Fix “apt-get update” error and “apt-key list” error in WSL

Fix “apt-get update” error and “apt-key list” error in WSL

 

Any of these errors in Windows Subsystem for Linux (WSL) can be fixed using the solution in this article! They occur during running “apt-get update“, “apt update“, “apt-key list” or “apt-key update“.

Error 1:

Err:1 http://kali.download/kali kali-rolling InRelease
The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>

Error 2:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>

Error 3:

W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>

Error 4:

W: Some index files failed to download. They have been ignored, or old ones used instead.

Error 5:

E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation

 

The first 4 ERRORS were thrown after attempting to perform an update of a “Kali Linux Rolling” distribution on WSL. This was done just after running an install on Windows CMD as evident in the screenshot below;

wsl --list --online
wsl --install --distribution kali-linux

kali-linux-rolling-on-wsl-thetqweb

 

The 4 errors referred to above occurred after running the following update commands as “root“;

apt-get update
apt update

apt-get-update-error-wsl-thetqweb

The last [5th] error occurred after running the following commands as “root“;

apt-key list
apt-key update

apt-key-update-error-wsl-thetqweb

What the 5th error means is that you cannot view the GPG keys installed in the WSL Kali Linux Rolling distro. What it also means is that you can as well NOT automatically fix the GPG Key && Signature Errors! You have to Know and Go the hard way. So, let’s get to it…

 

There are two methods to FIX the issues presented here:

[Method 1]

This 1st method involves downloading and adding a Trusted GPG key, manually placed in the right directory. To check for installed Trusted GPG keys, run;

ls /etc/apt/trusted.gpg.d/

Now, we need to download the latest Kali GPG key into the same directory as the above command. The command “wget” is used for that;

wget -O /etc/apt/trusted.gpg.d/archive-key-kali.asc https://archive.kali.org/archive-key.asc

Note that the above command throws an exception;

method-1-wget-https-archive-key-asc-wsl-thetqweb

Resolving archive.kali.org (archive.kali.org)... 192.99.45.140, 64:ff9b::c063:2d8c
Connecting to archive.kali.org (archive.kali.org)|192.99.45.140|:443... connected.
ERROR: The certificate of 'archive.kali.org' is not trusted.
ERROR: The certificate of 'archive.kali.org' has expired.

The reason for this is the TLS/SSL certificate in the URL. So, to fix this, change “https://” to http://” to get;

wget -O /etc/apt/trusted.gpg.d/archive-key-kali.asc http://archive.kali.org/archive-key.asc

method-1-wget-http-archive-key-asc-wsl-thetqweb

Now checking in the directory for Trusted GPG keys, “/etc/apt/trusted.gpg.d/” we can see that a new ASCII format key (.asc) file is present [archive-key-kali.asc];

ls /etc/apt/trusted.gpg.d/
archive-key-kali.asc

The screenshot below shows that now, “apt update” runs successfully;

apt update

method-1-apt-update-fixed-poc-wsl-thetqweb

[Proof of Concept]

To prove that the above fix actually worked, you can remove the .asc above and again try to run “apt update“. You should run into similar errors as before. Call this a Proof of Concept (PoC);

rm /etc/apt/trusted.gpg.d/archive-key-kali.asc
apt update

method-1-poc-wsl-thetqweb

 

[Method 2]

This 2nd method involves downloading and installing a KEYRING, automatically placed in the right directory. Start by downloading the keyring package, a Debian (.deb) file;

wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb

method-2-wget-kali-archive-keyring-2022-1-all-deb-wsl-thetqweb

Next, install the package;

dpkg --install kali-archive-keyring_2022.1_all.deb

method-2-dpkg-install-kali-archive-keyring-2022-1-all-deb-wsl-thetqweb

After successful installation, if curious about where the keyring was installed, run the following commands:

To check the details of the package, and most importantly the package name which you need to check the install location, run;

dpkg --info kali-archive-keyring_2022.1_all.deb

To list files/directories owned by the package, run;

dpkg -L kali-archive-keyring

method-2-dpkg-info-kali-archive-keyring-2022-1-all-deb-wsl-thetqweb

From the results of the last command it is easy to locate the location of the keyring::

/usr/share/keyrings/kali-archive-keyring

Now running the “apt-get update” command, it should run successfully!

method-2-apt-get-update-fixed-wsl-thetqweb

 

[Proof of Concept]

As previously done, you can perform a Proof of Concept (PoC) to determine if it is this specific keyring that worked.

We know that the actual name of the package is “kali-archive-keyring“. With this, we can completely remove the package and all its configurations using “dpkg” utility, then try to run “apt-get update” command (which should not complete successfully);

dpkg --purge kali-archive-keyring
apt-get update

method-2-dpkg-purge-wget-apt-get-update-fixed-poc-wsl2-thetqweb

As seen above, the PoC works! Now, we can fix this using Method 1 above (and it must work, besides we have a PoC!);

wget -O /etc/apt/trusted.gpg.d/archive-key-kali.asc http://archive.kali.org/archive-key.asc

method-2-dpkg-purge-wget-apt-get-update-fixed-poc-wsl-thetqweb

Now with the two methods working to eliminate “apt update” (“sudo apt update“) as well as “apt-get update” (or “sudo apt-get update“) errors, you can now update the list of your Windows Subsystem for Linux (WSL) distribution’s pakages and then perform a full upgrade;

apt full-upgrade
sudo apt full-upgrade

apt full-upgrade -y
sudo apt full-upgrade -y

apt-full-upgrade-wsl-thetqweb

 

Fix “apt-get update” error and “apt-key list” error in WSL
Forum [ WSL ] | thetqweb