< Previous | Contents | Next >

9.1.1. Getting the Sources‌

Rebuilding a Kali package starts with getting its source code. A source package is composed of multiple files: the main file is the *.dsc (Debian Source Control) file as it lists the other accompa- nying files, which can be *.tar.gz,bz2,xz, sometimes *.diff.gz, or *.debian.tar.gz,bz2,xz files.

The source packages are stored on Kali mirrors that are available over HTTP. You could use your web browser to download all the required files but the easiest way to accomplish this is to use the apt source source_package_name command. This command requires a deb-src line in the

/etc/apt/sources.list file and up-to-date index files (accomplished by running apt update). By default, Kali doesn’t add the required line as few Kali users actually need to retrieve source packages but you can easily add it (see sample file in section 8.1.3, “Kali Repositories” [page 173] and the associated explanations in section 8.1.2, “Understanding the sources.list File” [page 172]).

$ apt source libfreefare

Reading package lists... Done

NOTICE: ’libfreefare’ packaging is maintained in the ’Git’ version control system at: git://anonscm.debian.org/collab-maint/libnfc.git

Please use:

git clone git://anonscm.debian.org/collab-maint/libnfc.git

to retrieve the latest (possibly unreleased) updates to the package. Need to get 119 kB of source archives.

Get:1 http://archive-2.kali.org/kali kali-rolling/main libfreefare 0.4.0-2 (dsc) [2,090 B] Get:2 http://archive-2.kali.org/kali kali-rolling/main libfreefare 0.4.0-2 (tar) [113 kB] Get:3 http://archive-2.kali.org/kali kali-rolling/main libfreefare 0.4.0-2 (diff) [3,640 B] Fetched 119 kB in 1s (63.4 kB/s)

gpgv: keyblock resource ‘/home/rhertzog/.gnupg/trustedkeys.gpg’: file open error gpgv: Signature made Tue 04 Mar 2014 06:57:36 PM EST using RSA key ID 40AD1FA6 gpgv: Can’t check signature: public key not found

dpkg-source: warning: failed to verify signature on ./libfreefare_0.4.0-2.dsc dpkg-source: info: extracting libfreefare in libfreefare-0.4.0

dpkg-source: info: unpacking libfreefare_0.4.0.orig.tar.gz dpkg-source: info: unpacking libfreefare_0.4.0-2.debian.tar.xz

$ cd libfreefare-0.4.0

$ ls

AUTHORS CMakeLists.txt COPYING HACKING m4 README

ChangeLog configure.ac debian libfreefare Makefile.am test

cmake contrib examples libfreefare.pc.in NEWS TODO

$ ls debian

changelog copyright libfreefare-dev.install rules compat libfreefare0.install libfreefare-doc.install source control libfreefare-bin.install README.Source watch

In this example, while we received the source package from a Kali mirror, the package is the same as in Debian since the version string doesn’t contain “kali.” This means that no kali-specific changes have been applied.

If you need a specific version of the source package, which is currently not available in the repos- itories listed in /etc/apt/sources.list, then the easiest way to download it is to find out the URL of its .dsc file by looking it up on http://pkg.kali.org and then handing that URL over to dget (from the devscripts package).

After having looked up the URL of the libreefare source package available in kali-bleeding-edge, you can download it with dget. It will first download the .dsc file, then parse it to know what other files are referenced, and then download those from the same location:

$ dget http://http.kali.org/pool/main/libf/libfreefare/libfreefare_0.4.0+0~

➥ git1439352548.ffde4d-1.dsc

dget: retrieving http://http.kali.org/pool/main/libf/libfreefare/libfreefare_0.4.0+0~

➥ git1439352548.ffde4d-1.dsc

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed 100 364 100 364 0 0 852 0 --:--:-- --:--:-- --: 854

100 1935 100 1935 0 0 2650 0 --:--:-- --:--:-- --:--:-- 19948

dget: retrieving http://http.kali.org/pool/main/libf/libfreefare/libfreefare_0.4.0+0~

➥ git1439352548.ffde4d.orig.tar.gz [...]

dget: retrieving http://http.kali.org/pool/main/libf/libfreefare/libfreefare_0.4.0+0~

➥ git1439352548.ffde4d-1.debian.tar.xz [...]

libfreefare_0.4.0+0~git1439352548.ffde4d-1.dsc:

dscverify: libfreefare_0.4.0+0~git1439352548.ffde4d-1.dsc failed signature check: gpg: Signature made Wed Aug 12 06:14:03 2015 CEST

gpg: using RSA key 43EF73F4BD8096DA gpg: Can’t check signature: No public key Validation FAILED!!

$ dpkg-source -x libfreefare_0.4.0+0~git1439352548.ffde4d-1.dsc

gpgv: Signature made Wed Aug 12 06:14:03 2015 CEST gpgv: using RSA key 43EF73F4BD8096DA gpgv: Can’t check signature: No public key

dpkg-source: warning: failed to verify signature on ./libfreefare_0.4.0+0~git1439352548

➥ .ffde4d-1.dsc

dpkg-source: info: extracting libfreefare in libfreefare-0.4.0+0~git1439352548.ffde4d dpkg-source: info: unpacking libfreefare_0.4.0+0~git1439352548.ffde4d.orig.tar.gz

dpkg-source: info: unpacking libfreefare_0.4.0+0~git1439352548.ffde4d-1.debian.tar.xz

It is worth noting that dget did not automatically extract the source package because it could not verify the PGP signature on the source package. Thus we did that step manually with dpkg- source -x dsc-file. You can also force the source package extraction by passing the --allow- unauthenticated or -u option. Inversely, you can use --download-only to skip the source package extraction step.

1https://gitlab.com/kalilinux/packages

< Previous | Contents | Next >