UC20 preseeding

From snapd 2.56, Ubuntu Core 20 (UC20) images created with the snap prepare-image command, or the ubuntu-image tool, can be preseeded. This means that some steps related to the installation of seeded snaps can be performed at image-creation time, rather than on first boot, reducing the installation time.

This time saving comes mostly from the early (i.e. during image creation) verification of snap checksums and the creation of security profiles and mount units, and are proportional to the number of asserted snaps being seeded (with just a few snaps there will be no real benefit).

Requirements for image preseeding:

  • snapd 2.56 or newer, both on the host system (where the image is created) and in the resultant preseeded system.
  • same architecture on the host and preseeded system (during preseeding, snapd from the target system gets executed to perform seeding).
  • Recommended: the kernel on the host should have the same AppArmor features as that of the target system. Differing AppArmor features will nullify the pre-created security profiles which will subsequently need to be recreated on first boot.


snap prepare-image --preseed --preseed-sign-key=<gpg-key-name> --channel=stable --snap=... <model-assertion> <target directory>

or with ubuntu-image:

ubuntu-image snap --preseed --preseed-sign-key=<gpg-key-name> -i 8G --snap [...] <model-assertion>

The --preseed-sign-key argument is optional and the default GPG key will be used if omitted. This is the brand GPG key.

A custom AppArmor features directory may be specified with --apparmor-features-dir=.... The target should be a snapshot of sys/kernel/security/apparmor/features from the target system. If not specified, the sys/kernel/security/apparmor/features from the host system will be used.


Just came across this option and it sounds wonderful! Unfortunately, I migrated my custom model right to core22 as I want to test out the new splash screen integration, and this line in snapd/image/image.linux.go blocks --preseed with UC22 models. @pstolowski you mentioned in this PR comment that UC22 might behave differently when pre-seeding. Is this indeed the case, or can this check just be extended to include UC20 and later?

Thanks for flagging this.

I’ve asked the team and we’re hopeful that UC22 can be added simply (well, to the if statement :slight_smile: ). We’ve created a TODO to investigate and I’ll update here when we’ve looked into it further. I should also put something about this in the Ubuntu Core docs.