Cannot successfully create a Kali templateVM usings the Qubes 4.0 katoolin method

[setemeraude]

Qubes OS version

Qubes 4.0

Affected component(s) or functionality

Debian templateVM, upgraded via external documentation instructions to debian testing releases 'bullseye-security' katoolin network connectivity

Brief summary

To Reproduce

Steps to reproduce the behavior:

0. Assume a default Qubes 4.0 OS utilized by a new/inexperienced user. No tweaks that seem second nature to you competent types.
1. Follow instructions to create a Kali VM following the katoolin method for Qubes 4.0 Relevant documentation: tor: http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/pentesting/kali/ clearnet: https://www.qubes-os.org/doc/pentesting/kali/
2. At step 6.1, you will be unable to complete the step without breaking compartmentalization and directly connect the templateVM to the internet via sys-whonix. Crossposting the terminal error message from my discourse post on the same. user@kali:~$ git clone github.com/LionSec/katoolin.git Cloning into ‘katoolin’… fatal: unable to access ‘"insert github link here"LionSec/katoolin.git/’: Could not resolve host: pretend it says githubdotcom here
3. Connect TemplateVM to netvm long enough to download katoolin and then disconnect. 4a. Attempting to follow step 6.2 without network connectivity to the TemplateVM will produce the following terminal text in katoolin. In short, you will get a network unreachable error. user@kali:~$ sudo katoolin

$$\ $$\ $$\ $$\ $$\ $$ | $$ | $$ | $$ |_| $$ |$$ / $$$$$$\ $$$$$$\ $$$$$$\ $$$$$$\ $$ |$$\ $$$$$$$\ $$$$$ / _$$\ $$ | $$ $$\ $$ $$\ $$ |$$ |$$ $$ $$ $$ 1

Add kali linux repositories
Update
Remove all kali linux repositories
View the contents of sources.list file

What do you want to do ?> 1 Executing: /tmp/apt-key-gpghome.iv5P0LaveT/gpg.1.sh --keyserver pool.sks-keyservers.net --recv-keys ED444FF07D8D0BF6 gpg: keyserver receive failed: Network is unreachable

Add kali linux repositories
Update
Remove all kali linux repositories
View the contents of sources.list file

What do you want to do ?> "

4b. Directly connecting the TemplateVM to a netvm will return a "Server indicated a failure" error message. See below terminal text.

Add kali linux repositories
Update
Remove all kali linux repositories
View the contents of sources.list file

What do you want to do ?> 1 Executing: /tmp/apt-key-gpghome.wTAXCwCaED/gpg.1.sh --keyserver pool.sks-keyservers.net --recv-keys ED444FF07D8D0BF6 gpg: keyserver receive failed: Server indicated a failure

Add kali linux repositories
Update
Remove all kali linux repositories
View the contents of sources.list file"

What do? Any help would be appreciated. Thank you. What do you want to do ?> 1 Executing: /tmp/apt-key-gpghome.iv5P0LaveT/gpg.1.sh --keyserver pool.sks-keyservers.net --recv-keys ED444FF07D8D0BF6 gpg: keyserver receive failed: Network is unreachable

Add kali linux repositories
Update
Remove all kali linux repositories
View the contents of sources.list file

What do you want to do ?> "

Expected behavior

I expected to be able to follow the documentation and to be able to download katoolin without breaking compartmentalization. I also expected katoolin to download the repositories with/without breaking compartmentalization.

Actual behavior

Failure to install katoolin without breaking compartmentalization of the templateVM qube. Failure to download kali repositories via katoolin despite breaking compartmentalization to provide connectivity to the templateVM qube.

Screenshots

in lieu of screenshots, I will paste terminal output below N/A see provided terminal logs.

Additional context

Solutions you've tried

http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/pentesting/kali/ (Tor) https://www.qubes-os.org/doc/pentesting/kali/ (Clearnet)

Relevant documentation you've consulted

http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/pentesting/kali/ (Tor) https://www.qubes-os.org/doc/pentesting/kali/ (Clearnet)

Related, non-duplicate issues

none that describe my issue which appears to be a basic flaw in documentation. A new user should be able to follow the documentation and flawlessly execute its instructions to achieve the desired result. If there are common issues that require troubleshooting, they should be mentioned, as well as their workarounds. This does not appear to be the case for that particular unofficial documentation.

[Jeeppler]

@andrewdavidwong can you assign me to this task?

[marmarek]

@Jeeppler part of the issue is debian-11 template broken because of #5940 . But for now it may be enough to skip installing qubes-core-agent-dom0-updates (that depends on DNF).

[fepitre]

Please see my other comments: https://github.com/QubesOS/qubes-issues/issues/5681#issuecomment-720458303 and https://github.com/QubesOS/qubes-issues/issues/5928#issuecomment-720459546.

[Jeeppler]

@fepitre the intention of the katoolin method is to provide an easy way to install Kali on top of Debian, as long as there is no Kali template available for Qubes OS. The moment there is a Kali template available for Qubes the katoolin method is not necessary anymore.

[fepitre]

@Jeeppler Yes template is working and officially integrated in Qubes since a while. It was only an issue due to DNF that I've solved recently who was failing the build like bullseye.

[fepitre]

@andrewdavidwong I think at some point we would need to announce that too but first I need to add it into the doc and also fix an issue for installing it with qubes-dom0-update. The template itself is too big and exceed quota size allowed so currently the only way to install it is to use qvm-run on the update VM.

[andrewdavidwong]

@andrewdavidwong I think at some point we would need to announce that too

To be clear, "that" = a new Kali template?

but first I need to add it into the doc and also fix an issue for installing it with qubes-dom0-update. The template itself is too big and exceed quota size allowed so currently the only way to install it is to use qvm-run on the update VM.

Sounds good. Let me know when you're ready.

[fepitre]

@andrewdavidwong I think at some point we would need to announce that too

To be clear, "that" = a new Kali template?

Yes.

[github-actions[bot]]

This issue is being closed because:

• This issue is on the "Release 4.0 updates" milestone.
• Qubes OS 4.0 reached EOL (end-of-life) over one year ago.
• There has not been any activity on this issue in over one year.

If anyone believes that this issue should be reopened and reassigned to an active milestone, please leave a brief comment. (For example, if a bug still affects Qubes OS 4.1, then the comment "Affects 4.1" will suffice.)