Hey there,
We are auto importing users to our Ubuntu Core system with system user assertions downloaded from our Serial Vault.
We managed to do so on QEMU by starting the qemu image like this:
sudo qemu-system-x86_64 \
-enable-kvm \
-smp 1 \
-m 8192 \
-machine q35 \
-cpu host \
-global ICH9-LPC.disable_s3=1 \
-net nic,model=virtio \
-net user,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80 \
-drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on \
-drive file=/usr/share/OVMF/OVMF_VARS.ms.fd,if=pflash,format=raw,unit=1 \
-drive "file=./images/pc.img.qemu",if=none,format=raw,id=disk1 \
-device virtio-blk-pci,drive=disk1,bootindex=1 \
-drive if=none,id=usbstick,format=raw,file=auto-import-assert.img \
-usb \
-device usb-ehci,id=ehci \
-device usb-tablet,bus=usb-bus.0 \
-device usb-storage,bus=ehci.0,drive=usbstick -uuid 946146c3-3e6d-4433-aa85-e7ffb1a5335b
We made the auto-import-assert.img file with someting like
mkfs.ext4 auto-import-assert.img
sudo losetup -f --show auto-import-assert.img
sudo mount /dev/loop61 /mnt/user_usb
sudo cp auto-import.assert /mnt/user_usb/auto-import.assert
sudo umount /mnt/user_usb
sudo losetup -d /dev/loop61
However, I have only managed to successfully import a single user on one image. Is it correct that it is only possible to import one system user?
Once the system-user assertion expires, will it be possible to add a new one?
Is it possible to remove the currently active system user somehow?
Are the rules listed anywhere?
Kind regards, Charlee