To clarify, this occurs when installing Debian 11 or 12 (tested so far) over the network from a privately hosted and signed repo. In my case, the repo was extracted from the Debian 12 disk 1 installation media (ISO file) which is not signed from Debian (source: https://wiki.debian.org/SecureApt ) so the repo must be signed with a local keypair, which debian-installer will not trust natively during network installs. In my case, the associate public key used to verify the repo was made available over HTTP on the same server that the repo is hosted from and specified in the preseed file.
Additionally, the "d-i debian-installer/allow_unauthenticated" option is set to "true" but this appears to only apply to the "d-i mirror/http/hostname" & "d-i mirror/http/directory" options, not the "d-i apt-setup" options from my experience. Regarding the "d-i preseed/early_command" script included in the original bug report, the "wget" command can be ignored since the "while" loop is the full workaround solution. More steps to reproduce the issue as well as additional references to Debian official docs can be found on a community post I authored for Cobbler, a PXE boot server application I used for hosting the repo and PXE boot resources: https://cobbler.github.io/blog/2024/12/02/Cobbler-v3.3.7-Debian-Deployment-Guide.html - on a related note, I think it could be beneficial to link to this article in Debian's Automated Installation documentation where cobbler is already mentioned: https://wiki.debian.org/AutomatedInstallation
