sts-sponsors team mailing list archive
-
sts-sponsors team
-
Mailing list archive
-
Message #02049
[Bug 1772556] Re: d-i netinstall fails due to missing apt-transport-https package
Performing verification of debootstrap in -proposed using Mauricio's
script from comment #10.
Bionic
======
Original
--------
First, using debootstrap from -updates:
$ apt-cache policy debootstrap | grep Installed
Installed: 1.0.95ubuntu0.6
$ tail -n1 *-bionic-*.log
==> debootstrap-updates-bionic-buildd-http.log <==
I: Base system installed successfully.
==> debootstrap-updates-bionic-buildd-https.log <==
E: Couldn't find these debs: apt-transport-https
==> debootstrap-updates-bionic--http.log <==
I: Base system installed successfully.
==> debootstrap-updates-bionic--https.log <==
E: Couldn't find these debs: apt-transport-https
==> debootstrap-updates-bionic-minbase-http.log <==
I: Base system installed successfully.
==> debootstrap-updates-bionic-minbase-https.log <==
E: Couldn't find these debs: apt-transport-https
Proposed
--------
I then enabled -proposed and upgraded debootstrap:
$ apt-cache policy debootstrap | grep Installed
Installed: 1.0.95ubuntu0.7
I then re-ran the script.
$ tail -n1 *-proposed-*.log
==> debootstrap-proposed-bionic-buildd-http.log <==
I: Base system installed successfully.
==> debootstrap-proposed-bionic-buildd-https.log <==
I: Base system installed successfully.
==> debootstrap-proposed-bionic--http.log <==
I: Base system installed successfully.
==> debootstrap-proposed-bionic--https.log <==
I: Base system installed successfully.
==> debootstrap-proposed-bionic-minbase-http.log <==
I: Base system installed successfully.
==> debootstrap-proposed-bionic-minbase-https.log <==
I: Base system installed successfully.
Checking the MD5 sums Mauricio checked for HTTP protocol to check same packages
were downloaded:
$ md5sum *-http.log | sort
11053db4e85763e38002dcf56ea9caec debootstrap-proposed-bionic-buildd-http.log
11053db4e85763e38002dcf56ea9caec debootstrap-updates-bionic-buildd-http.log
2130bc2842b6d8ff142b11d428cc95b6 debootstrap-proposed-bionic--http.log
2130bc2842b6d8ff142b11d428cc95b6 debootstrap-updates-bionic--http.log
7078e5287b2f3f9b8566a48ed5bd53fb debootstrap-proposed-bionic-minbase-http.log
7078e5287b2f3f9b8566a48ed5bd53fb debootstrap-updates-bionic-minbase-http.log
Hashes match.
Checking package diffs between http and https:
DIFF: proposed/https vs. updates/http: variant 'minbase'
--- debootstrap-proposed-bionic-minbase-https.log 2020-07-28 17:18:34.918486033 +1200
+++ debootstrap-updates-bionic-minbase-http.log 2020-07-28 16:41:46.426251359 +1200
@@ -8,2 +8,2 @@
-I: Found additional base dependencies: adduser gpgv libapt-pkg5.0 libffi6 libgmp10 libgnutls30 libhogweed4 libidn2-0 libnettle6 libp11-kit0 libseccomp2 libssl1.1 libstdc++6 libtasn1-6 libunistring2 openssl ubuntu-keyring
-I: Checking component main on https://mirror.fsmg.org.nz/ubuntu...
+I: Found additional base dependencies: adduser gpgv libapt-pkg5.0 libffi6 libgmp10 libgnutls30 libhogweed4 libidn2-0 libnettle6 libp11-kit0 libseccomp2 libstdc++6 libtasn1-6 libunistring2 ubuntu-keyring
+I: Checking component main on http://mirror.fsmg.org.nz/ubuntu...
@@ -22,2 +21,0 @@
-I: Retrieving ca-certificates 20180409
-I: Validating ca-certificates 20180409
@@ -140,2 +137,0 @@
-I: Retrieving libssl1.1 1.1.0g-2ubuntu4
-I: Validating libssl1.1 1.1.0g-2ubuntu4
@@ -170,2 +165,0 @@
-I: Retrieving openssl 1.1.0g-2ubuntu4
-I: Validating openssl 1.1.0g-2ubuntu4
@@ -416 +409,0 @@
-I: Unpacking ca-certificates...
@@ -427 +419,0 @@
-I: Unpacking libssl1.1:amd64...
@@ -431 +422,0 @@
-I: Unpacking openssl...
@@ -441,2 +431,0 @@
-I: Configuring libssl1.1:amd64...
-I: Configuring openssl...
@@ -446 +434,0 @@
-I: Configuring ca-certificates...
@@ -454 +441,0 @@
-I: Configuring ca-certificates...
DIFF: proposed/https vs. updates/http: variant 'buildd'
--- debootstrap-proposed-bionic-buildd-https.log 2020-07-28 17:20:55.155717419 +1200
+++ debootstrap-updates-bionic-buildd-http.log 2020-07-28 16:44:02.435674585 +1200
@@ -8,2 +8,2 @@
-I: Found additional base dependencies: adduser binutils binutils-common binutils-x86-64-linux-gnu bzip2 cpp cpp-7 dpkg-dev g++ g++-7 gcc gcc-7 gcc-7-base gpgv libapt-pkg5.0 libasan4 libatomic1 libbinutils libc-dev-bin libc6-dev libcc1-0 libcilkrts5 libdpkg-perl libffi6 libgcc-7-dev libgdbm-compat4 libgdbm5 libgmp10 libgnutls30 libgomp1 libhogweed4 libidn2-0 libisl19 libitm1 liblsan0 libmpc3 libmpfr6 libmpx2 libnettle6 libp11-kit0 libperl5.26 libquadmath0 libseccomp2 libssl1.1 libstdc++-7-dev libstdc++6 libtasn1-6 libtsan0 libubsan0 libunistring2 linux-libc-dev make openssl patch perl perl-modules-5.26 ubuntu-keyring xz-utils
-I: Checking component main on https://mirror.fsmg.org.nz/ubuntu...
+I: Found additional base dependencies: adduser binutils binutils-common binutils-x86-64-linux-gnu bzip2 cpp cpp-7 dpkg-dev g++ g++-7 gcc gcc-7 gcc-7-base gpgv libapt-pkg5.0 libasan4 libatomic1 libbinutils libc-dev-bin libc6-dev libcc1-0 libcilkrts5 libdpkg-perl libffi6 libgcc-7-dev libgdbm-compat4 libgdbm5 libgmp10 libgnutls30 libgomp1 libhogweed4 libidn2-0 libisl19 libitm1 liblsan0 libmpc3 libmpfr6 libmpx2 libnettle6 libp11-kit0 libperl5.26 libquadmath0 libseccomp2 libstdc++-7-dev libstdc++6 libtasn1-6 libtsan0 libubsan0 libunistring2 linux-libc-dev make patch perl perl-modules-5.26 ubuntu-keyring xz-utils
+I: Checking component main on http://mirror.fsmg.org.nz/ubuntu...
@@ -32,2 +31,0 @@
-I: Retrieving ca-certificates 20180409
-I: Validating ca-certificates 20180409
@@ -206,2 +203,0 @@
-I: Retrieving libssl1.1 1.1.0g-2ubuntu4
-I: Validating libssl1.1 1.1.0g-2ubuntu4
@@ -246,2 +241,0 @@
-I: Retrieving openssl 1.1.0g-2ubuntu4
-I: Validating openssl 1.1.0g-2ubuntu4
@@ -505 +498,0 @@
-I: Unpacking ca-certificates...
@@ -544 +536,0 @@
-I: Unpacking libssl1.1:amd64...
@@ -553 +544,0 @@
-I: Unpacking openssl...
@@ -581 +571,0 @@
-I: Configuring libssl1.1:amd64...
@@ -583 +572,0 @@
-I: Configuring openssl...
@@ -589 +577,0 @@
-I: Configuring ca-certificates...
@@ -622 +609,0 @@
-I: Configuring ca-certificates...
DIFF: proposed/https vs. updates/http: variant ''
--- debootstrap-proposed-bionic--https.log 2020-07-28 17:28:04.876207750 +1200
+++ debootstrap-updates-bionic--http.log 2020-07-28 16:48:17.039160096 +1200
@@ -8 +8 @@
-I: Checking component main on https://mirror.fsmg.org.nz/ubuntu...
+I: Checking component main on http://mirror.fsmg.org.nz/ubuntu...
Same results as Mauricio's test package. Only difference is mirror URLs
and ssl packages.
Based on the test results with debootstrap, the package in -proposed
fixes the problem and doesn't introduce any regressions. I am happy to
mark this as verified.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of STS
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1772556
Title:
d-i netinstall fails due to missing apt-transport-https package
Status in debootstrap package in Ubuntu:
Confirmed
Status in debootstrap source package in Bionic:
Fix Committed
Status in debootstrap source package in Eoan:
Won't Fix
Status in debootstrap source package in Focal:
Fix Committed
Status in debootstrap package in Debian:
Fix Released
Bug description:
[Impact]
When installing over the network using a netinstall image with pxe
boot and with an https apt mirror, the installer fails with the error:
Debootstrap error
couldn't find these debs: apt-transport-https
Check /var/log/syslog or see virtual console 4 for the details
This happens due to apt-transport-https moving to universe from bionic
onward, but still being required by debootstrap when it sees a https
apt mirror, even though support for https mirrors is built into apt.
[Testcase]
With debootstrap alone:
$ sudo debootstrap bionic output-dir https://<https-mirror>
...
- Before: "E: Couldn't find these debs: apt-transport-https"
- After: "I: Base system installed successfully."
Or with the debian-installer:
Use the 18.04.4 LTS netinstall ISO to PXE boot with a preseed that
uses a custom https apt mirror. Something like:
```
d-i mirror/country string manual
d-i mirror/protocol string https
d-i mirror/https/hostname string mirrors.ptisp.pt
d-i mirror/https/directory string /ubuntu/
d-i mirror/https/proxy string
```
The installer will fail with the error in the impact section.
There are test packages for debootstrap available in the following
PPA, for both bionic and focal:
https://launchpad.net/~mruffell/+archive/ubuntu/sf289200-test
I have also built a test netinstall ISO with the test debootstrap
packages, and is available here:
https://people.canonical.com/~mruffell/sf289200/
You probably want to use mini.iso for PXE boot, but vmlinuz and
initrd.gz are provided as well.
[Regression Potential]
The fix adds checks for specific distribution releases, so if someone
is trying to debootstrap a previous release where apt-transport-https
is still required, it will still function.
For users of newer releases, it simply omits the package. apt-
transport-https will still be available in universe if anyone still
needs it.
If a regression did occur, users may not be able to access https apt
mirrors when using debootstrap. In this case, users can use a plain
http mirror until things are fixed.
Due to apt-transport-https not being needed in bionic onward, due to
being built into apt directly, I believe this change won't introduce
any regressions.
[Other info]
The fix landed in upstream debootstrap in the following commit:
commit 66cbaae642953beba8aec393f3eca076abd89a7d
From: Hideki Yamane <henrich@xxxxxxxxxx>
Date: Fri, 28 Feb 2020 00:10:25 +0900
Subject: select codename for apt-transport-https (Closes: #920255, #879755)
Link: https://salsa.debian.org/installer-team/debootstrap/-/commit/66cbaae642953beba8aec393f3eca076abd89a7d
It adds a check for distro release name, and if they fall within Zesty
and prior, then it requires apt-transport-https, and if Artful and
later, then it is omitted.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/1772556/+subscriptions
