Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kali Linux cannot be updated due to invalid signatures #6681

Closed
AliGhahraei opened this issue Mar 16, 2021 · 5 comments
Closed

Kali Linux cannot be updated due to invalid signatures #6681

AliGhahraei opened this issue Mar 16, 2021 · 5 comments
Labels
external Issue exists outside of WSL components

Comments

@AliGhahraei
Copy link

AliGhahraei commented Mar 16, 2021
edited
Loading

Environment

Windows build number: Microsoft Windows [Version 10.0.21332.1010]
Your Distribution version: Kali GNU/Linux Rolling 2019.2 (recently installed).
Whether the issue is on WSL 2 and/or WSL 1: Linux version 5.4.72-microsoft-standard-WSL2 (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Wed Oct 28 23:40:43 UTC 2020

Steps to reproduce

  1. Install Kali Linux using a preview build for the Windows Insiders Program:
    wsl --install -d kali-linux

  2. Launch Kali Linux and try to update:
    sudo apt update

WSL logs: https://aka.ms/AAbk1ly

Expected behavior

The system downloads package information.

Actual behavior

The update fails with the following error:

Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Fetched 30.5 kB in 1s (32.3 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.

Additional information

The Kali Linux team suggested a solution in their Twitter account, however that doesn't work for the subsystem because it requires GnuPG and that package is not installed by default. However, it can be fixed by running:

wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc

As far as I know, this issue can be solved by updating the default installation keys.
@therealkenc
Copy link
Collaborator

Was able to reproduce. External the distro, which is not maintained by MSFT. Work-around seems to take.

image

@therealkenc therealkenc added the external Issue exists outside of WSL components label Mar 17, 2021
@Stef16Robbe
Copy link

Stef16Robbe commented Nov 3, 2021
edited
Loading

For anyone running

wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc

And getting the following error:

--2021-11-03 10:03:43-- https://archive.kali.org/archive-key.asc Resolving archive.kali.org (archive.kali.org)... 192.99.45.140 Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of ‘archive.kali.org’ is not trusted. ERROR: The certificate of ‘archive.kali.org’ has expired.

This gets fixed by using http instead of https...

credit: https://gist.github.com/MooreDerek/23686fc29a22d4e1e88e3dd9055fbb07

After that run sudo dpkg -i kali-archive-keyring_2020.2_all.deb

Then you can run sudo apt update

*edit: getting sudo "is your account locked?" errors after apt upgrade... This Kali installation on Win11 seems to be broken on so many sides...

installing kali linux from the Microsoft store instead of wsl --install -d kali-linux fixed all of this...

@mateofumis
Copy link

Works for me this:
wget http://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc

don't use https. USE HTTP.
Then run the command, run apt update and done!

@mateofumis
Copy link

For anyone running

wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc

And getting the following error:

--2021-11-03 10:03:43-- https://archive.kali.org/archive-key.asc Resolving archive.kali.org (archive.kali.org)... 192.99.45.140 Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of ‘archive.kali.org’ is not trusted. ERROR: The certificate of ‘archive.kali.org’ has expired.

This gets fixed by using http instead of https...

credit: https://gist.github.com/MooreDerek/23686fc29a22d4e1e88e3dd9055fbb07

After that run sudo dpkg -i kali-archive-keyring_2020.2_all.deb

Then you can run sudo apt update

*edit: getting sudo "is your account locked?" errors after apt upgrade... This Kali installation on Win11 seems to be broken on so many sides...

installing kali linux from the Microsoft store instead of wsl --install -d kali-linux fixed all of this...

Thanks you so much!! Seriously 👍

@marcotulio956
Copy link

marcotulio956 commented Apr 5, 2022
edited
Loading

You can also get rid of the certification error in wget by running it with a flag:
sudo wget --no-check-certificate https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc

@DoubleStrike DoubleStrike mentioned this issue Jul 13, 2022
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
external Issue exists outside of WSL components
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@therealkenc @AliGhahraei @marcotulio956 @Stef16Robbe @mateofumis