Copy SD cards

bart · January 4, 2021, 4:01pm

Hi, I’m trying to figure out how to shorten the time to create an SD card with a custom image on it.

Right now, I have to put the custom image on it, and let it boot with a USB stick to install the system user. This takes quite some work compared to simply copying an image to an SD card.

I was wondering if i can’t simply copy an already prepared SD card. So far the differences between 2 freshly prepared SD cards seem to be:

machine ID in system-data/etc/
ssh keys in system-data/etc/ssh/.
a key in system-data/var/lib/snapd/device/private-keys-v1/

Is there a way to generate those on a host pc? So i can simply copy an SD card and generate some device specific files.

ogra · January 4, 2021, 4:45pm

try using a system-user assertion:

https://core.docs.ubuntu.com/en/guides/manage-devices/#creating-a-system-user-assertion

(if you put it on a second usb key that you plug in after first boot snapd will detect it and create the user for you)

bart · January 5, 2021, 8:13am

Hey, thanks for the reply. However, that’s what I’m currently doing, and it requires you to boot a device for each SD card, which takes quite some time.

ijohnson · January 5, 2021, 5:21pm

These two things are probably fine to generate on a different machine, as long as it’s sufficiently different and sufficiently random, etc.

This cannot be generated elsewhere, it can only be generated on the device when the device is booted as other assertions and things depend on this key.

bart · January 6, 2021, 3:32pm

This cannot be generated elsewhere, it can only be generated on the device when the device is booted as other assertions and things depend on this key.

Also when the same system user is used?

Do you think the idea of being able to create sd cards on a host pc is a valid use case at all?

ijohnson · January 6, 2021, 4:12pm

The same system user assertion can be used for multiple devices so long as the model, etc. in the system user assertion matches the device it is being used with. As to your question about the private key, yes, the private key is separate from the system user assertion and needs to be unique for all devices.

Yes, I think it’s a valid use-case, but admittedly it is not one that we have optimized for and is difficult to accommodate right now. If there’s not already a LP bug about this feature specifically, feel free to file one at bugs.launchpad.net/snapd. Thanks

bart · January 6, 2021, 4:12pm

Ok, will do, thanks!