It looks like it’s possible to update a system-user assertion, by just re-posting it to the snapd API with a bumped revision number. However, I can’t see a good way of applying that assertion without removing and re-creating the system-user.
For the v2/users API there is only create and remove actions. Trying create again fails with an error because the user already exists.
It seems like the only option is to remove then create - am I missing something ?
This particular use case is if we need to update the ssh keys.
According to the docs, https://core.docs.ubuntu.com/en/guides/manage-devices/ , if the system-user assertion lacks the system-user-authority field, asserts can only be signed with a key registered to the store account in the brand-id field.
I created a new key for signing system-user assertsion, registered it with the our brand account [ which is used in the brand-id field.
However, when I try and add an assertion signed with that key, I get the following error response from snapd:
Should snapd be trying to verify the registered key with the store directly ? Or is there some process that should take care of it that only happens at system install ? Something else ?
@jdstrand Sorry, just picking a single Moderator, could see an obvious way to @ the group. Are you able to remove that spam/phishing post/user user above ?