使用apt update时如何忽略签名?

使用apt update时如何忽略签名?

我正在使用 Kali for Windows(长话短说),由于签名无效,我似乎无法安装任何东西。该gpg工具甚至没有安装,所以我无法使用它gpg来验证签名。

我尝试过以下方法,但没有运气:

# sudo apt -o Acquire::AllowInsecureRepositories=true \
> -o Acquire::AllowDowngradeToInsecureRepositories=true \
> update
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.

我也尝试过以下方法,但也出现错误:

# wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation

答案1

如果您遇到此问题是因为您直接将 Kali for WSL 下载为 .appx 软件包(不是从 MS Store) - 我在另一篇文章中读到该软件包似乎已损坏。 (MS Store 版本对我来说没有问题)

但是,如果您无权访问 MS Store——要解决无效签名的具体问题——以下方法对我有用:

wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb

apt install ./kali-archive-keyring_2020.2_all.deb

作为 root(或使用 sudo),第二个命令在最后抛出一个错误,可以忽略。之后 apt-get update 就可以正常工作了。

如果kali-archive-keyring_2020.2_all.deb已更新,您可以在此处查看新版本并修改链接: https://http.kali.org/kali/pool/main/k/kali-archive-keyring/

相关内容