PKCS#7 signature not signed with a trusted key (after recent kernel updates to Ubuntu 16.04.6 LTS), and login loop.
Bare metal Dell workstation running Uubuntu 16.04.6 LTS xenial without issues for some years, with no hardware changes.
Nvidia Quadro K420 adapter, with latest nvidia proprietary linux driver 430.50 (september 2019).
I’ve always used the nvidia proprietary driver because the open source drivers gave too many issues.
In the past I have regularly updated the nvidia driver manually after stopping lighdm and executing the relevant runfile without difficulty.
But following recent kernel updates that software-update applied , I cannot login at the console (it just flashes and re-displays the login screen in a loop)
and also I cannot get a login prompt from Ctrl-Alt-F1 (just shows the five dots progress bar indefinitely) on an otherwise blank screen.
From grub, if I boot to 4-15.0-64 recovery mode and drop to a root shell, I can see in /var/log/syslog:
This is from when you installed 418.56 from ppa, but you got the broken 430.26.
You shouldn’t use any .run installer especially on Ubuntu 16.04, that will just break things more.
What’s the output of
ls -l /usr/lib/libGL* /usr/lib/nvidia-430/libGL*
on your system now?
Before today, I had not previously used the ppa for the nvidia drivers, the only mechanism that I used (always successfully) was the runfile method. Possibly because that was the first method in 2016 that I got working after giving up on the open-source driver.
Today I tried the ppa, and it applied 430.26 (as distinct from the runfile which delivered 430.50).
Applying the 430.26 from the ppa, did not change the overall symptom (login loop) but did allow control-alt-f1 to (eventually) work.
After I used the ppa, there was no file or link matching libGL* in /usr/lib/nvidia-430.
I did ln -s /usr/lib/x86_64-linux-gnu/libGL.so.1.7.0 libGL.so.1 while $PDW is /usr/lib/nvidia-430.
Rebooted. Same symptom.
If I apt remove the nvidia-430, and install again from the runfile and reboot then the /var/log/Xorg.0.log does not show a crash or a backtrace. that’s what’s confusing. 430_50-nvidia-bug-report.log.gz (1.13 MB)
I uninstalled the 430-50 driver (via runfile --uninstall method).
Then purged all nvidia modules
Then (with the ppa repository for graphics-drivers already added), apt update ;
apt install nvidia-430
I then ran nvidia-smi, and saw the PKCS#7 signature message.
Next I checked for /usr/lib/nvidia-430/libGL* files and found many, including a symlink for libGL.so.1 that was not pointing to libGL.so.1.7.0 as per the previously suggested link in the above responses.
Removed that broken symlink.
Added new symlink libGL.so.1 pointing to libGL.so.1.7.0
Ran nvidia-smi and this time did not get the PKCS#7 message.
Rebooted.
The login screen appeared, but both the mouse and the keyboard were not active .
Did a cold boot, entered the recovery mode, and took a new nvidia-bug-report.sh (attached 430_26-nvidia-bug-report.log.gz ), and also attach file showing the ls -l libGL* in both the /usr/lib/x86_64-linux-gnu and /usr/lib/nvidia-430 directories (attached file checks.txt).
Now this is weird. The libGL* setup is correct now.
-but-
in your first logs, you were running xorg-server 1.19.5, in your last log (with no input possible) the xserver was downgraded to 1.18.4(!?) and the input drivers were missing for that.
Looks like you somehow purged a bit too much. Please try upgrading it again to the latest available version:
[url]https://wiki.ubuntu.com/Kernel/LTSEnablementStack[/url]
Recreate the symbolic link libGL.so.1 pointing to libGL.so.1.7.0 in /usr/lib/nvidia-430
shutdown -r now
Normal boot will not start the desktop, shows a blank screen that has the ubuntu 5 squares progress indicator indefinitely.
Entered recovery mode again, and see several messages: PKCS#7 signature not signed with a trusted key
the Xorg.0.log shows xorg server version is now 1.19.6, but there is still a segmentation violation visible at the end of the file.
Attaching two files, checks2.txt shows libGL* in /usr/lib/nvidia-430 and in /usr/lib/x86_64-linux-gnu tree,
and another report file named 1.nvidia-bug-report.log.gz checks2.txt (2.41 KB) 1.nvidia-bug-report.log.gz (1.12 MB)
The xorg.log was from a previous boot when the correct symlink was not in place. It now looks like there’s not even an xserver starting now. Looks like Ubuntu 16.04 is now ultimately broken with the nvidia driver, you should rather upgrade to 18.04.
I’m not sure what ‘ultimately broken’ means , although I doubt that you mean irretrievably broken!
I was reluctant to give up on 16.04 for various reasons, not least because other recently reported the same PKCS#7 issue with 18.04, but also because I need a 16.04 environment to support some production apps.
So I persisted, and managed to login successfully.
I noticed that some actions caused the breaking of the symlink /usr/lib/nvidia-430/libGL.so.1 , so I had to fix it again.
Although I tried various options in the recovery mode root shell (with networking enabled), these may have been significant:
apt upgrade # this upgraded 5 packages
nvidia-xconfig # to remake /etc/X11/xorg.conf
This allowed desktop login, although the unity launchpad had lost some of its icons this is easy to restore.
So as regards the cause of the original PKCS#7 signature not signed with a trusted key, with the original 418.56 nvidia driver, I am none the wiser.
But the permanent change to use the graphics-driver ppa (instead of the runfile method) for nvidia driver is now in place.
Thank you for the support.