3.1K
文章目錄
前言
Kali Linux 執行 apt update 遇到如下問題,大意是此把 GPG public key (ED444FF07D8D0BF6) expired (過期),導致數位簽章驗證有問題,這篇文章教你如何解決此問題。
$ sudo apt update [sudo] password for kali: Get:1 http://free.nchc.org.tw/kali kali-rolling InRelease [41.5 kB] Err:1 http://free.nchc.org.tw/kali kali-rolling InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]> Reading package lists... Done W: GPG error: http://free.nchc.org.tw/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]> E: The repository 'http://http.kali.org/kali kali-rolling InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
封面圖片出處: Kali Linux 2021.2 版本預設桌面。
問題檢視與解題思路
step 1
檢視 apt-key list,發現此把 pub key(ED444FF07D8D0BF6) 的效期至 2025/1/24,確認已過期 (expired)。
$ apt-key list
...
...
/etc/apt/trusted.gpg.d/kali-archive-keyring.gpg
-----------------------------------------------
pub rsa4096 2012-03-05 [SC] [expired: 2025-01-24]
44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
uid [ expired] Kali Linux Repository <[email protected]>step 2
檢視 /etc/apt/trusted.gpg.d/kali-archive-keyring.gpg 檔案,發現是軟連結至/usr/share/keyrings/kali-archive-keyring.gpg 檔案。
┌──(kali㉿kali)-[/etc/apt/trusted.gpg.d] └─$ ls -alFh total 76K drwxr-xr-x 2 root root 4.0K Aug 8 2022 ./ drwxr-xr-x 8 root root 4.0K Aug 8 2022 ../ -rw-r--r-- 1 root root 8.5K Feb 25 2021 debian-archive-bullseye-automatic.gpg -rw-r--r-- 1 root root 8.6K Feb 25 2021 debian-archive-bullseye-security-automatic.gpg -rw-r--r-- 1 root root 2.4K Feb 25 2021 debian-archive-bullseye-stable.gpg -rw-r--r-- 1 root root 8.0K Feb 25 2021 debian-archive-buster-automatic.gpg -rw-r--r-- 1 root root 8.0K Feb 25 2021 debian-archive-buster-security-automatic.gpg -rw-r--r-- 1 root root 2.3K Feb 25 2021 debian-archive-buster-stable.gpg -rw-r--r-- 1 root root 7.3K Feb 25 2021 debian-archive-stretch-automatic.gpg -rw-r--r-- 1 root root 7.3K Feb 25 2021 debian-archive-stretch-security-automatic.gpg -rw-r--r-- 1 root root 2.3K Feb 25 2021 debian-archive-stretch-stable.gpg lrwxrwxrwx 1 root root 44 Aug 8 2022 kali-archive-keyring.gpg -> /usr/share/keyrings/kali-archive-keyring.gpg
step 3
而 /usr/share/keyrings/kali-archive-keyring.gpg 檔案,是由 kali-archive-keyring 套件所安裝產生。
$ dpkg -L kali-archive-keyring /. /usr /usr/share /usr/share/doc /usr/share/doc/kali-archive-keyring /usr/share/doc/kali-archive-keyring/changelog.gz /usr/share/doc/kali-archive-keyring/copyright /usr/share/keyrings /usr/share/keyrings/kali-archive-keyring.gpg
解法
手動安裝最新版本的 kali-archive-keyring 套件,到 kali.org 的套件庫,去找最接近該年度的最新版本 kali-archive-keyring 套件,此處範例為 2024 版本。
$ wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2024.1_all.deb --2025-02-19 22:55:05-- https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2024.1_all.deb Resolving http.kali.org (http.kali.org)... 18.211.24.19 Connecting to http.kali.org (http.kali.org)|18.211.24.19|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://kali.download/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2024.1_all.deb [following] --2025-02-19 22:55:06-- https://kali.download/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2024.1_all.deb Resolving kali.download (kali.download)... 104.17.253.239, 104.17.254.239, 2606:4700::6811:feef, ... Connecting to kali.download (kali.download)|104.17.253.239|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 5008 (4.9K) [application/octet-stream] Saving to: ‘kali-archive-keyring_2024.1_all.deb’ kali-archive-keyring_2024.1_all.deb 100%[============================================================================>] 4.89K --.-KB/s in 0s
安裝 kali-archive-keyring_2024 套件。
$ sudo apt install ./kali-archive-keyring_2024.1_all.deb [sudo] password for kali: Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'kali-archive-keyring' instead of './kali-archive-keyring_2024.1_all.deb' The following packages will be upgraded: kali-archive-keyring 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/5,008 B of archives. After this operation, 0 B of additional disk space will be used. Get:1 /home/kali/kali-archive-keyring_2024.1_all.deb kali-archive-keyring all 2024.1 [5,008 B] (Reading database ... 338365 files and directories currently installed.) Preparing to unpack .../kali-archive-keyring_2024.1_all.deb ... Unpacking kali-archive-keyring (2024.1) over (2022.1) ... Setting up kali-archive-keyring (2024.1) ... Installed kali-archive-keyring as a trusted APT keyring.
再次執行 apt-key list ,確認該把 key (ED444FF07D8D0BF6) 的簽名效期,已展延至 2027/2/4
/etc/apt/trusted.gpg.d/kali-archive-keyring.gpg
-----------------------------------------------
pub rsa4096 2012-03-05 [SC] [expires: 2027-02-04]
44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
uid [ unknown] Kali Linux Repository <[email protected]>
sub rsa4096 2012-03-05 [E] [expires: 2027-02-04]參考來源
結語
Kali Linux 對於資安工作者而言,如同每天吃飯的工具般。更新 GPG key 套件,也可驗證所安裝套件的完整性。如果你喜歡我的文章,請你分享給你的好朋友。
對 Kali Linux 的中文化改裝有興趣,也可參考 打造 Kali Linux 2021 中文桌面環境(字型、中文輸入法) (Kali Linux 2024 也適用) 這篇。
