[Bug 1772556] Re: d-i netinstall fails due to missing apt-transport-https package

Tue Jul 28 01:12:37 UTC 2020

I looked into the autopkgtest regressions.

The pbuilder and sbuilder failures are due to them attempting to build
procenv in a Groovy chroot which was made with debootstrap. procenv
currently FTBFS on  Groovy, due to changes in GCC10 to -Werror=format-
overflow.

```
gcc -DHAVE_CONFIG_H -I. -I..  -I . -I ./platform  -I ./platform/linux -D PROCENV_PLATFORM_LINUX          -pedantic -std=gnu99 -Wall -Wunused -fstack-protector -Wformat  -fdata-sections -ffunction-sections -Werror -g -O2 -MT platform/linux/procenv-platform.o -MD -MP -MF platform/linux/.deps/procenv-platform.Tpo -c -o platform/linux/procenv-platform.o `test -f 'platform/linux/platform.c' || echo './'`platform/linux/platform.c
platform/linux/platform.c: In function ‘handle_proc_branch_linux’:
platform/linux/platform.c:1266:21: error: ‘%s’ directive writing up to 1017 bytes into a region of size 16 [-Werror=format-overflow=]
 1265 |     p += 1+strlen ("Name:"); /* jump over tab char */
      |     ~~~~~~~~~~~~~~~~~~~~~~~
 1266 |     sprintf (name, "%s", p);
      |                     ^~
In file included from /usr/include/stdio.h:867,
                 from ./platform.h:22,
                 from platform/linux/platform-linux.h:25,
                 from platform/linux/platform.c:19:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:36:10: note: ‘__builtin___sprintf_chk’ output between 1 and 1018 bytes into a destination of size 16
   36 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   37 |       __bos (__s), __fmt, __va_arg_pack ());
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
platform/linux/platform.c:1271:21: error: ‘%s’ directive writing up to 1017 bytes into a region of size 16 [-Werror=format-overflow=]
 1270 |     p += 1+strlen ("PPid:"); /* jump over tab char */
      |     ~~~~~~~~~~~~~~~~~~~~~~~
 1271 |     sprintf (ppid, "%s", p);
      |                     ^~
In file included from /usr/include/stdio.h:867,
                 from ./platform.h:22,
                 from platform/linux/platform-linux.h:25,
                 from platform/linux/platform.c:19:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:36:10: note: ‘__builtin___sprintf_chk’ output between 1 and 1018 bytes into a destination of size 16
   36 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   37 |       __bos (__s), __fmt, __va_arg_pack ());
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

```

This has nothing to do with the changes made to debootstrap.

Looking at the changelog for procenv, this has happened before...

procenv (0.50-1ubuntu2) eoan; urgency=medium

  * Hack it so it ignores broken gcc overflow warnings on ppc64el
  * Stop mv README in debian/rules, that breaks building twice (it's a symlink already)

 -- Julian Andres Klode <juliank at ubuntu.com>  Mon, 05 Aug 2019 13:43:53
+0200

procenv (0.50-1ubuntu1) eoan; urgency=medium

  * debian/patches/gcc-9-strncpy.patch: Handle strncpy in a way
    compatible with gcc-9 linting.

 -- Steve Langasek <steve.langasek at ubuntu.com>  Sat, 20 Jul 2019 17:30:12 +0000

Regardless, I have reported the procenv FTBFS upstream on this issue:

https://github.com/jamesodhunt/procenv/issues/15

I have also opened a LP bug 1889138 for Groovy:

https://bugs.launchpad.net/ubuntu/+source/procenv/+bug/1889138

As for the livecd-rootfs autopkgtest regression, I am still
investigating.

The errors are:

snap: found lxd=4.0/stable/ubuntu-20.04
Unexpected seeded snap for ubuntu-cpc:minimized build: lxd=4.0/stable/ubuntu-20.04
autopkgtest [18:33:53]: test minimized:  - - - - - - - - - - results - - - - - - - - - -
default-bootstraps   PASS
minimized            FAIL non-zero exit status 1

** Bug watch added: github.com/jamesodhunt/procenv/issues #15
   https://github.com/jamesodhunt/procenv/issues/15

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1772556

Title:
  d-i netinstall fails due to missing apt-transport-https package

Status in debootstrap package in Ubuntu:
  Confirmed
Status in debootstrap source package in Bionic:
  Fix Committed
Status in debootstrap source package in Eoan:
  Won't Fix
Status in debootstrap source package in Focal:
  Fix Committed
Status in debootstrap package in Debian:
  Fix Released

Bug description:
  [Impact]

  When installing over the network using a netinstall image with pxe
  boot and with an https apt mirror, the installer fails with the error:

    Debootstrap error

    couldn't find these debs: apt-transport-https

    Check /var/log/syslog or see virtual console 4 for the details

  This happens due to apt-transport-https moving to universe from bionic
  onward, but still being required by debootstrap when it sees a https
  apt mirror, even though support for https mirrors is built into apt.

  [Testcase]

  With debootstrap alone:

    $ sudo debootstrap bionic output-dir https://<https-mirror>
    ...

    - Before: "E: Couldn't find these debs: apt-transport-https"
    - After: "I: Base system installed successfully."

  Or with the debian-installer:

  Use the 18.04.4 LTS netinstall ISO to PXE boot with a preseed that
  uses a custom https apt mirror. Something like:

  ```
  d-i mirror/country string manual
  d-i mirror/protocol string https
  d-i mirror/https/hostname string mirrors.ptisp.pt
  d-i mirror/https/directory string /ubuntu/
  d-i mirror/https/proxy string
  ```

  The installer will fail with the error in the impact section.

  There are test packages for debootstrap available in the following
  PPA, for both bionic and focal:

  https://launchpad.net/~mruffell/+archive/ubuntu/sf289200-test

  I have also built a test netinstall ISO with the test debootstrap
  packages, and is available here:

  https://people.canonical.com/~mruffell/sf289200/

  You probably want to use mini.iso for PXE boot, but vmlinuz and
  initrd.gz are provided as well.

  [Regression Potential]

  The fix adds checks for specific distribution releases, so if someone
  is trying to debootstrap a previous release where apt-transport-https
  is still required, it will still function.

  For users of newer releases, it simply omits the package. apt-
  transport-https will still be available in universe if anyone still
  needs it.

  If a regression did occur, users may not be able to access https apt
  mirrors when using debootstrap. In this case, users can use a plain
  http mirror until things are fixed.

  Due to apt-transport-https not being needed in bionic onward, due to
  being built into apt directly, I believe this change won't introduce
  any regressions.

  [Other info]

  The fix landed in upstream debootstrap in the following commit:

  commit 66cbaae642953beba8aec393f3eca076abd89a7d
  From: Hideki Yamane <henrich at debian.org>
  Date: Fri, 28 Feb 2020 00:10:25 +0900
  Subject: select codename for apt-transport-https (Closes: #920255, #879755)
  Link: https://salsa.debian.org/installer-team/debootstrap/-/commit/66cbaae642953beba8aec393f3eca076abd89a7d

  It adds a check for distro release name, and if they fall within Zesty
  and prior, then it requires apt-transport-https, and if Artful and
  later, then it is omitted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/1772556/+subscriptions