Skip to main content


In the past few days, an update was pushed accidentally to a package (nitrux-repository-settings version 0.7.21 and 0.7.22) to our repository that, when applied, could end up causing severe problems. We have already removed the affected versions from our repository.

However, if you applied the update, you might have encountered the following problems.

  • The packages base-passwd and libpam-runtime cause APT to hang. We have documented this before; see base-passwd post-install script hangs #15.
  • New repositories were added unintentionally, while existing repositories and APT keys were removed.
  • Because ‘libpam-runtime’ was updated, users can’t log in to the graphic session.

Given the circumstances described above, resorting to a chroot is possibly the only solution to fix the broken system. Up next, we will see how to do this.

Difficulty: ★★☆☆☆

Create a BTRFS chroot

First, grab our ISO file and flash it to a USB. Then, boot the USB normally and open the terminal. Now, we’ll begin preparations to do the chroot.

By default, Nitrux is installed using Calamares to a btrfs partition, so we must mount the btrfs sub-volume to a directory in our Live USB root directory. To do this, run the following command.

sudo mount -o subvol=@ /dev/sdaXY /hmnt

The command will mount the default sub-volume ‘@’ to the directory /mnt. By default, the sub-volume root will be named ‘@’; if it’s different, adjust the command accordingly. Also, adjust the path to the partition, i.e., /dev/sda2.

Now, we need to obtain the sub-volume ID. To do this, run the following command.

sudo btrfs subvolume show /mnt

We’re interested in the value labeled as Subvolume ID, a number, i.e., 257.

Now that we have the sub-volume ID, we tell btrfs to set it as the default. To do this, run the following command.

sudo btrfs subvolume set-default 257 /mnt

And now it’s time to mount-bind the directories to the chroot. To do this, run the following command.

for i in dev dev/pts sys proc run; do sudo mount --bind /$i /mnt/$i; done

Finally, we enter the chroot. To do this, run the following command.

sudo chroot /mnt

Please be aware that you use the root account when entering the chroot.

Fixing the system

First, we need to remove the newly added repositories. To do this, run the following command.

rm -r /etc/apt/sources.list.d/debian-*

Also, delete the APT keys of those repositories. To do this, run the following command.

apt-key del "1F89 983E 0081 FDE0 18F3 CC96 73A4 F27B 8DD4 7936"

Because the ‘bad’ package removes APT keys deemed necessary, we must add them back to the keyring. To do this, run the following command.

apt-key adv --keyserver --recv-keys 541922FB 3B4FE6ACC0B21F32 871920D1991BC93C

Now, we have reinstalled the correct version of the package. To do this, run the following command.

apt install nitrux-repository-settings=0.7.3

Fix base-passwd and libpam-runtime postinst scripts if they hang in chroot

  1. Close the tab where the chroot is running.
  2. Open a new tab and enter the chroot again.
  3. Edit scripts as described here:
  4. Kill apt and dpkg processes if needed, and execute the following command.
    1. killall apt dpkg
  5. If dpkg or apt says “E: Could not get lock” of any file, run the following command to know what process is using it and kill it.
    1. lsof $PATH_TO_FILE
  6. Then, run the following commands to complete the previously interrupted package configuration.
    1. dpkg --configure -a
      apt install -f
  7. Next, downgrade the following packages.
    1. apt install libpam-runtime/focal libpam-modules/focal libpam-modules-bin/focal libpam0g/focal

While in the chroot, upgrade the package base-files to fix the duplicated distribution name in System Settings.

apt install base-files=11.2.4+nitrux-legacy

Now you can exit the chroot. To do this, type the following.


If all goes well, reboot the distribution normally.

That’s it; this concludes today’s tutorial.