VirtualBox Installer for Linux

Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

The VirtualBox Linux Installer offers a user-friendly method to install VirtualBox on Linux systems.

It supports Debian, Fedora, and their derivatives such as Ubuntu (starting from version: Ubuntu Jammy (22.04) (LTS)), Linux Mint, RedHat, and Kicksecure.

Designed by Kicksecure developers, not Oracle (virtualbox.org).

TLS

1. Download.

curl --tlsv1.3 --output virtualbox-installer --url https://www.kicksecure.com/dist-installer-cli

Optional: Digital signature verification.

• Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
• Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
• Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.

Choose either Option A), Option B) or Option C).

Option A) Install the installer from the from the Kicksecure APT repository

By installing from the Kicksecure APT repository, no additional verification of the installer is required because APT automatically does that.

1. Add the Kicksecure APT repository.

See Kicksecure Packages for Debian Hosts .

2. Install package usability-misc.

Because it contains the Kicksecure Linux Installer.

Install package(s) usability-misc following these instructions

1 Platform specific notice.

• Kicksecure: No special notice.
• Kicksecure-Qubes: In Template.

2 Update the package lists and upgrade the system .

sudo apt update && sudo apt full-upgrade

3 Install the usability-misc package(s).

Using apt command line --no-install-recommends option is in most cases optional.

sudo apt install --no-install-recommends usability-misc

4 Platform specific notice.

• Kicksecure: No special notice.
• Kicksecure-Qubes: Shut down Template and restart App Qubes based on it as per Qubes Template Modification .

5 Done.

The procedure of installing package(s) usability-misc is complete.

3. Run the Kicksecure Linux Installer.

virtualbox-installer

4. Done.

Option B) Verify the Installer

The Linux Installer is signed by Kicksecure developer Patrick Schleizer using OpenPGP and signify.

Do you already how to perform digital software verification using an OpenPGP and/or signify key?

• Yes: Acquire the Signing Key and the signatures straight away and proceed.
• No: Consider the following instructions: Undocumented. Unspecific to Kicksecure.

• Installer
• OpenPGP signature
• Signify signature

signify:

signify-openbsd -Vp keyname.pub -m dist-installer-cli

Option C) Manual Installation without the Installer

1. There is no need to use the Kicksecure Linux Installer.

The user is not forced to use the Kicksecure Linux Installer.

2. Manually install Kicksecure for VirtualBox.

Use the manual Kicksecure for VirtualBox instructions instead of the Kicksecure Linux Installer.

3. Done

2. Run the installer.

bash ./virtualbox-installer

onion

1. System Tor Setup.

Downloading via an onion service requires a functional system Tor. This aspect is not specific to Kicksecure and is undocumented.

2. Download.

torsocks curl --output virtualbox-installer --url http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/dist-installer-cli

3. Run the installer.

bash ./virtualbox-installer --onion

More About the VirtualBox Linux Installer:

• Script Name Verification: The installer checks for valid script names, such as dist-installer-cli, virtualbox-installer , kicksecure-cli-installer-cli, kicksecure-xfce-installer-cli.
• Command-Line Parsing: It parses any command-line options provided.
• System Requirements Check: The installer assesses if the system meets prerequisites like adequate disk space, RAM, and virtualization support. Users are informed if any of these criteria aren't met.
• Package Installation: Necessary packages for the script's operation, like signify, curl, rsync, and vboxmanage (for VirtualBox users) are installed using the distribution's package manager (APT or DNF).
• Repository Settings:
  • Debian and Derivatives:
    • For bullseye (oldstable): Enables the Debian backports and fasttrack repositories.
    • For bookworm (stable): Same as above.
    • For trixie (testing): Enables the Debian unstable repository and configures APT pinning to prefer packages from testing over unstable so only VirtualBox gets installed from unstable and no other dependency packages are unnecessarily pulled from unstable.
    • For sid (unstable): Installs from Debian unstable repository.
  • Ubuntu: Installs from the Ubuntu repository. ^[1]
  • Fedora and Derivatives: Enables the virtualbox.org (Oracle) repository.
  • Updates: The preferred repository for VirtualBox installation may vary in the future based on availability. Updated installers might fetch VirtualBox from the Debian fasttrack repository, virtualbox.org (Oracle) repository, or the Kicksecure repository. (Kicksecure development discussion: VirtualBox Integration and Upgrades)
• Version Querying: If no version is specified via command line, the Kicksecure version number is fetched using the API. (Only if installing Kicksecure.) (Not for virtualbox-installer. ^[2])
• Virtual Machine Handling:
  • For previously imported VMs, users are prompted to boot the virtual system(s). (Not for virtualbox-installer. ^[2].)
  • For previously downloaded VM files, authenticity and integrity checks are run. (Not for virtualbox-installer. ^[2].)
  • For first-time users, the installer downloads the required files, conducts authenticity and integrity checks, imports the system(s), and then attempts to start the Virtual Machine(s). (Not for virtualbox-installer. ^[2].)
• Inform user if VMs are already running and abort installation. (Not for virtualbox-installer. ^[2].)

Additional Features:

• Download Resumption: Utilizes rsync internally to enable download resumption capabilities.
• Integrity Checking: Offers a streamlined integrity verification process, facilitated by rsync.
• Download from Oracle Repository: When using --oracle-repo command line option, downloads VirtualBox from Oracle repository. This is the default for Fedora-based distributions. It's optional for Debian-based ones (including Ubuntu) but may be set by developers in the future if the Debian repository discontinues the VirtualBox package. Might at times provide a newer VirtualBox version.
• Onion Support: Allows for downloads from onion sources with the --onion command line option whenever possible. (For example Oracle does not provide an onion repository.)
• Default Download Directory: Files are saved in the ~/dist-installer-cli-download folder.
• Logging Mechanics: For transparency, every command executed is logged in the download directory, accompanied by the specific script version used at the time.
• Transparent System Modifications: The installer’s operations are evident to the user. All persistent system alterations, especially those executed with administrative ("root") privileges, are prominently detailed in the installer's output.
• Documentation: Comprehensive details can be found in the dist-installer-cli man page.
• Checks: Nested Virtualization, secure boot enabled check.

Developer Information:

• Source Code: /usr/bin/dist-installer-cli, Continuous Integration Testing .github/workflows/builds.yml
• Development Wiki Page: Dev/Linux Installer
• Development Discussion: forums discussion
• Security: The dist-installer-cli script is not intended for curl bash piping. However, for a comprehensive discussion on security concerns related to this topic, see here.

Intended User Groups:

VirtualBox Installer for Linux only automates things which could, in principle, be done manually by the user. Advanced users will not see many advantages.

If the user can manage to install VirtualBox according to the instructions of their operating system, following Oracle's instructions on virtualbox.org/wiki/Linux_Downloads, using prebuilt packages for their operating system, Oracle's virtualbox.org provided packages, or even compiling VirtualBox from source code, there is little additional benefit to using this installer. The main benefit of the installer is that it resolves many usability issues users might experience during the installation of VirtualBox, which are as follows:

• Following provided instructions requires skills that many laymen users do not possess, such as:
  • Locating the installation instructions
  • Knowing what to download (whether to download prebuilt packages directly or add a package repository)
  • Understanding the requirements for dependency installations, such as kernel headers (which have different names depending on the distribution)
  • Knowing about packages like apt-transport-https and ca-certificates when using Debian and TLS
  • Installation of undocumented dependencies:
    • (udev)
    • kernel-devel (Fedora)
    • dkms (Fedora)
  • Editing files with root permissions, such as /etc/apt/sources.list
  • Recognizing the codename of their distribution and replacing <mydist> with it. Example: deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] https://download.virtualbox.org/virtualbox/debian <mydist> contrib
  • Avoiding the simple copying and pasting of outdated commands, like sudo apt-get install virtualbox-6.1, and replacing virtualbox-6.1 with virtualbox-7.1
  • Being aware of the existence of Debian backports or fasttrack
  • Adding a Linux user account to the Linux user group vboxusers (otherwise, using USB devices from VirtualBox VMs won't work)
• As of September 2023, when Debian 12 ("bookworm") was released as Debian stable, virtualbox.org does not provide packages or instructions on how to install VirtualBox on Debian testing, Debian unstable ("sid"), or Linux Mint.
  • Installing VirtualBox on Debian unstable is relatively straightforward since VirtualBox is available in Debian unstable. However, it's not in the main component but only in the contrib component.
  • Installing VirtualBox on Debian testing is not as straightforward. However, it can be done using APT pinning to download only VirtualBox from Debian sid and not install any other packages from sid. Only relatively advanced users are typically aware of APT pinning. The author of this text couldn't even find third-party instructions on search engines on how to achieve this.
• Users often encounter numerous package manager unmet dependency issues. For a demonstration, try the following search engine query: site:https://unix.stackexchange.com/ virtualbox unmet dependencies
• After Debian 12 ("bookworm") was released as Debian stable, VirtualBox was unavailable as prebuilt packages for approximately 6 months. (The ticket was created on Feb 27, 2023, and closed on Aug 16, 2023.)
  • Simultaneously, Debian did not provide prebuilt packages for roughly 3 months. However, this installer managed to install VirtualBox during that period. This was achieved by Kicksecure maintainers downloading VirtualBox from Debian testing, uploading it to the Kicksecure (Debian-based) stable repository, and the installer then installed VirtualBox from the Kicksecure repository.
• Sometimes, prebuilt packages from virtualbox.org fail to install. For reference, see this VirtualBox on Fedora bug report which also affected Debian.
  • This installer did not face this issue since it prioritizes packages from the user's distribution (like Debian) over prebuilt packages from virtualbox.org.
• Using distribution packages offers the added advantage of allowing users to install VirtualBox guest additions from the same source. This ensures version compatibility and increases the likelihood that features such as virtual screen size adjustment and seamless VM copy/paste will function as expected.
  • VirtualBox Guest Additions Debian Packages are not available from the Oracle Repository. Oracle provides only an installer, not distribution packages.
• A VirtualBox guest additions installer is not yet provided by Kicksecure developers, but it might be in the future.
• Installing VirtualBox on Debian is complex because VirtualBox is unavailable from both the Debian stable and backports (repository) and it's also unavailable from the Debian main (component).
  • It's preferable to avoid adding foreign sources (extra package repositories) from third parties if possible. In the case of Debian and VirtualBox, this is achievable by using Debian's lesser-known fasttrack repository.

• The installer verifies if virtualization support is present. If not, it warns the user and displays a clear message, including a link to detailed documentation.
  • (VT-x issues) This approach is more user-friendly than the cryptic error message displayed by VirtualBox.
• While VirtualBox is nice, it has some usability issues. The author of this wiki page wishes that there wasn't a need for a VirtualBox installer and hopes these issues will be addressed by Oracle.
  • For instance, if Oracle addressed the compilation toolchain software freedom issue and provided stable security support, then installing VirtualBox would be as simple as installing any other software package from distribution repositories. This would make distributions like Debian more inclined to host VirtualBox in their stable repository (and main component instead of contrib).
• As a theoretic alternative would be for users to possess enhanced technical skills, negating the need for assistance. However, in practice, laymen users often struggle even with comparatively simpler tasks. Refer, for instance, to this usability research, "Eliminating Stop-Points in the Installation and Use of Anonymity Systems: a Usability Evaluation of the Tor Browser Bundle", or to this "small usability research compilation".
• For technical reasons why the installer was implemented the way has been, see Dev/Linux_Installer, Design.

Related Tools:

• vbox-guest-installer (A utility that enhances usability by facilitating the installation of VirtualBox guest additions from Debian's (packages.debian.org) package virtualbox-guest-additions-iso.)

Disclaimer:

The VirtualBox Installer for Linux is a product of the Kicksecure developers. It is not associated with VirtualBox.org or Oracle.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!