Richard Hector <richard@walnut.gen.nz> (2022-07-24):
> Oh - uncompressed, it made it into the BTS, but not to the list. Here's a
> compressed version.
Thanks.
debootstrap uses the ISO's contents, so https isn't noticed at this point
(final argument):
Jul 23 01:03:18 debootstrap: /usr/sbin/debootstrap --components=main --debian-installer --resolve-deps --no-check-gpg bullseye /target file:///cdrom/
Later:
Jul 23 01:07:13 apt-setup: Identifying...
Jul 23 01:07:13 apt-setup: [5f70f43faa4e30b11b269f8c73178e29-2]
Jul 23 01:07:13 apt-setup: Scanning disc for index files...
Jul 23 01:07:13 apt-setup: Found 1 package indexes, 0 source indexes, 1 translation indexes and 0 signatures
Jul 23 01:07:13 apt-setup: This disc is called:
Jul 23 01:07:13 apt-setup: 'Debian GNU/Linux 11.4.0 _Bullseye_ - Official amd64 NETINST 20220709-10:31'
Jul 23 01:07:13 apt-setup: Copying package lists...
Jul 23 01:07:13 apt-setup: ^MReading Package Indexes... 0%^M
Jul 23 01:07:13 apt-setup: ^MReading Package Indexes... 0%^M
Jul 23 01:07:13 apt-setup: ^MReading Package Indexes... Done^M
Jul 23 01:07:13 apt-setup: ^MReading Translation Indexes... 0%^M
Jul 23 01:07:13 apt-setup: ^MReading Translation Indexes... Done^M
Jul 23 01:07:13 apt-setup: Writing new source list
Jul 23 01:07:13 apt-setup: Source list entries for this disc are:
Jul 23 01:07:13 apt-setup: deb cdrom:[Debian GNU/Linux 11.4.0 _Bullseye_ - Official amd64 NETINST 20220709-10:31]/ bullseye main
Jul 23 01:07:13 apt-setup: Repeat this process for the rest of the CDs in your set.
Jul 23 01:07:45 choose-mirror[24148]: DEBUG: command: wget --no-verbose https://deb.debian.org/debian/dists/bullseye/Release -O - | grep -E '^(Suite|Codename|Architectures):'
Jul 23 01:07:45 choose-mirror[24148]: DEBUG: command: wget --no-verbose https://deb.debian.org/debian/dists/stable/Release -O - | grep -E '^(Suite|Codename|Architectures):'
Jul 23 01:07:46 choose-mirror[24148]: INFO: suite/codename set to: stable/bullseye
Jul 23 01:07:46 choose-mirror[24148]: DEBUG: command: wget --no-verbose https://deb.debian.org/debian//dists/bullseye/main/binary-amd64/Release -O - | grep ^Architecture:
Jul 23 01:08:12 apt-setup: dpkg-divert: warning: diverting file '/sbin/start-stop-daemon' from an Essential package with rename is dangerous, use --no-rename
Jul 23 01:08:13 in-target: Err:1 https://deb.debian.org/debian bullseye InRelease
Jul 23 01:08:13 in-target: Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 2a04:4e42:27::644 443]
I think the choose-mirror calls come from apt-setup's generators/50mirror
(after generators/40cdrom and generators/41cdset), and that one is supposed
to know about ca-certificates:
https://salsa.debian.org/installer-team/apt-setup/-/blob/master/generators/50mirror#L233-245
I suppose the in-target calls might be from apt-setup-verify, called later:
https://salsa.debian.org/installer-team/apt-setup/-/blob/master/generators/50mirror#L264
If you want to help troubleshoot that further, checking the debconf
exchanges could be interesting. I think we support setting
DEBCONF_DEBUG=developer on the kernel command line, which should make
debconf queries/answers (as triggered by db_get and friends) appear in the
syslog. Past $self seems to agree:
https://mraw.org/blog/2012/12/23/d-i_hacking_recipe_3/
Cheers,
--
Cyril Brulebois (kibi@debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature