TorizonCore Builder create custom image without the torizon default passowrd

Hi jeremias,

[copy from here]
I hope you can help me understand what i’m not doing right.
I used TorizonCore Builder has you mention to isolate changes on the /etc after booting the first time to the board and set the password I want as default instead of ‘torizon’. I grabbed the files that were created and modified and add them to my tcbuild.yaml descriptor to build and put this files on the final image. If I open the image and go to the ostree I can se the files there in the right place, but even so on the first boot the board asks me to change the password, so the changes I have done to the image are discarded. This is due to some script that is still running on first boot? What can I do to solve this issue.

The file structure is shown in the original post.

This is the isolate command i’m running to capture the changes of a clean install after setting up the new password for the user torizon

torizoncore-builder isolate --remote-host xxx.xxx.xxx.xxx--remote-username torizon --remote-password <password> --changes-directory Temp8

The output is as shown in the image below

This is my tcbuild.yaml

# Documentation https://developer.toradex.com/torizon/os-customization/torizoncore-builder-workflow/#customizing-the-configuration-file
# Configuration file outline:
# ⚠️ Mouse hover to the properties to see documentation
# ⚠️ ctrl+space inside an object or property to get the autocompletion tips
input:
  # Input section items (required).
  # ⚠️ change it for your needs
  easy-installer:
    local: images/torizon-core-docker-apalis-imx8-Tezi_6.6.1+build.14.tar

customization:
  # Customization section items.
  splash-screen: splashScreen.png
  filesystem:
    - auth-files
    <more folders here>

output:
  # Output section items (required).
  # ⚠️ change it for your needs
  easy-installer:
    local: torizon-core-docker-apalis-imx8-Tezi_6.6.1.<image name and version>
  ostree:
    branch: <image name>
    commit-subject: <commit subject>


Hardware info

HW model: Toradex Apalis iMX8QP V1.1 on Apalis Evaluation Board
Toradex version: 0049 V1.1C
Processor arch: aarch64
VS Code version: 1.92.2
Plugin TorizonCore Builder version: 0.0.12

Thanks in advance for your help.
Best regards,
André

imx8 apalis torizoncore-builder

Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:


:handshake:

The issue you’re encountering is likely due to the first-boot script that forces a password change for security reasons. This script runs on the first boot of the TorizonCore image to ensure that the default password is changed.

To resolve this issue, you can disable the first-boot script that enforces the password change. Here’s how you can do it:

  1. Capture the Changes: Ensure you have captured the changes correctly using the isolate command, as you have done.

  2. Disable the First-Boot Script: You need to disable the script that enforces the password change. This script is typically located in the /etc/first-boot.d directory. You can remove or disable this script as part of your customization.

  3. Modify tcbuild.yaml: Ensure your tcbuild.yaml includes the changes to disable the first-boot script. Here’s an example of how you can modify your tcbuild.yaml:

input:
  easy-installer:
    local: images/torizon-core-docker-apalis-imx8-Tezi_6.6.1+build.14.tar

customization:
  splash-screen: splashScreen.png
  filesystem:
    - auth-files
    - etc/first-boot.d/disable-password-change.sh

output:
  easy-installer:
    local: torizon-core-docker-apalis-imx8-Tezi_6.6.1.<image name and version>
  ostree:
    branch: <image name>
    commit-subject: <commit subject>
  1. Create the Disable Script: Create a script named disable-password-change.sh in the etc/first-boot.d directory with the following content:
#!/bin/sh
# Disable the password change script
rm -f /etc/first-boot.d/10-change-password
  1. Build the Custom Image: Run the torizoncore-builder build command to create the custom image with the changes.

  2. Deploy the Custom Image: Deploy the custom image to your board using the Toradex Easy Installer.

By following these steps, you should be able to create a custom TorizonCore image that does not prompt for a password change on the first boot.

Best regards,
Toradex AI Assistant

Hi @af-silva

Just to confirm, does “more folders here” include your Temp8 folder?

Can you share the output of the torizoncore-builder build command?

Once the build completes, how are you installing to your board?

Drew

Hi Drew,

Sorry, I have more customization’s hence the “more folders here”, the files and folders of the Temp8 are inside the auth-files:

image

Output of the build

*  Executing task: DOCKER_HOST= source ./.conf/tcb-env-setup.sh -s /home/afsilva/code/torizon-builder/base-image-dev/storage -t 3.8.1 

Warning: If you intend to use torizoncore-builder as a server (listening to ports), then you should pass extra parameters to "docker run" (via the -- switch).
Setting up TorizonCore Builder with version 3.8.1.

2024-08-23 16:33:55,773 - torizon.tcbuilder.cli.build - INFO - Building image as per configuration file 'tcbuild.yaml'...
2024-08-23 16:33:55,773 - torizon.tcbuilder.cli.build - DEBUG - Substitutions (enabled): {}
2024-08-23 16:33:55,814 - torizon.tcbuilder.cli.build - INFO - 
=>> Handling input section
2024-08-23 16:33:57,125 - torizon.tcbuilder.backend.images - INFO - Unpacking Toradex Easy Installer image.
2024-08-23 16:33:57,125 - torizon.tcbuilder.backend.images - DEBUG - Running tar command: cat /workdir/images/torizon-core-docker-apalis-imx8-Tezi_6.6.1+build.14.tar | cat | tar -xf - -C /storage/tezi.tmp
2024-08-23 16:33:58,011 - torizon.tcbuilder.backend.images - INFO - Copying Toradex Easy Installer image.
2024-08-23 16:33:58,011 - torizon.tcbuilder.backend.images - DEBUG - Copy directory /storage/tezi.tmp/torizon-core-docker-apalis-imx8-Tezi_6.6.1+build.14 -> /storage/tezi.
2024-08-23 16:33:58,493 - torizon.tcbuilder.backend.images - INFO - Unpacking TorizonCore Toradex Easy Installer image.
2024-08-23 16:33:58,497 - torizon.tcbuilder.backend.images - DEBUG - Running tar command: cat '/storage/tezi/torizon-core-docker-apalis-imx8.ota.tar.zst' | zstd -dc | tar --xattrs --xattrs-include='*' -xhf - -C /storage/sysroot
2024-08-23 16:34:03,252 - torizon.tcbuilder.backend.images - INFO - Importing OSTree revision bea874029cbbb4d3abb2105e7cacd312cbf8ab8b348b24d8fd0661d3c147b2ae from local repository...
2024-08-23 16:34:03,259 - torizon.tcbuilder.backend.ostree - DEBUG - Pulling from local repository /storage/sysroot/ostree/repo commit checksum bea874029cbbb4d3abb2105e7cacd312cbf8ab8b348b24d8fd0661d3c147b2ae
916 metadata, 8988 content objects imported; 584.5 MB content written
2024-08-23 16:34:12,110 - torizon.tcbuilder.backend.ostree - DEBUG - Pulling from local repository /storage/sysroot/ostree/repo commit checksum bea874029cbbb4d3abb2105e7cacd312cbf8ab8b348b24d8fd0661d3c147b2ae
0 metadata, 0 content objects imported; 0 bytes content written
2024-08-23 16:34:12,173 - torizon.tcbuilder.backend.images - INFO - Unpacked OSTree from Toradex Easy Installer image:
2024-08-23 16:34:12,174 - torizon.tcbuilder.backend.images - INFO -   Commit checksum: bea874029cbbb4d3abb2105e7cacd312cbf8ab8b348b24d8fd0661d3c147b2ae
2024-08-23 16:34:12,174 - torizon.tcbuilder.backend.images - INFO -   TorizonCore Version: 6.6.1+build.14
2024-08-23 16:34:12,174 - torizon.tcbuilder.cli.build - INFO - 
=>> Handling customization section
2024-08-23 16:34:12,174 - torizon.tcbuilder.cli.build - INFO - 
=> Setting splash screen
2024-08-23 16:34:12,217 - torizon.tcbuilder.cli.splash - INFO - splash screen merged to initramfs
2024-08-23 16:34:12,218 - torizon.tcbuilder.cli.build - INFO - 
=>> Handling output section
2024-08-23 16:34:12,266 - torizon.tcbuilder.cli.union - DEBUG - union: subject='base-dev_1.9.23' body='None'
2024-08-23 16:34:12,267 - torizon.tcbuilder.cli.union - INFO - Applying changes from STORAGE/splash.
2024-08-23 16:34:12,479 - torizon.tcbuilder.backend.union - DEBUG - Processing whiteouts.
2024-08-23 16:34:12,695 - torizon.tcbuilder.cli.union - INFO - Applying changes from WORKDIR/auth-files.
2024-08-23 16:34:12,697 - torizon.tcbuilder.backend.union - DEBUG - Processing whiteouts.
2024-08-23 16:34:12,698 - torizon.tcbuilder.backend.union - DEBUG - Removing all contents from /usr/etc/ipk-postinsts.
2024-08-23 16:34:12,718 - torizon.tcbuilder.cli.union - INFO - Applying changes from WORKDIR/config-files.
2024-08-23 16:34:12,719 - torizon.tcbuilder.backend.union - DEBUG - Processing whiteouts.
2024-08-23 16:34:12,738 - torizon.tcbuilder.cli.union - INFO - Applying changes from WORKDIR/files5.
2024-08-23 16:34:12,759 - torizon.tcbuilder.backend.union - DEBUG - Processing whiteouts.
2024-08-23 16:34:12,780 - torizon.tcbuilder.cli.union - INFO - Applying changes from WORKDIR/files4.
2024-08-23 16:34:12,781 - torizon.tcbuilder.backend.union - DEBUG - Processing whiteouts.
2024-08-23 16:34:12,799 - torizon.tcbuilder.cli.union - INFO - Applying changes from WORKDIR/files1.
2024-08-23 16:34:13,117 - torizon.tcbuilder.backend.union - DEBUG - Processing whiteouts.
2024-08-23 16:34:13,135 - torizon.tcbuilder.cli.union - INFO - Applying changes from WORKDIR/files2.
2024-08-23 16:34:13,135 - torizon.tcbuilder.backend.union - DEBUG - Processing whiteouts.
2024-08-23 16:34:13,156 - torizon.tcbuilder.cli.union - INFO - Applying changes from WORKDIR/files3.
2024-08-23 16:34:13,198 - torizon.tcbuilder.backend.union - DEBUG - Processing whiteouts.
2024-08-23 16:34:13,280 - torizon.tcbuilder.backend.union - DEBUG - Transaction committed. 14819022 bytes 58 objects written.
2024-08-23 16:34:13,284 - torizon.tcbuilder.cli.union - INFO - Commit e9efb4969d65572a71bd027a07cec3951db4884dc220941b6573ea6ba9659069 has been generated for changes and is ready to be deployed.
2024-08-23 16:34:13,290 - torizon.tcbuilder.backend.deploy - INFO - Pulling OSTree with ref base-dev-image from local archive repository...
2024-08-23 16:34:13,290 - torizon.tcbuilder.backend.deploy - INFO -   Commit checksum: e9efb4969d65572a71bd027a07cec3951db4884dc220941b6573ea6ba9659069
2024-08-23 16:34:13,290 - torizon.tcbuilder.backend.deploy - INFO -   TorizonCore Version: 6.6.1+build.14-tcbuilder.20240823163413
2024-08-23 16:34:13,290 - torizon.tcbuilder.backend.deploy - INFO -   Default kernel arguments: quiet logo.nologo vt.global_cursor_default=0 plymouth.ignore-serial-consoles splash fbcon=map:3

2024-08-23 16:34:13,290 - torizon.tcbuilder.backend.ostree - DEBUG - Pulling from local repository /storage/ostree-archive commit checksum e9efb4969d65572a71bd027a07cec3951db4884dc220941b6573ea6ba9659069
922 metadata, 9022 content objects imported; 593.2 MB content written
2024-08-23 16:34:15,239 - torizon.tcbuilder.backend.deploy - INFO - Pulling done.
2024-08-23 16:34:15,241 - torizon.tcbuilder.backend.deploy - INFO - Deploying OSTree with checksum e9efb4969d65572a71bd027a07cec3951db4884dc220941b6573ea6ba9659069
2024-08-23 16:34:15,241 - torizon.tcbuilder.backend.deploy - DEBUG - Deploying revision e9efb4969d65572a71bd027a07cec3951db4884dc220941b6573ea6ba9659069
2024-08-23 16:34:15,682 - torizon.tcbuilder.backend.deploy - DEBUG - Write deployment for revision e9efb4969d65572a71bd027a07cec3951db4884dc220941b6573ea6ba9659069
2024-08-23 16:34:15,787 - torizon.tcbuilder.backend.deploy - INFO - Deploying done.
2024-08-23 16:34:15,787 - torizon.tcbuilder.backend.deploy - INFO - Copy files not under OSTree control from original deployment.
2024-08-23 16:34:15,802 - torizon.tcbuilder.backend.deploy - INFO - Packing rootfs...
2024-08-23 16:34:15,812 - torizon.tcbuilder.backend.deploy - DEBUG - Running tar command: tar --xattrs --xattrs-include='*' -cf /workdir/torizon-core-docker-apalis-imx8-Tezi_6.6.1.base-dev_1.9.23/torizon-core-docker-apalis-imx8.ota.tar -S -C /deploy -p .
2024-08-23 16:34:18,267 - torizon.tcbuilder.backend.deploy - DEBUG - Running compress command: zstd --rm /workdir/torizon-core-docker-apalis-imx8-Tezi_6.6.1.base-dev_1.9.23/torizon-core-docker-apalis-imx8.ota.tar
2024-08-23 16:34:21,063 - torizon.tcbuilder.backend.deploy - INFO - Packing rootfs done.
2024-08-23 16:34:21,063 - torizon.tcbuilder.backend.combine - INFO - Updating TorizonCore image in place.
2024-08-23 16:34:21,064 - torizon.tezi.image - DEBUG - No 'filelist' present in image configuration.
2024-08-23 16:34:21,064 - torizon.tezi.image - DEBUG - Reading json_data[key], value 'TorizonCore'
2024-08-23 16:34:21,064 - torizon.tezi.image - DEBUG - Writing json_data[key] = 'TorizonCore'
2024-08-23 16:34:21,064 - torizon.tezi.image - DEBUG - Reading json_data[key], value '6.6.1+build.14'
2024-08-23 16:34:21,065 - torizon.tezi.image - DEBUG - Writing json_data[key] = '6.6.1+build.14.modified'
2024-08-23 16:34:21,066 - torizon.tezi.image - DEBUG - Writing json_data[key] = '2024-08-23'
2024-08-23 16:34:21,066 - torizon.tezi.image - DEBUG - Reading json_data[key], value '6.6.1+build.14.modified'
Deploying commit ref: base-dev-image
2024-08-23 16:34:21,067 - torizon.tcbuilder.cli.build - INFO - 
=>> Build command successfully executed!

Hmm. Is it possible that one of the other changes directories has a different setup that may be removing the .passwd_changed file or undoing the changes to passwd and shadow?

How are you installing this? Are you using the easyinstaller version or deploy OTA?

Drew

Hi,

Hmm. Is it possible that one of the other changes directories has a different setup that may be removing the .passwd_changed file or undoing the changes to passwd and shadow?

Regarding this no, I don’t have any other passwd_changed or passwd files.
I have created different folders to hold target changes just for the sake of organization.

How are you installing this? Are you using the easyinstaller version or deploy OTA?

I’m using the tcb-build task in the VSCode to create the image and then I’m running the following commands to upload the OS image to the Torizon Cloud and then schedule the instalation on the board:

torizoncore-builder images unpack torizon-core-docker-apalis-imx8-Tezi_6.6.1.base-dev_x.x.x
torizoncore-builder platform push --credentials credentials.zip --package-name base-dev --package-version x.x.x base

Maybe I’m doing something a shouldn’t ? Everything else is running as intended, the other changes I need to perform for our custom image, it’s just this issue of the password I’m facing problems.

Thanks.
André

Greetings @af-silva,

The problem here is the order of things that need to occur. Let me explain. There is a script that runs only on first boot in Torizon OS. The script is as follows:

if [ ! -e /etc/.passwd_changed ]; then
        passwd -e torizon
        touch /etc/.passwd_changed
fi

Basically if the /etc/.passwd_changed file does not exist on first boot, this script will expire the password of the torizon user. This effectively forces the user to change password on next login.

Knowing this let’s think about what would happen in sequence.

  • You flash a default version of Torizon OS
  • The file /etc/.passwd_changed does not exist yet, so the password for the torzion user gets expired by the script.
  • You perform your OS update
  • The device gets the new file contents. But as far as the system is concerned the torizon user has never logged in yet, meaning it’s credentials are still expired. The only thing that can clear this “expired state” is the torizon user logging in and changing passwords.

This is why you’re observing the behavior you are. The intended behavior is to flash your initial custom OS using Toradex Easy Installer. What would happen then is this:

  • You flash your initial custom version of Torizon OS
  • In this custom version you already changed the password so /etc/.passwd_changed should exist.
  • The script to expire the password for the torizon user doesn’t execute the if statement.
  • Since the torizon user never enters an “expired” state it will just use whatever password information is present, which would be the password you used for the custom image.

This flow should fit common production scenarios. Since anyways when you do production programming for your devices you’re going to be flashing an initial customized version of Torizon OS already, and not the default Torizon OS.

Best Regards,
Jeremias

1 Like