Troubleshoot problems that Kali-linux update sources cannot use (signature expiration) __linux

This is the winter vacation to learn a good penetration test, can be in-depth understanding, found that penetration testing needs of knowledge reserves too much, so a long time there is no real to learn the use of penetration tools, this morning installed a Kali, installed after the first thing is the implementation of Apt-get Update && Apt-get upgrade, it turned out to be such a mistake.

I added the USTC update source, which can be opened normally in the browser:

Deb Http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib  
deb-src Http://mirrors.ustc.edu.cn/kali Kali-rolling Main Non-free Contrib

But after adding to the/etc/apt/source.list, execution apt-update will appear with the above error prompt
This problem tortured me all day, until just resolved, to search the Internet, about this error only one or two posts, but also is a question of the post, hanging in that did not solve .... So I solved this problem, immediately came to write this blog, for members of the user's reference, may be able to solve your problem

After many fruitless searches, I decided to take a serious look at the documentation provided in Kali, and according to the tips above, I looked at the Apt-secure (8)--> Command man 8 apt-secure

description starting with version 0.6, APT contains code that does signature Ng of the release file for all repositories. This ensures so data like packages in the archive can ' t is modified by people who have no access to the Re Lease file Signing key. Starting with version 1.1 APT requires repositories to provide recent authentication-for information Ed usage of the repository. Since version 1.5 changes in the information contained in the release file about the repository need to be C

       Onfirmed before APT continues to apply updates from this repository. Note:all apt-based Package Management front-ends like Apt-get (8), aptitude (8) and synaptic (8) Support this authent


Ication feature, so this is manpage uses APT to refer to them all for simplicity only. 

First read the description of Apt-secure, read after we can know that the reason has been updated unsuccessfully, because there is no signature or signed but APT does not have the corresponding key package is not trusted, security, the default is not to use this source to update the

Continue to read down

UNSIGNED repositories If An archive has a UNSIGNED release file or no release file at all-current APT Versi ONS would refuse to download the data from them through default in update operations and even if forced to download  s like Apt-get (8) would require explicit confirmation if a installation request includes a package from such

       An unauthenticated archive. Can force all APT clients to raise only warnings by setting the configuration option Acquire::allowinsecurerepo
       Sitories to True. Individual repositories can also be allowed to is insecure via the sources.list (5) Option Allow-insecure=yes.  Note This insecure repositories are strongly discouraged and all options to force apt to continue supporting them would eventually be removed. Users also have the Trusted option available to disable even the warnings, but is sure to understand the Imp  Lications as detailed in Sources.list (5).

The title of the second paragraph is the warehouse without the signature , which is exactly the description we need.
can force all APT clients to raise only warnings by setting the
configuration option Acquire::allowinsecurerepositories to True.
This sentence is the key to solve the problem, although the domestic source is not signed, or the signature expires (expired), but we can force apt to update, ignore the security of the warehouse, and to achieve this, we need to modify the apt configuration file
I searched apt.conf this keyword, but the related webpage all is in English, the bite of the bullet after reading found my Kali did not apt.conf file, in my/etc/apt directory, only a APT.CONF.D directory , CD into the directory:

So many configuration files, I do not know exactly which one to change, and then went to Baidu for a while, see this article
Https://wiki.debian.org/AptConf
And then I took a try on the mentality of the open 70debconf file, in accordance with the guidance of the man in front of the document, in the input acquire::allowinsecurerepositories "true";
Then execute apt-config dump to see if APT's corresponding configuration has no effect

acquire::allowinsecurerepositories attribute value changed from original "0" to "true"
Note that the change configuration was successful, then quickly typed apt-get update && apt-get upgradeand pressed the ENTER key with great excitement

Looking at a line of prompts to scroll quickly, that feeling is really incomparable ....

Maybe my analysis is not in place, but anyway, the problem is solved, please correct me
Hope to help small partners with the same problem :)