apt-get update issue in Kali

linux kali-linux gnupg apt

18,279

Solution 1

Yes, there appears to be issues with Kali Linux WSL (not downloaded from Microsoft Store).

The Kali archive keys appear to be missing and cannot be installed using apt-add key since it relies on GnuPG, which cannot be installed using apt, since the signatures cannot be verified.

The best solution is the one submitted by Jim which installed the Kali archive keys from a Debian package. Once this is done apt update and apt upgrade will work.

Download the Debian package for the Kali archive keys wget -O kali-archive-keyring_2020.2_all.deb https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb
Install the Kali archive key package sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Update list of available packages from Kali repo sudo apt update
Upgrade the WSL system sudo apt full-upgrade

Solution 2

I did not alter /etc/apt/sources.list.

I solved the "An error occurred during the signature verification" with the following commands (run from root):

wget --no-check-certificate https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb

dpkg -i kali-archive-keyring_2020.2_all.deb

apt update

Solution 3

Manually download and install the needed package to verify the signature:

wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb
sudo dpkg -i kali-archive-keyring_2020.2_all.deb

Then apt update and apt upgrade should work as expected.

Solution 4

if you encounter any 404 error messages when trying to download the keyring, please try the following:

Update 2022

for convenience reasons: the current keyring file changed, use the following commands:

# download
wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb
# install
sudo dpkg -i kali-archive-keyring_2022.1_all.deb
# remove downloaded file again
rm kali-archive-keyring_2022.1_all.deb
# update
sudo apt-get update

View more solutions

18,279

Kenobium

Updated on September 18, 2022

Comments

Kenobium over 1 year
I'm running Kali Linux in WSL2. It's a new installation (using wsl --install) but when I try to apt-get update I get the following error:
```
W: An error occurred during the signature verification. The repository is not updated and the previous 
index files will be used. GPG error: http://mirrors.jevincanders.net/kali kali-rolling InRelease: The 
following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease  The following signatures 
were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.
```
Now I've seen other questions that suggest an apt-key command to fix this. However, this throws another error:
```
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation
```
I can't install gnupg because I haven't run apt update yet. What am I supposed to do here?
- fuzzydrawrings about 3 years
  
  Which apt-key command did you run? GnuPG should already be installed by default (and indeed the initial output about signatures shows GPG is installed).
- Kenobium about 3 years
  
  @fuzzydrawings this is the specific one I used: wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add
- Ruby about 3 years
  
  if you can't use apt may try downloading a compatible version of gnupg from debian package archive and then install the downloaded package with dpkg
fpnick almost 3 years

Please elaborate a little on what your answer is doing so that everyone can learn a little from it :)
winklerrr almost 3 years

What to do when your organization blocked Microsoft Store? Microsoft itself recommends to install the distribution then manually.
Ramhound almost 3 years

@fpnick - It downloads and installs the Debian package.
Cornea Valentin over 2 years

thank you it works now
user3384842 over 2 years

This answer is the one that worked for me. The important difference is that I needed to include --no-check-certificate in the wget command.
thistleknot over 2 years

this method worked, but I had to download the file using firefox vs wget (with that line)
Ananiya Jemberu over 2 years

thanks it work actually make sure --no-check-certificate so you won't get expiry issue
Community over 2 years

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
Community over 2 years

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.