Offensive Safety warned Kali Linux customers to manually set up a brand new Kali repository signing key to keep away from experiencing replace failures.
The announcement comes after OffSec misplaced the outdated repo signing key (ED444FF07D8D0BF6) and was pressured to create a brand new one (ED65462EC8D5E4C5) signed by Kali Linux builders utilizing signatures accessible on the Ubuntu OpenPGP key server. Nonetheless, for the reason that key was not compromised, the outdated one was not faraway from the keyring.
When attempting to get the listing of newest software program packages on methods nonetheless utilizing the outdated key, customers will see “Lacking key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is required to confirm signature” errors.
Whereas OffSec did not share the date when it realized the important thing was misplaced, the corporate added that the Kali Linux repo was frozen on February 18th.
“Within the coming day(s), just about each Kali system on the market will fail to replace. [..] This isn’t solely you, that is for everybody, and that is solely our fault. We misplaced entry to the signing key of the repository, so we needed to create a brand new one,” the corporate stated.
“On the identical time, we froze the repository (you might need seen that there was no replace since Friday 18th), so no one was impacted but. However we will unfreeze the repository this week, and it is now signed with the brand new key.”
To keep away from experiencing these replace points, OffSec advises customers to manually obtain and set up the brand new repository signing key utilizing the next command:
sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
OffSec additionally gives particulars on learn how to verify that the checksum of the file matches and consider the contents of the up to date keyring. Those that do not belief manually updating the keyring may also reinstall Kali on their methods utilizing pictures up to date with the brand new keyring.
This is not the primary time Kali Linux customers have needed to manually replace their keyring to keep away from having replace points. In February 2018, Kali devs additionally let the GPG key expire and requested customers to replace the brand new key manually.
“In the event you do not replace Kali commonly (*cough*), then your archive-keyring bundle is outdated, and you will get key mismatches when working with our repositories. Sucks for you, however a minimum of you possibly can manually replace,” the Kali crew stated on the time.
