Ubuntu 22.04 to 24.04 upgrade failure due to missing file

By /
Picture of a stressed Admin trying to write somethingUbuntu 22.04 to 24.04 upgrade failure due to missing file. What to do?.

 

 

I’m writing about my experience updating my Ubuntu desktop from 22.04 to 24.04 and what led to, and how I recovered from, “The upgrade has aborted. Your system could be in an unusable state,” as a help to anyone else in the same predicament.

SPOILER
If you are upgrading from a version earlier than 24.04, during the upgrade you will be asked if you want to install the updated gdm-smartcard-pkcs11-exclusive configuration file. You will have the option to specify “N” which they describe as keeping the existing file. There is no existing file!

This file is essential to complete the upgrade. If you pick “N” to keep the current (but non-existent) file, then it will do nothing and your upgrade will abort because it can’t find the file. GDM3 and ubuntu-desktop will not install, and your upgrade will fail as specified, and your computer certainly will be in an unusable state.

The upgrade program should not have asked but should have, seeing the file doesn’t exist, just copied it. It might as well have said, “Enter N” if you would like your computer to become unusable.

YOU ARE HERE BECAUSE IT’S TOO LATE?
Did you already get this error?

A recovery will run now (dpkg –configure -a).
Setting up gdm3 (46.2-1ubuntu1~24.04.1)
…update-alternatives: error: alternative path /etc/pam.d/gdm-smartcard-pkcs11-exclusive doesn’t exist pkg: error processing package gdm3 (–configure): installed gdm3 package post-installation script subprocess returned error exit status 2 dpkg: dependency problems prevent configuration of ubuntu-desktop:ubuntu-desktop depends on gdm3;however: Package gdm3 is not configured yet.dpkg: error processing package ubuntu-desktop (–configure):dependency problems – leaving unconfigured

Yes, your computer will be unusable — after you reboot. So, don’t reboot yet. You can go ahead and finish the upgrade by hitting the ENTER key.

When you reboot, your computer will become unusable, but for 2 different reasons. The first reason can be fixed before you reboot.

It will be unusable because:
1. It didn’t finish. You don’t have gdm3, ubuntu-desktop, or ubuntu-desktop-minimal installed.
2. gdm3 still won’t be configured after we get it installed, after resolving the first problem.

FIXING PROBLEM 1
For number 1, look at the error. It says it stopped because the file gdm-smartcard-pkcs11-exclusive doesn’t exist. It actually doesn’t care what’s in the file. It just stopped because it didn’t exist.

The fix for number 1 is to create an empty file with that name and restart the upgrade, and it will finish this time because it will find the file. This is the easy problem to fix.

Run this command to create an empty file with that name:
sudo touch /etc/pam.d/gdm-smartcard-pkcs11-exclusive

Run this command to instruct dpkg to finish configuring the broken packages:
sudo dpkg --configure -a

This should complete the upgrade process! You have resolved problem #1.

FIXING PROBLEM 2
GDM3 is not yet configured. GDM3 is responsible for handling logging in. It works with the PAM system which is responsible for authentication. But PAM was never set up, so if you reboot and try to log in, it will say you can only use a smart card. Even if you had a smart card, likely it wouldn’t work anyway.

After rebooting, your system WILL BE unusable because you cannot log in because PAM is not configured.

This fix is much more complicated.

You must boot into a recoverable Live USB and open a terminal. There is no way around this. If you don’t have one you will need to get onto a different computer and create a 24.04 Ubuntu bootable USB drive. Everything on it will get erased, so make sure it doesn’t have anything that you want.

Instructions on how to create a bootable Ubuntu 24.04 USB drive are available all over the Internet. You can use any computer, even Windows, to make this bootable USB.

Once you have this bootable USB drive, plug it in and boot from it. You may need to enter the BIOS settings and go to boot options to select this drive instead of your regular Ubuntu system. When it boots, choose the option with safe graphics. You will see a minimal Ubuntu system after it boots.

Do Ctrl+T to bring up a terminal window. You will be logged in as user “ubuntu” which has sudo rights.

You need to mount your unusable Ubuntu 24.04 partition so you can work from it. You can do an lsblk command to see all the devices available. The drive you want will have at least 2 partitions, identified with “p1” and “p2” at the end of the name. “p1” will be much smaller than “p2”. “p1” is the boot partition. Leave this alone. “p2” will be your Ubuntu drive. Mine is named “nvme0n1p2”, yours will probably have a different name. Note that Linux always adds “/dev/” in front of the name. The name of my drive in Linux is /dev/nvme0n1p2.

To mount it:
sudo mkdir /mnt/rescue
sudo mount /dev/<name> /mnt/rescue

The mount for me is sudo mount /dev/nvme0n1p2 /mnt/rescue

If you do
ll /mnt/rescue
you will see it’s your Ubuntu system.

You also need to mount your drive where you made the backup. This is where I put my hands together and pray and hope you did make a backup first, because you need to copy two PAM configuration files from your old install to your new install.

Did you not make a backup first? Because you always make a backup before upgrading because things often go wrong. But, if you did not make a backup, at the end of this write-up I list the contents of the two configuration files on my system and instructions for creating the files from it. You can manually create the files using the content from mine and hope for the best.

Continuing on the assumption that you made a backup, I will show how I mounted mine, and I expect you can figure out how to mount yours. My backup was made with rsync. If you used dd, ddrescue or another dd-like program, I leave it to you to figure out how to mount them and get these files.

Mine was done with:
sudo mkdir /media/ImageBackups
sudo mount /dev/sdb /media/ImageBackups

There are 4 missing PAM files from your new 24.04 system, but 2 of them are new and will not be found on your backups. So, there will be an extra step. But you should copy these two from your backup to your 24.04 drive (or create them from my instructions if you don’t have a backup). Here’s what I did:

sudo cp /media/ImageBackups/20250809_nvme0n1p2/backup.img/etc/pam.d/gdm-password /mnt/rescue/etc/pam.d/gdm-password

sudo cp /media/ImageBackups/20250809_nvme0n1p2/backup.img/etc/pam.d/gdm-fingerprint /mnt/rescue/etc/pam.d/gdm-fingerprint

If you happen to also have gdim-pin and gdm-smartcard on your backup, then you can copy them over and you are done. You probably upgraded from a system older than 22.04 then.

Otherwise, if you only had 2 of the files, or you copied mine and now only have two of the files, there’s more work to do to create these two missing files.

Unmount your drives. Note the command is “umount” without the “n”.

sudo umount /mnt/rescue
sudo umount /media/ImageBackups

To fix GDM, because you don’t have the files, you need to run a program on your 24.04 system to build them. But you can’t because it won’t boot, so how do you do it? In Linux, there is a way to transfer your root processing from the USB drive you booted from to your unusable Ubuntu 24.04 system so it can run commands on it. You switch the root disk used by root.

Here’s what I did. You will need to change names as appropriate:
I mounted the 24.04 drive as /mnt. Note it’s partition 2, it has “p2” at the end.

sudo mount /dev/nvme0n1p2 /mnt

I mounted the 24.04 boot partition as /mnt/boot/efi. Note it’s partition 1, it has “p1” at the end.

sudo mount /dev/nvme0n1p1 /mnt/boot/efi

Now I transferred root from the ubuntu USB drive system to the unusable 24.04 system with these 2 commands:

for i in /dev /dev/pts /proc /sys /run; do sudo mount -B $i /mnt$i; done
sudo chroot /mnt /bin/bash

Now I am running as the root user on the unusable 24.04 system. Kind of feels like magic. Now I can configure gdm properly.

When you run the below command, you should see some options. Choose the option that includes the word “password” and does not have “exclusive”. The correct option may look like “/etc/pam.d/gdm-smartcard-sssd-or-password”. The point is, you want an option that lets you log in the way you expect to. For me it’s with a password. So, run these commands and choose wisely:

update-alternatives --config gdm-smartcard

After choosing the correct option, exit the session
exit

Now you should be able to log into your system. Do this to reboot:
sudo reboot

IF YOU DID NOT MAKE A BACK UP AND THEREFORE COULD NOT COPY THE TWO FILES NEEDED, HERE ARE MINE.

You can use this to create the file:
sudo nano /mnt/rescue/etc/pam.d/gdm-password
and enter this text:

#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
# pam_selinux.so changes the SELinux context of the used TTY and configures
# SELinux in order to transition to the user context with the next execve()
# call.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password

You can use this to create the file:
sudo nano /mnt/rescue/etc/pam.d/gdm-fingerprint
and enter this text:

#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
auth required pam_fprintd.so
auth optional pam_gnome_keyring.so
@include common-account
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
# pam_selinux.so changes the SELinux context of the used TTY and configures
# SELinux in order to transition to the user context with the next execve()
# call.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-session
session optional pam_gnome_keyring.so auto_start
password required pam_fprintd.so

Post Views: 222

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top