Bionic ====== Original --------
$ dpkg -s debootstrap | grep Version: Version: 1.0.95ubuntu0.6 $ tail -n1 *-$version-*.log ==> debootstrap-updates-bionic--http.log <== I: Base system installed successfully. ==> debootstrap-updates-bionic--https.log <== E: Couldn't find these debs: apt-transport-https ==> debootstrap-updates-bionic-buildd-http.log <== I: Base system installed successfully. ==> debootstrap-updates-bionic-buildd-https.log <== E: Couldn't find these debs: apt-transport-https ==> debootstrap-updates-bionic-minbase-http.log <== I: Base system installed successfully. ==> debootstrap-updates-bionic-minbase-https.log <== E: Couldn't find these debs: apt-transport-https Patched: ------- $ sudo add-apt-repository ppa:mfo/lp1772556 $ sudo apt update $ sudo apt install debootstrap $ dpkg -s debootstrap | grep Version: Version: 1.0.95ubuntu0.7 $ tail -n1 *-$version-*.log ==> debootstrap-patched-bionic--http.log <== I: Base system installed successfully. ==> debootstrap-patched-bionic--https.log <== I: Base system installed successfully. ==> debootstrap-patched-bionic-buildd-http.log <== I: Base system installed successfully. ==> debootstrap-patched-bionic-buildd-https.log <== I: Base system installed successfully. ==> debootstrap-patched-bionic-minbase-http.log <== I: Base system installed successfully. ==> debootstrap-patched-bionic-minbase-https.log <== I: Base system installed successfully. Comparison of HTTP protocol for no regressions: Identical contents (same MD5 Sums), no changes. --- $ md5sum *-http.log | sort 2b80e8818a86fbc3e245c874f998f427 debootstrap-patched-bionic--http.log 2b80e8818a86fbc3e245c874f998f427 debootstrap-updates-bionic--http.log 5cd140b4e2f6b432cc96c626f20fe180 debootstrap-patched-bionic-buildd-http.log 5cd140b4e2f6b432cc96c626f20fe180 debootstrap-updates-bionic-buildd-http.log b8aac6c25452d7fd4f6244e4b26a1a58 debootstrap-patched-bionic-minbase-http.log b8aac6c25452d7fd4f6244e4b26a1a58 debootstrap-updates-bionic-minbase-http.log Comparison of HTTP/HTTPS for no regressions: Just add SSL packages and diff mirror URL: --- release=bionic for variant in minbase buildd ''; do echo "DIFF: patched/https vs. updates/http: variant '$variant'" diff -U0 debootstrap-patched-$release-$variant-https.log debootstrap-updates-$release-$variant-http.log echo done DIFF: patched/https vs. updates/http: variant 'minbase' --- debootstrap-patched-bionic-minbase-https.log 2020-07-27 14:01:55.065581367 +0000 +++ debootstrap-updates-bionic-minbase-http.log 2020-07-27 13:45:50.028386026 +0000 @@ -8,2 +8,2 @@ -I: Found additional base dependencies: adduser gpgv libapt-pkg5.0 libffi6 libgmp10 libgnutls30 libhogweed4 libidn2-0 libnettle6 libp11-kit$ libseccomp2 libssl1.1 libstdc++6 libtasn1-6 libunistring2 openssl ubuntu-keyring -I: Checking component main on https://mirror.math.princeton.edu/pub/ubuntu... +I: Found additional base dependencies: adduser gpgv libapt-pkg5.0 libffi6 libgmp10 libgnutls30 libhogweed4 libidn2-0 libnettle6 libp11-kit$ libseccomp2 libstdc++6 libtasn1-6 libunistring2 ubuntu-keyring +I: Checking component main on http://mirror.math.princeton.edu/pub/ubuntu... @@ -22,2 +21,0 @@ -I: Retrieving ca-certificates 20180409 -I: Validating ca-certificates 20180409 @@ -140,2 +137,0 @@ -I: Retrieving libssl1.1 1.1.0g-2ubuntu4 -I: Validating libssl1.1 1.1.0g-2ubuntu4 @@ -170,2 +165,0 @@ -I: Retrieving openssl 1.1.0g-2ubuntu4 -I: Validating openssl 1.1.0g-2ubuntu4 @@ -416 +409,0 @@ -I: Unpacking ca-certificates... @@ -427 +419,0 @@ -I: Unpacking libssl1.1:amd64... @@ -431 +422,0 @@ -I: Unpacking openssl... @@ -441,2 +431,0 @@ -I: Configuring libssl1.1:amd64... -I: Configuring openssl... @@ -446 +434,0 @@ -I: Configuring ca-certificates... @@ -454 +441,0 @@ -I: Configuring ca-certificates... DIFF: patched/https vs. updates/http: variant 'buildd' --- debootstrap-patched-bionic-buildd-https.log 2020-07-27 14:09:06.184178172 +0000 +++ debootstrap-updates-bionic-buildd-http.log 2020-07-27 13:49:07.608630766 +0000 @@ -8,2 +8,2 @@ -I: Found additional base dependencies: adduser binutils binutils-common binutils-x86-64-linux-gnu bzip2 cpp cpp-7 dpkg-dev g++ g++-7 gcc gc c-7 gcc-7-base gpgv libapt-pkg5.0 libasan4 libatomic1 libbinutils libc-dev-bin libc6-dev libcc1-0 libcilkrts5 libdpkg-perl libffi6 libgcc-7- dev libgdbm-compat4 libgdbm5 libgmp10 libgnutls30 libgomp1 libhogweed4 libidn2-0 libisl19 libitm1 liblsan0 libmpc3 libmpfr6 libmpx2 libnettl e6 libp11-kit0 libperl5.26 libquadmath0 libseccomp2 libssl1.1 libstdc++-7-dev libstdc++6 libtasn1-6 libtsan0 libubsan0 libunistring2 linux-l ibc-dev make openssl patch perl perl-modules-5.26 ubuntu-keyring xz-utils -I: Checking component main on https://mirror.math.princeton.edu/pub/ubuntu... +I: Found additional base dependencies: adduser binutils binutils-common binutils-x86-64-linux-gnu bzip2 cpp cpp-7 dpkg-dev g++ g++-7 gcc gc c-7 gcc-7-base gpgv libapt-pkg5.0 libasan4 libatomic1 libbinutils libc-dev-bin libc6-dev libcc1-0 libcilkrts5 libdpkg-perl libffi6 libgcc-7- dev libgdbm-compat4 libgdbm5 libgmp10 libgnutls30 libgomp1 libhogweed4 libidn2-0 libisl19 libitm1 liblsan0 libmpc3 libmpfr6 libmpx2 libnettl e6 libp11-kit0 libperl5.26 libquadmath0 libseccomp2 libstdc++-7-dev libstdc++6 libtasn1-6 libtsan0 libubsan0 libunistring2 linux-libc-dev ma ke patch perl perl-modules-5.26 ubuntu-keyring xz-utils +I: Checking component main on http://mirror.math.princeton.edu/pub/ubuntu... @@ -32,2 +31,0 @@ -I: Retrieving ca-certificates 20180409 -I: Validating ca-certificates 20180409 @@ -206,2 +203,0 @@ -I: Retrieving libssl1.1 1.1.0g-2ubuntu4 -I: Validating libssl1.1 1.1.0g-2ubuntu4 @@ -246,2 +241,0 @@ -I: Retrieving openssl 1.1.0g-2ubuntu4 -I: Validating openssl 1.1.0g-2ubuntu4 @@ -505 +498,0 @@ -I: Unpacking ca-certificates... @@ -544 +536,0 @@ -I: Unpacking libssl1.1:amd64... @@ -553 +544,0 @@ -I: Unpacking openssl... @@ -581 +571,0 @@ -I: Configuring libssl1.1:amd64... @@ -583 +572,0 @@ -I: Configuring openssl... @@ -589 +577,0 @@ -I: Configuring ca-certificates... @@ -622 +609,0 @@ -I: Configuring ca-certificates... DIFF: patched/https vs. updates/http: variant '' --- debootstrap-patched-bionic--https.log 2020-07-27 14:18:06.371300766 +0000 +++ debootstrap-updates-bionic--http.log 2020-07-27 13:53:30.120955907 +0000 @@ -8 +8 @@ -I: Checking component main on https://mirror.math.princeton.edu/pub/ubuntu... +I: Checking component main on http://mirror.math.princeton.edu/pub/ubuntu... -- You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1772556 Title: d-i netinstall fails due to missing apt-transport-https package Status in debootstrap package in Ubuntu: Confirmed Status in debootstrap source package in Bionic: In Progress Status in debootstrap source package in Eoan: Won't Fix Status in debootstrap source package in Focal: In Progress Status in debootstrap package in Debian: Fix Released Bug description: [Impact] When installing over the network using a netinstall image with pxe boot and with an https apt mirror, the installer fails with the error: Debootstrap error couldn't find these debs: apt-transport-https Check /var/log/syslog or see virtual console 4 for the details This happens due to apt-transport-https moving to universe from bionic onward, but still being required by debootstrap when it sees a https apt mirror, even though support for https mirrors is built into apt. [Testcase] Use the 18.04.4 LTS netinstall ISO to PXE boot with a preseed that uses a custom https apt mirror. Something like: ``` d-i mirror/country string manual d-i mirror/protocol string https d-i mirror/https/hostname string mirrors.ptisp.pt d-i mirror/https/directory string /ubuntu/ d-i mirror/https/proxy string ``` The installer will fail with the error in the impact section. There are test packages for debootstrap available in the following PPA, for both bionic and focal: https://launchpad.net/~mruffell/+archive/ubuntu/sf289200-test I have also built a test netinstall ISO with the test debootstrap packages, and is available here: https://people.canonical.com/~mruffell/sf289200/ You probably want to use mini.iso for PXE boot, but vmlinuz and initrd.gz are provided as well. [Regression Potential] The fix adds checks for specific distribution releases, so if someone is trying to debootstrap a previous release where apt-transport-https is still required, it will still function. For users of newer releases, it simply omits the package. apt- transport-https will still be available in universe if anyone still needs it. If a regression did occur, users may not be able to access https apt mirrors when using debootstrap. In this case, users can use a plain http mirror until things are fixed. Due to apt-transport-https not being needed in bionic onward, due to being built into apt directly, I believe this change won't introduce any regressions. [Other info] The fix landed in upstream debootstrap in the following commit: commit 66cbaae642953beba8aec393f3eca076abd89a7d From: Hideki Yamane <[email protected]> Date: Fri, 28 Feb 2020 00:10:25 +0900 Subject: select codename for apt-transport-https (Closes: #920255, #879755) Link: https://salsa.debian.org/installer-team/debootstrap/-/commit/66cbaae642953beba8aec393f3eca076abd89a7d It adds a check for distro release name, and if they fall within Zesty and prior, then it requires apt-transport-https, and if Artful and later, then it is omitted. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/1772556/+subscriptions -- Mailing list: https://launchpad.net/~sts-sponsors Post to : [email protected] Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp
