Package: debian-installer Version: latest Severity: important Tags: d-i X-Debbugs-Cc: susadm1n....@gmail.com
Dear Maintainer, When mirroring Debian locally and signing with local GPG/PGP keys, the debian-installer fails on a critical "Download error" in the syslog file of the debian-installer for the "d-i apt-setup/local0/key string [URL]" step, preventing the installation from proceeding. Also tried providing the key in-line in base64 in the same "d-i" step, but could not get this working either. After much testing, tweaking, and reviewing the sample preseed files and "debian-installer" source code, this appears to be a bug with the debian-installer. - https://www.debian.org/releases/stable/example-preseed.txt - https://www.debian.org/releases/bookworm/example-preseed.txt - https://www.debian.org/releases/bullseye/example-preseed.txt - https://salsa.debian.org/installer-team/apt-setup/-/blob/master/generators/60local?ref_type=heads Below is the preseed file used to install this Debian system, which the issue was encountered on, however it is also present on Debian 11 Bullseye ### START PRESEED FILE ### # Debian sample # https://www.debian.org/releases/stable/example-preseed.txt # Preseeding only locale sets language, country and locale. d-i debian-installer/locale string en_US # Keyboard selection. # Disable automatic (interactive) keymap detection. d-i console-setup/ask_detect boolean false d-i keyboard-configuration/xkb-keymap select us d-i keyboard-configuration/toggle select No toggling d-i keyboard-configuration/layoutcode string us d-i keyboard-configuration/variantcode string # netcfg will choose an interface that has link if possible. This makes it # skip displaying a list if there is more than one interface. d-i netcfg/choose_interface select auto d-i netcfg/get_hostname string Debian12.9-x86-64 # If non-free firmware is needed for the network or other hardware, you can # configure the installer to always try to load it, without prompting. Or # change to false to disable asking. # d-i hw-detect/load_firmware boolean true # NTP/Time Setup d-i time/zone string US/Eastern d-i clock-setup/utc boolean true d-i clock-setup/ntp boolean true d-i clock-setup/ntp-server string ntp.ubuntu.com # Setup the installation source d-i mirror/country string manual d-i mirror/http/hostname string 10.0.0.10 d-i mirror/http/directory string /cblr/links/Debian12.9-x86_64 d-i mirror/http/proxy string # Suite to install. # d-i mirror/suite string precise # d-i mirror/udeb/suite string precise # Components to use for loading installer components (optional). #d-i mirror/udeb/components multiselect main, restricted # Disk Partitioning # Use LVM, and wipe out anything that already exists d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true d-i partman-efi/non_efi_system boolean true d-i partman-auto/method string lvm d-i partman-lvm/device_remove_lvm boolean true d-i partman-lvm/confirm boolean true d-i partman-lvm/confirm_nooverwrite boolean true d-i partman-md/device_remove_md boolean true d-i partman-partitioning/confirm_write_new_label boolean true # You can choose one of the three predefined partitioning recipes: # - atomic: all files in one partition # - home: separate /home partition # - multi: separate /home, /usr, /var, and /tmp partitions d-i partman-auto/choose_recipe select atomic # If you just want to change the default filesystem from ext3 to something # else, you can do that without providing a full recipe. # d-i partman/default_filesystem string ext4 # root account and password d-i passwd/root-login boolean true d-i passwd/root-password-crypted password [REDACTED] # skip creation of a normal user account. d-i passwd/make-user boolean true d-i passwd/user-fullname string Debian Admin d-i passwd/username string debian d-i passwd/user-password-crypted password [REDACTED] # You can choose to install restricted and universe software, or to install # software from the backports repository. # d-i apt-setup/restricted boolean true # d-i apt-setup/universe boolean true # d-i apt-setup/backports boolean true # Uncomment this if you don't want to use a network mirror. # d-i apt-setup/use_mirror boolean false # Select which update services to use; define the mirrors to be used. # Values shown below are the normal defaults. d-i apt-setup/services-select multiselect # Additional repositories, local[0-9] available # Enable deb-src lines # d-i apt-setup/local0/source boolean true # URL to the public key of the local repository; you must provide a key or # apt will complain about the unauthenticated repository and so the # sources.list line will be left commented out d-i apt-setup/local0/repository string http://10.0.0.10/cblr/links/Debian12.9-x86_64 d-i apt-setup/local0/key string http://10.0.0.10/cblr/pub/cobbler.gpg.asc # By default the installer requires that repositories be authenticated # using a known gpg key. This setting can be used to disable that # authentication. Warning: Insecure, not recommended. d-i debian-installer/allow_unauthenticated boolean true # Package selection # Default for minimal tasksel tasksel/first multiselect standard # Default for server # tasksel tasksel/first multiselect standard, web-server # Default for gnome-desktop # tasksel tasksel/first multiselect standard, gnome-desktop # Individual additional packages to install # wget is REQUIRED otherwise quite a few things won't work # later in the build (like late-command scripts) d-i pkgsel/include string wget curl openssh-server sudo vim popularity-contest popularity-contest/participate boolean false # Debian needs this for the installer to avoid any question for grub # Please verify that it suit your needs as it may overwrite any usb stick d-i grub-installer/grub2_instead_of_grub_legacy boolean true d-i grub-installer/bootdev string default d-i grub-installer/with_other_os boolean true d-i grub-installer/force-efi-extra-removable boolean false d-i grub-installer/enable_os_prober_otheros_yes boolean false d-i grub-installer/enable_os_prober_otheros_no boolean true # Use the following option to add additional boot parameters for the # installed system (if supported by the bootloader installer). # Note: options passed to the installer will be added automatically. d-i debian-installer/add-kernel-opts string # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note # This first command is run as early as possible, just after preseeding is read. # d-i preseed/early_command string [command] d-i preseed/early_command string wget -O- \ http://10.0.0.10/cblr/svc/op/script/profile/Debian12.9-x86_64/?script=preseed_early_unauthenticated | \ /bin/sh -s # This command is run immediately before the partitioner starts. It may be # useful to apply dynamic partitioner preseeding that depends on the state # of the disks (which may not be visible when preseed/early_command runs). # d-i partman/early_command \ # string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" # This command is run just before the install finishes, but when there is # still a usable /target directory. You can chroot to /target and use it # directly, or use the apt-install and in-target commands to easily install # packages and run commands in the target system. # d-i preseed/late_command string [command] d-i preseed/late_command string wget -O- \ http://10.0.0.10/cblr/svc/op/script/profile/Debian12.9-x86_64/?script=preseed_late_bookworm | \ chroot /target /bin/sh -s ### END PRESEED FILE ### However, using the below script to download the key manually during the "d-i preseed/early_command" the installation completes successfully as expected. The script is simple and closely mirrors what the debian-installer "local60" script effectively does, which is responsible for downloading the repo key. ### START PRESEED EARLY SCRIPT ### wget "http://10.0.0.10/cblr/svc/op/trig/mode/pre/profile/Debian12.9-x86_64"; -O /dev/null while true; do [ -d /target/etc/apt/trusted.gpg.d ] && cd /target/etc/apt/trusted.gpg.d && fetch-url http://10.0.0.10/cblr/pub/cobbler.gpg.asc cobbler.gpg.asc && exit; echo nope; sleep 1; done 2> /dev/null 1> /dev/null & ### END PRESEED EARLY SCRIPT ### There is an old bug report related to this step in "d-i" from 2016, but it states that the download works as expected, but I have not found that to be the case - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839248 -- System Information: Debian Release: 12.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-27-amd64 (SMP w/2 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
