Kicksecure Linux Installer for VirtualBox
Kicksecure can be easily installed using Kicksecure Linux Installer. Select your Linux distribution to get started.
Debian, Fedora and Derivatives
GUI
- Kicksecure with Xfce graphical user interface (GUI).
- This version of Kicksecure is designed to run inside VirtualBox.
- Beginner-friendly and easy to use.
- It is the right choice for most users.
Please follow these steps to install Kicksecure.
1 Kicksecure Linux Installer
TLS
1. Download.
curl --tlsv1.3 --output kicksecure-xfce-installer-cli --url https://www.kicksecure.com/dist-installer-cli
Optional: Digital signature verification.
- Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
- Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
- Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.
Choose either Option A), Option B) or Option C).
Option A) Install the installer from the from the Kicksecure APT repository
By installing from the Kicksecure APT repository, no additional verification of the installer is required because APT automatically does that.
1. Add the Kicksecure APT repository.
See Kicksecure Packages for Debian Hosts .
2. Install package usability-misc
.
Because it contains the Kicksecure Linux Installer.
Install package(s) usability-misc
following these instructions
1 Platform specific notice.
- Kicksecure: No special notice.
- Kicksecure-Qubes: In Template.
2 Update the package lists and upgrade the system .
sudo apt update && sudo apt full-upgrade
3 Install the usability-misc
package(s).
Using apt
command line
--no-install-recommends
option
is in most cases optional.
sudo apt install --no-install-recommends usability-misc
4 Platform specific notice.
- Kicksecure: No special notice.
- Kicksecure-Qubes: Shut down Template and restart App Qubes based on it as per Qubes Template Modification .
5 Done.
The procedure of installing package(s) usability-misc
is complete.
3. Run the Kicksecure Linux Installer.
kicksecure-xfce-installer-cli
4. Done.
Option B) Verify the Installer
The Linux Installer is signed by Kicksecure developer Patrick Schleizer using OpenPGP and signify.
Do you already how to perform digital software verification using an OpenPGP and/or signify key?
- Yes: Acquire the Signing Key and the signatures straight away and proceed.
- No: Consider the following instructions: Undocumented. Unspecific to Kicksecure.
signify:
signify-openbsd -Vp keyname.pub -m dist-installer-cli
Option C) Manual Installation without the Installer
1. There is no need to use the Kicksecure Linux Installer.
The user is not forced to use the Kicksecure Linux Installer.
2. Manually install Kicksecure for VirtualBox.
Use the manual Kicksecure for VirtualBox instructions instead of the Kicksecure Linux Installer.
3. Done
2. Run the installer.
bash ./kicksecure-xfce-installer-cli
onion
1. System Tor Setup.
Downloading via an onion service requires a functional system Tor. This aspect is not specific to Kicksecure and is undocumented.
2. Download.
torsocks curl --output kicksecure-xfce-installer-cli --url http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/dist-installer-cli
3. Run the installer.
bash ./kicksecure-xfce-installer-cli --onion
2 Start Kicksecure
Start VirtualBox
→ Double-click Kicksecure
.
CLI
- Kicksecure with command line interface (CLI).
- This version of Kicksecure is designed to run inside VirtualBox.
- Kicksecure with CLI is a version suited for advanced users -- those who want Kicksecure without a graphical user interface (GUI). Everyone else should install the user-friendly Kicksecure VirtualBox with GUI Xfce.
TLS
1. Download.
curl --tlsv1.3 --output kicksecure-cli-installer-cli --url https://www.kicksecure.com/dist-installer-cli
Optional: Digital signature verification.
- Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
- Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
- Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.
Choose either Option A), Option B) or Option C).
Option A) Install the installer from the from the Kicksecure APT repository
By installing from the Kicksecure APT repository, no additional verification of the installer is required because APT automatically does that.
1. Add the Kicksecure APT repository.
See Kicksecure Packages for Debian Hosts .
2. Install package usability-misc
.
Because it contains the Kicksecure Linux Installer.
Install package(s) usability-misc
following these instructions
1 Platform specific notice.
- Kicksecure: No special notice.
- Kicksecure-Qubes: In Template.
2 Update the package lists and upgrade the system .
sudo apt update && sudo apt full-upgrade
3 Install the usability-misc
package(s).
Using apt
command line
--no-install-recommends
option
is in most cases optional.
sudo apt install --no-install-recommends usability-misc
4 Platform specific notice.
- Kicksecure: No special notice.
- Kicksecure-Qubes: Shut down Template and restart App Qubes based on it as per Qubes Template Modification .
5 Done.
The procedure of installing package(s) usability-misc
is complete.
3. Run the Kicksecure Linux Installer.
kicksecure-cli-installer-cli
4. Done.
Option B) Verify the Installer
The Linux Installer is signed by Kicksecure developer Patrick Schleizer using OpenPGP and signify.
Do you already how to perform digital software verification using an OpenPGP and/or signify key?
- Yes: Acquire the Signing Key and the signatures straight away and proceed.
- No: Consider the following instructions: Undocumented. Unspecific to Kicksecure.
signify:
signify-openbsd -Vp keyname.pub -m dist-installer-cli
Option C) Manual Installation without the Installer
1. There is no need to use the Kicksecure Linux Installer.
The user is not forced to use the Kicksecure Linux Installer.
2. Manually install Kicksecure for VirtualBox.
Use the manual Kicksecure for VirtualBox instructions instead of the Kicksecure Linux Installer.
3. Done
2. Run the installer.
bash ./kicksecure-cli-installer-cli
onion
1. System Tor Setup.
Downloading via an onion service requires a functional system Tor. This aspect is not specific to Kicksecure and is undocumented.
2. Download.
torsocks curl --output kicksecure-cli-installer-cli --url http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/dist-installer-cli
3. Run the installer.
bash ./kicksecure-cli-installer-cli --onion
Additional information about the Kicksecure Linux Installer.
Kicksecure Linux Installer
The Kicksecure Linux Installer streamlines the process of setting up Kicksecure on VirtualBox. While the earlier method required users to follow instructions on the Kicksecure for VirtualBox wiki page, this installer makes the entire process more intuitive. Here's an in-depth look at what it does:
- Script Name Verification: The installer checks for valid script names, such as
dist-installer-cli
,virtualbox-installer
,kicksecure-cli-installer-cli
,kicksecure-xfce-installer-cli
. - Command-Line Parsing: It parses any command-line options provided.
- System Requirements Check: The installer assesses if the system meets prerequisites like adequate disk space, RAM, and virtualization support. Users are informed if any of these criteria aren't met.
- Package Installation: Necessary packages for the script's operation, like
signify
,curl
,rsync
, andvboxmanage
(for VirtualBox users) are installed using the distribution's package manager (APT or DNF). - Repository Settings:
- Debian and Derivatives:
- For
bullseye
(oldstable
): Enables the Debianbackports
andfasttrack
repositories. - For
bookworm
(stable
): Same as above. - For
trixie
(testing
): Enables the Debianunstable
repository and configures APT pinning to prefer packages fromtesting
overunstable
so only VirtualBox gets installed fromunstable
and no other dependency packages are unnecessarily pulled fromunstable
. - For
sid
(unstable
): Installs from Debianunstable
repository.
- For
- Ubuntu: Installs from the Ubuntu repository. [1]
- Fedora and Derivatives: Enables the
virtualbox.org
(Oracle) repository. - Updates: The preferred repository for VirtualBox installation may vary in the future based on availability. Updated installers might fetch VirtualBox from the Debian
fasttrack
repository,virtualbox.org
(Oracle) repository, or the Kicksecure repository. development discussion: VirtualBox Integration and Upgrades)
- Debian and Derivatives:
- Version Querying: If no version is specified via command line, the Kicksecure version number is fetched using the API. (Only if installing Kicksecure.) (Not for
virtualbox-installer
. [2]) - Virtual Machine Handling:
- For previously imported VMs, users are prompted to boot the virtual system(s). (Not for
virtualbox-installer
. [2].) - For previously downloaded VM files, authenticity and integrity checks are run. (Not for
virtualbox-installer
. [2].) - For first-time users, the installer downloads the required files, conducts authenticity and integrity checks, imports the system(s), and then attempts to start the Virtual Machine(s). (Not for
virtualbox-installer
. [2].)
- For previously imported VMs, users are prompted to boot the virtual system(s). (Not for
- Inform user if VMs are already running and abort installation. (Not for
virtualbox-installer
. [2].)
Additional Features:
- Download Resumption: Utilizes
rsync
internally to enable download resumption capabilities. - Integrity Checking: Offers a streamlined integrity verification process, facilitated by
rsync
. - Download from Oracle Repository: When using
--oracle-repo
command line option, downloads VirtualBox from Oracle repository. This is the default for Fedora-based distributions. It's optional for Debian-based ones (including Ubuntu) but may be set by developers in the future if the Debian repository discontinues the VirtualBox package. The Oracle repository might at times provide a newer VirtualBox version. - Onion Support: Allows for downloads from onion sources with the
--onion
command line option whenever possible. (For example Oracle does not provide an onion repository.) - Default Download Directory: Files are saved in the
~/dist-installer-cli-download
folder. - Logging Mechanics: For transparency, every command executed is logged in the download directory, accompanied by the specific script version used at the time.
- Transparent System Modifications: The installer’s operations are evident to the user. All persistent system alterations, especially those executed with administrative ("root") privileges, are prominently detailed in the installer's output.
- Documentation: Comprehensive details can be found in the
dist-installer-cli
man page. - Checks: Nested Virtualization, secure boot enabled check.
Developer Information:
- Source Code:
/usr/bin/dist-installer-cli
, Continuous Integration Testing.github/workflows/builds.yml
- Development Wiki Page: Dev/Linux Installer
- Development Discussion: forums discussion
- Security: The
dist-installer-cli
script is not intended for curl bash piping. However, for a comprehensive discussion on security concerns related to this topic, see here.
Questions and Answers
Question | Answer |
---|---|
Do I have to use the new Kicksecure Linux Installer? | No. You can still manually install VirtualBox and import Kicksecure by following the instructions on the Kicksecure for VirtualBox wiki page. |
Is the manual method for VirtualBox installation going to be deprecated? | There's no such plan as of now. The manual method remains crucial as it offers compatibility with certain Linux distributions not supported by the Kicksecure Linux Installer. |
Can I use Kicksecure CLI in conjunction with Kicksecure Xfce? | Absolutely, find out more here. |
Why should I prefer VirtualBox over KVM? | For insights, visit Here. |
Why choose VirtualBox instead of Qubes? | The reasons are elaborated here. |
Where can I find the main FAQ? | Check out the Kicksecure FAQ. |
Footnotes
- ↑
Might sound complicated but it's actually quite simple in case of Ubuntu. Install from the usual, "normal", official
packages.ubuntu.com
. From the usualsuite
. For example, if using suitejammy
, it installs fromjammy
. This is because Ubuntu is packaging VirtualBox for their usual stable suites. Debian doesn't. That's why Ubuntu does not require any special repository. (Debian requiredbackports
andfasttrack
repositories at time of writing.) - ↑ 2.0 2.1 2.2 2.3 2.4
Because that is not required if only installing VirtualBox using
virtualbox-installer
.)
Kicksecure
- For users that are already using Kicksecure as their host operating system, installation of Kicksecure for VirtualBox is even simpler.
- No need to manually download or verify the installer Kicksecure Linux Installer on Kicksecure hosts.
- Kicksecure Linux Installer for VirtualBox is installed by default in Kicksecure.
Simply run one of the following commands.
For Kicksecure with Xfce (recommended):
- kicksecure-xfce-installer-cli
- kicksecure-xfce-installer-cli --onion
For Kicksecure with CLI (for advanced users only):
- kicksecure-cli-installer-cli
- kicksecure-cli-installer-cli --onion
- See tab 'Debian, Fedora and Derivatives'.
Ubuntu
- Minimum required version: Only Ubuntu Jammy (22.04) (LTS) has been tested.
- Lower versions will not work. Please release upgrade your Ubuntu version first.
- Higher stable Ubuntu versions will probably work.
- See tab 'Debian, Fedora and Derivatives'.
Other Linux Distributions
- The Kicksecure Linux Installer for VirtualBox is only supported for Debian, Fedora and their derivatives (such as Ubuntu, CentOS, RedHat or Kicksecure).
- See to learn more and get started with Kicksecure.
- Are you a developer? If your host operating system is unsupported, contributions to add support for Other Linux distributions are welcome.
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!