canonical · alfonsosanchezbeato · Apr 6, 2026 · Apr 1, 2026 · Apr 2, 2026 · Apr 2, 2026
diff --git a/.github/actions/run-spread-tests/action.yaml b/.github/actions/run-spread-tests/action.yaml
@@ -8,6 +8,11 @@ inputs:
     description: Complete spread command to run i.e. spread google-nested:tests/spread/main/
     required: true
     type: string
+  base-variant:
+    description: Type of base ("regular" or "cloud-init")
+    required: false
+    default: regular
+    type: string
 
 runs:
   using: "composite"
@@ -40,6 +45,7 @@ runs:
       cd "${{ inputs.working-directory }}"
       (
         set -o pipefail
+        export BUILD_VARIANT=${{ inputs.base-variant }}
         ${{ inputs.spread-command }} | \
           ${{ github.workspace }}/snapd-testing-tools/utils/log-filter -o $FILTERED_LOG_FILE -e Debug -e WARNING: -f Failed=NO_LINES -f Error=NO_LINES | \
           tee spread.log
@@ -63,5 +69,3 @@ runs:
       else
         echo "No spread log found, skipping errors reporting"
       fi
-
-
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -17,8 +17,29 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  setup:
+    runs-on: self-hosted
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - id: set-matrix
+        run: |
+          # Skip cloud-init variant for bases that had it included by default
+          if [[ "${{ github.ref_name }}" == core22* ]] || [[ "${{ github.ref_name }}" == core24* ]]; then
+            echo 'matrix=["regular"]' >> $GITHUB_OUTPUT
+          else
+            echo 'matrix=["regular", "cloud-init"]' >> $GITHUB_OUTPUT
+          fi
+
   build:
     runs-on: [self-hosted, spread-enabled]
+    needs: setup
+    strategy:
+      fail-fast: false
+      matrix:
+        variant: ${{ fromJSON(needs.setup.outputs.matrix) }}
+    env:
+      BUILD_VARIANT: ${{ matrix.variant }}
     steps:
       - name: Cleanup job workspace
         id: cleanup-job-workspace
@@ -29,30 +50,44 @@ jobs:
 
       - name: x86 build
         run: |
+          export BUILD_VARIANT
           spread -artifacts=./artifacts google-nested:tests/spread/build/
           find ./artifacts -type f -name core26_amd64.artifact -exec cp {} "${{ github.workspace }}" \;
 
       - name: arm64 build
         run: |
+          export BUILD_VARIANT
           spread -artifacts=./artifacts google-nested-arm:tests/spread/build/
           find ./artifacts -type f -name core26_arm64.artifact -exec cp {} "${{ github.workspace }}" \;
 
       - uses: actions/upload-artifact@v4
         with:
-          name: core-snap
+          name: core-snap-${{ matrix.variant }}
           path: "${{ github.workspace }}/*.artifact"
 
       - name: Discard spread workers
         if: always()
         run: |
+          export BUILD_VARIANT
           shopt -s nullglob
           for r in .spread-reuse.*.yaml; do
             spread -discard -reuse-pid="$(echo "$r" | grep -o -E '[0-9]+')"
           done
 
   tests-main:
     runs-on: [self-hosted, spread-enabled]
-    needs: build
+    needs: [setup, build]
+    strategy:
+      fail-fast: false
+      matrix:
+        variant: ${{ fromJSON(needs.setup.outputs.matrix) }}
+        # We want to run tests here only for one of the variants, as in this
+        # case the user is introduced by modifying the snapd snap and we do not
+        # use neither cloud-init not system-user assertions.
+        exclude:
+          - variant: cloud-init
+    env:
+      BUILD_VARIANT: ${{ matrix.variant }}
     steps:
       - name: Cleanup job workspace
         id: cleanup-job-workspace
@@ -62,16 +97,18 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/download-artifact@v4
         with:
-          name: core-snap
+          name: core-snap-${{ matrix.variant }}
 
       - name: Run x86 tests
         uses: ./.github/actions/run-spread-tests
         with:
+          base-variant: ${{ matrix.variant }}
           spread-command: spread google-nested:tests/spread/main/
 
       - name: Run arm64 tests
         uses: ./.github/actions/run-spread-tests
         with:
+          base-variant: ${{ matrix.variant }}
           spread-command: spread google-nested-arm:tests/spread/main/
 
       - name: Discard spread workers
@@ -83,7 +120,13 @@ jobs:
           done
   tests-snapd:
     runs-on: ubuntu-latest
-    needs: build
+    needs: [setup, build]
+    strategy:
+      fail-fast: false
+      matrix:
+        variant: ${{ fromJSON(needs.setup.outputs.matrix) }}
+    env:
+      BUILD_VARIANT: ${{ matrix.variant }}
     steps:
       - name: Cleanup job workspace
         id: cleanup-job-workspace
@@ -100,14 +143,15 @@ jobs:
           path: snapd
       - uses: actions/download-artifact@v4
         with:
-          name: core-snap
+          name: core-snap-${{ matrix.variant }}
 
       - name: Install spread
         run: curl -s https://storage.googleapis.com/snapd-spread-tests/spread/spread-amd64.tar.gz | sudo tar xzv -C /usr/bin
 
       - name: Build image
         working-directory: '${{ github.workspace }}'
         run: |
+          export BUILD_VARIANT
           PROJECT_PATH=$PWD/core-base
           # For os.query and others
           PATH=$PATH:$PROJECT_PATH/tests/lib/external/snapd-testing-tools/tools/
@@ -119,13 +163,11 @@ jobs:
           echo "************* DOWNLOADING SNAPS *************"
           download_core26_snaps 'edge'
 
-          echo "************* WRITING CLOUD-INIT CONFIG *************"
-          prepare_base_cloudinit
-
           echo "************* BUILDING CORE26 IMAGE *************"
           uc_snap="$(get_core_snap_name)"
           mv core26_"$(get_arch)".artifact "$uc_snap"
-          build_base_image
+          insert_user=true
+          build_base_image "$insert_user"
 
           echo "************* STARTING CORE26 VM *************"
           start_snapd_core_vm '${{ github.workspace }}'
@@ -134,8 +176,8 @@ jobs:
         uses: ./core-base/.github/actions/run-spread-tests
         with:
           working-directory: snapd
-          # TODO change to 26 when available (not a lot of a difference as it is external)
-          spread-command: SPREAD_EXTERNAL_ADDRESS=localhost:8022 spread external:ubuntu-core-24-64:tests/smoke/
+          base-variant: ${{ matrix.variant }}
+          spread-command: SPREAD_EXTERNAL_ADDRESS=localhost:8022 spread external:ubuntu-core-26-64:tests/smoke/
 
       - name: Discard spread workers
         if: always()

diff --git a/Makefile b/Makefile
@@ -52,15 +52,25 @@ hooks:
 		exit 1; \
 	fi
 
-	set -eux; for f in ./hooks/[0-9]*.chroot; do		\
+	set -eux;						\
+	export SNAP_CLOUD_INIT_BUILD="";			\
+	if [ -f "$$CRAFT_PROJECT_DIR"/cloud-init-build ]; then	\
+	    SNAP_CLOUD_INIT_BUILD=true;				\
+	fi;							\
+	for f in ./hooks/[0-9]*.chroot; do			\
 		base="$$(basename "$${f}")";			\
 		cp -a "$${f}" $(DESTDIR)/install-data/;		\
 		chroot $(DESTDIR) "/install-data/$${base}";	\
 		rm "$(DESTDIR)/install-data/$${base}";		\
 	done
 	rm -rf $(DESTDIR)/install-data
 
-	set -eux; for f in ./hooks-build/[0-9]*.build; do	\
+	set -eux;						\
+	export SNAP_CLOUD_INIT_BUILD="";			\
+	if [ -f "$$CRAFT_PROJECT_DIR"/cloud-init-build ]; then	\
+	    SNAP_CLOUD_INIT_BUILD=true;				\
+	fi;							\
+	for f in ./hooks-build/[0-9]*.build; do			\
 		"$$f" $(DESTDIR);				\
 	done
 

diff --git a/hooks/005-initialize-systemd.chroot b/hooks/005-initialize-systemd.chroot
@@ -55,23 +55,32 @@ case "$(uname -m)" in
 esac
 
 # Ensure selected base units are enabled
-for unit in \
-    cloud-init-local.service \
-    cloud-init-main.service \
-    cloud-init-network.service \
-    cloud-config.service \
-    cloud-final.service \
-    cloud-init-hotplugd.service \
-    cloud-init-hotplugd.socket \
-    e2scrub_reap.service \
-    secureboot-db.service \
-    wpa_supplicant.service \
-    apparmor.service \
-    finalrd.service \
-    netplan-configure.service \
-    sshd-keygen.service \
-    e2scrub_all.timer \
+
+units=(
+    e2scrub_reap.service
+    secureboot-db.service
+    wpa_supplicant.service
+    apparmor.service
+    finalrd.service
+    netplan-configure.service
+    sshd-keygen.service
+    e2scrub_all.timer
     fstrim.timer
+)
+
+if [ "$SNAP_CLOUD_INIT_BUILD" = true ]; then
+    units+=(
+        cloud-init-local.service
+        cloud-init-main.service
+        cloud-init-network.service
+        cloud-config.service
+        cloud-final.service
+        cloud-init-hotplugd.service
+        cloud-init-hotplugd.socket
+    )
+fi
+
+for unit in "${units[@]}"
 do
     if [ "$unit" = "secureboot-db.service" ] && [ "$ARCH" != "amd64" ] && [ "$ARCH" != "i386" ]; then
         continue
@@ -98,7 +107,7 @@ echo "ensure the systemd target.wants are in /usr/lib instead of /etc"
 for wants_dir in /etc/systemd/system/*.wants; do
     [ -d "$wants_dir" ] || continue
     target_name=$(basename "$wants_dir")
-    
+
     # Skip cloud-init related .wants (keep in /etc for snapd)
     case "$target_name" in
         cloud-*)

diff --git a/hooks/011-cloud-init-config.chroot b/hooks/011-cloud-init-config.chroot
@@ -4,4 +4,6 @@ set -eu
 
 # Because /etc/fstab is read-only now, we should not let cloud-init
 # try to modify it.
-sed -i '/^ *- mounts$/d' /etc/cloud/cloud.cfg
+if [ "$SNAP_CLOUD_INIT_BUILD" = true ]; then
+    sed -i '/^ *- mounts$/d' /etc/cloud/cloud.cfg
+fi
diff --git a/snapcraft.yaml b/snapcraft.yaml
@@ -22,6 +22,19 @@ parts:
     source-type: git
     source-branch: '26.04'
     override-build: |
+      # We use a marker file in $CRAFT_PROJECT_DIR to decide whether to include
+      # cloud-init or not. This file can be manually created for local builds,
+      # or automatically set if we are in a branch like 26-cloud-init. The
+      # latter is the case for Launchpad builds - note that this is not a
+      # branch forked from master, but a branch that is created by CI/CD in the
+      # same commit at master at build time, that is then imported by the LP
+      # recipe, and then removed.
+      (
+          cd "$CRAFT_PROJECT_DIR"
+          if git branch --show-current | grep '.*-cloud-init$'
-          if git branch --show-current | grep '.*-cloud-init$'
+          if git branch --show-current | grep -q -- '-cloud-init$'
-          if git branch --show-current | grep '.*-cloud-init$'
+          if git branch --show-current | grep -q -- '-cloud-init$'
+          then touch cloud-init-build
+          fi
+      )
       go install github.com/canonical/chisel/cmd/chisel@latest
 
       # Define the system utilities that we want to include in the base
@@ -74,18 +87,21 @@ parts:
         bash-completion_config
         bash-completion_completions
         ca-certificates_data-with-certs
-        cloud-init_bins
         cracklib-runtime_bins
         cryptsetup_bins
         cryptsetup-bin_bins
         dbus_services
         dbus-user-session_services
+        dhcpcd-base_standard
         distro-info-data_data
         dmsetup_rules
         e2fsprogs_services
+        e2fsprogs_standard
+        fdisk_bins
         fonts-ubuntu_all
         fonts-ubuntu_config
         finalrd_services
+        iproute2_bins
         kmod_bins
         kmod_config
 
@@ -117,6 +133,8 @@ parts:
         libwrap0_host-files
         locales_standard
 
+        netcat-openbsd_bins
+        netplan.io_bins
         ncurses-base_terminfo
 
         openssh-client_config
@@ -129,6 +147,7 @@ parts:
         p11-kit_bins
         passwd_pam-config
         polkitd_services
+        procps_bins
         plymouth_bins
         plymouth-label-ft_libs
         procps_config
@@ -156,6 +175,10 @@ parts:
         wpasupplicant_services
       )
 
+      if [ -f "$CRAFT_PROJECT_DIR"/cloud-init-build ]; then
+        SLICES+=(cloud-init_bins)
+      fi
+
       # TODO: not sure about FIPS yet, this will have to come later, chisel has builtin
       # support for ESM, meaning it's something we can request chisel to do for us.
       # if [[ ${SNAP_FIPS_BUILD+x} ]]; then
@@ -245,9 +268,8 @@ parts:
     # obviously for new core bases this cannot be the case, and
     # we need to wait until the first release with introducing
     # changelogs.
-    # TODO change to core26 when available
     build-snaps:
-      - core24=latest/beta
+      - core26=latest/beta
     override-pull: |
       craftctl default
 

diff --git a/spread.yaml b/spread.yaml
@@ -13,6 +13,7 @@ environment:
   # XXX temporarily switch to edge to get the fix for
   # https://bugs.launchpad.net/snapcraft/+bug/2051567
   SNAPCRAFT_CHANNEL: latest/edge
+  BUILD_VARIANT: '$(HOST: echo "$BUILD_VARIANT")'
 
 backends:
   google-nested:

diff --git a/tests/lib/models/id_ed25519 b/tests/lib/models/id_ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCmIQU2qoW1zRd0NPm73jTdQqJdPg1th6TSsfa44ZEgqwAAAJj0+Ytm9PmL
+ZgAAAAtzc2gtZWQyNTUxOQAAACCmIQU2qoW1zRd0NPm73jTdQqJdPg1th6TSsfa44ZEgqw
+AAAEC6WWaSpu+AUYRpU//2yZgzEv3e9NWIhC5dHZsotHYCdaYhBTaqhbXNF3Q0+bveNN1C
+ol0+DW2HpNKx9rjhkSCrAAAAEHVidW50dUBsb2NhbGhvc3QBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/tests/lib/models/id_ed25519.pub b/tests/lib/models/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhBTaqhbXNF3Q0+bveNN1Col0+DW2HpNKx9rjhkSCr ubuntu@localhost
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhBTaqhbXNF3Q0+bveNN1Col0+DW2HpNKx9rjhkSCr ubuntu@localhost