Kali Linux存储库的签名无效:“以下签名无效:EXPKEYSIG ED444FF07D8D0BF6 Kali Linux存储库”


25

尝试执行时,我无法更新我的Kali Linux,但出现apt-get update以下错误消息:

# apt-get update

Get:1 http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease
  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Reading package lists... Done
W: GPG error: http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
E: The repository 'http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

如果您需要我的内核版本:

# uname -a
4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2 (2017-11-08) x86_64 GNU/Linux

我怎样才能解决这个问题?

Answers:


33

添加gpg键:

gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6

检查指纹:

gpg --fingerprint 7D8D0BF6

样本输出:

pub   rsa4096 2012-03-05 [SC] [expires: 2021-02-03]
      44C6 513A 8E4F B3D3 0875  F758 ED44 4FF0 7D8D 0BF6
uid           [ unknown] Kali Linux Repository <devel@kali.org>
sub   rsa4096 2012-03-05 [E] [expires: 2021-02-03]

然后 :

gpg -a --export 7D8D0BF6 | apt-key add -
apt update

Debian:SecureApt

更新:2018年2月8日。

官方文件的答案

请注意,如果您有一段时间(tsk2)尚未更新您的Kali安装,您将收到有关存储库密钥已过期(ED444FF07D8D0BF6)的GPG错误。幸运的是,通过以超级用户身份运行以下命令,可以快速解决此问题:

wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add

16

使用以下命令下载kali软件包存储库的密钥:

wget -q -O - archive.kali.org/archive-key.asc | apt-key add

然后运行更新。


7

这是内置的。如果您已经使用过Kali的存储库,则无需从外部来源获取它:

$ sudo apt install kali-archive-keyring

我使用的系统将Kali添加到Debian库中,因此我必须指定发行版。您可以检查如下:

$ apt policy kali-archive-keyring
  Installed: 2015.2
  Candidate: 2015.2
  Version table:
     2018.1 1
          1 http://http.kali.org/kali kali-rolling/main amd64 Packages
          1 http://http.kali.org/kali kali-rolling/main i386 Packages
 *** 2015.2 100
        100 /var/lib/dpkg/status

$ sudo apt install kali-archive-keyring/kali-rolling

这样,您就不必盲目地相信自己正在导入正确的密钥以防止中间人攻击,因为新密钥是由存储库中的旧密钥签名的。


如果您还没有此存储库,因此无法获得此更新,则有两种选择:

1:转到https://http.kali.org/kali/pool/main/k/kali-archive-keyring/,下载.deb文件,然后通过安装dpkg -i kali-archive-keyring*.deb

2:仍然通过存储库添加它(在添加之前是“不安全的”):

$ sudo apt update -oAcquire::AllowInsecureRepositories=true
$ sudo apt install kali-archive-keyring
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  kali-archive-keyring
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,008 B of archives.
After this operation, 17.4 kB of additional space will be used.
Do you want to continue? [Y/n] 
WARNING: The following packages cannot be authenticated!
  kali-archive-keyring
Install these packages without verification? [y/N] y


1

以超级用户身份执行以下命令以解决您的问题:

wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
apt install ./kali-archive-keyring_2018.1_all.deb

这被捆绑到该软件包的版本,因此不再起作用。请参阅我的答案的第二部分,以了解如何更可靠地执行此方法。
亚当·卡兹

0

(重点不仅是解决问题,而且要知道为什么会出问题)。

如果您有一段时间(tsk2)尚未更新您的Kali安装,您将收到有关存储库密钥已过期(ED444FF07D8D0BF6)的GPG错误。幸运的是,通过以root身份运行以下命令可以快速解决此问题:

wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add

By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.