Bug#977398: base-installer: kernel selection cannot work with user-configured repos

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#977398: base-installer: kernel selection cannot work with user-configured repos
From: Phil Dibowitz <phil@ipom.com>
Date: Mon, 14 Dec 2020 09:54:33 -0800
Message-id: <[🔎] 160796847338.466037.6909865244989547937.reportbug@rider.home.pv>
Reply-to: Phil Dibowitz <phil@ipom.com>, 977398@bugs.debian.org

Package: base-installer
Severity: normal

As it stands today, the installer will always fail to find kernels in
private mirrors defined in a preseed.

This is true, even if you add keys with `apt-setup/local0/key` and set
`debian-installer/allow_unauthenticated` and
`debian-installer/allow_unauthenticated_ssl`.

The reason is an ordering issue. It took a while to dig through the code
enough to put this altogether, but here's how it falls out.

Inside of `pick_kernel`, we look at `$KERNEL_LIST` which is populated
(in `kernel_update_list`), but calling:

```
chroot /target apt-cache search "^(kernel|$KERNEL_NAME)-image"
```

Unfortunately, apt inside of the target is not setup until _after_
`base-installer` in the `apt-setup` package. We _have_ setup apt in the
installer (`configure_apt` and `apt_update` are before `pick_kernel`),
so the _installation_ of any kernel _would_ work. Unfortuantely, we won't
_find_ any of the relevant kernels because the `apt-cache` run inside of
the target won't work as none of the keys have been dropped off and so
`apt-cache` ignores any private mirrors that have been added.

This is also seen in the logs, here's base-isntaller deciding on
kernels:
```
Dec 12 09:50:26 base-installer: info: kernel linux-signed-generic usable on amd64
```

And here's it grabbing keys from `apt-setup/local0/key`:

```
Dec 12 09:51:15 main-menu[1220]: (process:777): 2020-12-12 09:51:11 URL:http://INTERNAL_HOST/public.gpg [1204/1204] -> "/target/tmp/_fetch-url_key0.pub.2041" [1]
```

Note that it's a minute later (internal hostname masked).

There is a work around. Since `post_install_hooks` is just before
`pick_kernel`, I've added a `preseed/early_command` that generates a
file in `/usr/lib/base-installer.d` which wget's the key into
`/target/etc/apt/trusted.gpg.d`. Of course this will be done by
`apt-setup` just a moment later.

This doesn't seem like a trivial bug to fix. I can see two possible fixes:

1. Install apt-cache into the installer
2. Move kernel installation to a separate package that happens after
`apt-setup`.

There are possibly other options that those more familiar with the
codebase can see.


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-1-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply to:

Prev by Date: Missing kernel module builtin TPM in Buster installer
Next by Date: Bug#977466: rootskel: bterm cannot start when requesting graphical console and serial console at the same time
Previous by thread: Missing kernel module builtin TPM in Buster installer
Next by thread: Bug#977466: rootskel: bterm cannot start when requesting graphical console and serial console at the same time
Index(es):
- Date
- Thread