Creating unique board username and passwords through TorizonCore Builder

Hey everyone! I’m using TorizonCore Builder and haven’t had problems getting that to work. I’m able to isolate changes, bundle with my containers, and get successful builds, but I’ve got a problem I would like some help solving.

On a first launch with a new image before including any changes, you input torizon as the username and torizon as the password, then get prompted to create a new password. Afterwards, I can capture those changes for a new build, and when that image is installed, it will have that user with that new password pre-installed (to my understanding, please correct me if any of these assumptions are wrong.)

The problem I’m running into is that for my purposes, I would like every board I use to have a username and password that I choose before I install the image. Isolating the changes like made above and putting these changes in my tcbuilder would obviously make every board have the same username and password.

Is there a way to programmatically set the username and password on a fresh install of a build using torizoncore builder?

Thanks!

Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:


:handshake:

To achieve unique usernames and passwords for each board programmatically using TorizonCore Builder, you can follow a more dynamic approach. Here’s a method to handle this:

  1. Initial Setup:

    • Create a base TorizonCore image with the necessary configurations and container bundles, but without setting the username and password.
  2. Post-Installation Script:

    • Use a post-installation script to set the username and password dynamically. This script can be included in the TorizonCore image and executed on the first boot.
  3. Script Implementation:

    • Write a script that prompts for or generates a unique username and password on the first boot. This script can be added to the /etc/init.d/ directory to ensure it runs at startup.

Here’s a basic example of what the script might look like:

#!/bin/sh

# Check if the user has already been set
if [ ! -f /etc/firstboot_done ]; then
    # Generate or prompt for a unique username and password
    USERNAME="your_unique_username"  # Replace with logic to generate or fetch the username
    PASSWORD="your_unique_password"  # Replace with logic to generate or fetch the password

    # Add the user with the specified username and password
    useradd -m -s /bin/bash $USERNAME
    echo "$USERNAME:$PASSWORD" | chpasswd

    # Mark that the first boot setup is done
    touch /etc/firstboot_done
fi
  1. Integrate the Script:

    • Add this script to your TorizonCore image using TorizonCore Builder. You can use the union command to merge this script into the /etc/init.d/ directory of your base image.
  2. Deploy the Custom Image:

    • Build and deploy the custom TorizonCore image with the integrated script to your devices.
  3. First Boot Execution:

    • On the first boot, the script will run, setting a unique username and password for each device.

By using this approach, you can ensure that each board has a unique username and password set programmatically during the first boot, without having to manually configure each one.

Best regards, Toradex AI Assistant

I like this suggestion, this might be able to work. Does this method also get rid of the torizon user with the torizon password, or does it just add this user on top of that user?

Hi @jeatontenney

The script generated by the AI bot above simply adds another user. I guess the tricky part is how do you go about putting the custom username and password into the script? It will be there in plaintext for all to see.

Alternatively you can just force the torizon user password to expire in the script and that will force the user to enter a new password on the next login. Something like chage -M0 torizon will do that.

As for using torizoncore-builder, after you isolate the changes you may be able to just remove the modified shadow and .passwd_changed files and then your custom image will still use the “torizon:torizon” login and require the user to change the password on first login.

Hope that helps,
Drew

Hi @jeatontenney

Have you made any progress on this?

Drew