< Previous | Contents | Next >
9.1.1. Getting the Sources
Rebuilding a Kali package starts with getting its source code. A source package is composed of multiple files: the main file is the *.dsc (Debian Source Control) file as it lists the other accompa- nying files, which can be *.tar.gz,bz2,xz, sometimes *.diff.gz, or *.debian.tar.gz,bz2,xz files.
The source packages are stored on Kali mirrors that are available over HTTP. You could use your web browser to download all the required files but the easiest way to accomplish this is to use the apt source source_package_name command. This command requires a deb-src line in the
/etc/apt/sources.list file and up-to-date index files (accomplished by running apt update). By default, Kali doesn’t add the required line as few Kali users actually need to retrieve source packages but you can easily add it (see sample file in section 8.1.3, “Kali Repositories” [page 173] and the associated explanations in section 8.1.2, “Understanding the sources.list File” [page 172]).
$ apt source libfreefare
Reading package lists... Done
NOTICE: ’libfreefare’ packaging is maintained in the ’Git’ version control system at: git://anonscm.debian.org/collab-maint/libnfc.git
Please use:
git clone git://anonscm.debian.org/collab-maint/libnfc.git
to retrieve the latest (possibly unreleased) updates to the package. Need to get 119 kB of source archives.
Get:1 http://archive-2.kali.org/kali kali-rolling/main libfreefare 0.4.0-2 (dsc) [2,090 B] Get:2 http://archive-2.kali.org/kali kali-rolling/main libfreefare 0.4.0-2 (tar) [113 kB] Get:3 http://archive-2.kali.org/kali kali-rolling/main libfreefare 0.4.0-2 (diff) [3,640 B] Fetched 119 kB in 1s (63.4 kB/s)
gpgv: keyblock resource ‘/home/rhertzog/.gnupg/trustedkeys.gpg’: file open error gpgv: Signature made Tue 04 Mar 2014 06:57:36 PM EST using RSA key ID 40AD1FA6 gpgv: Can’t check signature: public key not found
dpkg-source: warning: failed to verify signature on ./libfreefare_0.4.0-2.dsc dpkg-source: info: extracting libfreefare in libfreefare-0.4.0
dpkg-source: info: unpacking libfreefare_0.4.0.orig.tar.gz dpkg-source: info: unpacking libfreefare_0.4.0-2.debian.tar.xz
$ cd libfreefare-0.4.0
$ ls
AUTHORS CMakeLists.txt COPYING HACKING m4 README
ChangeLog configure.ac debian libfreefare Makefile.am test
cmake contrib examples libfreefare.pc.in NEWS TODO
$ ls debian
changelog copyright libfreefare-dev.install rules compat libfreefare0.install libfreefare-doc.install source control libfreefare-bin.install README.Source watch
In this example, while we received the source package from a Kali mirror, the package is the same as in Debian since the version string doesn’t contain “kali.” This means that no kali-specific changes have been applied.
If you need a specific version of the source package, which is currently not available in the repos- itories listed in /etc/apt/sources.list, then the easiest way to download it is to find out the URL of its .dsc file by looking it up on http://pkg.kali.org and then handing that URL over to dget (from the devscripts package).
After having looked up the URL of the libreefare source package available in kali-bleeding-edge, you can download it with dget. It will first download the .dsc file, then parse it to know what other files are referenced, and then download those from the same location:
$ dget http://http.kali.org/pool/main/libf/libfreefare/libfreefare_0.4.0+0~
➥ git1439352548.ffde4d-1.dsc
dget: retrieving http://http.kali.org/pool/main/libf/libfreefare/libfreefare_0.4.0+0~
➥ git1439352548.ffde4d-1.dsc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed 100 364 100 364 0 0 852 0 --:--:-- --:--:-- --: 854
100 1935 100 1935 0 0 2650 0 --:--:-- --:--:-- --:--:-- 19948
dget: retrieving http://http.kali.org/pool/main/libf/libfreefare/libfreefare_0.4.0+0~
➥ git1439352548.ffde4d.orig.tar.gz [...]
dget: retrieving http://http.kali.org/pool/main/libf/libfreefare/libfreefare_0.4.0+0~
➥ git1439352548.ffde4d-1.debian.tar.xz [...]
libfreefare_0.4.0+0~git1439352548.ffde4d-1.dsc:
dscverify: libfreefare_0.4.0+0~git1439352548.ffde4d-1.dsc failed signature check: gpg: Signature made Wed Aug 12 06:14:03 2015 CEST
gpg: using RSA key 43EF73F4BD8096DA gpg: Can’t check signature: No public key Validation FAILED!!
$ dpkg-source -x libfreefare_0.4.0+0~git1439352548.ffde4d-1.dsc
gpgv: Signature made Wed Aug 12 06:14:03 2015 CEST gpgv: using RSA key 43EF73F4BD8096DA gpgv: Can’t check signature: No public key
dpkg-source: warning: failed to verify signature on ./libfreefare_0.4.0+0~git1439352548
➥ .ffde4d-1.dsc
dpkg-source: info: extracting libfreefare in libfreefare-0.4.0+0~git1439352548.ffde4d dpkg-source: info: unpacking libfreefare_0.4.0+0~git1439352548.ffde4d.orig.tar.gz
dpkg-source: info: unpacking libfreefare_0.4.0+0~git1439352548.ffde4d-1.debian.tar.xz
It is worth noting that dget did not automatically extract the source package because it could not verify the PGP signature on the source package. Thus we did that step manually with dpkg- source -x dsc-file. You can also force the source package extraction by passing the --allow- unauthenticated or -u option. Inversely, you can use --download-only to skip the source package extraction step.
Retrieving Sources from You might have noticed that the apt source invocation tells you about a possible Git Git repository used to maintain the package. It might point to a Debian Git repository or to a Kali Git repository. All Kali-specific packages are maintained in Git repositories hosted on gitlab.com/- kalilinux/packages1. You can retrieve the sources from those repositories with git clone https://gitlab.com/kalilinux/packages/source-package.git. Contrary to what you get with apt source, the obtained tree will not have patches automatically applied. Have a look at debian/patches/ to learn about the possible changes made by Kali. | |
$ git clone https://gitlab.com/kalilinux/packages/kali-meta. ➥ git Cloning into ’kali-meta’... remote: Counting objects: 760, done. remote: Compressing objects: 100% (614/614), done. remote: Total 760 (delta 279), reused 0 (delta 0) Receiving objects: 100% (760/760), 141.01 KiB | 0 bytes/s, ➥ done. Resolving deltas: 100% (279/279), done. Checking connectivity... done. $ cd kali-meta $ ls debian $ ls debian changelog compat control copyright rules source | |
You can use the git repositories as another way to retrieve the sources and thus (mostly) follow the other instructions from this section. But when Kali developers work with those repositories, they use another packaging workflow and use tools from the git-buildpackage package that we will not cover here. You can learn more about those tools here: ➨ https://honk.sigxcpu.org/piki/projects/git-buildpackage/ |
1https://gitlab.com/kalilinux/packages