It's not possible to login on an Alpine 3.19 RPi

[mauromorales]

Kairos version:

v3.0.4

CPU architecture, OS, and Version:

arm64 Raspberry Pi4

Describe the bug

If I try to log in, I get a message saying that the password has expired

To Reproduce

Burn an image and plug it on the rpi4, it will boot but you won't be able to log in

Expected behavior

Logs

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <https://wiki.alpinelinux.org/>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

WARNING: Your password has expired.
You must change your password now and login again!
passwd: must be suid to work properly

Additional context

[Itxaka]

building 3.19 results in this working?

[Itxaka]

looks like we are alwasy enabling the hwclock via dockerfile and not letting the init do it. Currently testing some changes to make it simpler.

[jimmykarily]

Since this is not reproducible anymore, I'll close and we can re-open if there are more data.

[mauromorales]

The issue is still there, but you need to log in via ssh

[mauromorales]

are these two duplicates? #1994

[Itxaka]

The issue is still there, but you need to log in via ssh

I tested this and it was working. Whats the difference between our RPI? network maybe?

Can you tell me which exact artifact you tested and from sd/usb and network cable attached/dettached?

Also login via tty1/2/serial?

[Itxaka]

Note that i installed the rpi3 one instead by mistake :D

installed via

$ docker run -ti --rm -v $PWD:/image quay.io/luet/base util unpack quay.io/kairos/alpine:3.19-standard-arm64-rpi3-v3.1.0-k3sv1.30.2-k3s1-img /image
 INFO   Downloading quay.io/kairos/alpine:3.19-standard-arm64-rpi3-v3.1.0-k3sv1.30.2-k3s1-img to /image
 INFO   Pulled: sha256:83b2ec44cd9edc9756ee50e43813ee104257bf2957f203099711b6602219f666 quay.io/kairos/alpine:3.19-standard-arm64-rpi3-v3.1.0-k3sv1.30.2-k3s1-img
 INFO   Size: 998.1MiB
$ xzcat build/kairos-alpine-3.19-standard-arm64-rpi3-v3.1.0-k3sv1.30.2+k3s1.img.xz | sudo dd of=/dev/sda oflag=sync status=progress bs=10MB 

Booted and could login, even with a broken date:

[Itxaka]

Even with network and starting the ntpd service (not sure why it wasnt auto started?) I can still log out and in?

[Itxaka]

I did not understand this correctly. Talked with @mauromorales directly, he told me that the issue is login via SSH.

Checking the /etc/passwd file makes sense as the third field is a 0. That field is how many days passed since the last password change, and the 0 value is special as it means it needs to be changed on next login.

My thinking here is that when the kairos user gets created, entities library checks to see how many days have passed since unix epoch and writes it to the file: https://github.com/mudler/entities/blob/master/pkg/entities/shadow.go#L140
As no days have passed since the unix epoch, it sets the zero value, but ignores that it has a special meaning.

2 things to do here:

• make sure entities NEVER sets a zero value in there by default.
• make sure we run date to a safe date ini initramfs.before so we have a decent date set in the system instead of unix epoch, before the hwclock/swclock/ntpd can trigger.