Last active
April 29, 2025 01:00
-
-
Save bluPhy/b720999b8f98a53c612b090fe81c7729 to your computer and use it in GitHub Desktop.
Old Kali Linux GPG keys to aptitude fix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # This script downloads and installs the Kali Linux archive GPG key to standard | |
| # APT key locations, verifies the installation, optionally checks for another specific | |
| # key's presence, and runs apt-get update. | |
| # | |
| # --- Configuration --- | |
| set -euo pipefail # Exit on error, unset var, pipe failure is an error | |
| # URL for the Kali Linux GPG archive keyring | |
| KALI_KEY_URL="https://archive.kali.org/archive-keyring.gpg" | |
| # Filename to use when saving the key | |
| TARGET_KEY_FILENAME="kali-archive-keyring.gpg" | |
| # Directories where the key should be installed | |
| # '/usr/share/keyrings' and '/etc/apt/keyrings' are preferred for use with 'signed-by=' | |
| # '/etc/apt/trusted.gpg.d' is the older, less secure method (keys here trust ALL repos) | |
| TARGET_KEY_DIRS=( | |
| "/usr/share/keyrings" | |
| "/etc/apt/keyrings" | |
| ) | |
| # (Optional) Specify a GPG key fingerprint to *check* for its existence. | |
| # This script WILL NOT install this key, only verify if it's already present. | |
| # Example: Debian Stable Release Key (bookworm) | |
| VERIFY_ONLY_FINGERPRINT="827C8569F2518CC677FECA1AED65462EC8D5E4C5" # Example - Replace if needed or set to "" to skip check | |
| # --- Helper Functions --- | |
| # Function to print error messages and exit | |
| error() { | |
| echo "[ERROR] $@" >&2 | |
| exit 1 | |
| } | |
| # --- Core Functions --- | |
| # Ensure script is run as root, elevate with sudo if needed | |
| check_root() { | |
| echo "[INFO] Checking for root privileges..." | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "[INFO] Root privileges required. Attempting to re-run with sudo..." | |
| if command -v sudo &>/dev/null; then | |
| # Replace the current script process with the sudo'd one | |
| exec sudo -- "$0" "$@" | |
| # If exec fails (unlikely) | |
| error "Failed to elevate privileges using 'exec sudo'." | |
| else | |
| error "sudo command not found. Please run this script as root (e.g., 'sudo $0')." | |
| fi | |
| fi | |
| echo "[INFO] Running with root privileges." | |
| } | |
| # Check for required command-line tools | |
| check_dependencies() { | |
| echo "[INFO] Checking for required commands..." | |
| local missing_deps=0 | |
| # List required commands here | |
| for dep in wget mktemp rm cp mkdir chmod stat gpg find grep date apt-get; do | |
| if ! command -v "$dep" &>/dev/null; then | |
| echo "[WARN] Required command '$dep' not found." >&2 | |
| missing_deps=$((missing_deps + 1)) | |
| fi | |
| done | |
| if [[ "$missing_deps" -gt 0 ]]; then | |
| error "Missing $missing_deps required command(s). Please install them (e.g., packages 'wget', 'gnupg', 'coreutils', 'findutils', 'grep', 'apt')." | |
| fi | |
| echo "[INFO] All required commands found." | |
| } | |
| # Download and install the Kali key into target directories | |
| add_kali_key() { | |
| echo "[INFO] Attempting to download and install Kali GPG key..." | |
| local temp_key_file | |
| temp_key_file=$(mktemp --suffix=.kali.key.gpg) | |
| # Ensure temporary file is deleted on script exit or interrupt | |
| trap 'echo "[INFO] Cleaning up temporary file..."; rm -f "$temp_key_file"' EXIT HUP INT QUIT TERM | |
| echo "[INFO] Downloading key from $KALI_KEY_URL..." | |
| if ! wget --quiet -O "$temp_key_file" "$KALI_KEY_URL"; then | |
| error "Failed to download key from $KALI_KEY_URL. Check URL and network connection." | |
| fi | |
| # Check if downloaded file has content | |
| if [[ ! -s "$temp_key_file" ]]; then | |
| error "Downloaded key file '$temp_key_file' is empty. Aborting." | |
| fi | |
| echo "[INFO] Key downloaded successfully to temporary file." | |
| # Install the key to each target directory | |
| for key_dir in "${TARGET_KEY_DIRS[@]}"; do | |
| local dest_path="${key_dir}/${TARGET_KEY_FILENAME}" | |
| echo "[INFO] Processing location: $dest_path" | |
| # Create directory if it doesn't exist (mode 755) | |
| if [[ ! -d "$key_dir" ]]; then | |
| echo "[INFO] Creating directory: $key_dir" | |
| if ! mkdir -p -m 755 "$key_dir"; then | |
| error "Failed to create directory: $key_dir" | |
| fi | |
| fi | |
| # Copy the key file | |
| echo "[INFO] Copying key to $dest_path" | |
| if ! cp "$temp_key_file" "$dest_path"; then | |
| error "Failed to copy key to $dest_path." | |
| fi | |
| # Set correct file permissions (mode 644) | |
| echo "[INFO] Setting permissions (644) on $dest_path" | |
| if ! chmod 644 "$dest_path"; then | |
| warn "Failed to set permissions 644 on $dest_path" # Non-fatal warning | |
| fi | |
| # Special warning for the less secure trusted.gpg.d directory | |
| if [[ "$key_dir" == "/etc/apt/trusted.gpg.d" ]]; then | |
| echo "[WARN] Key installed in /etc/apt/trusted.gpg.d. Keys here are trusted for ALL APT repositories. Using 'signed-by=' in sources.list files with keys in /usr/share/keyrings or /etc/apt/keyrings is more secure." | |
| fi | |
| echo "[INFO] Key successfully installed to $dest_path" | |
| done | |
| echo "[INFO] Finished installing Kali key to target locations." | |
| } | |
| # Verify the installed Kali key file exists with correct permissions | |
| verify_installation() { | |
| echo "[INFO] Verifying Kali key file installation..." | |
| local all_ok=true | |
| for key_dir in "${TARGET_KEY_DIRS[@]}"; do | |
| local key_path="${key_dir}/${TARGET_KEY_FILENAME}" | |
| echo "[INFO] Checking: $key_path" | |
| if [[ -f "$key_path" ]]; then | |
| local permissions | |
| permissions=$(stat -c '%a' "$key_path") | |
| if [[ "$permissions" == "644" ]]; then | |
| echo "[INFO] -> Found with correct permissions (644)." | |
| else | |
| echo "[WARN] -> Found, but permissions are '$permissions' (expected '644')." | |
| all_ok=false | |
| fi | |
| else | |
| echo "[WARN] -> File NOT found: $key_path" | |
| all_ok=false | |
| fi | |
| done | |
| if [[ "$all_ok" = true ]]; then | |
| echo "[INFO] Verification successful for all target locations." | |
| else | |
| echo "[WARN] Verification found issues in one or more locations (see warnings above)." | |
| fi | |
| } | |
| # Check if a specific key fingerprint exists in the keyring directories | |
| check_specific_fingerprint() { | |
| local target_fpr="$1" | |
| local short_fpr="${target_fpr:(-16)}" # Last 16 chars for logging | |
| echo "[INFO] Checking for presence of specific key fingerprint ending in ...${short_fpr}" | |
| echo "[INFO] Note: This script only *checks* for this key, it does not install it." | |
| local found=false | |
| # Search in the same directories we installed to | |
| local search_dirs=("${TARGET_KEY_DIRS[@]}") | |
| for key_dir in "${search_dirs[@]}"; do | |
| if [[ -d "$key_dir" ]]; then | |
| echo "[INFO] Searching in directory: $key_dir" | |
| # Find .gpg or .asc files and check their fingerprints | |
| # Uses null-terminated filenames for safety (`-print0` and `read -d`) | |
| while IFS= read -r -d $'\0' keyfile; do | |
| # Use gpg to list fingerprints in a parseable format (--with-colons) | |
| # Suppress verbose output (-q) and errors (2>/dev/null) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi and thank to share this script to fix kali's gpg key signature