Knowledgebase
  • Welcome!
  • Threats
    • Software
      • Malware
      • Ransomware
      • Macros
    • Hardware
      • Flipper Zero
        • Firmware
          • 🐬flipperzero
            • Getting Started
          • 🐬flipper-xtreme
            • Wiki
              • Key Combos
              • Generic Guides
              • iButton key file format
              • SubGhz
              • How to add new SubGHz frequencies
              • Sub-GHz Remote
              • LF RFID key file format
              • NFC Flipper File Formats
              • Infrared Flipper File Formats
              • BadKB
              • Asset Packs
              • Unit tests
              • OTA Updates
              • How To Build
              • Hardware Targets
              • Flipper Build Tool
              • FAP (Flipper Application Package)
              • Flipper Application Manifests (.fam)
          • 🐬roguemaster
          • 🐬unleashed
    • Human
      • Advanced Persistent Threats (APTs)
      • Social engineering
      • Phishing
      • Typosquatting
    • Disinformation
      • Black Propaganda
      • White Propaganda
      • Grey Propaganda
      • Info Warfare
      • Political Warfare
      • Astroturfing
      • Greenwashing
      • Bluewashing
      • Whisper Campaigns
      • Push Polling
      • "Joe Jobs"
      • False Flags
      • Deep Fakes
  • About
    • Ports
      • 20
      • 21
      • 22
      • 23
      • 25
      • 587
      • 2323
      • 53
      • 80
      • 194
  • Tools
    • Radio Frequency & SubGHZ
      • gnuradio
      • hackrf
    • Digital Forensics
      • afflib
    • Reverse Engineering
      • binwalk
      • radare2
    • Hardware & Virtualization
      • qemu
      • freerdp2
      • util-linux
      • lvm2
    • VPN Providers
      • ProtonVPN
      • NordVPN
      • ExpressVPN
      • Surfshark
      • CyberGhost
      • Private Internet Access
    • Database, Cloud, & Firewalls
      • sqlmap
      • cewl
      • gobuster
      • fwbuilder
      • clamav
    • Enumeration & Lists
      • crunch
      • aflplusplus
      • ffuf
      • maltego
        • maltego-teeth
      • getallurls
    • Penetration Testing
      • beef-xss
      • wifite
      • burpsuite
      • metasploit-framework
    • Passwords & Auth
      • john
      • hashcat
      • hydra
      • cryptsetup
    • Surface Intelligence
      • theharvester
      • subfinder
      • dsniff
      • dnsrecon
      • dirb
      • nikto
      • legion
      • spiderfoot
    • Networks & Wireless
      • nmap
      • impacket-scripts
      • tcpdump
      • traceroute
      • wireshark
      • responder
      • aircrack-ng
      • netcat
      • kismet
      • ubertooth
      • routersploit
      • apache2
      • ettercap
      • bettercap
      • bettercap-ui
      • freeradius
      • bind9
      • samba
      • net-snmp
      • tcpreplay
    • Social Media
      • sherlock
    • Miscellaneous
      • git
      • libnfc
      • llvm-defaults
  • Operating Systems
    • Ubuntu
      • Installation
        • Switching
          • From Windows
          • From macOS
          • From a different Linux
        • Applications
        • Ubuntu PreInstalled
    • Linux Mint
      • Installation Guide
        • Verify your ISO image
        • Choose the right edition
        • Boot Linux Mint
        • Create the bootable media
        • Install Linux Mint
        • Hardware drivers
        • Language support
        • EFI
        • Multimedia codecs
        • System snapshots
        • Pre-installing Linux Mint (OEM Installation)
        • Where to find help
        • Boot options
        • Partitioning
        • Multi-boot
      • User Guide
        • Grub Boot Menu
        • Snap Store
        • Chromium
        • Bluetooth
        • Windows ISOs and multiboot USB
        • How to upgrade to Linux Mint 20
        • Edge ISO Images
        • Lost Password
        • Upgrades
        • Printers and Scanners
        • How to upgrade to Linux Mint 21
      • Troubleshooting Guide
        • Expectation
        • Responsibility
        • Change
        • Reproducibility
        • Observation
        • Environment
        • What
        • When
        • Why
        • Errors
        • Where
        • How
      • Translation Guide
        • Using Launchpad
        • Verify your translations
        • Localization
      • Developer Guide
        • Getting Started
          • Setup
          • Technology
        • Mint Tools
        • Cinnamon
        • XApps
        • Development
          • Daily Builds
          • Coding Guidelines
          • Optimizing JS with Cinnamon
          • Building
    • Kali Linux
      • Installation
        • Installing Kali Linux
        • Bare-bones Kali
        • Installing Kali on Mac Hardware
        • Dual Booting Kali with Linux
        • Making a Kali Bootable USB Drive
        • Dual Booting Kali with macOS/OS X
        • Dual Booting Kali with Windows
        • BTRFS Install (Kali Unkaputtbar)
        • Deploying Kali over Network PXE/iPXE Install
      • Virtualization
        • Running Kali Linux as a Virtual Machine in Windows
        • Installing VMware on Apple Silicon (M1/M2) Macs (Host)
        • Customizing a Kali Vagrant Vagrantfile
        • Kali inside Proxmox (Guest VM)
        • Installing VMware on Kali (Host)
        • Installing VirtualBox on Kali (Host)
        • Import Pre-Made Kali VMware VM
        • Kali inside Parallels (Guest VM)
        • Kali inside Vagrant (Guest VM)
        • Kali inside VMware (Guest VM)
        • Kali inside VirtualBox (Guest VM)
        • Import Pre-Made Kali VirtualBox VM
        • Kali inside Hyper-V (Guest VM)
        • Kali inside UTM (Guest VM)
        • Kali inside QEMU/LibVirt with virt-manager (Guest VM)
        • Improving Virtual Machine Performance for VMware
        • Installing VMware Tools (Guest Tools)
        • Installing VirtualBox Guest Addition (Guest Tools)
        • Installing Hyper-V Enhanced Session Mode (Guest Tools)
        • Converting VMX to an OVA
      • USB
        • Making a Kali Bootable USB Drive (Linux)
        • Making a Kali Bootable USB Drive (macOS/OS X)
        • Updating Kali Linux on USB
        • Making a Kali Bootable USB Drive on Windows
        • Standalone Kali Linux 2021.4 Installation on a USB Drive, Fully Encrypted
        • Adding Persistence to a Kali Linux Live USB Drive
        • Adding Encrypted Persistence to a Kali Linux Live USB Drive
        • USB Boot in VirtualBox
        • USB Boot in VMware
      • Kali On ARM
        • BeagleBone Black
        • Acer Tegra Chromebook 13" (Nyan)
        • ASUS Chromebook Flip (Veyron)
        • Banana Pro
        • Banana Pi
        • CubieBoard2
        • CuBox-i4Pro
        • CubieTruck (CubieBoard3)
        • Gateworks Newport
        • CuBox
        • Gateworks Ventana
        • NanoPi NEO Plus2
        • NanoPi2
        • Mini-X
        • NanoPC-T3
        • ODROID-C0/C1/C1+
        • ODROID-XU3
        • ODROID-U2/U3
        • ODROID-C2
        • Pinebook
      • Containers
        • Kali Linux LXC/LXD Images
        • Official Kali Linux Docker Images
        • Installing Docker on Kali Linux
        • Using Kali Linux Docker Images
        • Using Kali Linux Podman Images
      • WSL
        • Win-KeX SL
        • Win-KeX ESM
        • Preparing a system for WSL
        • Win-KeX
        • Win-KeX Win
      • Cloud
        • Digital Ocean
        • AWS
        • Azure
        • Linode
      • Kali NetHunter
        • Installing NetHunter On the OnePlus 7
        • Installing NetHunter On the Gemini PDA
        • Installing NetHunter
        • Installing NetHunter On the TicWatch Pro 3
        • Installing NetHunter On the TicWatch Pro
        • NetHunter Application - Terminal
        • NetHunter BadUSB Attack
        • NetHunter Bluetooth-Arsenal
        • NetHunter Chroot Manager
        • NetHunter Components
        • NetHunter Custom Commands
        • NetHunter Home Screen
        • NetHunter DuckHunter Attacks
        • NetHunter HID Keyboard Attacks
        • NetHunter Exploit Database SearchSploit
        • NetHunter Kali Services
        • NetHunter MAC Changer
        • NetHunter MANA Evil Access Point
        • NetHunter Man In The Middle Framework
        • NetHunter KeX Manager
      • Tools
        • Installing Tor Browser on Kali Linux
        • Kali Tools
        • Installing snapd on Kali Linux
        • Metasploit Framework
        • Installing Flatpak on Kali Linux
        • Submitting tools to Kali
        • Removed Tools From Kali
      • Troubleshooting
        • Discovering Problems With Download Speed
        • Common Cloud Based Setup Information
        • The Basics of Troubleshooting
        • Troubleshooting Installations Failures
        • Troubleshooting Wireless Drivers
        • Minimum Install Setup Information
      • Kali Development
        • Contributing run-time tests with autopkgtest
        • Custom CuBox Image
        • Custom Beaglebone Black Image
        • Custom EfikaMX Image
        • Custom Chromebook Image
        • Custom MK/SS808 Image
        • Custom Raspberry Pi Image
        • Custom ODROID X2 U2 Image
        • Setting up a system for packaging
        • Intermediate packaging step-by-step example
        • Introduction to packaging step-by-step example
        • Getting the best out of the Kali Bot
        • Advanced Packaging Step-By-Step Example (FinalRecon & Python-icmplib)
        • Generate an Updated Kali ISO
        • Creating A Custom Kali ISO
        • Building Custom Kali ISOs
        • Rebuilding a Source Package
        • Recompiling the Kali Linux Kernel
        • ARM Build Scripts
        • Preparing a Kali Linux ARM chroot
    • Arch Linux
      • Installation Guide
      • Frequently Asked Questions
      • General Recommendations
      • Applications
        • Office & Docs
        • Internet
        • Multimedia
        • Science
        • Security
        • Utilities
        • Others
      • Arch compared to other distributions
    • NetBSD
      • Calls and Errors
      • Libraries
      • Lua Modules
      • Devices and Drivers
  • Law, Policy, and Ethics
    • Fair Use
    • DMCA
      • šŸ—„ļøNotable Cases
        • MGM Studios Inc. v. Grokster, Ltd.
        • Viacom International, Inc v YouTube, Inc
        • Capitol Records, Inc. v. Thomas-Rasset
        • Perfect 10, Inc. v. Amazon.com
        • Recording Industry Association of America (RIAA) v. Diamond Multimedia Systems, Inc.
        • A&M Records, Inc. v. Napster, Inc.
        • BMG Music v. Gonzalez
        • Sony Computer Entertainment America (SCEA) v. Connectix Corp.
        • Columbia Pictures Industries, Inc. v. Fung
        • Warner Bros. Entertainment Inc. v. RDR Books
        • BMG Music v. John Doe
        • Universal Music Group v. Veoh Networks, Inc.
        • Universal Music Group v. MySpace, Inc.
        • UMG Recordings, Inc. v. MP3.com, Inc.
        • Cartoon Network LP v. CSC Holdings, Inc.
        • Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd.
        • Viacom International Inc. v. Google Inc.
        • Tiffany (NJ) Inc. v. eBay Inc.
        • Perfect 10, Inc. v. Visa International Service Association
        • Universal City Studios Productions LLLP v. Reimerdes
        • Recording Industry Association of America (RIAA) v. Lime Group LLC
        • Sony BMG Music Entertainment v. Tenenbaum
        • Viacom International Inc. v. Time Warner Cable Inc.
        • UMG Recordings, Inc. v. Shelter Capital Partners LLC
        • Sony Computer Entertainment America Inc. v. Bleem LLC
        • Universal City Studios, Inc. v. Corley
        • Ticketmaster Corp. v. Tickets.com, Inc.
        • Authors Guild, Inc. v. Google, Inc.
        • Perfect 10, Inc. v. Cybernet Ventures, Inc.
        • Tiffany (NJ) Inc. v. Ningbo Beyond Home Textile Co., Ltd.
        • Google Inc. v. American Blind & Wallpaper Factory, Inc.
        • Columbia Pictures Industries, Inc. v. Redd Horne, Inc.
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Operating Systems
  2. Kali Linux
  3. Kali Development

Getting the best out of the Kali Bot

PreviousIntroduction to packaging step-by-step exampleNextAdvanced Packaging Step-By-Step Example (FinalRecon & Python-icmplib)

Last updated 2 years ago

Was this helpful?

Kali is putting lots of efforts in building automation to help maintain an ever bigger number of packages of security tools. This article presents the Kali Bot, how it works and the few points to pay attention to so that the Kali Bot can do its job.

IntroductionWhat is the Kali Bot?

The Kali Bot is actually an instance of the developed by Jelmer Vernooij. Our instance runs on and controls the GitLab account to be able to push changes and submit to our packaging repositories.

What can it do?

It has many features but we currently use three of them:

  1. it can push small fixes/improvements to packaging git repositories, this is the task;

  2. it can automatically package new upstream releases in the repository and propose the corresponding merge request in the git repository, this is the task;

  3. it can automatically package git snapshots in every time that the upstream developers have pushed a change to their git repository, this is the task.

Information for upstream developers

Dear infosec developers, Kali wants to provide the best experience to the users of your software and as such we strive to provide the latest version (with the help of the Kali Bot)!

Recommendations

Following the recommendations below maximizes your chances that the Kali Bot will be able to prepare a working package out of your releases (and git snapshots).

  • Maintain your software in a public git repository. It seems obvious but we still have software only released as a tarball.

  • Create and push git tags for your releases. We monitor new upstream releases with a tool called , it follows the instructions provided in debian/watch in our packaging repositories. That file typically points to the ā€œtagsā€ or ā€œreleasesā€ page of your git hosting and uscan will parse the HTML to find out the URL of the latest release tarball.

  • Don’t build release tarballs that differ significantly from git snapshots. Ideally the packaging rules should be applicable to both release tarballs and those generated with git archive.

  • Always provide some build system (even if you have nothing to build) so that you control the instructions to install your software in a system-wide manner. If you don’t, then the installation instructions are encoded in the Kali package and any automated package update will try to apply the former instructions to your latest version and they might not work if you have made significant changes.

    Note that the build system should offer a way to install the files in a non-standard place. With a Makefile, the package build typically calls make install DESTDIR=$(pwd)/debian/tmp to install the files in a temporary directory that gets packed up in the .deb file without interfering with the root file system (doing so would cause the build to fail as it doesn’t have the required permissions). Have a look at for an example with a simple Makefile.

How to get timely updates in kali-bleeding-edge

The Kali Bot has many packages to monitor and it might take a while to notice that you have pushed some changes to your git repository. If you want the bot to have a look at your repository immediately, then configure a webhook notifying https://janitor.kali.org/ of your push events.

For GitHub, you can do so in the ā€œWebhooksā€ section of the ā€œSettingsā€ tab. Fill the form as shown below and click on ā€œAdd webhookā€:

Information for Kali developers

The Kali Bot is still relatively young and there are many things that can go wrong in the various tasks that it runs. In this section, we try to show where you can look to try to understand why the bot didn’t do what you expected.

Discovering the web interface

Understanding Kali Bot’s workflow

There’s a scheduler that will regularly trigger all possible jobs on all possible packages (the allowed combinations are defined in the publish-policy.json file.

Then we have a worker that runs all those jobs. A job is usually a run of debian-svp (a command within silver-platter) which is a tool to automate some changes on packaging git repositories.

Once the change is done, the bot will rebuild the package with the added change, ensure that the package still builds and compare the generated packages with the result of the build of an unmodified package.

Once built, the change will be put in a queue to be published. It will usually happen soon but it can be delayed due to rate limits (the bot publishes results at a slow pace so that any mistake can be caught before it has impacted too many repositories, and so that developers do not get instantly overwhelmed). You can avoid those restrictions with the ā€œPublish nowā€ button in the corresponding job page.

Things to know about lintian-fixes

When the tool isn’t able to fix something, it just does nothing without failing. Also in its default configuration, the tool only fixes something when there’s a single obviously correct fix. It will not make opinionated choice in place of the maintainer.

In the Kali context, the job should not document its work in debian/changelog, as it detects that we are updating debian/changelog in standalone commits with gbp dch. If the recent history did update the changelog along with each change, then the bot will follow along (you can disable that behaviour in your manual run with the --no-update-changelog command line option).

The publish policy configured in Kali lets the bot directly push those changes to the packaging git repositories (in other words, it will not submit merge requests).

Things to know about fresh-releases

This job will run uscan to check whether there’s a new upstream version of the software that is not yet in the git packaging repository. If it finds a newer version, it will import it with gbp import-orig and update the changelog with gbp dch.

You can reproduce all this locally by running debian-svp new-upstream --debian-revision=0kali1 --require-uscan --refresh-patches --dry-run --skip-empty --diff <package> on a kali-rolling system with the appropriate deb-src line in APT’s sources.list (and with silver-platter installed).

The publish policy configured in Kali lets the bot directly push the updates for the upstream and pristine-tar branches, but the changes for the kali/master branch will be proposed with a merge request. At the same time, the resulting package will also be uploaded to kali-experimental.

Things to know about fresh-snapshots

This job will try to build an updated package based on the latest upstream git commit. To achieve this, it first tries to identify the upstream git repository by looking at the Homepage field in debian/control and/or the Repository field in debian/upstream/metadata.

Once it has found this repository, it will create an updated upstream tarball with git archive. The version given to that tarball will look like <ver>+git<date>.<n>.<commit> where <ver> is the latest upstream version, <date> is the date of the last commit, <n> is a numerical increment in case we have multiple updates during the same day, and <commit> is a short commit identifier to be able to know exactly what commit has been packaged.

Then it will gbp import-orig that new upstream tarball and update the changelog with gbp dch.

You can reproduce all this locally by running debian-svp new-upstream --snapshot --dry-run --diff <package>.

So why didn’t the Kali Bot do its job?

Special thanks

Thanks to this, you can point users who reported bugs to the and ask them to verify that their issues is effectively fixed in the package available in kali-bleeding-edge.

If you have setup the webhook, and if you don’t see any updated package in the kali-bleeding-edge repository, you might want to read on the rest of this page to see if you can figure out what’s wrong. If you’re stuck, feel free to reach us at and we will do our best to fix this for you.

The shows you the result of the latest run of each task on each package and gives some factual information about the result and about how to access the build result.

There’s , named cupboard, which gives more information (and control) about what’s going on in the backend. You can look at the queue of upcoming jobs, the history of recently executed jobs, job results that are waiting to be published, jobs waiting human approval before publication, etc.

Various pages give you the possibility to send instructions to the Kali Bot with different buttons. However clicking on the buttons will only have an effect if you are connected with your gitlab.com account and if you are a member of the group.

that file is only accessible to Kali developers). You can see the .

At this stage, if the package built successfully, the change is considered ā€œreadyā€ and it will appear in the until it has been merged in the target repository (or until it has become obsolete).

This job is the easier to reproduce and is quite unlikely to fail. It’s just running the tool within the packaging git repository.

The main downside at the current time is that the bot will thus do nothing if there’s a new upstream release that doesn’t build with the current packaging (because we need to update our packaging rules). How to improve this situation is tracked in .

The publish policy configured in Kali will just upload the resulting package to kali-bleeding-edge. The git repository changes are not pushed anywhere at this time (except on the bot’s own git repository that can be accessed in ).

Maybe it did build the changes, but the job has not been published yet due to rate-limiting. Check the list of changes which are .

Maybe it failed, have a look at the logs of the jobs for the package that you are interested in. The /cupboard/pkg/<package> URL should be your starting point (ex: . Then look at the recents runs of and find the latest run of the job that you are interested in.

If you find something odd, that doesn’t make sense or that looks wrong, feel free to report it to or if you think that it’s a generic issue with the bot.

We would like to give a big shout-out to who wrote the Janitor Bot in the first place, but also worked very hard with us to customize the bot for our needs and to fix the numerous issues that .

Debian Janitor Bot
janitor.kali.org
kali-bot
merge requests
lintian-fixes
kali-experimental
fresh-releases
kali-bleeding-edge
fresh-snapshots
uscan
dnsenum
kali-bleeding-edge documentation
[email protected]
basic web interface
another web interface
kalilinux/packages
resulting queue
corresponding web page
lintian-brush
this ticket
janitor.kali.org/git/
ready to be published
amass
[email protected]
directly to the janitor maintainer
Jelmer Vernooij
we reported to him