apt-get update issue in Kali
Solution 1
Yes, there appears to be issues with Kali Linux WSL (not downloaded from Microsoft Store).
The Kali archive keys appear to be missing and cannot be installed using apt-add key
since it relies on GnuPG, which cannot be installed using apt
, since the signatures cannot be verified.
The best solution is the one submitted by Jim which installed the Kali archive keys from a Debian package. Once this is done apt update
and apt upgrade
will work.
- Download the Debian package for the Kali archive keys
wget -O kali-archive-keyring_2020.2_all.deb https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb
- Install the Kali archive key package
sudo dpkg -i kali-archive-keyring_2020.2_all.deb
- Update list of available packages from Kali repo
sudo apt update
- Upgrade the WSL system
sudo apt full-upgrade
Solution 2
I did not alter /etc/apt/sources.list
.
I solved the "An error occurred during the signature verification" with the following commands (run from root):
wget --no-check-certificate https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb
dpkg -i kali-archive-keyring_2020.2_all.deb
apt update
Solution 3
Manually download and install the needed package to verify the signature:
wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb
sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Then apt update
and apt upgrade
should work as expected.
Solution 4
if you encounter any 404 error messages when trying to download the keyring, please try the following:
Update 2022
for convenience reasons: the current keyring file changed, use the following commands:
# download
wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb
# install
sudo dpkg -i kali-archive-keyring_2022.1_all.deb
# remove downloaded file again
rm kali-archive-keyring_2022.1_all.deb
# update
sudo apt-get update
Related videos on Youtube
Kenobium
Updated on September 18, 2022Comments
-
Kenobium over 1 year
I'm running Kali Linux in WSL2. It's a new installation (using
wsl --install
) but when I try toapt-get update
I get the following error:W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://mirrors.jevincanders.net/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]> W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]> W: Some index files failed to download. They have been ignored, or old ones used instead.
Now I've seen other questions that suggest an
apt-key
command to fix this. However, this throws another error:E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation
I can't install gnupg because I haven't run
apt update
yet. What am I supposed to do here?-
fuzzydrawrings about 3 yearsWhich apt-key command did you run? GnuPG should already be installed by default (and indeed the initial output about signatures shows GPG is installed).
-
Kenobium about 3 years@fuzzydrawings this is the specific one I used:
wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add
-
Ruby about 3 yearsif you can't use apt may try downloading a compatible version of gnupg from debian package archive and then install the downloaded package with dpkg
-
-
fpnick almost 3 yearsPlease elaborate a little on what your answer is doing so that everyone can learn a little from it :)
-
winklerrr almost 3 yearsWhat to do when your organization blocked Microsoft Store? Microsoft itself recommends to install the distribution then manually.
-
Ramhound almost 3 years@fpnick - It downloads and installs the Debian package.
-
Cornea Valentin over 2 yearsthank you it works now
-
user3384842 over 2 yearsThis answer is the one that worked for me. The important difference is that I needed to include
--no-check-certificate
in the wget command. -
thistleknot over 2 yearsthis method worked, but I had to download the file using firefox vs wget (with that line)
-
Ananiya Jemberu over 2 yearsthanks it work actually make sure
--no-check-certificate
so you won't get expiry issue -
Community over 2 yearsAs it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
-
Community over 2 yearsYour answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.