Expired password on system with no rtc (e.g. rpi4) on Alpine

[jimmykarily]

When booting quay.io/kairos/alpine:3.18-standard-arm64-rpi4-v2.4.2-rc2-k3sv1.28.2-k3s1-img on rpi4

it's not possible to SSH to the system because of this error:

kairos@192.168.1.30's password: 
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <https://wiki.alpinelinux.org/>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

WARNING: Your password has expired.
You must change your password now and login again!
passwd: must be suid to work properly
Connection to 192.168.1.30 closed.

The password for kairos user appears to be expired. This happens because during boot, when the user is created, the system time is not updated and points sometime in 1970 (by default). Raspberry pi and other boards that lack a real time clock (rtc), depend on ntpd or similar service to synchronize the system time. We don't enable ntpd in initrd (no dracut module for that afaict) and thus the time is wrong until the system boots.

I enabled ntpd in the kairos config with:

ln -sf ../../init.d/ntpd /etc/runlevels/default/ntpd

but this only seems to fix the time after the user has already been created (with wrong timestamps).

The fix would probably be to enable ntpd in dracut so the time is correct when the users are created.

The only workaround for now is to login to the board after it boots and sudo passwd kairos to fix the timestamp. This needs to happen after every boot so it's not a good workaround.

NOTE: Not sure if the same thing happens on systemd, maybe we got ntpd or other service enabled there? I was debugging on Alpine only. We need to check other distros.

[Itxaka]

In alpine initrd we try to identify the hw clock but its very late in the process: https://github.com/kairos-io/packages/blob/main/packages/alpine/files/initramfs-init#L520 and then based on that we enable the proper service

Maybe we should do something similar at the start, before immucore is run and files are created to set an aprox time? There is currently nothing setting up the date during initramfs and it should not be an issue....but we create stuff on the initramfs so....we need to properly set the time.

ntp would be good IF we have network. Otherwise we should use the rtc clock or default to the software clock.

[Itxaka]

I think this was fixed in one of the rounds, or at least I could not trigger this.

Maybe network has something to do with this as well?