Fix “apt-get update” error and “apt-key list” error in WSL
Fix “apt-get update” error and “apt-key list” error in WSL
Any of these errors in Windows Subsystem for Linux (WSL) can be fixed using the solution in this article! They occur during running “apt-get update“, “apt update“, “apt-key list” or “apt-key update“.
Error 1:
Err:1 http://kali.download/kali kali-rolling InRelease
The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Error 2:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Error 3:
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Error 4:
W: Some index files failed to download. They have been ignored, or old ones used instead.
Error 5:
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation
The first 4 ERRORS were thrown after attempting to perform an update of a “Kali Linux Rolling” distribution on WSL. This was done just after running an install on Windows CMD as evident in the screenshot below;
wsl --list --online wsl --install --distribution kali-linux
The 4 errors referred to above occurred after running the following update commands as “root“;
apt-get update apt update
The last [5th] error occurred after running the following commands as “root“;
apt-key list apt-key update
What the 5th error means is that you cannot view the GPG keys installed in the WSL Kali Linux Rolling distro. What it also means is that you can as well NOT automatically fix the GPG Key && Signature Errors! You have to Know and Go the hard way. So, let’s get to it…
There are two methods to FIX the issues presented here:
[Method 1]
This 1st method involves downloading and adding a Trusted GPG key, manually placed in the right directory. To check for installed Trusted GPG keys, run;
ls /etc/apt/trusted.gpg.d/
Now, we need to download the latest Kali GPG key into the same directory as the above command. The command “wget” is used for that;
wget -O /etc/apt/trusted.gpg.d/archive-key-kali.asc https://archive.kali.org/archive-key.asc
Note that the above command throws an exception;
Resolving archive.kali.org (archive.kali.org)... 192.99.45.140, 64:ff9b::c063:2d8c Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected. ERROR: The certificate of 'archive.kali.org' is not trusted. ERROR: The certificate of 'archive.kali.org' has expired.
The reason for this is the TLS/SSL certificate in the URL. So, to fix this, change “https://” to “http://” to get;
wget -O /etc/apt/trusted.gpg.d/archive-key-kali.asc http://archive.kali.org/archive-key.asc
Now checking in the directory for Trusted GPG keys, “/etc/apt/trusted.gpg.d/” we can see that a new ASCII format key (.asc) file is present [archive-key-kali.asc];
ls /etc/apt/trusted.gpg.d/
archive-key-kali.asc
The screenshot below shows that now, “apt update” runs successfully;
apt update
[Proof of Concept]
To prove that the above fix actually worked, you can remove the .asc above and again try to run “apt update“. You should run into similar errors as before. Call this a Proof of Concept (PoC);
rm /etc/apt/trusted.gpg.d/archive-key-kali.asc apt update
[Method 2]
This 2nd method involves downloading and installing a KEYRING, automatically placed in the right directory. Start by downloading the keyring package, a Debian (.deb) file;
wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb
Next, install the package;
dpkg --install kali-archive-keyring_2022.1_all.deb
After successful installation, if curious about where the keyring was installed, run the following commands:
To check the details of the package, and most importantly the package name which you need to check the install location, run;
dpkg --info kali-archive-keyring_2022.1_all.deb
To list files/directories owned by the package, run;
dpkg -L kali-archive-keyring
From the results of the last command it is easy to locate the location of the keyring::
/usr/share/keyrings/kali-archive-keyring
Now running the “apt-get update” command, it should run successfully!
[Proof of Concept]
As previously done, you can perform a Proof of Concept (PoC) to determine if it is this specific keyring that worked.
We know that the actual name of the package is “kali-archive-keyring“. With this, we can completely remove the package and all its configurations using “dpkg” utility, then try to run “apt-get update” command (which should not complete successfully);
dpkg --purge kali-archive-keyring apt-get update
As seen above, the PoC works! Now, we can fix this using Method 1 above (and it must work, besides we have a PoC!);
wget -O /etc/apt/trusted.gpg.d/archive-key-kali.asc http://archive.kali.org/archive-key.asc
Now with the two methods working to eliminate “apt update” (“sudo apt update“) as well as “apt-get update” (or “sudo apt-get update“) errors, you can now update the list of your Windows Subsystem for Linux (WSL) distribution’s pakages and then perform a full upgrade;
apt full-upgrade sudo apt full-upgrade apt full-upgrade -y sudo apt full-upgrade -y
Fix “apt-get update” error and “apt-key list” error in WSL
Forum [ WSL ] | thetqweb