Open Daviey opened 4 years ago
any updates on this?
I'm still having this issue - downloaded the image yesterday
Any update on this?
On Thu, Apr 15, 2021, 6:48 AM marko-kovacevic @.***> wrote:
I'm still having this issue - downloaded the image yesterday
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/evilsocket/pwnagotchi/issues/923#issuecomment-820487954, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKEIUFCJW43DDJJSGLN7VJTTI34CHANCNFSM4R3FKKVA .
deb http://ftp.harukasan.org/kali kali-rolling main contrib non-free
nano /etc/apt/sources.list
deb http://ftp.harukasan.org/kali kali-rolling main contrib non-free
this does work, but some of the updates (kernel) are in conflict.
Non-Https download link?
Is this a joke?
I don't know if you are the owner but never link something that is not https for god sake....
Unless the intention is to get people Hacked?
None of these fixes work February 2022 it seems.
(I ofc did not test the non-https possible solution)
The solution seems to be one of the many ones provided by a lot of lovely people in this threat: https://unix.stackexchange.com/questions/421821/invalid-signature-for-kali-linux-repositories-the-following-signatures-were-i
My guess is one of those fixes will work for your scenario too. The first 5 did not work got me and then the next one did :)
The one that seemed to do the trick for me was:
sudo apt install kali-archive-keyring
Non-Https download link?
Is this a joke?
I don't know if you are the owner but never link something that is not https for god sake....
Unless the intention is to get people Hacked?
What is the threat you are trying to mitigate? If it is confidentiality/privacy then you are entirely correct, however if it is integrity or some other threat i'd like to understand your concern more. Can you expand please? Thanks
Non-Https download link? Is this a joke? I don't know if you are the owner but never link something that is not https for god sake.... Unless the intention is to get people Hacked?
What is the threat you are trying to mitigate? If it is confidentiality/privacy then you are entirely correct, however if it is integrity or some other threat i'd like to understand your concern more. Can you expand please? Thanks
I'm not a pro hacker and I don't want to be.
But I know that if the connection is not encrypted in theory the file can be swapped out.
We did not invent https to not use it. (every legit website use it for a reason)
Thanks for your curious question though. At least you seem to care.
Non-Https download link? Is this a joke? I don't know if you are the owner but never link something that is not https for god sake.... Unless the intention is to get people Hacked?
What is the threat you are trying to mitigate? If it is confidentiality/privacy then you are entirely correct, however if it is integrity or some other threat i'd like to understand your concern more. Can you expand please? Thanks
I'm not a pro hacker and I don't want to be.
But I know that if the connection is not encrypted in theory the file can be swapped out.
We did not invent https to not use it. (every legit website use it for a reason)
Thanks for your curious question though. At least you seem to care.
Ah, the APT archive is signed using GPG and the integrity of each of the packages is assured by verifying the hash of the packages against a GPG signed index. Therefore it isn't possible for it to be swapped out by a malicious actor.
However, if you are concerned someone is listening to your traffic between yourself and the APT mirror, they could see what packages you are installing which for a security centric project could put you at risk. However, the contents cannot be modified.
(This issue was specifically about the GPG key expiring, which is used to verifying the signed index.)
Anyway, glad you were able to make progress! I have no idea if this is still an issue on a clean install of pwnagotchi.
No solution works as in September 2022.
No solution works as in September 2022.
Try this:
sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
https://twitter.com/re4sonkernel/status/1299856596256784385?lang=en
sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
Worked.
Worked for the invalid error, but Instead of invalid, now it is not found.
└─$ sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
[sudo] password for pythagoras:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.t6lhcV9Z31/gpg.1.sh --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
gpg: key 11764EE8AC24832F: "Carsten Boeving <carsten.boeving@whitedome.com.au>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
┌──(pythagoras㉿alicesys)-[~]
└─$ sudo apt-get update
Hit:2 http://repo.mysql.com/apt/debian bullseye InRelease
Ign:4 https://packages.sury.org/php kali-rolling InRelease
Err:5 https://packages.sury.org/php kali-rolling Release
404 Not Found [IP: 138.199.57.151 443]
Hit:1 http://kali.download/kali kali-rolling InRelease
Hit:3 http://kali.download/kali kali-experimental InRelease
Hit:6 http://http.re4son-kernel.com/re4son kali-pi InRelease
Reading package lists... Done
E: The repository 'https://packages.sury.org/php kali-rolling Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://repo.mysql.com/apt/debian/dists/bullseye/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
N: Skipping acquire of configured file 'mysql-apt-config/binary-arm64/Packages' as repository 'http://repo.mysql.com/apt/debian bullseye InRelease' doesn't support architecture 'arm64'
N: Skipping acquire of configured file 'mysql-8.0/binary-arm64/Packages' as repository 'http://repo.mysql.com/apt/debian bullseye InRelease' doesn't support architecture 'arm64'
N: Skipping acquire of configured file 'mysql-tools/binary-arm64/Packages' as repository 'http://repo.mysql.com/apt/debian bullseye InRelease' doesn't support architecture 'arm64'
Worked for the invalid error, but Instead of invalid, now it is not found.
Are you sure you are using the official image? I didn't see these repos such as http://kali.download/kali
in my newly flashed pwnagotchi.
No solution works as in September 2022.
Try this:
sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
https://twitter.com/re4sonkernel/status/1299856596256784385?lang=en
This solution is working well.
I tried using sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
, but kept getting "gpg: keyserver receive failed: Server indicated a failure." Also tried port 80, same problem.
I'm sure whatever the problem is must be on my end, but I ended up doing it manually:
11764EE8AC24832F.asc
(wget won't work because you get an HTML document)sudo apt-key add 11764EE8AC24832F.asc
Two years later, the issues persists.
"sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F"
returns
gpg: keyserver received failed: No keyserver available
Manual copy and paste followed by sudo apt-key add failed. Who has the updates?
I found a solution that seemed to have worked.
sudo su nano /etc/apt/sources.list #or whatever txt editor preferred deb http://http.kali.org/kali kali-rolling main non-free contrib save & exit apt-get full upgrade && apt-get update rejoice for 5 seconds reboot system
lmk if this helped anyone.
@Cielobao that solution simply adds a bunch of kali stuff to your sources list. Some of those packages will not be supported by your kernel.
Instead visit a keyserver directly like http://keyserver.ubuntu.com and search for the key ID you need. e.g. in this case...
https://keyserver.ubuntu.com/pks/lookup?search=0x11764EE8AC24832F&fingerprint=on&op=index
Which will return the stored key entry. (the issue is that the dirmmgr (a utility called by apt-keys) on the pwnagotchi build has a known bug with keyservers (https://dev.gnupg.org/T3374)
Then click the link for the public key on that page or alternatively just click here: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x96d00b0c4b00fd5360cc087711764ee8ac24832f
Copy and paste that into a file and use the command:
cat file.ext | sudo apt-key add -
You'll get this...
This one worked here:
sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
@cielobao that solution simply adds a bunch of kali stuff to your sources list. Some of those packages will not be supported by your kernel.
Instead visit a keyserver directly like http://keyserver.ubuntu.com and search for the key ID you need. e.g. in this case...
https://keyserver.ubuntu.com/pks/lookup?search=0x11764EE8AC24832F&fingerprint=on&op=index
Which will return the stored key entry. (the issue is that the dirmmgr (a utility called by apt-keys) on the pwnagotchi build has a known bug with keyservers (https://dev.gnupg.org/T3374)
Then click the link for the public key on that page or alternatively just click here: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x96d00b0c4b00fd5360cc087711764ee8ac24832f
Copy and paste that into a file and use the command:
cat file.ext | sudo apt-key add -
You'll get this...
Worked like a charm, just had to run: sudo apt update && sudo apt full-upgrade -y afterwards to deal with broken packages.
This one worked here:
sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
this works perfect thx!
I have copied everything (ctrl+a) from http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xed444ff07d8d0bf6 and made a new file named ED444FF07D8D0BF6.asc
with its contents.
Then did cat ED444FF07D8D0BF6.asc | sudo apt-key add -
It returned OK
and now works perfectly.
Worked for me also Thanks Solution
sudo apt-key adv --keyserver hkp://pgp.mit.edu --recv-keys 11764EE8AC24832F
ERROR Reading state information... Done 322 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://http.re4son-kernel.com/re4son kali-pi InRelease: The following signatures were invalid: EXPKEYSIG 11764EE8AC24832F Carsten Boeving carsten.boeving@whitedome.com.au W: Failed to fetch http://http.re4son-kernel.com/re4son/dists/kali-pi/InRelease The following signatures were invalid: EXPKEYSIG 11764EE8AC24832F Carsten Boeving carsten.boeving@whitedome.com.au W: Some index files failed to download. They have been ignored, or old ones used instead.
I have tried with this command
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 11764EE8AC24832F
and update the re4son packages
greetings
wget -q -O - http://http.re4son-kernel.com/re4son/kali_pi-archive-keyring.gpg | apt-key add
-Worked for me
wget -q -O - http://http.re4son-kernel.com/re4son/kali_pi-archive-keyring.gpg | apt-key add
-Worked for me
Says 'OK' after adding the key but still shows invalid key on apt update
$ wget -q -O - http://http.re4son-kernel.com/re4son/kali_pi-archive-keyring.gpg | sudo apt-key add - OK $ sudo apt update Hit:1 http://raspbian.raspberrypi.org/raspbian buster InRelease Hit:2 http://archive.raspberrypi.org/debian buster InRelease Get:3 http://http.re4son-kernel.com/re4son kali-pi InRelease [10.4 kB] Err:3 http://http.re4son-kernel.com/re4son kali-pi InRelease The following signatures were invalid: EXPKEYSIG 11764EE8AC24832F Carsten Boeving <carsten.boeving@whitedome.com.au> Fetched 10.4 kB in 3s (3,203 B/s) Reading package lists... Done Building dependency tree Reading state information... Done 256 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://http.re4son-kernel.com/re4son kali-pi InRelease: The following signatures were invalid: EXPKEYSIG 11764EE8AC24832F Carsten Boeving <carsten.boeving@whitedome.com.au> W: Failed to fetch http://http.re4son-kernel.com/re4son/dists/kali-pi/InRelease The following signatures were invalid: EXPKEYSIG 11764EE8AC24832F Carsten Boeving <carsten.boeving@whitedome.com.au> W: Some index files failed to download. They have been ignored, or old ones used instead.
Describe the bug APT signing key for http.re4son-kernel.com has expired and been updated with a new expiry.
To Reproduce
Can be demonstrated with an
apt update
Solution
Either:
sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 11764EE8AC24832F
or
wget -O - https://re4son-kernel.com/keys/http/archive-key.asc | sudo apt-key add -
(But please include this key in the next release, kkthnxbye)