deb
qubes-core-agent-networking_4.0.33-1+deb8u1_amd64.deb
qubes-core-agent-network-manager_4.0.33-1+deb8u1_amd64.deb
qubes-core-agent-passwordless-root_4.0.33-1+deb8u1_amd64.deb
qubes-core-agent-qrexec_4.0.33-1+deb8u1_amd64.deb
qubesdb_4.0.8-1+deb8u1_amd64.deb
qubesdb-vm_4.0.8-1+deb8u1_amd64.deb
qubes-desktop-linux-common_4.0.14-1+deb8u1_amd64.deb
qubes-gui-common_4.0.2+deb8u1_amd64.deb
qubes-input-proxy-receiver_1.0.12-1+deb8u1_amd64.deb
qubes-input-proxy-sender_1.0.12-1+deb8u1_amd64.deb
qubes-kernel-vm-support_4.0.20+deb8u1_amd64.deb
qubes-menus_4.0.14-1+deb8u1_amd64.deb
qubes-usb-proxy_1.0.18+deb8u1_amd64.deb
qubes-utils_4.0.20+deb8u1_amd64.deb
xenstore-utils_4.8.4-1+deb8u1_amd64.deb
xen-utils-common_4.8.4-1+deb8u1_all.deb
xserver-xorg-input-qubes_4.0.15-1+deb8u1_amd64.deb
xserver-xorg-video-dummyqbs_4.0.15-1+deb8u1_amd64.deb

But the trouble starts when I install these:

qubes-gui-agent_4.0.15-1+deb8u1_amd64.deb
qubes-vm-dependencies_4.0.2-1+deb8u1_amd64.deb

"vm-dependencies_4.0.2 depends on gui-agent already being installed."

When I install gui-agent_4.0.15, the X server shuts off and the window goes away. The VM is still running in the background but I cannot interact with it.

The dm log shows no noticeable errors except this:
qubes_gui: viewer disconnected, waiting for new connection

Rebooting the vm doesn't help unless I boot in single-user mode and remove gui-agent. Then I can run 'startx' and get the normal Kali desktop.

I cannot connect 'xl console' at any time. Running commands from dom0 with 'qvm-run' doesn't work. Shared clipboard doesn't work.
Networking and USB attaching both seem to work. File Copy works and nautilus menus are there. Passwordless-root does work. I did set a root password before installing the deb packages, but now it is blank, so I assume dom0 should have access to the X server to show application windows.

I have a feeling I am missing something... but I don't know what deb package does what.

Please let me know what I am missing or what I can check.
Thank you.

[joev...@gmail.com]

Also, I had to --ignore some dependencies for two packages:
xserver-xorg-video-dummyqbs_4.0.15-1+deb8u1_amd64.deb
xserver-xorg-input-qubes_4.0.15-1+deb8u1_amd64.deb

As they were complaining about not having xorg-video-abi-18 and xorg-input-abi-21 respectively.
I figured it was okay to ignore these dependency warnings because I do have xorg-video-abi-24 and xorg-input-abi-24 installed by default with xserver-xorg-core. I shouldn't have to downgrade, right?

[awokd]

Might be easiest to clone the debian-9 template to a new HVM, then install
Kali on top of it.

[joev...@gmail.com]

On Sunday, 12 August 2018 15:31:24 UTC-4, awokd wrote:

Yeah, I've done that before. But that isn't what I want. That only works for distros that have nice repos that can be installed. I do have other linux distros based on debian or fedora that I want to be able to create qubes from. There should be a process for them too. It is kinda sad that we're at Qubes 4.0 and there are only a few Templates created. Nobody seems to build templates from scratch because of the dependencies.

[joev...@gmail.com]

On Sunday, 12 August 2018 15:31:24 UTC-4, awokd wrote:

> On Fri, August 10, 2018 10:23 am,

Sometimes I get linux distributions as ISOs I want to integrate with Qubes. And sometimes I get Kali as a vmdk or other virtual machine.
Building from scratch doesn't get me what I need. I am hoping for a packaged solution like other virtualization products (vmware tools, guest-additions).

[Noor Christensen]

On Mon, Aug 13, 2018 at 10:12:05AM -0700, joev...@gmail.com wrote:
> On Sunday, 12 August 2018 15:31:24 UTC-4, awokd wrote:
> > On Fri, August 10, 2018 10:23 am,

> > Might be easiest to clone the debian-9 template to a new HVM, then install
> > Kali on top of it.
>
> Sometimes I get linux distributions as ISOs I want to integrate with Qubes.
> And sometimes I get Kali as a vmdk or other virtual machine.
> Building from scratch doesn't get me what I need. I am hoping for a packaged
> solution like other virtualization products (vmware tools, guest-additions).

While I understand your intents and frustration, it has to be said that one
major difference of using Qubes over "other virtualization products" is that
its security model is tightly intergrated with guest VMs.

This puts some constraints on what and how you run things on the guest systems
and in what capacity the Qubes host can intergrate with your guest VM
distribution of choice. You should stop thinking of Qubes as an everyday
alternative to "run anything anywhere"-virtualization solutions like those you
mention, and more lika a framework to help you define and separate your
workflow into segmented security domains.

If you absolutely need a virtualization solution that runs anything without
complaining, Qubes is not the right option for you. Try adapting your
workflow/VM usage patterns to the Qubes security model instead of doing the
opposite.

Kind regards,

Noor
--
|_|O|_|
|_|_|O| Noor Christensen
|O|O|O| 0x401DA1E0

[joev...@gmail.com]

On Saturday, 18 August 2018 09:04:04 UTC-4, Noor Christensen wrote:
> On Mon, Aug 13, 2018 at 10:12:05AM -0700,

I understand. Which is why I posted this under devel and not user.

All I would like to see, is more of what is already offered with Windows 7. A set of tools that provide basic Qubes integration. Qubes does vm integration much more securely than Type 2 virtualization products.
If it is possible to provide Tools for Windows 7 with a single package, then it shouldn't be a tough ask to support debian and fedora based distributions in the same way.

[Unman]

I'm not absolutely clear what it is that you want that isnt already
available..
You can take pretty much any Debian or Ubuntu based distro, install the
Qubes tools and get a fully functioning qube. (I cant speak for Fedora)
The problem with Kali is that it's based off buster, and the current
qubes tools don't work there, as you know. But that's because it's
*testing*. It's not a priority to solve problems which involve hitting
a moving target, particularly if the solution will be coming in the
development process.

[joev...@gmail.com]

Thanks. I didn't think of Kali-rolling as also being Debian "Testing".
I did run into some dependency problems with a basic Debian wheezy back when I was trying this with Qubes 3.2. But I suppose I should try again with a basic distro.

Is it better to install the .deb files one by one, handling dependencies as they come... or is there a repository I can add that will take care of all that?