Adding groups on Torizon image

lucas_a.tx · November 23, 2022, 8:42pm

Namely, I unpacked the output tar.zst in my output directory, and if I browse down to ostree/deploy/torizon/deploy/[commit hash]/etc/ and open the group file, I can see the groups are present.

Great, it is a good way to verify your custom image. With this I don’t think the issue is related to your image.

So it is getting applied to the actual image - which confirms the build environment is set up correctly and the change should be present. yet I’ve done numerous images unpack output and deploy calls and they have not materialized - the files stubbornly stay empty of my new entries.

I was able to reproduce your issue when deploying the image through SSH via torizoncore-builder deploy and at least in this situation I have a possible explanation for it.

The reason is due to how OSTree, the program responsible for versioning/deploying the images, works: If a tracked file in /etc is modified in relation to its counterpart in /usr/etc, OSTree will not change it, even if the update has a newer version of it, as said here: Atomic Upgrades | ostreedev/ostree

/usr/etc is the “default configuration” of the image, and OSTree uses it as a point of reference to track any changes made in /etc.

In particular /etc/group and /etc/gshadow are modified when first logging in on a new TorizonCore install, so unless you undo the modifications these two files won’t be affected by any updates made using torizoncore-builder deploy.

This shouldn’t happen when installing the image through TEZI though, as OSTree versioning is reset.

I suggest you try the following:

Install a vanilla TorizonCore image via TEZI on your module, version should be the same you used for the custom image;
Login as user torizon, then check the differences between /etc and /usr/etc with:

sudo ostree admin config-diff

group and gshadow should be marked with ‘M’, meaning they are modified in relation to /usr/etc.

Overwrite /usr/etc to /etc with the command below, based on this topic: Manually reset of modified /etc files to current ostree commit - #3 by ldvp

sudo rsync -avh /usr/etc/ /etc/ --delete

This command will also reset the torizon user password to torizon.

Check again with sudo ostree admin config-diff. There should be no output, or at the very least group and gshadow should not be present.
On your host machine deploy your custom image that has the modified /etc/group and /etc/gshadow:

torizoncore-builder images unpack <your custom image directory>
torizoncore-builder union <branch name, can be anything>
torizoncore-builder deploy <branch name> --remote-host <SoM IP> --reboot

After the module finishes rebooting, login again (remember that the password has been reset to torizon)
All changes should be present on the image.

See if this helps you.

Best regards,
Lucas Akira