System-User Assertions and the system time
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Triaged
|
Medium
|
Samuele Pedroni |
Bug Description
System-User assertions have a since/until timestamp on them to indicate their date range of their validity. This is checked against the current system date/time of the device [1]. From what I can see,for devices that do not have a real-time clock, the current date/time can be incorrect, especially if the network connection has not be configured (so the NTP server has not done its work).
In a factory, the newly provisioned devices may be tested without connecting it to a network, so devices like a Pi3 will typically have the wrong system date/time. A crude workaround is to set the "since" date of the assertion back a couple of days, but that won't work if a system defaults to a 1970 date.
Errors that I have seen are:
* "assertion not valid anymore"
* "assertion is signed with expired public key"
The first error happens because the system date is before the "since" date of the assertion. The second error is because the system defaulted to an even older date (5 days into the past), which was before the account-key assertion was created.
[1] https:/
Changed in snapd: | |
importance: | High → Medium |
assignee: | nobody → Samuele Pedroni (pedronis) |
systems defaulting to a 1970 date should not be possible if they are ported correctly.
using the (kind of mandatory) "fixrtc" commandline option on the kernel commandline. this will always set the system time to either last mount time or creation time of the image.