The system-user assertion is a permit by the brand for local system users to be created on its specified devices. The most common use case is for creating system users in the factory line or on first boot, by using a USB dongle which would contain this assertion.
The format is as follows:
type: system-user authority-id: <authority account-id> revision: <int> brand-id: <account-id> email: <user e-mail> series: <list of series which should accept this assertion> models: <models which should accept this assertion> serials: <optional list of one or more device serial numbers> name: <optional person’s name> username: <system user name> password: <encoded password> ssh-keys: <list> since: <UTC datetime> until: <UTC datetime> sign-key-sha3-384: <key id> # Encoded key id of signing key <signature> # Encoded signature
The index is the tuple <
series is as specified by the model assertion. These assertions must be signed by the brand.
serials field limits the scope of the system-user assertion to devices with matching serials. This field can only be used with a
revision of 1 or greater, and also limits the
models field to accepting just a single model assertion.
password header must be encoded and salted, following the format specified by crypt(3). The
until header is in this case required.
The simple addition of such assertions to a device assertion database should not be enough to trigger the user creation. This must be initiated explicitly (via
snap create-user, or in the context of the auto-import mechanism for assertions from removable devices, which requires physical access to the device).
This would be an example of this assertion:
type: system-user authority-id: 324hfanjkfqASdFQWfnawefhu8Jauhdj brand-id: 324hfanjkfqASdFQWfnawefhu8Jauhdj email: test@localhost models: - pc name: Default Test User password: $6$OCvKy4w/Ppxp7IvC$WPzWiIW.4y18h9htjbOuxLZ.sjQ5M2hoSiEu3FpMU0PMdHQuQdBOqvk8p6DMdS/R/nU/rXidClD23CbSkSgp30 series: - 16 since: 2016-10-24T07:12:10+00:00 until: 2017-10-24T07:12:10+00:00 username: test sign-key-sha3-384: kKd-kgxTJSR-wm5OT5M-gVxo4zv0Y19AAloJE4dq7C0QlbPsdbof0G5g0lCpg0J_ AcLBXAQAAQoABgUCWKrupwAKCRCuieT/1PiUiMbrD/0WcjG5Yw6kPZ4afE6vePpZfySvPLbguna+ kMUtTYulfIVNK+VMR3ZeNQfHhe/WGIlxXUWqfIlp6EZ4ha7LBeeHYgdq6cOOrapa53wboQTOTCDp EZna2R5lDnlVlm06jKOoPhQZNi0P30GiS9e1xY0CNu/hzxLgwArHYj1hqof0zdu/A68GyfU9AWRe ne4QGFIwWuQE8vksgbRuCoRiu0zamU6WKdby4pad7Q1SHUdwn8+0i0/zmgRnvDeBloACNWHRYFy3 PGjJ5ylIkXoBaIYGfYusdO+NvSUnLP4Rj6izsUbBIVeHyAqAkMz6y68NUpQupO4vqih3GSi1pqoj H5+p/e5UzcB7hqB8YOrwTtp5EsTPq/AOD0bu9EZdVS5eIAkGuvR3MJX+uGvTAXCCFMIPIxcNTPwp 6HUiyQ3xMZL6FUg4ucxQH6jRZiZ5SMiuJ2OYl53f7v3MdFMe5lnYSw1nBger9nEXti3pdsS9Czpk 3WdVRWSjvMupJUmlCJUTNeLwPn2gYCiZpFJntIltRq3McKqh6WrhTozsoVsLjTyx7bQEHp00QycJ 1pfdMtVNbQKyF30dswc5TctzZEOY/YazMI8CqB3ZuCGyUpkJ0px2FgJQqVHYdtIDePp33aTy170A 5dHym5SUQZqowwHN/PSc7rTyGn4fJCdRpRsjj72uSQ==