Initial credentials via gadget snap

Dear all,

following the reference canonical guides


I have compiled a custom ubuntu core image with the following command:

sudo ubuntu-image snap -c stable --snap ./pi_22-2_armhf.snap ubuntu-core-22-pi-armhf.model

the content of ubuntu-core-22-pi-armhf.model is the following

type: model
authority-id: --------------------------------------------------
series: 16
brand-id: --------------------------------------------------
model: ubuntu-core-22-pi-armhf
architecture: armhf
base: core22
grade: dangerous
    default-channel: 22/stable
    id: YbGa9O3dAXl88YLI6Y1bGG74pwBxZyKg
    name: pi
    type: gadget
    default-channel: 22/stable
    id: jeIuP6tfFrvAdic8DMWqHmoaoukAPNbJ
    name: pi-kernel
    type: kernel
    default-channel: latest/stable
    id: amcUKQILKXHHTlmSa7NMdnXSx02dNeeT
    name: core22
    type: base
    default-channel: latest/stable
    id: PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4
    name: snapd
    type: snapd
timestamp: 2023-09-07T09:40:46+00:00

The content of the output seed.manifest is the following

core22 868
pi x1
pi-kernel 664
snapd 20101

I think that the entry

pi x1

is due to the

--snap ./pi_22-2_armhf.snap

option I use for the ubuntu-image command.

The pi_22-2_armhf.snap is the gadget snap I got by compiling

I did however a change in the sources, specifically in the gadget.yaml file

I added the section

+  system:
+    service:
+      console-conf:
+        disable: true

I flashed a Raspberry CM4S with the pi.img output image using the rpi-imager tool

On the serial output, after some boot messages, I have the prompt for connecting to the CM4S:

Ubuntu Core 22 on (ttyAMA0)

ubuntu login: 

I expected such output because I disabled the notorious console-conf that requires to have an hdmi screen and a usb keyboard connected to the board

In the user-data source file of the gadget snap

I read the following:

# On first boot, set the (default) ubuntu user's password to "ubuntu" and
# expire user passwords
  expire: true
  - ubuntu:ubuntu

so I tried to use the ubuntu:ubuntu username:password couple

but it did not work.

Anyone who can enlighten me on this issue?

I would like to use the gadget snap in order to establish a user with ssh access without recurring to console.conf.

Hi there.

Do you have access to a USB-flash drive? You might as well flash it, and then when it is booted up, plug in the USB flash drive with the auto-import assertion file on a FAT32 formatted USB disk.

See here:

There’s a make-system-user snap/program that will generate a user assertion for you.

Something like this: make-system-user -b myaccountid -u username -p password -m model-assertion -k snapcraft-signing-key

Thanks ruhan.vanderberg, I will try.

But my need is slightly different: I need to have already established in the ubuntu image the user with ssh access.

Without subsequent procedures.

In the past I was able to do that using the --cloud-init option when generating the image.

Now it seems to me that option is no longer available and I have understood, maybe erroneously, that it is possible to do the same via a proper configuration of the gadget snap.

You should be able ro generate the system-user assertion in your brand store UI now and IIRC there should also be a way to include that at build time into your gadget…

There was an post on this forum that explained on how you could add a system-user assertion to your image, before flashing Core20 to the gateway, that will be set up during bootup/install, but there’s some shortcomings on that, that the grade of the model assertion of the image must be marked “dangerous” to be working, and may not work for you.

For the life of me, I cant find that post now.

Same for me, I know there is new documentation for this but I can not find it :thinking:

might it be the following?

Yes, that’s the one.

EDIT: I forgot how to quote the post, but yes, this is the link: Ubuntu-image command crashed?

dear @ogra,

I forgot to put a very important question:

from your experience and knowledge which Ubuntu Core version do you suggest me to use for the CM4S today?

I started with the latest 22-armhf but maybe also older versions, like UC20 or even UC18, could be used, am I correct?

I think we only started to fully support the CM4 with core20, I could misremember though…

Just throwing in another option.

We manage users with a dedicated snap [ not a gadget, just an standard app snap ] that includes system-user assertions. It has some logic to add the assertions and add/update/remove users appropriately.

The benefit of this is that you can then update the assertions and users in the field too. If the snap is included in the model assertion used to build the image, it will setup the users at snap seed time.

Cheers, just

1 Like