Bug#977398: base-installer: kernel selection cannot work with user-configured repos
Package: base-installer
Severity: normal
As it stands today, the installer will always fail to find kernels in
private mirrors defined in a preseed.
This is true, even if you add keys with `apt-setup/local0/key` and set
`debian-installer/allow_unauthenticated` and
`debian-installer/allow_unauthenticated_ssl`.
The reason is an ordering issue. It took a while to dig through the code
enough to put this altogether, but here's how it falls out.
Inside of `pick_kernel`, we look at `$KERNEL_LIST` which is populated
(in `kernel_update_list`), but calling:
```
chroot /target apt-cache search "^(kernel|$KERNEL_NAME)-image"
```
Unfortunately, apt inside of the target is not setup until _after_
`base-installer` in the `apt-setup` package. We _have_ setup apt in the
installer (`configure_apt` and `apt_update` are before `pick_kernel`),
so the _installation_ of any kernel _would_ work. Unfortuantely, we won't
_find_ any of the relevant kernels because the `apt-cache` run inside of
the target won't work as none of the keys have been dropped off and so
`apt-cache` ignores any private mirrors that have been added.
This is also seen in the logs, here's base-isntaller deciding on
kernels:
```
Dec 12 09:50:26 base-installer: info: kernel linux-signed-generic usable on amd64
```
And here's it grabbing keys from `apt-setup/local0/key`:
```
Dec 12 09:51:15 main-menu[1220]: (process:777): 2020-12-12 09:51:11 URL:http://INTERNAL_HOST/public.gpg [1204/1204] -> "/target/tmp/_fetch-url_key0.pub.2041" [1]
```
Note that it's a minute later (internal hostname masked).
There is a work around. Since `post_install_hooks` is just before
`pick_kernel`, I've added a `preseed/early_command` that generates a
file in `/usr/lib/base-installer.d` which wget's the key into
`/target/etc/apt/trusted.gpg.d`. Of course this will be done by
`apt-setup` just a moment later.
This doesn't seem like a trivial bug to fix. I can see two possible fixes:
1. Install apt-cache into the installer
2. Move kernel installation to a separate package that happens after
`apt-setup`.
There are possibly other options that those more familiar with the
codebase can see.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.0-1-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: