Solved Small Issue with apt-get update

[BoneCream]

sudo apt-get update gives me this Warning message. I must add that all my packages are up to date.

Warning: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. OpenPGP signature verification failed: https://artifacts.elastic.co/packages/8.x/apt stable InReleas
e: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 46095ACC8548582C1A2699A9D27D666CD88E42B4 is not bound: No binding signature at time 2026-01-13T11:53:41Z because: Policy rejected non
-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Warning: Failed to fetch https://artifacts.elastic.co/packages/8.x/apt/dists/stable/InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 46095ACC8548582C1A2699A9D27D666CD88E42B4 is not bound:
No binding signature at time 2026-01-13T11:53:41Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T0
0:00:00Z
Warning: Some index files failed to download. They have been ignored, or old ones used instead.


So basically. I need to know how to update my repository.
DO i just simply go to the kal.org website. Naviigate to repositories and just add the new repo to my sources.list file?????

 

[BoneCream]

Also. Ive already went over the entire page that talks about kali linux apt failing every 2 or 3 years due to needing to renew gpg keys. So maybe I should just wait until kali linux is done doing their thing with updates on their side and what not.

 

[Brickwizard]

Warning: Some index files failed to download. They have been ignored, or old ones used instead.

This basically means you have been updated where possible except for the one application

if you run sudo apt update you should get this message if so did you enter Y
"N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.<br>Do you want to accept these changes and continue updating from this repository? [y/N]"

 

[kibasnowpaw]

This isn’t actually a Kali issue, and it’s not something waiting will fix on its own.

What the error is telling you is that APT is now enforcing stricter crypto policy, specifically rejecting repository signing keys that rely on SHA-1. As of early 2026, SHA-1 is considered insecure, and tools like sqv will flat-out refuse signatures that still depend on it. That’s why the message explicitly mentions “SHA1 is not considered secure since 2026-02-01”.

The important detail here is the repository involved:

https://artifacts.elastic.co/packages/8.x/apt

That’s Elastic’s repository, not Kali’s. Kali’s own repositories are fine. So waiting for Kali to “do their thing” won’t help this is on Elastic to update or rotate their signing key to something that meets current policy (SHA-256+).

You generally don’t want to just go hunting for random new repo URLs and dropping them into sources.list. The correct fix is one of these:

• Elastic updates their signing key and republishes the repo properly (best case).
• You manually import a new Elastic GPG key if they’ve already published one.
• Or, if you don’t actually need Elastic packages on that system right now, temporarily disable or remove that repo so apt stops erroring out.

What you shouldn’t do is downgrade security checks or force APT to accept SHA-1 again. The warning exists for a good reason, and bypassing it just kicks the problem down the road.

 

[BoneCream]

This basically means you have been updated where possible except for the one application

if you run sudo apt update you should get this message if so did you enter Y
"N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.<br>Do you want to accept these changes and continue updating from this repository? [y/N]"

i Did not get that message, When I run sudo apt-get update. It gives me this output.

Hit:1 http://http.kali.org/kali kali-rolling InRelease
Hit:2 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
Err:2 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 46095ACC8548582C1A2699A9D27D666CD88E4
2B4 is not bound: No binding signature at time 2026-01-13T11:53:41Z because: Policy rejected non-revocation sign
ature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01
T00:00:00Z
Hit:3 https://repo.ivpn.net/stable/ubuntu ./generic InRelease
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be us
ed. OpenPGP signature verification failed: https://artifacts.elastic.co/packages/8.x/apt stable InRelease: Sub-process /usr/b
in/sqv returned an error code (1), error message is: Signing key on 46095ACC8548582C1A2699A9D27D666CD88E42B4 is not bound:
No binding signature at time 2026-01-13T11:53:41Z because: Policy rejected non-revocation signature (PositiveCerti
fication) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
W: Failed to fetch https://artifacts.elastic.co/packages/8.x/apt/dists/stable/InRelease Sub-process /usr/bin/sqv returned an
error code (1), error message is: Signing key on 46095ACC8548582C1A2699A9D27D666CD88E42B4 is not bound: No bindin
g signature at time 2026-01-13T11:53:41Z because: Policy rejected non-revocation signature (PositiveCertification) requirin
g second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
W: Some index files failed to download. They have been ignored, or old ones used instead.

 

[kibasnowpaw]

i Did not get that message, When I run sudo apt-get update. It gives me this output.

Hit:1 http://http.kali.org/kali kali-rolling InRelease
Hit:2 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
Err:2 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on 46095ACC8548582C1A2699A9D27D666CD88E4
2B4 is not bound: No binding signature at time 2026-01-13T11:53:41Z because: Policy rejected non-revocation sign
ature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01
T00:00:00Z
Hit:3 https://repo.ivpn.net/stable/ubuntu ./generic InRelease
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be us
ed. OpenPGP signature verification failed: https://artifacts.elastic.co/packages/8.x/apt stable InRelease: Sub-process /usr/b
in/sqv returned an error code (1), error message is: Signing key on 46095ACC8548582C1A2699A9D27D666CD88E42B4 is not bound:
No binding signature at time 2026-01-13T11:53:41Z because: Policy rejected non-revocation signature (PositiveCerti
fication) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
W: Failed to fetch https://artifacts.elastic.co/packages/8.x/apt/dists/stable/InRelease Sub-process /usr/bin/sqv returned an
error code (1), error message is: Signing key on 46095ACC8548582C1A2699A9D27D666CD88E42B4 is not bound: No bindin
g signature at time 2026-01-13T11:53:41Z because: Policy rejected non-revocation signature (PositiveCertification) requirin
g second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
W: Some index files failed to download. They have been ignored, or old ones used instead.

This is confirming what i said

Solved Post in thread 'Small Issue with apt-get update'

Feb 1, 2026

This isn’t actually a Kali issue, and it’s not something waiting will fix on its own.

What the error is telling you is that APT is now enforcing stricter crypto policy, specifically rejecting repository signing keys that rely on SHA-1. As of early 2026, SHA-1 is considered insecure, and tools like sqv will flat-out refuse signatures that still depend on it. That’s why the message explicitly mentions “SHA1 is not considered secure since 2026-02-01”.

The important detail here is the repository involved:

https://artifacts.elastic.co/packages/8.x/apt

That’s...

• kibasnowpaw

• 

 

[BoneCream]

This isn’t actually a Kali issue, and it’s not something waiting will fix on its own.

What the error is telling you is that APT is now enforcing stricter crypto policy, specifically rejecting repository signing keys that rely on SHA-1. As of early 2026, SHA-1 is considered insecure, and tools like sqv will flat-out refuse signatures that still depend on it. That’s why the message explicitly mentions “SHA1 is not considered secure since 2026-02-01”.

The important detail here is the repository involved:

https://artifacts.elastic.co/packages/8.x/apt

That’s Elastic’s repository, not Kali’s. Kali’s own repositories are fine. So waiting for Kali to “do their thing” won’t help this is on Elastic to update or rotate their signing key to something that meets current policy (SHA-256+).

You generally don’t want to just go hunting for random new repo URLs and dropping them into sources.list. The correct fix is one of these:

• Elastic updates their signing key and republishes the repo properly (best case).
• You manually import a new Elastic GPG key if they’ve already published one.
• Or, if you don’t actually need Elastic packages on that system right now, temporarily disable or remove that repo so apt stops erroring out.

What you shouldn’t do is downgrade security checks or force APT to accept SHA-1 again. The warning exists for a good reason, and bypassing it just kicks the problem down the road.

what's even weirder to me is that. If i cd into /etc/apt/sources.list.

My sources.list file doesn't even include anything about Elastic. It only mentions Kali Linux Rolling repository URL.
see
See https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/
deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware

# Additional line for source packages
#deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware

and if i look at
[/etc/apt/trusted.gpg.d]
└─$ ls
debian-archive-bookworm-automatic.asc debian-archive-bullseye-stable.asc
debian-archive-bookworm-security-automatic.asc debian-archive-trixie-automatic.asc
debian-archive-bookworm-stable.asc debian-archive-trixie-security-automatic.asc
debian-archive-bullseye-automatic.asc debian-archive-trixie-stable.asc
debian-archive-bullseye-security-automatic.asc kali-archive-keyring.gpg

 

[f33dm3bits]

i Did not get that message, When I run sudo apt-get update. It gives me this output.

@kibasnowpaw already gave you an answer and it is the correct answer.

That’s Elastic’s repository, not Kali’s. Kali’s own repositories are fine. So waiting for Kali to “do their thing” won’t help this is on Elastic to update or rotate their signing key to something that meets current policy (SHA-256+).

The correct fix is one of these:

• Elastic updates their signing key and republishes the repo properly (best case).
• You manually import a new Elastic GPG key if they’ve already published one.
• Or, if you don’t actually need Elastic packages on that system right now, temporarily disable or remove that repo so apt stops erroring out.

 

[f33dm3bits]

what's even weirder to me is that. If i cd into /etc/apt/sources.list.

My sources.list file doesn't even include anything about Elastic. It only mentions Kali Linux Rolling repository URL

Your output would be more readable if you put code tags around it. It's probably a separate file in /etc/apt/sources.list.d , for example: /etc/apt/sources.list.d/elastic.list

 

[kibasnowpaw]

what's even weirder to me is that. If i cd into /etc/apt/sources.list.

Your output would be more readable if you put code tags around it. It's probably a separate file in /etc/apt/sources.list.d

you can try to run

cat /etc/apt/sources.list.d/elastic*.list

to see if it finds it

or check this out

Install Elasticsearch with a Debian package | Elastic Docs

The Debian package for Elasticsearch can be downloaded from our website or from our APT repository. It can be used to install Elasticsearch on any Debian-based...

www.elastic.co

 

[BoneCream]

cd /etc/apt/sources.list.d shows this

┌──(kali㉿kali)-[/etc/apt/sources.list.d]
└─$ ls
elastic.sources ivpn.list
and when i sudo nano elastoc.sources. it shows this
GNU nano 8.7 elastic.sources
Enabled: yes
Types: deb
URIs: https://artifacts.elastic.co/packages/8.x/apt
Suites: stable
Components: main
Signed-by:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)

(continues to show me a really long PGP public key)

-----END PGP PUBLIC KEY BLOCK-----

So I need to find a way to update this or disable it until they update themselves?

 

[f33dm3bits]

It's probably a separate file in /etc/apt/sources.list.d , for example: /etc/apt/sources.list.d/elastic.list

Not to be that guy but if you're using Kali you should already know how repositories work on Linux and other basic stuff like that.

So I need to find a way to update this or disable it until they update themselves?

Apt raises warning for repo on Debian 13

The Elastic 8 repo causes apt to raise a warning on Debian 13 (aka Trixie). root@charly-dev13:~# apt-get update ... Get:9 https://artifacts.elastic.co/packages/oss-8.x/apt stable InRelease [3248 B] Get:10 https://artifacts.elastic.co/packages/oss-8.x/apt stable/main amd64 Packages [43.1 kB]...

discuss.elastic.co

I actually just installed Elastic 9 on Debian 13 and not getting the SHA1 error there. Maybe they have updated the already and you are using an old key. You could try importing the key listed on the install page, maybe there's a new key already.

Install Elasticsearch with a Debian package | Elastic Docs

The Debian package for Elasticsearch can be downloaded from our website or from our APT repository. It can be used to install Elasticsearch on any Debian-based...

www.elastic.co

The other option is to comment out all the lines in that file or to delete it.

 

[GatorsFan]

It looks like your elastic https://artifacts.elastic.co/packages/8.x/apt stable InRelease is outdated
elastic-9.x is the latest
See here - https://www.elastic.co/docs/deploy-...ll-elasticsearch-with-debian-package#deb-repo