Install Newer Versions of VirtualBox

From Kicksecure
Jump to navigation Jump to search

This wiki page documents how to install different versions of VirtualBox from sources other than the default repositories, such as Debian unstable or directly from the developers of VirtualBox.

Security Considerations[edit]

If using Kicksecure inside a virtual machine (VM), the virtualization platform is an essential component of a secure Kicksecure system. A vulnerable virtualizer may provide opportunities for attackers to perform a breakout from a virtual machine in order to undo the security by isolation features that Kicksecure provides. The decision to install an alternative virtualizer should not be taken lightly.

The two methods described below to install VirtualBox are safer than downloading, verifying, and installing binaries manually.

See also recommended VirtualBox version.

Newer VirtualBox Version[edit]

Choose the instillation source, either Install from VirtualBox.org Repository or Install VirtualBox from Debian Unstable.

Install from VirtualBox.org Repository

Warning: this procedure will install a foreign software source.

Discouraged: Use the recommended VirtualBox version instead. [1]

Info: The Self Support First Policy applies to this procedure.

The latest Oracle VirtualBox package information can be found herearchive.org.

Optional: To find out which version is available from the VirtualBox.org APT Repository, please press expand on the right side.

1. Adding the VirtualBox.org APT repository.

Choose either: A, B OR C.

A: Use VirtualBox Installer by Kicksecure Developers

2. Learn more about, acquire the Use VirtualBox Installer by Kicksecure Developers.

3. Run it with with option --oracle-repo.

This will result in installation of VirtualBox from the Oracle (VirtualBox.org repository).

bash ./virtualbox-installer --oracle-repo

4. Review the output of the VirtualBox Installer.

5. VirtualBox installation complete.

6. Move on to step C below.

B: Use extrepo to add VirtualBox.org APT Repository

Step 1

Install package(s) extrepo following these instructions

1 Platform specific notice.

2 Update the package lists and upgrade the system The Web Archive Onion Version .

sudo apt update && sudo apt full-upgrade

3 Install the extrepo package(s).

Using apt command line --no-install-recommends option The Web Archive Onion Version is in most cases optional.

sudo apt install --no-install-recommends extrepo

4 Platform specific notice.

5 Done.

The procedure of installing package(s) extrepo is complete.

Step 2 Open file /etc/extrepo/config.yaml in an editor with root rights.

Kicksecure

This box uses sudoedit for better security.

sudoedit /etc/extrepo/config.yaml

Kicksecure for Qubes

NOTES:

sudoedit /etc/extrepo/config.yaml

  • After applying this change, shutdown the Template.
  • All App Qubes based on the Template need to be restarted if they were already running.
  • This is a general procedure required for Qubes and unspecific to Kicksecure for Qubes.

Others and Alternatives

  • This is just an example. Other tools could achieve the same goal.
  • If this example does not work for you or if you are not using Kicksecure, please refer to this link.

sudoedit /etc/extrepo/config.yaml

Step 3 Paste at the end.

- contrib - non-free

[2]

Step 4 Save and exit.

Step 5 Use extrepo to enable the VirtualBox.org APT repository.

sudo extrepo enable virtualbox

If everything goes well, extrepo will just print some empty lines.

Step 6 Done.

Adding the VirtualBox.org APT repository has been completed.

C: Manually add VirtualBox.org APT Repository

Step A Add the Oracle apt sources list.

Make sure to change bookworm to the current name of your stable distribution.

echo "deb [signed-by=/usr/share/keyrings/virtualbox-archive-keyring.asc] https://download.virtualbox.org/virtualbox/debian $(lsb_release -sc) contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list

Step B Add Oracle's signing key to APT keyring.

Step 1 Securely download the key.

curl --tlsv1.3 --remote-name --tlsv1.2 https://www.virtualbox.org/download/oracle_vbox_2016.asc

Step 2 Display the key's fingerprint.

gpg --keyid-format long --import --import-options show-only --with-fingerprint oracle_vbox_2016.asc

Step 3 Verify the fingerprint.

The most important check is confirming the key fingerprint exactly matches the output below.

Key fingerprint = B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF

Warning:

Do not continue if the fingerprint does not match -- this risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

Step 4 Add the signing key.

sudo cp oracle_vbox_2016.asc /usr/share/keyrings/virtualbox-archive-keyring.asc

Step 5 Done.

The key has been added to the keyring.

Continue VirtualBox installation depending on option chosen above.

  • A: Do not press on expand. Skip to Step C below.
  • B and C: Needed. Press on expand on the right side.

2. Update and Install VirtualBox.

A. Update the package lists.

sudo apt update

B. Install VirtualBox and Linux Kernel Headers, which are a dependency.

sudo apt install virtualbox-7.1 linux-headers-$(uname -r)

C. Update VirtualBox guest additions.

Note: After upgrading the VirtualBox host version, this might cause issues with the guest VMs such as broken VM size adjustment (full screen) [3] unless the VirtualBox guest additions are also upgraded inside your virtual machine.

This is currently not the case at time of writing in August 2023. If this happens, then you could try Migration to Oracle Style VirtualBox Guest Additions.

D. Done.

Installation of VirtualBox from VirtualBox.org Repository has been completed.

Install VirtualBox from Debian Unstable

Unknown if currently possible. [4]

Discouraged: Use the recommended VirtualBox version instead. [5]

Footnotes[edit]

    • Security: Because using a foreign software source.
    • Usability: Can lead to different VirtualBox host virtualization software version than VirtualBox Guest Additions version, which can lead to broken guest additions.
    • Stability: Not packaged, tested by Debian. Not the same version which most other Kicksecure users are using.
  1. The following comments in that file...
    # - contrib
    # - non-free
    

    ...could be deleted but that is completely optional.

  2. Problems after upgrading Kicksecure - cannot full size Kicksecure screenarchive.org
  3. Was not possible as of Debian buster. Dependencies such as for package glibc were too new. This meant a host of updated dependencies from Debian unstable were pulled and mixed with Debian stable, often leading to many issues including system instability.
  4. Because unknown if currently possible and can lead to system instability.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!