[Bug 1772556] Re: d-i netinstall fails due to missing apt-transport-https package
Mauricio Faria de Oliveira
1772556 at bugs.launchpad.net
Mon Jul 27 15:13:06 UTC 2020
Focal
=====
Original
--------
$ dpkg -s debootstrap | grep Version:
Version: 1.0.118ubuntu1.1
$ tail -n1 *-$version-*.log
==> debootstrap-updates-focal--http.log <==
I: Base system installed successfully.
==> debootstrap-updates-focal--https.log <==
E: Couldn't find these debs: apt-transport-https
==> debootstrap-updates-focal-buildd-http.log <==
I: Base system installed successfully.
==> debootstrap-updates-focal-buildd-https.log <==
E: Couldn't find these debs: apt-transport-https
==> debootstrap-updates-focal-minbase-http.log <==
I: Base system installed successfully.
==> debootstrap-updates-focal-minbase-https.log <==
E: Couldn't find these debs: apt-transport-https
Patched
-------
sudo add-apt-repository ppa:mfo/lp1772556
sudo apt update
sudo apt install debootstrap
$ dpkg -s debootstrap | grep Version:
Version: 1.0.118ubuntu1.2
$ tail -n1 *-$version-*.log
==> debootstrap-patched-focal--http.log <==
I: Base system installed successfully.
==> debootstrap-patched-focal--https.log <==
I: Base system installed successfully.
==> debootstrap-patched-focal-buildd-http.log <==
I: Base system installed successfully.
==> debootstrap-patched-focal-buildd-https.log <==
I: Base system installed successfully.
==> debootstrap-patched-focal-minbase-http.log <==
I: Base system installed successfully.
==> debootstrap-patched-focal-minbase-https.log <==
I: Base system installed successfully.
Comparison of HTTP protocol for no regressions:
Identical contents (same MD5 Sums), no changes.
---
$ md5sum *-http.log | sort
55adb44ba484d60cb12e9e30e417b73d debootstrap-patched-focal-buildd-http.log
55adb44ba484d60cb12e9e30e417b73d debootstrap-updates-focal-buildd-http.log
78db31fc39808298649cfb3c384298f4 debootstrap-patched-focal-minbase-http.log
78db31fc39808298649cfb3c384298f4 debootstrap-updates-focal-minbase-http.log
f20f0050ab281c2a77b61e5aa91c5b10 debootstrap-patched-focal--http.log
f20f0050ab281c2a77b61e5aa91c5b10 debootstrap-updates-focal--http.log
Comparison of HTTP/HTTPS for no regressions:
Just add SSL packages and diff mirror URL:
---
release=focal
for variant in minbase buildd ''; do
echo "DIFF: patched/https vs. updates/http: variant '$variant'"
diff -U0 debootstrap-patched-$release-$variant-https.log debootstrap-updates-$release-$variant-http.log
echo
done
DIFF: patched/https vs. updates/http: variant 'minbase'
--- debootstrap-patched-focal-minbase-https.log 2020-07-27 14:38:17.935977579 +0000
+++ debootstrap-updates-focal-minbase-http.log 2020-07-27 14:22:26.222344378 +0000
@@ -8 +8 @@
-I: Checking component main on https://mirror.math.princeton.edu/pub/ubuntu...
+I: Checking component main on http://mirror.math.princeton.edu/pub/ubuntu...
@@ -21,2 +20,0 @@
-I: Retrieving ca-certificates 20190110ubuntu1
-I: Validating ca-certificates 20190110ubuntu1
@@ -143,2 +140,0 @@
-I: Retrieving libssl1.1 1.1.1f-1ubuntu2
-I: Validating libssl1.1 1.1.1f-1ubuntu2
@@ -175,2 +170,0 @@
-I: Retrieving openssl 1.1.1f-1ubuntu2
-I: Validating openssl 1.1.1f-1ubuntu2
@@ -430 +423,0 @@
-I: Unpacking ca-certificates...
@@ -441 +433,0 @@
-I: Unpacking libssl1.1:amd64...
@@ -445 +436,0 @@
-I: Unpacking openssl...
@@ -449 +439,0 @@
-I: Configuring libssl1.1:amd64...
@@ -460 +449,0 @@
-I: Configuring openssl...
@@ -463 +451,0 @@
-I: Configuring ca-certificates...
@@ -468 +455,0 @@
-I: Configuring ca-certificates...
DIFF: patched/https vs. updates/http: variant 'buildd'
--- debootstrap-patched-focal-buildd-https.log 2020-07-27 14:45:31.290432935 +0000
+++ debootstrap-updates-focal-buildd-http.log 2020-07-27 14:25:36.572480586 +0000
@@ -8 +8 @@
-I: Checking component main on https://mirror.math.princeton.edu/pub/ubuntu...
+I: Checking component main on http://mirror.math.princeton.edu/pub/ubuntu...
@@ -31,2 +30,0 @@
-I: Retrieving ca-certificates 20190110ubuntu1
-I: Validating ca-certificates 20190110ubuntu1
@@ -211,2 +208,0 @@
-I: Retrieving libssl1.1 1.1.1f-1ubuntu2
-I: Validating libssl1.1 1.1.1f-1ubuntu2
@@ -253,2 +248,0 @@
-I: Retrieving openssl 1.1.1f-1ubuntu2
-I: Validating openssl 1.1.1f-1ubuntu2
@@ -521 +514,0 @@
-I: Unpacking ca-certificates...
@@ -561 +553,0 @@
-I: Unpacking libssl1.1:amd64...
@@ -570 +561,0 @@
-I: Unpacking openssl...
@@ -579 +569,0 @@
-I: Configuring libssl1.1:amd64...
@@ -604 +593,0 @@
-I: Configuring openssl...
@@ -613 +601,0 @@
-I: Configuring ca-certificates...
@@ -640 +627,0 @@
-I: Configuring ca-certificates...
DIFF: patched/https vs. updates/http: variant ''
--- debootstrap-patched-focal--https.log 2020-07-27 14:55:17.842794094 +0000
+++ debootstrap-updates-focal--http.log 2020-07-27 14:29:45.418431021 +0000
@@ -8 +8 @@
-I: Checking component main on https://mirror.math.princeton.edu/pub/ubuntu...
+I: Checking component main on http://mirror.math.princeton.edu/pub/ubuntu...
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1772556
Title:
d-i netinstall fails due to missing apt-transport-https package
Status in debootstrap package in Ubuntu:
Confirmed
Status in debootstrap source package in Bionic:
In Progress
Status in debootstrap source package in Eoan:
Won't Fix
Status in debootstrap source package in Focal:
In Progress
Status in debootstrap package in Debian:
Fix Released
Bug description:
[Impact]
When installing over the network using a netinstall image with pxe
boot and with an https apt mirror, the installer fails with the error:
Debootstrap error
couldn't find these debs: apt-transport-https
Check /var/log/syslog or see virtual console 4 for the details
This happens due to apt-transport-https moving to universe from bionic
onward, but still being required by debootstrap when it sees a https
apt mirror, even though support for https mirrors is built into apt.
[Testcase]
Use the 18.04.4 LTS netinstall ISO to PXE boot with a preseed that
uses a custom https apt mirror. Something like:
```
d-i mirror/country string manual
d-i mirror/protocol string https
d-i mirror/https/hostname string mirrors.ptisp.pt
d-i mirror/https/directory string /ubuntu/
d-i mirror/https/proxy string
```
The installer will fail with the error in the impact section.
There are test packages for debootstrap available in the following
PPA, for both bionic and focal:
https://launchpad.net/~mruffell/+archive/ubuntu/sf289200-test
I have also built a test netinstall ISO with the test debootstrap
packages, and is available here:
https://people.canonical.com/~mruffell/sf289200/
You probably want to use mini.iso for PXE boot, but vmlinuz and
initrd.gz are provided as well.
[Regression Potential]
The fix adds checks for specific distribution releases, so if someone
is trying to debootstrap a previous release where apt-transport-https
is still required, it will still function.
For users of newer releases, it simply omits the package. apt-
transport-https will still be available in universe if anyone still
needs it.
If a regression did occur, users may not be able to access https apt
mirrors when using debootstrap. In this case, users can use a plain
http mirror until things are fixed.
Due to apt-transport-https not being needed in bionic onward, due to
being built into apt directly, I believe this change won't introduce
any regressions.
[Other info]
The fix landed in upstream debootstrap in the following commit:
commit 66cbaae642953beba8aec393f3eca076abd89a7d
From: Hideki Yamane <henrich at debian.org>
Date: Fri, 28 Feb 2020 00:10:25 +0900
Subject: select codename for apt-transport-https (Closes: #920255, #879755)
Link: https://salsa.debian.org/installer-team/debootstrap/-/commit/66cbaae642953beba8aec393f3eca076abd89a7d
It adds a check for distro release name, and if they fall within Zesty
and prior, then it requires apt-transport-https, and if Artful and
later, then it is omitted.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/1772556/+subscriptions
More information about the Ubuntu-sponsors
mailing list