update live build

.getopt.sh

@@ -0,0 +1,19 @@
+# Supported options are (from build.sh):
+# -d | --distribution <distro>
+# -p | --proposed-updates
+# -a | --arch <architecture>
+# -v | --verbose
+# -D | --debug
+# -s | --salt
+# -h | --help
+#      --installer
+#      --live
+#      --variant <variant>
+#      --version <version>
+#      --subdir <directory-name>
+#      --get-image-path
+#      --no-clean
+#      --clean
+
+BUILD_OPTS_SHORT="d:pa:vDsh"
+BUILD_OPTS_LONG="distribution:,proposed-updates,arch:,verbose,debug,salt,installer,live,variant:,version:,subdir:,get-image-path,no-clean,clean,help"

.gitignore

@@ -0,0 +1,32 @@
+# Directories
+.build/*
+binary/*
+binary.*/*
+cache/*
+chroot/*
+config/*
+images
+local/*
+simple-cdd/images/*
+simple-cdd/tmp/*
+# Files
+.mirror
+build.log
+chroot.files
+chroot.packages.install
+chroot.packages.live
+config/binary
+config/bootstrap
+config/common
+config/source
+live-image-*.contents
+live-image-*.files
+live-image-*.hybrid.iso.zsync
+live-image-*.packages
+# Overwritten due to build.sh
+simple-cdd/debian-cd/*
+simple-cdd/profiles/kali.downloads
+# Miscellaneous
+.lock
+.stage
+prepare.log

README.md

@@ -0,0 +1,16 @@
+# live-build configuration for Kali ISO images
+
+Have a look at [Live Build a Custom Kali ISO](https://www.kali.org/docs/development/live-build-a-custom-kali-iso/) for explanations on how to use this repository.
+
+### Installation
+
+1. Install packages
+ 
+   ```sh
+   sudo apt install -y git live-build simple-cdd cdebootstrap curl
+   ```
+2. Make iso
+ 
+   ```sh
+   sudo ./build.sh --verbose --variant xfce
+   ```

auto/clean

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+lb clean noauto "$@"
+
+rm -fv config/binary \
+	config/bootstrap \
+	config/chroot \
+	config/common \
+	config/source \
+	config/package-lists/live.list.chroot
+
+if [ -e config/hooks/ ]; then
+	find config/hooks/ -type l \
+		| xargs --no-run-if-empty rm -f
+fi

auto/config

@@ -0,0 +1,150 @@
+#!/bin/bash
+
+set -e
+set -o pipefail # Bashism
+
+# You can put a local mirror here if you want (or you can set
+# it in .mirror)
+if [ -e .mirror ]; then
+    kali_mirror=$(cat .mirror)
+else
+    kali_mirror=http://kali.download/kali
+fi
+
+### DO NOT EDIT THE REST OF THIS FILE ###
+
+public_kali_mirror=http://http.kali.org/kali
+
+# Detect target architecture and filter args
+temp=""
+arch=$(dpkg --print-architecture)
+dist="kali-rolling"
+lb_opts=""
+while [ $# -gt 0 ]; do
+   	arg="$1"
+	case "$arg" in
+        -a|--arch|--architecture|--architectures)
+		arch="$2"
+		temp="$temp "'"'"$arg"'"'
+		temp="$temp "'"'"$2"'"'
+		shift
+		;;
+	--distribution)
+		dist="$2"
+		shift
+		;;
+	--variant)
+		variant="$2"
+		shift
+		;;
+	-p|--proposed-updates)
+		enable_pu="1"
+		;;
+	--)
+		# Skip the separator, it was added so that "lb config"
+		# doesn't barf on our own options, but now we are
+		# filtering them away assuming that the remaining ones
+		# are intended for lb config !
+		;;
+	*)
+		temp="$temp "'"'"$arg"'"'
+		;;
+	esac
+	shift
+done
+eval set -- "$temp"
+
+# Resolve release name
+dist=$(wget -q -O- $kali_mirror/dists/$dist/Release | awk '/^Codename:/ {print $2}')
+if [ -z "$dist" ]; then
+	echo "ERROR: Build release could not be resolved"
+	exit 1
+fi
+
+# live-build doesn't work if --parent-debian-distribution is unknown of
+# debian-cd => we have to put a symlink so that it deals with kali like sid
+if [ ! -e ${LIVE_BUILD:-/usr/share/live/build}/data/debian-cd/$dist ]; then
+	if [ -w ${LIVE_BUILD:-/usr/share/live/build}/data/debian-cd ]; then
+		ln -sf sid ${LIVE_BUILD:-/usr/share/live/build}/data/debian-cd/$dist
+	else
+		echo "ERROR: Run this first:"
+		echo "ln -sf sid ${LIVE_BUILD:-/usr/share/live/build}/data/debian-cd/$dist"
+		exit 1
+	fi
+fi
+
+# Define options that vary across architectures
+case "$arch" in
+    amd64)
+	lb_opts="$lb_opts --debian-installer live"
+    ;;
+    i386)
+	lb_opts="$lb_opts --debian-installer live --linux-flavours 686-pae"
+    ;;
+    arm64)
+	lb_opts="$lb_opts --bootloaders grub-efi --uefi-secure-boot disable"
+    ;;
+    armel|armhf)
+	lb_opts="$lb_opts --binary-images hdd --binary-filesystem ext4 --chroot-filesystem none"
+    ;;
+    *)
+	echo "WARNING: configuration not tested on arch $arch" >&2
+    ;;
+esac
+
+# Define options that vary across distributions
+case "$dist" in
+    kali-last-snapshot)
+	# We don't want kali-last-snapshot to end up in the image, it
+	# should be replaced with kali-rolling
+	lb_opts="$lb_opts --distribution-binary kali-rolling"
+	lb_opts="$lb_opts --debootstrap-script /usr/share/debootstrap/scripts/kali-rolling"
+    ;;
+esac
+
+# Setup configuration files from variant and options
+
+# Drop all files that a former run might have put into place
+for file in $(cd kali-config && find ./common ./variant-* -type f); do
+    file=${file#./*/}
+    rm -fv config/$file
+done
+rm -fv config/archives/kali-proposed-updates.list.*
+
+# Copy over all files from official kali configuration
+cp -rT kali-config/common config
+[ ! -d kali-config/variant-$variant ] || cp -rTL kali-config/variant-$variant config
+
+if [ -n "$enable_pu" ]; then
+	mkdir -p config/archives
+	echo "deb $kali_mirror $dist-proposed-updates main contrib non-free" \
+		> config/archives/kali-proposed-updates.list.chroot
+	echo "deb $public_kali_mirror $dist-proposed-updates main contrib non-free" \
+		> config/archives/kali-proposed-updates.list.binary
+fi
+
+lb config noauto \
+	--distribution "$dist" \
+	--debian-installer-distribution "$dist" \
+	--archive-areas "main contrib non-free" \
+	--debootstrap-options "--keyring=/usr/share/keyrings/kali-archive-keyring.gpg" \
+	--keyring-packages kali-archive-keyring \
+	--updates false \
+	--backports false \
+	--source false \
+	--firmware-binary true \
+	--firmware-chroot true \
+	--mirror-bootstrap "$kali_mirror" \
+	--mirror-debian-installer "$kali_mirror" \
+	--mirror-binary "$public_kali_mirror" \
+	--iso-application "Kali Linux" \
+	--iso-publisher "Kali" \
+	--iso-volume "Kali Live" \
+	--linux-packages linux-image \
+	--memtest memtest86 \
+	--bootappend-live "boot=live components quiet splash noeject" \
+	--bootappend-live-failsafe "boot=live components noeject memtest noapic noapm nodma nomce nolapic nomodeset nosmp nosplash vga=normal" \
+	--bootappend-install "net.ifnames=0" \
+	--security false \
+	$lb_opts \
+	"$@"

build.sh

@@ -0,0 +1,394 @@
+#!/bin/bash
+
+# If a command fails, make the whole script exit
+set -e
+# Use return code for any command errors in part of a pipe
+set -o pipefail # Bashism
+
+# Kali's default values
+KALI_DIST="kali-rolling"
+KALI_VERSION=""
+KALI_VARIANT="default"
+IMAGE_TYPE="live"
+TARGET_DIR="$(dirname $0)/images"
+TARGET_SUBDIR=""
+SUDO="sudo"
+VERBOSE=""
+DEBUG=""
+HOST_ARCH=$(dpkg --print-architecture)
+
+image_name() {
+	case "$IMAGE_TYPE" in
+		live)
+			live_image_name
+		;;
+		installer)
+			installer_image_name
+		;;
+	esac
+}
+
+live_image_name() {
+	case "$KALI_ARCH" in
+		i386|amd64|arm64)
+			echo "live-image-$KALI_ARCH.hybrid.iso"
+		;;
+		armel|armhf)
+			echo "live-image-$KALI_ARCH.img"
+		;;
+	esac
+}
+
+installer_image_name() {
+	if [ "$KALI_VARIANT" = "netinst" ]; then
+		echo "simple-cdd/images/kali-$KALI_VERSION-$KALI_ARCH-NETINST-1.iso"
+	else
+		echo "simple-cdd/images/kali-$KALI_VERSION-$KALI_ARCH-BD-1.iso"
+	fi
+}
+
+target_image_name() {
+	local arch=$1
+
+	IMAGE_NAME="$(image_name $arch)"
+	IMAGE_EXT="${IMAGE_NAME##*.}"
+	if [ "$IMAGE_EXT" = "$IMAGE_NAME" ]; then
+		IMAGE_EXT="img"
+	fi
+	if [ "$IMAGE_TYPE" = "live" ]; then
+		if [ "$KALI_VARIANT" = "default" ]; then
+			echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-live-$KALI_ARCH.$IMAGE_EXT"
+		else
+			echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-live-$KALI_VARIANT-$KALI_ARCH.$IMAGE_EXT"
+		fi
+	else
+		if [ "$KALI_VARIANT" = "default" ]; then
+			echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-installer-$KALI_ARCH.$IMAGE_EXT"
+		else
+			echo "${TARGET_SUBDIR:+$TARGET_SUBDIR/}kali-linux-$KALI_VERSION-installer-$KALI_VARIANT-$KALI_ARCH.$IMAGE_EXT"
+		fi
+	fi
+}
+
+target_build_log() {
+	TARGET_IMAGE_NAME=$(target_image_name $1)
+	echo ${TARGET_IMAGE_NAME%.*}.log
+}
+
+default_version() {
+	case "$1" in
+		kali-*)
+			echo "${1#kali-}"
+		;;
+		*)
+			echo "$1"
+		;;
+	esac
+}
+
+failure() {
+	echo "Build of $KALI_DIST/$KALI_VARIANT/$KALI_ARCH $IMAGE_TYPE image failed (see build.log for details)" >&2
+	echo "Log: $BUILD_LOG" >&2
+	exit 2
+}
+
+run_and_log() {
+	if [ -n "$VERBOSE" ] || [ -n "$DEBUG" ]; then
+		echo "RUNNING: $@" >&2
+		"$@" 2>&1 | tee -a "$BUILD_LOG"
+	else
+		"$@" >>"$BUILD_LOG" 2>&1
+	fi
+	return $?
+}
+
+debug() {
+	if [ -n "$DEBUG" ]; then
+		echo "DEBUG: $*" >&2
+	fi
+}
+
+clean() {
+	debug "Cleaning"
+
+	# Live
+	run_and_log $SUDO lb clean --purge
+	#run_and_log $SUDO umount -l $(pwd)/chroot/proc
+	#run_and_log $SUDO umount -l $(pwd)/chroot/dev/pts
+	#run_and_log $SUDO umount -l $(pwd)/chroot/sys
+	#run_and_log $SUDO rm -rf $(pwd)/chroot
+	#run_and_log $SUDO rm -rf $(pwd)/binary
+
+	# Installer
+	run_and_log $SUDO rm -rf "$(pwd)/simple-cdd/tmp"
+	run_and_log $SUDO rm -rf "$(pwd)/simple-cdd/debian-cd"
+}
+
+print_help() {
+	echo "Usage: $0 [<option>...]"
+	echo
+	for x in $(echo "${BUILD_OPTS_LONG}" | sed 's_,_ _g'); do
+		x=$(echo $x | sed 's/:$/ <arg>/')
+		echo "  --${x}"
+	done
+	echo
+	echo "More information: https://www.kali.org/docs/development/live-build-a-custom-kali-iso/"
+	exit 0
+}
+
+# Allowed command line options
+. $(dirname $0)/.getopt.sh
+
+BUILD_LOG="$(pwd)/build.log"
+debug "BUILD_LOG: $BUILD_LOG"
+# Create empty file
+: > "$BUILD_LOG"
+
+# Parsing command line options (see .getopt.sh)
+temp=$(getopt -o "$BUILD_OPTS_SHORT" -l "$BUILD_OPTS_LONG,get-image-path" -- "$@")
+eval set -- "$temp"
+while true; do
+	case "$1" in
+		-d|--distribution) KALI_DIST="$2"; shift 2; ;;
+		-p|--proposed-updates) OPT_pu="1"; shift 1; ;;
+		-a|--arch) KALI_ARCH="$2"; shift 2; ;;
+		-v|--verbose) VERBOSE="1"; shift 1; ;;
+		-D|--debug) DEBUG="1"; shift 1; ;;
+		-s|--salt) shift; ;;
+		-h|--help) print_help; ;;
+		--installer) IMAGE_TYPE="installer"; shift 1 ;;
+		--live) IMAGE_TYPE="live"; shift 1 ;;
+		--variant) KALI_VARIANT="$2"; shift 2; ;;
+		--version) KALI_VERSION="$2"; shift 2; ;;
+		--subdir) TARGET_SUBDIR="$2"; shift 2; ;;
+		--get-image-path) ACTION="get-image-path"; shift 1; ;;
+		--clean) ACTION="clean"; shift 1; ;;
+		--no-clean) NO_CLEAN="1"; shift 1 ;;
+		--) shift; break; ;;
+		*) echo "ERROR: Invalid command-line option: $1" >&2; exit 1; ;;
+		esac
+done
+
+# Set default values
+KALI_ARCH=${KALI_ARCH:-$HOST_ARCH}
+if [ "$KALI_ARCH" = "x64" ]; then
+	KALI_ARCH="amd64"
+elif [ "$KALI_ARCH" = "x86" ]; then
+	KALI_ARCH="i386"
+fi
+debug "KALI_ARCH: $KALI_ARCH"
+
+if [ -z "$KALI_VERSION" ]; then
+	KALI_VERSION="$(default_version $KALI_DIST)"
+fi
+debug "KALI_VERSION: $KALI_VERSION"
+
+# Check parameters
+debug "HOST_ARCH: $HOST_ARCH"
+if [ "$HOST_ARCH" != "$KALI_ARCH" ] && [ "$IMAGE_TYPE" != "installer" ]; then
+	case "$HOST_ARCH/$KALI_ARCH" in
+		amd64/i386|i386/amd64)
+		;;
+		*)
+			echo "Can't build $KALI_ARCH image on $HOST_ARCH system." >&2
+			exit 1
+		;;
+	esac
+fi
+
+# Build parameters for lb config
+KALI_CONFIG_OPTS="--distribution $KALI_DIST -- --variant $KALI_VARIANT"
+CODENAME=$KALI_DIST # for simple-cdd/debian-cd
+if [ -n "$OPT_pu" ]; then
+	KALI_CONFIG_OPTS="$KALI_CONFIG_OPTS --proposed-updates"
+	KALI_DIST="$KALI_DIST+pu"
+fi
+debug "KALI_CONFIG_OPTS: $KALI_CONFIG_OPTS"
+debug "CODENAME: $CODENAME"
+debug "KALI_DIST: $KALI_DIST"
+
+# Set sane PATH (cron seems to lack /sbin/ dirs)
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+debug "PATH: $PATH"
+
+if grep -q -e "^ID=debian" -e "^ID_LIKE=debian" /usr/lib/os-release; then
+	debug "OS: $( . /usr/lib/os-release && echo $NAME $VERSION )"
+elif [ -e /etc/debian_version ]; then
+	debug "OS: $( cat /etc/debian_version )"
+else
+	echo "ERROR: Non Debian-based OS" >&2
+fi
+
+debug "IMAGE_TYPE: $IMAGE_TYPE"
+case "$IMAGE_TYPE" in
+	live)
+		if [ ! -d "$(dirname $0)/kali-config/variant-$KALI_VARIANT" ]; then
+			echo "ERROR: Unknown variant of Kali live configuration: $KALI_VARIANT" >&2
+		fi
+
+		ver_live_build=$(dpkg-query -f '${Version}' -W live-build)
+		if dpkg --compare-versions "$ver_live_build" lt 1:20151215kali1; then
+			echo "ERROR: You need live-build (>= 1:20151215kali1), you have $ver_live_build" >&2
+			exit 1
+		fi
+		debug "ver_live_build: $ver_live_build"
+
+		ver_debootstrap=$(dpkg-query -f '${Version}' -W debootstrap)
+		if dpkg --compare-versions "$ver_debootstrap" lt "1.0.97"; then
+			echo "ERROR: You need debootstrap (>= 1.0.97), you have $ver_debootstrap" >&2
+			exit 1
+		fi
+		debug "ver_debootstrap: $ver_debootstrap"
+	;;
+	installer)
+		if [ ! -d "$(dirname $0)/kali-config/installer-$KALI_VARIANT" ]; then
+			echo "ERROR: Unknown variant of Kali installer configuration: $KALI_VARIANT" >&2
+		fi
+
+		ver_debian_cd=$(dpkg-query -f '${Version}' -W debian-cd)
+		if dpkg --compare-versions "$ver_debian_cd" lt 3.1.28~kali1; then
+			echo "ERROR: You need debian-cd (>= 3.1.28~kali1), you have $ver_debian_cd" >&2
+			exit 1
+		fi
+		debug "ver_debian_cd: $ver_debian_cd"
+
+		ver_simple_cdd=$(dpkg-query -f '${Version}' -W simple-cdd)
+		if dpkg --compare-versions "$ver_simple_cdd" lt 0.6.8~kali1; then
+			echo "ERROR: You need simple-cdd (>= 0.6.8~kali1), you have $ver_simple_cdd" >&2
+			exit 1
+		fi
+		debug "ver_simple_cdd: $ver_simple_cdd"
+	;;
+	*)
+		echo "ERROR: Unsupported IMAGE_TYPE selected ($IMAGE_TYPE)" >&2
+		exit 1
+	;;
+esac
+
+# We need root rights at some point
+if [ "$(whoami)" != "root" ]; then
+	if ! which $SUDO >/dev/null; then
+		echo "ERROR: $0 is not run as root and $SUDO is not available" >&2
+		exit 1
+	fi
+else
+	SUDO="" # We're already root
+fi
+debug "SUDO: $SUDO"
+
+IMAGE_NAME="$(image_name $KALI_ARCH)"
+debug "IMAGE_NAME: $IMAGE_NAME"
+
+debug "ACTION: $ACTION"
+if [ "$ACTION" = "get-image-path" ]; then
+	echo $(target_image_name $KALI_ARCH)
+	exit 0
+fi
+
+if [ "$NO_CLEAN" = "" ]; then
+	clean
+fi
+if [ "$ACTION" = "clean" ]; then
+	exit 0
+fi
+
+cd $(dirname $0)
+mkdir -p $TARGET_DIR/$TARGET_SUBDIR
+
+# Don't quit on any errors now
+set +e
+
+case "$IMAGE_TYPE" in
+	live)
+		debug "Stage 1/2 - Config"
+		run_and_log lb config -a $KALI_ARCH $KALI_CONFIG_OPTS "$@"
+		[ $? -eq 0 ] || failure
+
+		debug "Stage 2/2 - Build"
+		run_and_log $SUDO lb build
+		if [ $? -ne 0 ] || [ ! -e $IMAGE_NAME ]; then
+			failure
+		fi
+	;;
+	installer)
+		# Override some debian-cd environment variables
+		export BASEDIR="$(pwd)/simple-cdd/debian-cd"
+		export ARCHES=$KALI_ARCH
+		export ARCH=$KALI_ARCH
+		export DEBVERSION=$KALI_VERSION
+		debug "BASEDIR: $BASEDIR"
+		debug "ARCHES: $ARCHES"
+		debug "ARCH: $ARCH"
+		debug "DEBVERSION: $DEBVERSION"
+
+		if [ "$KALI_VARIANT" = "netinst" ]; then
+			export DISKTYPE="NETINST"
+		else
+			export DISKTYPE="BD"
+		fi
+		debug "DISKTYPE: $DISKTYPE"
+
+		if [ -e .mirror ]; then
+			kali_mirror=$(cat .mirror)
+		else
+			kali_mirror=http://archive.kali.org/kali/
+		fi
+		if ! echo "$kali_mirror" | grep -q '/$'; then
+			kali_mirror="$kali_mirror/"
+		fi
+		debug "kali_mirror: $kali_mirror"
+
+		debug "Stage 1/2 - File(s)"
+		# Setup custom debian-cd to make our changes
+		cp -aT /usr/share/debian-cd simple-cdd/debian-cd
+		[ $? -eq 0 ] || failure
+
+		# Keep 686-pae udebs as we changed the default from 686
+		# to 686-pae in the debian-installer images
+		sed -i -e '/686-pae/d' \
+			simple-cdd/debian-cd/data/$CODENAME/exclude-udebs-i386
+		[ $? -eq 0 ] || failure
+
+		# Configure the kali profile with the packages we want
+		grep -v '^#' kali-config/installer-$KALI_VARIANT/packages \
+			> simple-cdd/profiles/kali.downloads
+		[ $? -eq 0 ] || failure
+
+		# Tasksel is required in the mirror for debian-cd
+		echo tasksel >> simple-cdd/profiles/kali.downloads
+		[ $? -eq 0 ] || failure
+
+		# Grub is the only supported bootloader on arm64
+		# so ensure it's on the iso for arm64.
+		if [ "$KALI_ARCH" = "arm64" ]; then
+			debug "arm64 GRUB"
+			echo "grub-efi-arm64" >> simple-cdd/profiles/kali.downloads
+			[ $? -eq 0 ] || failure
+		fi
+
+		# Run simple-cdd
+		debug "Stage 2/2 - Build"
+		cd simple-cdd/
+		run_and_log build-simple-cdd \
+			--verbose \
+			--debug \
+			--force-root \
+			--conf simple-cdd.conf \
+			--dist $CODENAME \
+			--debian-mirror $kali_mirror
+		res=$?
+		cd ../
+		if [ $res -ne 0 ] || [ ! -e $IMAGE_NAME ]; then
+			failure
+		fi
+	;;
+esac
+
+# If a command fails, make the whole script exit
+set -e
+
+debug "Moving files"
+run_and_log mv -f $IMAGE_NAME $TARGET_DIR/$(target_image_name $KALI_ARCH)
+run_and_log mv -f "$BUILD_LOG" $TARGET_DIR/$(target_build_log $KALI_ARCH)
+
+run_and_log echo -e "\n***\nGENERATED KALI IMAGE: $TARGET_DIR/$(target_image_name $KALI_ARCH)\n***"

build_all.sh

@@ -0,0 +1 @@
+build.sh

kali-config/common/bootloaders/grub-pc/config.cfg

@@ -0,0 +1,18 @@
+# Live Image (UEFI boot)
+set default=0
+
+loadfont $prefix/dejavu-bold-16.pf2
+loadfont $prefix/dejavu-bold-14.pf2
+loadfont $prefix/unicode.pf2
+set gfxmode=auto
+insmod all_video
+insmod gfxterm
+insmod png
+
+source /boot/grub/theme.cfg
+
+terminal_output gfxterm
+
+# Comment these two lines out to disable the beep on boot
+insmod play
+play 960 440 1 0 4 440 1

kali-config/common/bootloaders/grub-pc/grub.cfg

@@ -0,0 +1,40 @@
+# Live Image (UEFI boot)
+source /boot/grub/config.cfg
+
+# Live boot
+LINUX_LIVE
+
+menuentry "Live (forensic mode)" {
+	linux KERNEL_LIVE APPEND_LIVE noswap noautomount
+	initrd INITRD_LIVE
+}
+menuentry "Live USB Persistence              (check kali.org/prst)" {
+	linux KERNEL_LIVE APPEND_LIVE persistence
+	initrd INITRD_LIVE
+}
+menuentry "Live USB Encrypted Persistence    (check kali.org/prst)" {
+	linux KERNEL_LIVE APPEND_LIVE persistent=cryptsetup persistence-encryption=luks persistence
+	initrd INITRD_LIVE
+}
+
+# Installer (if any)
+LINUX_INSTALL
+
+if [ ! -e /boot/grub/install.cfg ]; then
+menuentry "Start installer with speech synthesis" {
+	linux KERNEL_GI speakup.synth=soft APPEND_GI
+	initrd INITRD_GI
+}
+fi
+
+submenu 'Advanced options' {
+
+source /boot/grub/theme.cfg
+
+# More installer entries (if any)
+LINUX_ADVANCED_INSTALL
+
+# Memtest (if any)
+MEMTEST
+
+}

kali-config/common/bootloaders/grub-pc/live-theme/theme.txt

@@ -0,0 +1,64 @@
+# Live Image (UEFI boot)
+desktop-image: "../splash.png"
+title-color: "#ffffff"
+title-font: "DejaVu Sans Bold 16"
+title-text: ""
+message-font: "Unifont Regular 16"
+terminal-font: "Unifont Regular 16"
+
+#help bar at the bottom
++ label {
+        top = 100%-50
+        left = 0
+        width = 100%
+        height = 20
+        text = "@KEYMAP_SHORT@"
+        align = "center"
+        color = "#ffffff"
+        font = "DejaVu Sans Bold 14"
+}
+
+# Title in the middle box
++ label {
+        top = 38%
+        left = 0
+        width = 100%
+        height = 35
+        align = "center"
+        color = "#ffffff"
+        text = "Kali Linux live menu (UEFI)"
+        font = "DejaVu Sans Bold 16"
+}
+
+#boot menu
++ boot_menu {
+        left = 13%
+        width = 74%
+        top = 38%+35
+        height = 170
+        item_color = "#a8a8a8"
+        item_font = "DejaVu Sans Bold 14"
+        selected_item_color= "#ffffff"
+        selected_item_font = "DejaVu Sans Bold 14"
+        item_height = 16
+        item_padding = 0
+        item_spacing = 4
+        icon_width = 0
+        icon_heigh = 0
+        item_icon_space = 0
+}
+
+#progress bar
++ progress_bar {
+        id = "__timeout__"
+        left = 13%
+        top = 100%-80
+        height = 16
+        width = 74%
+        font = "DejaVu Sans Bold 14"
+        text_color = "#000000"
+        fg_color = "#ffffff"
+        bg_color = "#a8a8a8"
+        border_color = "#ffffff"
+        text = "@TIMEOUT_NOTIFICATION_LONG@"
+}

kali-config/common/bootloaders/grub-pc/theme.cfg

@@ -0,0 +1,13 @@
+set color_normal=light-gray/black
+set color_highlight=white/black
+
+if [ -e /isolinux/splash.png ]; then
+    # binary_syslinux modifies the theme file to point to the correct
+    # background picture
+    set theme=/boot/grub/live-theme/theme.txt
+elif [ -e /boot/grub/splash.png ]; then
+    set theme=/boot/grub/live-theme/theme.txt
+else
+    set menu_color_normal=cyan/blue
+    set menu_color_highlight=white/blue
+fi

kali-config/common/hooks/live/forensic-menu.binary

@@ -0,0 +1,15 @@
+#!/bin/sh
+# Live Image (BIOS boot)
+
+if [ ! -d isolinux ]; then
+    cd binary
+fi
+
+cat >>isolinux/live.cfg <<END
+
+label live-forensic
+	menu label Live (^forensic mode)
+	linux /live/vmlinuz
+	initrd /live/initrd.img
+	append boot=live username=kali hostname=kali systemd.swap=no noautomount
+END

kali-config/common/hooks/live/kali-hacks.chroot

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# Handle systems where /lib is not merged in /usr/lib
+if [ ! -h /lib ]; then
+    mv /usr/lib/live/config/* /lib/live/config/
+fi
+
+# Enable cryptsetup in the initramfs for later use if the user
+# adds an encrypted persistence partition.
+# This is until https://bugs.debian.org/908220 has a proper fix.
+if [ -e /etc/cryptsetup-initramfs/conf-hook ]; then
+    if grep -q '^#CRYPTSETUP=' /etc/cryptsetup-initramfs/conf-hook; then
+	sed -i -e 's/^#CRYPTSETUP=.*/CRYPTSETUP=y/' /etc/cryptsetup-initramfs/conf-hook
+    else
+	echo "CRYPTSETUP=y" >>/etc/cryptsetup-initramfs/conf-hook
+    fi
+fi
+
+# Rebuild the initramfs to include the last change
+update-initramfs -u
+
+# Run updatedb to initialize the database for the locate command
+if [ -x "$(which updatedb 2>/dev/null)" ]; then
+    updatedb
+fi
+
+# Mark kernel related packages on hold so that they are not upgraded in
+# the live system
+for pkg in $(dpkg-query -W -f'${db:Status-Status} ${binary:Package}\n' 'linux-image-*' 'linux-headers-*' 'linux-kbuild-*' | sed -ne 's/^installed //p')
+do
+    apt-mark hold $pkg
+done

kali-config/common/hooks/live/persistence-menu.binary

@@ -0,0 +1,21 @@
+#!/bin/sh
+# Live Image (BIOS boot)
+
+if [ ! -d isolinux ]; then
+    cd binary
+fi
+
+cat >>isolinux/live.cfg <<END
+
+label live-persistence
+    menu label Live ^USB Persistence              (check kali.org/prst)
+    linux /live/vmlinuz
+    initrd /live/initrd.img
+    append boot=live username=kali hostname=kali persistence
+
+label live-encrypted-persistence
+    menu label Live USB ^Encrypted Persistence    (check kali.org/prst)
+    linux /live/vmlinuz
+    initrd /live/initrd.img
+    append boot=live persistent=cryptsetup persistence-encryption=luks username=kali hostname=kali persistence
+END

kali-config/common/includes.binary/isolinux/stdmenu.cfg

@@ -0,0 +1,18 @@
+menu background 	splash.png
+menu color title        * #FFFFFFFF *
+menu color border       * #00000000 #00000000 none
+menu color sel          * #ffffffff #76a1d0ff *
+menu color hotsel       1;7;37;40 #ffffffff #76a1d0ff *
+menu color tabmsg       * #ffffffff #00000000 *
+menu color help         37;40 #ffdddd00 #00000000 none
+menu vshift 10
+menu hshift 4
+menu width 70
+menu margin 5
+menu rows 10
+menu helpmsgrow 15
+# The command line must be at least one line from the bottom.
+menu cmdlinerow 16
+menu timeoutrow 16
+menu tabmsgrow 18
+menu tabmsg Press ENTER to boot or TAB to edit a menu entry

kali-config/common/includes.chroot/etc/live/config.conf.d/kali.conf

@@ -0,0 +1,4 @@
+# Default kali configuration
+LIVE_HOSTNAME="kali"
+LIVE_USERNAME="kali"
+LIVE_USER_FULLNAME="Kali Live user"

kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+configure_zsh() {
+    # Stop if zsh is not present
+    if [ ! -x /usr/bin/zsh ]; then
+	return
+    fi
+    # Stop if user has opted out of zsh
+    if echo "${LIVE_CONFIG_CMDLINE}" | grep -qs 'nozsh'; then
+	return
+    fi
+    chsh --shell /usr/bin/zsh kali
+    chsh --shell /usr/bin/zsh root
+}
+
+configure_usergroups() {
+    addgroup --system kaboxer || true  # Ensures the group exists
+    addgroup --system wireshark || true  # Ensures the group exists
+    # adm - read access to log files
+    # kaboxer - for kaboxer
+    # dialout - for serial port access
+    # wireshark - capture sessions without being root
+    kali_groups="adm,kaboxer,dialout,wireshark"
+
+    usermod -a -G $kali_groups kali
+}
+
+# Avoid configuring multiple times in case persistence is enabled
+if [ -e /var/lib/live/config/kali-user-setup ]; then
+    exit 0
+fi
+
+# Set "kali" as password for the user kali
+usermod -p 'AqLUsDitNnTsw' kali
+
+# Change default shell to zsh
+configure_zsh
+
+# Add kali user to additional groups
+configure_usergroups
+
+# Remember that this script has been run
+touch /var/lib/live/config/kali-user-setup

kali-config/common/includes.chroot/usr/lib/live/config/1165-fix-openssh-server

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+if grep -qw persistence /proc/cmdline; then
+    # With persistence enabled, don't modify the configuration, let the
+    # user be in charge...
+    exit 0
+fi
+
+# Allow PasswordAuthentification in sshd config
+sed -i -e 's|#\?\(PasswordAuthentication\) no|\1 yes|' /etc/ssh/sshd_config

kali-config/common/includes.installer/kali-finish-install

@@ -0,0 +1,75 @@
+#!/bin/sh
+
+# The reference version of this script is maintained in
+# ./live-build-config/kali-config/common/includes.installer/kali-finish-install
+#
+# It is used in multiple places to finish configuring the target system
+# and build.sh copies it where required (in the simple-cdd configuration
+# and in the live-build configuration).
+
+configure_sources_list() {
+    if grep -q '^deb ' /etc/apt/sources.list; then
+	echo "INFO: sources.list is configured, everything is fine"
+	return
+    fi
+
+    echo "INFO: sources.list is empty, setting up a default one for Kali"
+
+    cat >/etc/apt/sources.list <<END
+# See https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/
+deb http://http.kali.org/kali kali-rolling main contrib non-free
+
+# Additional line for source packages
+# deb-src http://http.kali.org/kali kali-rolling main contrib non-free
+END
+    apt-get update
+}
+
+get_user_list() {
+    for user in $(cd /home && ls); do
+	if ! getent passwd "$user" >/dev/null; then
+	    echo "WARNING: user '$user' is invalid but /home/$user exists"
+	    continue
+	fi
+	echo "$user"
+    done
+    echo "root"
+}
+
+configure_zsh() {
+    if grep -q 'nozsh' /proc/cmdline; then
+	echo "INFO: user opted out of zsh by default"
+	return
+    fi
+    if [ ! -x /usr/bin/zsh ]; then
+	echo "INFO: /usr/bin/zsh is not available"
+	return
+    fi
+    for user in $(get_user_list); do
+	echo "INFO: changing default shell of user '$user' to zsh"
+	chsh --shell /usr/bin/zsh $user
+    done
+}
+
+# This is generically named in case we want to add other groups in the future.
+configure_usergroups() {
+    # Create the kaboxer group if needed
+    addgroup --system kaboxer || true
+    # Create the wireshark group if needed
+    addgroup --system wireshark || true
+
+    # adm - read access to log files
+    # kaboxer - for kaboxer
+    # dialout - for serial access
+    # wireshark - capture sessions in wireshark
+    kali_groups="adm,kaboxer,dialout,wireshark"
+
+    for user in $(get_user_list); do
+	echo "INFO: adding user '$user' to groups '$kali_groups'"
+	usermod -a -G "$kali_groups" $user || true
+    done
+}
+
+configure_sources_list
+configure_zsh
+configure_usergroups

kali-config/common/includes.installer/preseed.cfg

@@ -0,0 +1,59 @@
+# This file replaces preseed.cfg embedded in the initrd by
+# debian-installer. It should be kept in sync except with the
+# mirror/{codename,suite} dropped so that the image installs
+# what's available on the CD instead of hardcoding a specific
+# release.
+
+# Default repository information (don't include codename data, d-i figures it
+# out from what's available in the ISO)
+d-i mirror/country string enter information manually
+d-i mirror/http/hostname string http.kali.org
+d-i mirror/http/directory string /kali
+
+# Disable security, updates and backports
+d-i apt-setup/services-select multiselect 
+
+# Enable contrib and non-free
+d-i apt-setup/non-free boolean true
+d-i apt-setup/contrib boolean true
+
+# Disable CDROM entries after install
+d-i apt-setup/disable-cdrom-entries boolean true
+
+# Disable source repositories too
+d-i apt-setup/enable-source-repositories boolean false
+
+# Upgrade installed packages
+d-i pkgsel/upgrade select full-upgrade
+
+# Change default hostname
+# DISABLED: We take care of this by forking netcfg until #719101 is fixed
+# d-i netcfg/get_hostname string kali
+# d-i netcfg/get_hostname seen false
+
+# Disable the root user entirely
+d-i passwd/root-login boolean false
+
+# Enable eatmydata in kali-installer to boost speed installation
+d-i preseed/early_command string anna-install eatmydata-udeb
+
+# Disable question about automatic security updates
+d-i pkgsel/update-policy select none
+
+# Disable question about extra media
+d-i apt-setup/cdrom/set-first boolean false
+
+## Questions from regular packages
+
+# Disable popularity-contest
+popularity-contest popularity-contest/participate boolean false
+
+# Random other questions
+console-setup console-setup/charmap47 select UTF-8
+samba-common samba-common/dhcp boolean false
+macchanger macchanger/automatically_run boolean true
+kismet-capture-common kismet-capture-common/install-users string 
+kismet-capture-common kismet-capture-common/install-setuid boolean true
+wireshark-common wireshark-common/install-setuid boolean true
+sslh sslh/inetd_or_standalone select standalone
+atftpd atftpd/use_inetd boolean false

kali-config/common/includes.installer/usr/lib/finish-install.d/14kali-finish-install

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Run the kali-finish-install script to configure the target system
+cp /kali-finish-install /target/
+in-target /kali-finish-install || true
+rm -f /target/kali-finish-install

kali-config/common/includes.installer/usr/lib/live-installer.d/unhold

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+# Remove the "hold" mark on any package, in Kali we put kernel packages
+# on hold because upgrading them hurts more than it helps and because
+# we want to ensure they are not removed by a routine dist-upgrade.
+in-target sh -c 'apt-mark showhold | while read pkg; do apt-mark unhold $pkg; done'

kali-config/common/package-lists/cryptsetup.list.chroot

@@ -0,0 +1,3 @@
+# Temporary fix. Starting Kali 2021.4, this package is a dependency
+# of kali-desktop-live, and this file can be removed.
+cryptsetup-initramfs

kali-config/common/package-lists/hardware-support.list.chroot

@@ -0,0 +1,21 @@
+##
+## Add extra firmware (kali-linux-headless depends on firmware we wants, but
+## some can't be put there because they require network access... but we
+## install those in the live image anyway since we have network access
+## when we build the live ISO).
+##
+#if ARCHITECTURES i386 amd64
+firmware-b43legacy-installer
+firmware-b43-installer
+#endif
+
+##
+## Make sure we install as many input/video drivers as we can. Note that
+## these packages need to be explicitly listed if we want to be sure that
+## they're installed. Installing xserver-xorg is not enough to make sure,
+## due to its dependencies, defined as such:
+##  * xserver-xorg-input-all | xorg-driver-input
+##  * xserver-xorg-video-all | xorg-driver-video
+##
+xserver-xorg-input-all
+xserver-xorg-video-all

kali-config/common/package-lists/kali.list.binary

@@ -0,0 +1,26 @@
+# ensure eatmydata is available for eatmydata.udeb
+eatmydata
+
+# ensure some packages installed by base-installer/post-base-installer.d/*
+# hooks are available
+locales
+pciutils
+usbutils
+eject
+tasksel
+
+# EFI support, ensure we have the required .deb in the ISO available for
+# installation
+
+#if ARCHITECTURES i386
+grub-efi
+grub-efi-ia32
+#endif
+#if ARCHITECTURES amd64
+grub-efi
+grub-efi-amd64
+#endif
+#if ARCHITECTURES arm64
+# Note: There is no grub-efi package on arm64
+grub-efi-arm64
+#endif

kali-config/common/package-lists/linux-headers.list.chroot

@@ -0,0 +1,20 @@
+##
+## Add linux headers to build DKMS packages even after the kernel
+## used to build the live images is gone from kali-rolling.
+##
+#if ARCHITECTURES i386
+linux-headers-686-pae
+#endif
+#if ARCHITECTURES amd64
+linux-headers-amd64
+#endif
+#if ARCHITECTURES arm64
+linux-headers-arm64
+#endif
+#if ARCHITECTURES armel
+linux-headers-marvell
+#endif
+#if ARCHITECTURES armhf
+linux-headers-armmp
+linux-headers-armmp-lpae
+#endif

kali-config/common/package-lists/standard.list.chroot

@@ -0,0 +1 @@
+! Packages Priority standard

kali-config/common/package-lists/virtualization.list.chroot

@@ -0,0 +1,11 @@
+##
+## Install packages required for virtualization support.
+##
+#if ARCHITECTURES amd64 i386
+open-vm-tools-desktop
+virtualbox-guest-x11
+hyperv-daemons
+#endif
+qemu-guest-agent
+spice-vdagent
+xrdp

kali-config/common/preseed/kali.cfg.chroot

@@ -0,0 +1,7 @@
+# Various preseeding for auto-installed packages
+
+# Do not register it in inetd so that its status can be controlled
+# individually
+atftpd atftpd/use_inetd boolean false
+# Install wireshark setuid
+wireshark-common wireshark-common/install-setuid boolean true

kali-config/installer-default/packages

@@ -0,0 +1,18 @@
+# Full installer image
+# It should contain everything offered in tasksel
+# during initial installation so all kali-linux-* except:
+# - kali-linux-everything
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) available
+# in the installer ISO.
+# For the complete list see: https://tools.kali.org/kali-metapackages
+kali-linux-core
+kali-tools-top10
+kali-linux-default
+kali-linux-large
+
+# Graphical desktops
+kali-desktop-xfce
+kali-desktop-gnome
+kali-desktop-kde

kali-config/installer-everything/packages

@@ -0,0 +1,19 @@
+# Installer image with kali-linux-everything
+
+# But that image is not really useful, see
+# https://gitlab.com/kalilinux/internal/roadmap/-/issues/363#note_649803259
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) available
+# in the installer ISO.
+# For the complete list see: https://tools.kali.org/kali-metapackages
+kali-linux-core
+kali-tools-top10
+kali-linux-default
+kali-linux-large
+kali-linux-everything
+
+# Graphical desktops
+kali-desktop-xfce
+kali-desktop-gnome
+kali-desktop-kde

kali-config/installer-netinst/packages

@@ -0,0 +1,9 @@
+# Network installer image
+# Mostly empty list because netinst has no embedded packages in theory
+#
+# This variant is not meant to be used with live-build but only with
+# simple-cdd and thus ./build.sh --installer --variant netinst
+
+# We still put kali-linux-firmware because we want firmware to be
+# in the ISO for use by the installer
+kali-linux-firmware

kali-config/variant-default

@@ -0,0 +1 @@
+variant-xfce

kali-config/variant-e17/hooks/live/tweak-enlightenment-config.chroot

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Inject default background in e17 configuration (for all known profiles)
+for profile in mobile standard; do
+    dpkg-divert --local --add /usr/share/enlightenment/data/config/$profile/e.cfg
+    eet -d /usr/share/enlightenment/data/config/$profile/e.cfg config /tmp/e.src
+    awk '/value "desktop_default_name"/ {print "    value \"desktop_default_background\" string: \"/usr/share/enlightenment/data/backgrounds/kali-wallpaper_1920x1200.edj\";"}; {print}' /tmp/e.src >/tmp/e2.src
+    eet -e /usr/share/enlightenment/data/config/$profile/e.cfg config /tmp/e2.src 1
+    rm -f /tmp/e.src /tmp/e2.src
+done

kali-config/variant-e17/package-lists/kali.list.chroot

@@ -0,0 +1,19 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+kali-linux-default
+#kali-linux-large
+#kali-linux-everything
+
+# Graphical desktop
+kali-desktop-e17
+
+# Kali applications
+#<package>

kali-config/variant-everything/package-lists/kali.list.chroot

@@ -0,0 +1,19 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+#kali-linux-default
+#kali-linux-large
+kali-linux-everything
+
+# Graphical desktop
+kali-desktop-xfce
+
+# Kali applications
+#<package>

kali-config/variant-gnome/package-lists/kali.list.chroot

@@ -0,0 +1,19 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+kali-linux-default
+#kali-linux-large
+#kali-linux-everything
+
+# Graphical desktop
+kali-desktop-gnome
+
+# Kali applications
+#<package>

kali-config/variant-i3wm/package-lists/kali.list.chroot

@@ -0,0 +1,19 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+kali-linux-default
+#kali-linux-large
+#kali-linux-everything
+
+# Graphical desktop
+kali-desktop-i3
+
+# Kali applications
+#<package>

kali-config/variant-kde/package-lists/kali.list.chroot

@@ -0,0 +1,19 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+kali-linux-default
+#kali-linux-large
+#kali-linux-everything
+
+# Graphical desktop
+kali-desktop-kde
+
+# Kali applications
+#<package>

kali-config/variant-large/package-lists/kali.list.chroot

@@ -0,0 +1,19 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+#kali-linux-default
+kali-linux-large
+#kali-linux-everything
+
+# Graphical desktop
+kali-desktop-xfce
+
+# Kali applications
+#<package>

kali-config/variant-light/package-lists/kali.list.chroot

@@ -0,0 +1,19 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+#kali-linux-default
+#kali-linux-large
+#kali-linux-everything
+
+# Graphical desktop
+kali-desktop-xfce
+
+# Kali applications
+#<package>

kali-config/variant-lxde/package-lists/kali.list.chroot

@@ -0,0 +1,19 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+kali-linux-default
+#kali-linux-large
+#kali-linux-everything
+
+# Graphical desktop
+kali-desktop-lxde
+
+# Kali applications
+#<package>

kali-config/variant-mate/package-lists/kali.list.chroot

@@ -0,0 +1,24 @@
+# Live image
+# You always want these:
+kali-linux-core
+kali-desktop-live
+
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+#kali-linux-core
+#kali-tools-top10
+kali-linux-default
+#kali-linux-large
+#kali-linux-everything
+
+# Graphical desktop
+kali-desktop-mate
+# | NOTE: With Kali 1.x, the mate desktop requires other changes to the live config.
+# | See ~ https://web.archive.org/web/20150721230745/http://docs.kali.org/live-build/customize-the-kali-desktop-environment
+#if DISTRIBUTION moto
+mate-archive-keyring
+#endif
+
+# Kali applications
+#<package>

kali-config/variant-xfce/package-lists/kali.list.chroot

@@ -0,0 +1,28 @@
+# Metapackages
+# You can customize the set of Kali metapackages (groups of tools) to install
+# For the complete list see: https://tools.kali.org/kali-metapackages
+
+kali-linux-core
+kali-desktop-live
+kali-tools-top10
+kali-linux-default
+kali-tools-802-11
+kali-tools-wireless
+
+# Graphical desktop
+kali-desktop-xfce
+
+# Kali applications
+#<package>
+virt-manager
+secure-delete
+electrum
+docker
+docker-compose
+neofetch
+i2p
+tor
+htop
+nodejs
+yarn
+tree

simple-cdd/disc-end-hook

@@ -0,0 +1,61 @@
+#!/bin/sh
+
+set -e
+
+TDIR=$1
+MIRROR=$2
+DISKNUM=$3
+CDDIR=$4
+ARCHES=$5
+
+cd $CDDIR
+
+fix_branding() {
+    sed -i -e 's|Debian GNU/Linux|Kali Linux|g' \
+	-e 's|Kali GNU/Linux|Kali Linux|g' \
+	-e 's|Debian kali-rolling|Kali Rolling|g' \
+	-e 's|Debian|Kali|g' \
+	-e 's|DEBIAN|KALI|g' \
+	"$@"
+}
+
+# Rebrand Debian into Kali
+if [ -e ../boot$DISKNUM/isolinux/menu.cfg ]; then
+    fix_branding ../boot$DISKNUM/isolinux/menu.cfg \
+		 ../boot$DISKNUM/isolinux/*.txt
+fi
+if [ -d boot/grub/theme ] && [ -s boot/grub/theme ]; then
+    fix_branding boot/grub/theme/*
+fi
+if [ -e autorun.inf ]; then
+    fix_branding autorun.inf
+fi
+
+# Replace Debian specific documentation
+rm -rf css
+cat >README.txt <<EOF
+This disc contains an installer for Kali Linux.
+
+Read more at: https://www.kali.org
+EOF
+cat >README.html <<EOF
+<html>
+<head><title>Kali Linux Installer Disc</title></head>
+<body>
+This disc contains an installer for Kali Linux.
+
+Read more at: <a href="https://www.kali.org">www.kali.org</a>
+</body>
+</html>
+EOF
+
+# Replace kali-last-snapshot with kali-rolling
+if [ -e dists/kali-last-snapshot ]; then
+    mv dists/kali-last-snapshot dists/kali-rolling
+    rm -f dists/stable && ln -sf kali-rolling dists/stable
+    sed -i -e 's|kali-last-snapshot|kali-rolling|g' \
+	dists/kali-rolling/Release
+fi
+
+# Redo the md5sum.txt due to our changes
+find . -type f | grep -v ./md5sum.txt | xargs md5sum | sort -uk2 > md5sum.txt

simple-cdd/profiles/default.downloads

@@ -0,0 +1 @@
+/usr/share/simple-cdd/profiles/default.downloads

simple-cdd/profiles/default.excludes

@@ -0,0 +1 @@
+/usr/share/simple-cdd/profiles/default.excludes

simple-cdd/profiles/default.packages

@@ -0,0 +1 @@
+# Disable default packages from simple-cdd

simple-cdd/profiles/default.preseed

@@ -0,0 +1,3 @@
+# loads the simple-cdd-profiles udeb to which asks for which profiles to use,
+# load the debconf preseeding and queue packages for installation.
+d-i preseed/early_command string anna-install simple-cdd-profiles

simple-cdd/profiles/default.udebs

@@ -0,0 +1 @@
+simple-cdd-profiles

simple-cdd/profiles/kali.postinst

@@ -0,0 +1 @@
+../../kali-config/common/includes.installer/kali-finish-install

simple-cdd/profiles/kali.preseed

@@ -0,0 +1 @@
+../../kali-config/common/includes.installer/preseed.cfg

simple-cdd/profiles/offline.downloads

@@ -0,0 +1,13 @@
+# Add packages required for virtualization support (installed by
+# /usr/lib/finish-install.d/08hw-detect) including their recommends
+open-vm-tools-desktop
+xauth
+xserver-xorg-video-vmware
+open-vm-tools
+virtualbox-guest-x11
+virtualbox-guest-utils
+hyperv-daemons
+qemu-guest-agent
+# Ensure unrar is available, otherwise the "unrar | unar" dependency
+# in kali-linux-headless ends up satisfied by the unar alternative
+unrar

simple-cdd/profiles/offline.preseed

@@ -0,0 +1,3 @@
+# Do not use a network mirror, full offline install
+d-i apt-setup/use_mirror boolean false
+d-i pkgsel/upgrade select none

simple-cdd/simple-cdd.conf

@@ -0,0 +1,124 @@
+# simple-cdd.conf detailed configuration file
+
+# Note: this is an example list of configuration options: it is *strongly*
+# advised to merely create a new file using only the options you actually need.
+
+# Note: Variables in lowercase are only used by simple-cdd.
+
+# Profile Selection
+#
+# The following four files get included on the CD if present:
+# $profile.preseed
+#   Debconf selections.
+# $profile.packages
+#   Packages to be installed with the profile. Dependencies also will
+#   be installed.
+# $profile.downloads
+#   Additional packages to be included on the CD with this profile, but
+#   not installed by default.
+# $profile.postinst
+#   Post-install script that is run after installing packages.
+#
+# During the install after base system setup, it will give you the
+# options to determine which profiles you want to install.
+
+# Profiles to include on the CD
+#profiles=""
+#profiles="x-basic ltsp"
+
+# To automatically select profiles (must also be listed in profiles):
+# auto_profiles="foo bar baz"
+
+if [ "$DISKTYPE" = "NETINST" ]; then
+    profiles="kali"
+    auto_profiles="kali"
+else
+    # Enable offline installation for full installer image
+    profiles="kali offline"
+    auto_profiles="kali offline"
+fi
+
+# To include profiles which only effect the CD build
+# build_profiles="kali"
+
+# Mirror tools
+mirror_tools="reprepro download"
+mirror_files=""  # Don't try to download README doc/ tools/
+require_optional_packages="true"
+ignore_missing_checksums="true"
+
+# Mirror variables
+server="http.kali.org"
+debian_mirror=${debian_mirror:-http://archive.kali.org/kali/}
+keyring="/usr/share/keyrings/kali-archive-keyring.gpg"
+
+# which components to get from the mirror
+mirror_components="main contrib non-free"
+
+# Disable *-security and *-updates repositories
+security_mirror=""
+updates_mirror=""
+
+# Add kernel parameter to disable
+export KERNEL_PARAMS="net.ifnames=0 "
+
+# Kernel and architecture related
+if [ "$ARCH" = "i386" ]; then
+    kernel_packages="linux-image-686-pae"
+fi
+if [ "$ARCH" = "arm64" ]; then
+    kernel_packages="linux-image-arm64"
+    # ARM devices don't typically have a default console set, so we export one here
+    export KERNEL_PARAMS="${KERNEL_PARAMS} console=tty0 "
+    # Some packages are not available on arm64
+    require_optional_packages="false"
+fi
+
+# Random other variables
+export default_desktop="xfce"
+export DISKINFO_DISTRO="Kali"
+export DEBVERSION=${DEBVERSION:-rolling}
+export OFFICIAL="Official"
+export VOLID_BASE="Kali Linux"
+export CDNAME="kali"
+
+export OMIT_MANUAL=1
+export OMIT_RELEASE_NOTES=1
+export OMIT_DOC_TOOLS=1
+export DOJIGDO=0
+export NORECOMMENDS=0
+export NONFREE=1
+export CONTRIB=1
+export FORCE_FIRMWARE=1
+export ARCHIVE_KEYRING_PACKAGE=kali-archive-keyring
+export DESKTOP=xfce
+export DISKTYPE=${DISKTYPE:-DVD}
+
+# Configure a hook to apply our customization via debian-cd
+export DISC_END_HOOK=$(pwd)/disc-end-hook
+
+# Extra files to include onto the CD
+#   These will get copied to /simple-cdd dir on the CD
+#   Paths starting with '/' are interpreted as absolute, otherwise relative
+#   to the currect directory.
+#all_extras=""
+
+# Generate a simple package repository on the CD with the debs cited
+#   Please insert full paths.
+local_packages="$(pwd)/local_packages"
+
+# Call mirror tools at each build- defaults to true.
+#do_mirror="false"
+
+# Set your proxy (if any).
+#export http_proxy=http://localhost:3128
+
+# Location of debian-cd files
+debian_cd_dir=${BASEDIR:-/usr/share/debian-cd}
+
+# Set target architecture for build
+#export ARCH=amd64
+#export ARCHES="amd64 i386"
+
+# Define the CD label
+export DISKINFO="Kali Installer: Kali Linux $DEBVERSION $(date +%Y-%m-%d)"