New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Closed
AliGhahraei opened this issue
Mar 16, 2021
· 5 comments
Labels
external
Issue exists outside of WSL components
Comments
Environment
Windows build number: Microsoft Windows [Version 10.0.21332.1010]
Your Distribution version: Kali GNU/Linux Rolling 2019.2 (recently installed).
Whether the issue is on WSL 2 and/or WSL 1: Linux version 5.4.72-microsoft-standard-WSL2 (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Wed Oct 28 23:40:43 UTC 2020
Steps to reproduce
-
Install Kali Linux using a preview build for the Windows Insiders Program:
wsl --install -d kali-linux
-
Launch Kali Linux and try to update:
sudo apt update
WSL logs: https://aka.ms/AAbk1ly
Expected behavior
The system downloads package information.
Actual behavior
The update fails with the following error:
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Fetched 30.5 kB in 1s (32.3 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.
Additional information
The Kali Linux team suggested a solution in their Twitter account, however that doesn’t work for the subsystem because it requires GnuPG and that package is not installed by default. However, it can be fixed by running:
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
As far as I know, this issue can be solved by updating the default installation keys.
Was able to reproduce. External the distro, which is not maintained by MSFT. Work-around seems to take.
For anyone running
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
And getting the following error:
--2021-11-03 10:03:43-- https://archive.kali.org/archive-key.asc Resolving archive.kali.org (archive.kali.org)... 192.99.45.140 Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of ‘archive.kali.org’ is not trusted. ERROR: The certificate of ‘archive.kali.org’ has expired.
This gets fixed by using http
instead of https
…
credit: https://gist.github.com/MooreDerek/23686fc29a22d4e1e88e3dd9055fbb07
After that run sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Then you can run sudo apt update
*edit: getting sudo «is your account locked?» errors after apt upgrade… This Kali installation on Win11 seems to be broken on so many sides…
installing kali linux from the Microsoft store instead of wsl --install -d kali-linux
fixed all of this…
Works for me this:
wget http://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
don’t use https. USE HTTP.
Then run the command, run apt update and done!
For anyone running
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
And getting the following error:
--2021-11-03 10:03:43-- https://archive.kali.org/archive-key.asc Resolving archive.kali.org (archive.kali.org)... 192.99.45.140 Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of ‘archive.kali.org’ is not trusted. ERROR: The certificate of ‘archive.kali.org’ has expired.
This gets fixed by using
http
instead ofhttps
…credit: https://gist.github.com/MooreDerek/23686fc29a22d4e1e88e3dd9055fbb07
After that run
sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Then you can run
sudo apt update
*edit: getting sudo «is your account locked?» errors after apt upgrade… This Kali installation on Win11 seems to be broken on so many sides…
installing kali linux from the Microsoft store instead of
wsl --install -d kali-linux
fixed all of this…
Thanks you so much!! Seriously 👍
You can also get rid of the certification error in wget by running it with a flag:
sudo wget --no-check-certificate https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
Labels
external
Issue exists outside of WSL components
Это встроено. Если вы уже используете репозитории Kali, вам не нужно получать его из внешнего источника:
$ sudo apt install kali-archive-keyring
Я использую систему, которая добавляет Kali в базу Debian, поэтому мне пришлось указать релиз. Вы можете проверить это следующим образом:
$ apt policy kali-archive-keyring
Installed: 2015.2
Candidate: 2015.2
Version table:
2018.1 1
1 http://http.kali.org/kali kali-rolling/main amd64 Packages
1 http://http.kali.org/kali kali-rolling/main i386 Packages
*** 2015.2 100
100 /var/lib/dpkg/status
$ sudo apt install kali-archive-keyring/kali-rolling
Таким образом, вам не нужно слепо полагать, что вы импортируете правильный ключ, чтобы предотвратить атаку «человек посередине», поскольку новый ключ подписан старым в репозитории.
Если у вас еще нет этого хранилища и, следовательно, вы не можете получить это обновление, у вас есть два варианта:
1: Перейдите на https://http.kali.org/kali/pool/main/k/kali-archive-keyring/ , загрузите файл .deb и установите его с помощьюdpkg -i kali-archive-keyring*.deb
2: В любом случае добавьте его через репозиторий (это «небезопасно», пока вы его не добавите):
$ sudo apt update -oAcquire::AllowInsecureRepositories=true
$ sudo apt install kali-archive-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
kali-archive-keyring
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,008 B of archives.
After this operation, 17.4 kB of additional space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
kali-archive-keyring
Install these packages without verification? [y/N] y
…
This is built in. If you already use Kali’s repos, you don’t need to get it from an external source:
$ sudo apt install kali-archive-keyring
I’m using a system that adds Kali to a Debian base, so I had to specify the release. You can check that as follows:
$ apt policy kali-archive-keyring
Installed: 2015.2
Candidate: 2015.2
Version table:
2018.1 1
1 http://http.kali.org/kali kali-rolling/main amd64 Packages
1 http://http.kali.org/kali kali-rolling/main i386 Packages
*** 2015.2 100
100 /var/lib/dpkg/status
$ sudo apt install kali-archive-keyring/kali-rolling
This way, you don’t have to blindly trust that you’re importing the right key in order to prevent a man-in-the-middle attack since the new key is signed by the old one within the repository.
Update: Here’s an /etc/apt/sources.list.d/kali.list and /etc/apt/preferences.d/kali-repos.pref, designed to be secondary to another distribution (like Debian), that’ll avoid this issue in the future.
If you don’t already have this repository and therefore can’t get this update, you have two choices:
1: Go to https://http.kali.org/kali/pool/main/k/kali-archive-keyring/, download the .deb file, and install it via dpkg -i kali-archive-keyring*.deb
2: Add it via the repository anyway (it’s «insecure» until you add it, though you’re at least protected by the HTTPS download in the prior step):
$ sudo apt update -oAcquire::AllowInsecureRepositories=true
$ sudo apt install kali-archive-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
kali-archive-keyring
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,008 B of archives.
After this operation, 17.4 kB of additional space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
kali-archive-keyring
Install these packages without verification? [y/N] y
…
You’re now synced with the first part of this answer. Consider using the kali.list and kali-repos.pref I linked there so you don’t repeat this problem.
This is built in. If you already use Kali’s repos, you don’t need to get it from an external source:
$ sudo apt install kali-archive-keyring
I’m using a system that adds Kali to a Debian base, so I had to specify the release. You can check that as follows:
$ apt policy kali-archive-keyring
Installed: 2015.2
Candidate: 2015.2
Version table:
2018.1 1
1 http://http.kali.org/kali kali-rolling/main amd64 Packages
1 http://http.kali.org/kali kali-rolling/main i386 Packages
*** 2015.2 100
100 /var/lib/dpkg/status
$ sudo apt install kali-archive-keyring/kali-rolling
This way, you don’t have to blindly trust that you’re importing the right key in order to prevent a man-in-the-middle attack since the new key is signed by the old one within the repository.
Update: Here’s an /etc/apt/sources.list.d/kali.list and /etc/apt/preferences.d/kali-repos.pref, designed to be secondary to another distribution (like Debian), that’ll avoid this issue in the future.
If you don’t already have this repository and therefore can’t get this update, you have two choices:
1: Go to https://http.kali.org/kali/pool/main/k/kali-archive-keyring/, download the .deb file, and install it via dpkg -i kali-archive-keyring*.deb
2: Add it via the repository anyway (it’s «insecure» until you add it, though you’re at least protected by the HTTPS download in the prior step):
$ sudo apt update -oAcquire::AllowInsecureRepositories=true
$ sudo apt install kali-archive-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
kali-archive-keyring
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,008 B of archives.
After this operation, 17.4 kB of additional space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
kali-archive-keyring
Install these packages without verification? [y/N] y
…
You’re now synced with the first part of this answer. Consider using the kali.list and kali-repos.pref I linked there so you don’t repeat this problem.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Closed
AliGhahraei opened this issue
Mar 16, 2021
· 5 comments
Labels
external
Issue exists outside of WSL components
Comments
Environment
Windows build number: Microsoft Windows [Version 10.0.21332.1010]
Your Distribution version: Kali GNU/Linux Rolling 2019.2 (recently installed).
Whether the issue is on WSL 2 and/or WSL 1: Linux version 5.4.72-microsoft-standard-WSL2 (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Wed Oct 28 23:40:43 UTC 2020
Steps to reproduce
-
Install Kali Linux using a preview build for the Windows Insiders Program:
wsl --install -d kali-linux
-
Launch Kali Linux and try to update:
sudo apt update
WSL logs: https://aka.ms/AAbk1ly
Expected behavior
The system downloads package information.
Actual behavior
The update fails with the following error:
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Fetched 30.5 kB in 1s (32.3 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.
Additional information
The Kali Linux team suggested a solution in their Twitter account, however that doesn’t work for the subsystem because it requires GnuPG and that package is not installed by default. However, it can be fixed by running:
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
As far as I know, this issue can be solved by updating the default installation keys.
Was able to reproduce. External the distro, which is not maintained by MSFT. Work-around seems to take.
For anyone running
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
And getting the following error:
--2021-11-03 10:03:43-- https://archive.kali.org/archive-key.asc Resolving archive.kali.org (archive.kali.org)... 192.99.45.140 Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of ‘archive.kali.org’ is not trusted. ERROR: The certificate of ‘archive.kali.org’ has expired.
This gets fixed by using http
instead of https
…
credit: https://gist.github.com/MooreDerek/23686fc29a22d4e1e88e3dd9055fbb07
After that run sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Then you can run sudo apt update
*edit: getting sudo «is your account locked?» errors after apt upgrade… This Kali installation on Win11 seems to be broken on so many sides…
installing kali linux from the Microsoft store instead of wsl --install -d kali-linux
fixed all of this…
Works for me this:
wget http://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
don’t use https. USE HTTP.
Then run the command, run apt update and done!
For anyone running
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
And getting the following error:
--2021-11-03 10:03:43-- https://archive.kali.org/archive-key.asc Resolving archive.kali.org (archive.kali.org)... 192.99.45.140 Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of ‘archive.kali.org’ is not trusted. ERROR: The certificate of ‘archive.kali.org’ has expired.
This gets fixed by using
http
instead ofhttps
…credit: https://gist.github.com/MooreDerek/23686fc29a22d4e1e88e3dd9055fbb07
After that run
sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Then you can run
sudo apt update
*edit: getting sudo «is your account locked?» errors after apt upgrade… This Kali installation on Win11 seems to be broken on so many sides…
installing kali linux from the Microsoft store instead of
wsl --install -d kali-linux
fixed all of this…
Thanks you so much!! Seriously 👍
You can also get rid of the certification error in wget by running it with a flag:
sudo wget --no-check-certificate https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
Labels
external
Issue exists outside of WSL components
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Closed
AliGhahraei opened this issue
Mar 16, 2021
· 5 comments
Labels
external
Issue exists outside of WSL components
Comments
Environment
Windows build number: Microsoft Windows [Version 10.0.21332.1010]
Your Distribution version: Kali GNU/Linux Rolling 2019.2 (recently installed).
Whether the issue is on WSL 2 and/or WSL 1: Linux version 5.4.72-microsoft-standard-WSL2 (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Wed Oct 28 23:40:43 UTC 2020
Steps to reproduce
-
Install Kali Linux using a preview build for the Windows Insiders Program:
wsl --install -d kali-linux
-
Launch Kali Linux and try to update:
sudo apt update
WSL logs: https://aka.ms/AAbk1ly
Expected behavior
The system downloads package information.
Actual behavior
The update fails with the following error:
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Fetched 30.5 kB in 1s (32.3 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
W: Some index files failed to download. They have been ignored, or old ones used instead.
Additional information
The Kali Linux team suggested a solution in their Twitter account, however that doesn’t work for the subsystem because it requires GnuPG and that package is not installed by default. However, it can be fixed by running:
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
As far as I know, this issue can be solved by updating the default installation keys.
Was able to reproduce. External the distro, which is not maintained by MSFT. Work-around seems to take.
For anyone running
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
And getting the following error:
--2021-11-03 10:03:43-- https://archive.kali.org/archive-key.asc Resolving archive.kali.org (archive.kali.org)... 192.99.45.140 Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of ‘archive.kali.org’ is not trusted. ERROR: The certificate of ‘archive.kali.org’ has expired.
This gets fixed by using http
instead of https
…
credit: https://gist.github.com/MooreDerek/23686fc29a22d4e1e88e3dd9055fbb07
After that run sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Then you can run sudo apt update
*edit: getting sudo «is your account locked?» errors after apt upgrade… This Kali installation on Win11 seems to be broken on so many sides…
installing kali linux from the Microsoft store instead of wsl --install -d kali-linux
fixed all of this…
Works for me this:
wget http://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
don’t use https. USE HTTP.
Then run the command, run apt update and done!
For anyone running
wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
And getting the following error:
--2021-11-03 10:03:43-- https://archive.kali.org/archive-key.asc Resolving archive.kali.org (archive.kali.org)... 192.99.45.140 Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of ‘archive.kali.org’ is not trusted. ERROR: The certificate of ‘archive.kali.org’ has expired.
This gets fixed by using
http
instead ofhttps
…credit: https://gist.github.com/MooreDerek/23686fc29a22d4e1e88e3dd9055fbb07
After that run
sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Then you can run
sudo apt update
*edit: getting sudo «is your account locked?» errors after apt upgrade… This Kali installation on Win11 seems to be broken on so many sides…
installing kali linux from the Microsoft store instead of
wsl --install -d kali-linux
fixed all of this…
Thanks you so much!! Seriously 👍
You can also get rid of the certification error in wget by running it with a flag:
sudo wget --no-check-certificate https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc
Labels
external
Issue exists outside of WSL components
Это встроено. Если вы уже используете репозитории Kali, вам не нужно получать его из внешнего источника:
$ sudo apt install kali-archive-keyring
Я использую систему, которая добавляет Kali в базу Debian, поэтому мне пришлось указать релиз. Вы можете проверить это следующим образом:
$ apt policy kali-archive-keyring
Installed: 2015.2
Candidate: 2015.2
Version table:
2018.1 1
1 http://http.kali.org/kali kali-rolling/main amd64 Packages
1 http://http.kali.org/kali kali-rolling/main i386 Packages
*** 2015.2 100
100 /var/lib/dpkg/status
$ sudo apt install kali-archive-keyring/kali-rolling
Таким образом, вам не нужно слепо полагать, что вы импортируете правильный ключ, чтобы предотвратить атаку «человек посередине», поскольку новый ключ подписан старым в репозитории.
Если у вас еще нет этого хранилища и, следовательно, вы не можете получить это обновление, у вас есть два варианта:
1: Перейдите на https://http.kali.org/kali/pool/main/k/kali-archive-keyring/ , загрузите файл .deb и установите его с помощьюdpkg -i kali-archive-keyring*.deb
2: В любом случае добавьте его через репозиторий (это «небезопасно», пока вы его не добавите):
$ sudo apt update -oAcquire::AllowInsecureRepositories=true
$ sudo apt install kali-archive-keyring
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
kali-archive-keyring
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,008 B of archives.
After this operation, 17.4 kB of additional space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
kali-archive-keyring
Install these packages without verification? [y/N] y
…
-
Expired certificate archive.kali.org
Hi guys,
it seems that the certificate provided by https://archive.kali.org got expired. I get the following:
archive.kali.org uses an invalid security certificate. The certificate expired on 7.12.2016 15:59. The current time is 7.12.2016 18:48.
Error code: SEC_ERROR_EXPIRED_CERTIFICATEDo you observe the same behaviour ?
-
I’d report this over at bugs.kali.org, so the Kali dev team is aware.
-
Thanks for confirming this, I thought it was only me.
-
No problem, wasn’t specific in my first post, but I saw that error as well.
Это встроенная функция. Если вы уже используете репозитории Kali, вам не нужно получать его из внешнего источника:
Я’использую систему, которая добавляет Kali к базе Debian, поэтому мне пришлось указать релиз. Вы можете проверить это следующим образом:
Таким образом, вам не придется слепо доверять тому, что вы импортируете правильный ключ, чтобы предотвратить атаку «человек посередине», поскольку новый ключ подписывается старым в репозитории.
Если у вас еще нет этого репозитория и поэтому вы не можете получить это обновление, у вас есть два варианта:
1: Зайдите на https://http.kali.org/kali/pool/main/k/kali-archive-keyring/, скачайте .deb файл и установите его через dpkg -i kali-archive-keyring*.deb
.
2: Все равно добавить его через репозиторий (он «небезопасен», пока вы его не добавите):
«none
$ sudo apt update -oAcquire::AllowInsecureRepositories=true
$ sudo apt install kali-archive-keyring
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Будут установлены следующие НОВЫЕ пакеты:
kali-archive-keyring
0 обновлено, 1 установлен заново, 0 удалено и 0 не обновлено.
Необходимо получить 7,008 Б архивов.
После этой операции будет использовано 17,4 кБ дополнительного пространства.
Вы хотите продолжить? [Y/n].
ПРЕДУПРЕЖДЕНИЕ: Следующие пакеты не могут быть аутентифицированы!
kali-archive-keyring
Установить эти пакеты без проверки? [y/N] y
…