How can I get past a “Repository is not signed…” message when attempting to upgrade Kali Linux from a mounted disk image?

Question

I am trying to upgrade Kali Linux from 2017.2 to 2018.2 using an iso mounted in the Kali Virtual Machine.

So, what I did was I edited my sources.list file to:

deb file:///media/cdrom0 kali-rolling main contrib non-free

and commented other lines using #.

Now, whenever I try apt-get update, I get:

E: The repository 'file:/media/cdrom0 kali-rolling Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Answer 1

According to the Debian man page for apt-get, you can use the --allow-unauthenticated option like this:

apt-get update --allow-unauthenticated

As the man page entry for --allow-unauthenticated explains:

Ignore if packages can't be authenticated and don't prompt about it. This can be useful while working with local repositories, but is a huge security risk if data authenticity isn't ensured in another way by the user itself. The usage of the Trusted option for sources.list(5) entries should usually be preferred over this global override. Configuration Item: APT::Get::AllowUnauthenticated.

And if that doesn’t work, try run-in it with --allow-insecure-repositories like this:

apt-get update --allow-insecure-repositories

Answer 2

You should tell apt it's a trusted source:

deb [trusted=yes] file:/media/cdrom0 kali-rolling main contrib non-free

Answer 3

For anyone like me that came across this because their repository is not signed. Maybe on another distro not specifically Kali Linux.

My distro in question was MX linux.

I found this command to import the missing gpg keys.

checkaptgpg