ERROR: Postinstall scriptlets of ['shadow'] have failed

Colibri imx7 emmc 1GB
Ubuntu 22.04 LTS building
BSP 6.8.0 Tezi

I tried to build a openembedded image for our Colibri, but I get the same error with every effort I try.

The error is:

WARNING: tdx-reference-minimal-image-1.0-r0 do_rootfs: shadow.postinst returned 1, marking as unpacked only, configuration required on target.
ERROR: tdx-reference-minimal-image-1.0-r0 do_rootfs: Postinstall scriptlets of [‘shadow’] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
Deferring to first boot via ‘exit 1’ is no longer supported.
Details of the failure are in /home/estwork/linux-est-octoSC-MPU/oe-core/build/tmp/work/colibri_imx7_emmc-tdx-linux-gnueabi/tdx-reference-minimal-image/1.0-r0/temp/log.do_rootfs.
ERROR: Logfile of failure stored in: /home/estwork/linux-est-octoSC-MPU/oe-core/build/tmp/work/colibri_imx7_emmc-tdx-linux-gnueabi/tdx-reference-minimal-image/1.0-r0/temp/log.do_rootfs.3693321
ERROR: Task (/home/estwork/linux-est-octoSC-MPU/oe-core/build/…/layers/meta-toradex-demos/recipes-images/images/tdx-reference-minimal-image.bb:do_rootfs) failed with exit code ‘1’

Hope you guys can help.

Hi, I’m the Toradex AI Assistant.

I might make mistakes. Our support team will step in if needed. If I answered your question, please tick the “Solution” checkbox. For follow-up questions to me, please use @ToradexAI in your post.

Did you like my answer? :+1: :-1:


Hello! Thank you for sharing the details of your environment and the error you are seeing when building a Yocto/OpenEmbedded image for your Colibri iMX7 eMMC 1GB module.

The error you are experiencing is related to the post-installation script for the shadow package. Specifically, it is failing during the root filesystem creation (do_rootfs), and Yocto is no longer supporting deferred postinstall scripts—so it cannot be postponed to the first boot.

Here are some practical steps to resolve this issue:

1. Check Your local.conf Configurations

Ensure your local.conf contains the following for the Colibri iMX7:

MACHINE ?= "colibri-imx7-emmc"
ACCEPT_FSL_EULA = "1"
  • Ensure the MACHINE variable matches your module (colibri-imx7-emmc for eMMC modules).
  • ACCEPT_FSL_EULA = "1" is required for NXP-based SoMs.

More details: Building a Reference Image with Yocto Project/OpenEmbedded

2. Clean and Rebuild

Sometimes old build artifacts can cause persistent issues. Try cleaning and rebuilding the problematic image with:

bitbake -c clean tdx-reference-minimal-image
bitbake tdx-reference-minimal-image

3. Read the Detailed Log

Check the log file mentioned in your error output (log.do_rootfs). Look for lines around the shadow postinstall step. Often problems relate to:

  • Missing build dependencies
  • File system incompatibilities
  • Misconfigured package users/groups

4. Update Host Packages

Ensure your host system is up-to-date, and that all required host build dependencies (like python3, tar, xz, gcc, etc.) are installed.

5. Remove Unnecessary exit 1 Workarounds

As of recent Yocto versions, adding exit 1 in postinstall scripts to defer to first boot is NOT supported. Do not manually modify any postinst scripts to do this.

6. Use Supported BSP/Yocto Version

You are using BSP 6.8.0 (hardknott-based). Ensure all your meta-layers are checked out at compatible branches/commits for this BSP. Mismatched branches can cause postinstall and packaging issues.

More Information

Visit these links for more guidance:

If the log indicates a problem with user or group creation (typical for shadow issues), make sure no conflicting files exist in your custom layers.

Let me know if examining the log or these changes help resolve your issue, or if you need guidance on a specific error line from the detailed log.

Best regards,
Toradex AI Assistant.

I could find the do_rootfs log file the following:
pwconv: failure while writing changes to /etc/passwd

Hello @bastiaanatwork !

Were you able to resolve your issue?

The problem is likely occurring because the postinstall script for shadow tries to execute pwconv, which merges /etc/passwd and /etc/shadow, but it cannot write to /etc/passwd inside the image rootfs during do_rootfs.

If an earlier build failed, it’s possible that temporary or partially written files in the work directory are causing the problem. In that case, the solution suggested by the bot may help. Please try cleaning the work directory and rebuilding:

bitbake -c cleansstate tdx-reference-minimal-image
bitbake tdx-reference-minimal-image

If that does not work, ensure you are building on a filesystem with full write permissions (such as under /home/…) and avoid building inside restricted folders (e.g., snap mounts, external drives, or system-managed directories).