After upgrading to Ubuntu 22.04 running apt shows an error message saying “Key is stored in legacy trusted.gpg keyring“:

# apt update

[..]
All packages are up-to-date.
W: https://apt.syncthing.net/dists/syncthing/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

The key needs to be exported from the legacy keyring and then imported back to the current system.

List the keys and find the key ID of the repository that is showing the error. In this case it is Syncthing.

# apt-key list

--------------------
pub   rsa2048 2014-12-29 [SC]
      37C8 4554 E7E0 A261 54E7  6E1E D26E 6ED0 0065 5A3E
uid           [ unknown] Syncthing Release Management <release@syncthing.net>
sub   rsa2048 2014-12-29 [E]

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
[...]

Copy the last 8 characters of the key (00655A3E) and export it.

# apt-key export 00655A3E | gpg --dearmour -o /usr/share/keyrings/syncthing.gpg

Update the source file for the repository adding the exported key.

# vim /etc/apt/sources.list.d/syncthing.list

deb [arch=amd64 signed-by=/usr/share/keyrings/syncthing.gpg] https://apt.syncthing.net/ syncthing stable #Syncthing

Confirm that the error message is no longer showing.

# apt update

[...]                                                          
Hit:5 https://apt.syncthing.net syncthing InRelease                                                     
[...]
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up-to-date.

Finally, remove the old signature.

# apt-key del 00655A3E

Sometimes it might be necessary to start in single-user mode to do some administration work, or even reset an existing password.

Normally this can be achieved via the GRUB boot loader.

CentOS / RedHat (with root account enabled)

Switch on your system.

Press Esc until the GRUB menu shows up.

This will bring up the GNU GRUB menu. If the CentOS/RedHat logo/boot messages show up you will need to restart (Ctrl-Alt-Del) and try again.

Select the OS/boot you want to edit. Normally the first line. Press e to edit it.

CentOS Linux (3.10.0-1160.53.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.45.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.42.2.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.41.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-d0401f7cdedb4955a0a262b3e0054323) 7 (Core)


Use the ↑ and ↓ keys to change the selection.
Press 'e' to edit the selected item, or 'c' for command prompt.

You will need to find the entry for the kernel. Normally starts with linux16.

[...]
linux16 /vmlinuz-3.10.0-1160.53.1.el7.x86_64 root=/dev/mapper/centos_centos7-root ro rd.lvm.lv=centos_centos7/root rd.lvm.lv=centos_centos7/swap rhgb quite LANG=en_US.UTF-8
[..]

At the end of the line you can choose to add one of the following:

single
systemd.unit=rescue.target
systemd.unit=emergency.target

So that it looks like this:

[...]
linux16 /vmlinuz-3.10.0-1160.53.1.el7.x86_64 root=/dev/mapper/centos_centos7-root ro rd.lvm.lv=centos_centos7/root rd.lvm.lv=centos_centos7/swap rhgb quite LANG=en_US.UTF-8 single
[..]

Type Ctrl-X to exit and the system will start in single- user mode.

If required, remount the root filesystem:

# mount -o remount,rw /

[If there are other filesystems you need to mount from fstab:]

# mount --all

CentOS / RedHat (without root account enabled)

It might be that your system didn’t have a root account enabled, in which case the above steps will fail. There is a workaround.

Switch on your system.

Press Esc until the GRUB menu shows up.

This will bring up the GNU GRUB menu. If the CentOS/RedHat logo/boot messages show up you will need to restart (Ctrl-Alt-Del) and try again.

Select the OS/boot you want to edit. Normally the first line. Press e to edit it.

CentOS Linux (3.10.0-1160.53.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.45.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.42.2.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.41.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-d0401f7cdedb4955a0a262b3e0054323) 7 (Core)


Use the ↑ and ↓ keys to change the selection.
Press 'e' to edit the selected item, or 'c' for command prompt.

You will need to find the entry for the kernel. Normally starts with linux16.

[...]
linux16 /vmlinuz-3.10.0-1160.53.1.el7.x86_64 root=/dev/mapper/centos_centos7-root ro rd.lvm.lv=centos_centos7/root rd.lvm.lv=centos_centos7/swap rhgb quite LANG=en_US.UTF-8
[..]

At the end of the line add this:

rd.break

So that it looks like this:

[...]
linux16 /vmlinuz-3.10.0-1160.53.1.el7.x86_64 root=/dev/mapper/centos_centos7-root ro rd.lvm.lv=centos_centos7/root rd.lvm.lv=centos_centos7/swap rhgb quite LANG=en_US.UTF-8 rd.break
[..]

Type Ctrl-X to exit and the system will start emergency mode in read-only mode.

Remount the root filesystem as read/write:

# mount -o remount,rw /sysroot

Switch to the sysroot jail.

# chroot /sysroot

Reset the password, or do any required tasks.

If you have SELinux enforcing mode enabled it will protect the OS from any changes. After you change the password type the following to overcome this:

# touch /.autorelabel

Restart.

# reboot -f

Ubuntu / Debian

Switch on your system.

Press and hold the Shift key.

In some instances pressing the Esc key several times (instead of holding it) achieves the same result. Just be aware that if you press it too many times it will bring you to the GRUB CLI. You can type normal and you will get to the menu described below.

This will bring up the GNU GRUB menu. If the Ubuntu logo/boot messages show up you will need to restart (ctrl-alt-del) and try again.

Select Advanced Options on the GRUB menu.

			GNU GRUB version 2.04

 Ubuntu 20.04.4 LTS
*Advanced options for Ubuntu 20.04.4 LTS
 History for Ubuntu 20.04.4 LTS
 UEFI Firmware Settings

And select the recovery mode option. Normally the latest kernel installed on your system.

			GNU GRUB version 2.04

 * Ubuntu 20.04.4 LTS, with Linux 5.13.0-37-generic
** Ubuntu 20.04.4 LTS, with Linux 5.13.0-37-generic (recovery mode)
 Ubuntu 20.04.4 LTS, with Linux 5.13.0-35-generic
 Ubuntu 20.04.4 LTS, with Linux 5.13.0-35-generic (recovery mode)

This will boot the system and show a series of options. Select root.

Recovery Menu (filesystem state: read only)

	resume			Resume normal boot
	clean			Try to make free space
	dpkg			Repair broken packages
	fsck			Check all file systems
	grub			Update grub bootloader
	network			Enable networking
	root			Drop to root shell prompt
	system-summary	System summary

					<OK>

This message will show. Press Enter.

Press Enter for maintenance
(or press Ctrl-D to continue)

If your / volume is ZFS it will be already read and write. Other filesystems might start in read only mode. If so, remount:

# mount -o remount,rw /

[If there are other filesystems you need to mount from fstab:]

# mount --all

Changing an user’s password

# passwrd <username>

Adding a new user

In the rare event of not having an user, you can add one and give it sudo privileges.

# useradd <username>

# usermod -a -G sudo <username>

# passwd <username>

Other OS

You can find description on how to get to single-user mode for other Linux distros in this Microsoft’s article.

https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-grub-single-user-mode

My /boot partition is only 512MB and I get this error message every now and then when updating:

Not enough free space

The upgrade needs a total of xx.x M free space on disk ‘/boot’. Please free at least an additional xx.x M of disk space on ‘/boot’. You can remove old kernels using ‘sudo apt autoremove’, and you could set COMPRESS=xz in /etc/initramfs-tools/initramfs.conf to reduce the size of your initramfs.

The obvious process is to expand /boot to be at least 1GB and be more careful in the future when partitioning during the OS installation.

Luckily there are a couple of things to try before repartitioning.

Try cleaning old kernels automatically:

# apt autoremove

Compress your initramfs by editing /etc/initramfs-tools/initramfs.conf

# vim /etc/initramfs-tools/initramfs.conf

and change the COMPRESS entry to:

COMPRESS=xz

You might need to rebuild your initramfs for the compression to start applying.

If after doing the above you still don’t have enough free space you can manually delete old kernels.

First check which Linux kernel you are on:

# uname -r

4.15.0-76-generic

In the example above the current kernel is 4.15.0-76. It is really important that the current used kernel is left untouched on the system. Under no circumstances should it be removed.

Check which kernels are on your system:

# dpkg -l | grep linux-image

rc  linux-image-4.15.0-55-generic              4.15.0-55.60                                     amd64        Signed kernel image generic
rc  linux-image-4.15.0-58-generic              4.15.0-58.64                                     amd64        Signed kernel image generic
rc  linux-image-4.15.0-60-generic              4.15.0-60.67                                     amd64        Signed kernel image generic
rc  linux-image-4.15.0-62-generic              4.15.0-62.69                                     amd64        Signed kernel image generic
rc  linux-image-4.15.0-64-generic              4.15.0-64.73                                     amd64        Signed kernel image generic
rc  linux-image-4.15.0-65-generic              4.15.0-65.74                                     amd64        Signed kernel image generic
rc  linux-image-4.15.0-66-generic              4.15.0-66.75                                     amd64        Signed kernel image generic
rc  linux-image-4.15.0-69-generic              4.15.0-69.78                                     amd64        Signed kernel image generic
rc  linux-image-4.15.0-70-generic              4.15.0-70.79                                     amd64        Signed kernel image generic
ii  linux-image-4.15.0-72-generic              4.15.0-72.81                                     amd64        Signed kernel image generic
ii  linux-image-4.15.0-74-generic              4.15.0-74.84                                     amd64        Signed kernel image generic
ii  linux-image-4.15.0-76-generic              4.15.0-76.86                                     amd64        Signed kernel image generic
ii  linux-image-generic                        4.15.0.76.78                                     amd64        Generic Linux kernel image

The first column of the output provides a 2-3 letter code with useful information on the status of each package.

For reference this is their meaning:

First letter. Desired package state:

u ... unknown
i ... install
r ... remove/deinstall
p ... purge (remove including config files)
h ... hold

Second letter. Current package state:

n ... not-installed
i ... installed
c ... config-files (only config files are installed)
U ... unpacked
F ... half-configured (configuration failed for some reason)
h ... half-installed (installation failed for some reason)
W ... triggers-awaited (package is waiting for a trigger from another package)
t ... triggers-pending (package has been triggered)

Third letter. Error state:

R ... reinstallation-required (package broken, reinstallation required)

From the previous output we know that there are some config files left around (rc header), and that several kernel images are still installed (ii header).

The ii ones are the ones consuming the space we need to free up. We need to remove some of those.

We have to keep the current kernel version and at least one or two previous versions as good practice.

So based on all of the above and in this example:

To remove
linux-image-4.15.0-55-generic
linux-image-4.15.0-58-generic
linux-image-4.15.0-60-generic
linux-image-4.15.0-62-generic
linux-image-4.15.0-64-generic
linux-image-4.15.0-65-generic
linux-image-4.15.0-66-generic
linux-image-4.15.0-69-generic
linux-image-4.15.0-70-generic
linux-image-4.15.0-72-generic

To keep
linux-image-4.15.0-74-generic (previous)
linux-image-4.15.0-76-generic (current)

You can remove them one by one:

# apt purge linux-image-4.15.0-55-generic
# apt purge linux-image-4.15.0-58-generic
# apt purge linux-image-4.15.0-60-generic
.
.
.

Or all of them in one go with:

# apt purge linux-image-4.15.0-{55,58,60,62,64,65,66,69,60,72}-generic

This will free up enough space of /boot until you repartition.

Server and minimal installs are normally headless and have no graphical interface.

If needed you can add a GUI manually. The process is slightly different depending on the distro.

RedHat / CentOS 7.x

# yum update
# yum groupinstall "Server with GUI"

RedHat / CentOS 8.x

# dnf update
# dnf groupinstall workstation

Ubuntu 18.04.x LTS

# apt update

[Install minimum GNOME desktop]
# apt install --no-install-recommends ubuntu-desktop

[Install full desktop with associated applications]
(Long process and too many extras installed)

# apt install ubuntu-desktop

[There are other alternative desktops and installations possible:]

[Generic Gnome desktop]
# apt install vanilla-gnome-desktop

[Mate]
# apt install ubuntu-mate-desktop

[Xfce]
# apt install xubuntu-desktop

[KDE]
# apt install kubuntu-desktop

[LightDM]
# apt install --no-install-recommends lightdm

Debian 9.x

# apt update
# apt install gnome-core

Debian 10.x

# apt update
# apt install gnome-core

All the above distros use systemd as their init system and you set the default run level with the same set of commands.

[Enable run level 5 by default]
systemctl  set-default graphical.target

[Enable run level 3 by default]
systemctl  set-default multi-user.target

Despite systemd you can still use init to start the graphical interface without having to reboot.

# init 5