Richard Hector <richard@walnut.gen.nz> (2022-07-24): > Oh - uncompressed, it made it into the BTS, but not to the list. Here's a > compressed version. Thanks. debootstrap uses the ISO's contents, so https isn't noticed at this point (final argument): Jul 23 01:03:18 debootstrap: /usr/sbin/debootstrap --components=main --debian-installer --resolve-deps --no-check-gpg bullseye /target file:///cdrom/ Later: Jul 23 01:07:13 apt-setup: Identifying... Jul 23 01:07:13 apt-setup: [5f70f43faa4e30b11b269f8c73178e29-2] Jul 23 01:07:13 apt-setup: Scanning disc for index files... Jul 23 01:07:13 apt-setup: Found 1 package indexes, 0 source indexes, 1 translation indexes and 0 signatures Jul 23 01:07:13 apt-setup: This disc is called: Jul 23 01:07:13 apt-setup: 'Debian GNU/Linux 11.4.0 _Bullseye_ - Official amd64 NETINST 20220709-10:31' Jul 23 01:07:13 apt-setup: Copying package lists... Jul 23 01:07:13 apt-setup: ^MReading Package Indexes... 0%^M Jul 23 01:07:13 apt-setup: ^MReading Package Indexes... 0%^M Jul 23 01:07:13 apt-setup: ^MReading Package Indexes... Done^M Jul 23 01:07:13 apt-setup: ^MReading Translation Indexes... 0%^M Jul 23 01:07:13 apt-setup: ^MReading Translation Indexes... Done^M Jul 23 01:07:13 apt-setup: Writing new source list Jul 23 01:07:13 apt-setup: Source list entries for this disc are: Jul 23 01:07:13 apt-setup: deb cdrom:[Debian GNU/Linux 11.4.0 _Bullseye_ - Official amd64 NETINST 20220709-10:31]/ bullseye main Jul 23 01:07:13 apt-setup: Repeat this process for the rest of the CDs in your set. Jul 23 01:07:45 choose-mirror[24148]: DEBUG: command: wget --no-verbose https://deb.debian.org/debian/dists/bullseye/Release -O - | grep -E '^(Suite|Codename|Architectures):' Jul 23 01:07:45 choose-mirror[24148]: DEBUG: command: wget --no-verbose https://deb.debian.org/debian/dists/stable/Release -O - | grep -E '^(Suite|Codename|Architectures):' Jul 23 01:07:46 choose-mirror[24148]: INFO: suite/codename set to: stable/bullseye Jul 23 01:07:46 choose-mirror[24148]: DEBUG: command: wget --no-verbose https://deb.debian.org/debian//dists/bullseye/main/binary-amd64/Release -O - | grep ^Architecture: Jul 23 01:08:12 apt-setup: dpkg-divert: warning: diverting file '/sbin/start-stop-daemon' from an Essential package with rename is dangerous, use --no-rename Jul 23 01:08:13 in-target: Err:1 https://deb.debian.org/debian bullseye InRelease Jul 23 01:08:13 in-target: Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 2a04:4e42:27::644 443] I think the choose-mirror calls come from apt-setup's generators/50mirror (after generators/40cdrom and generators/41cdset), and that one is supposed to know about ca-certificates: https://salsa.debian.org/installer-team/apt-setup/-/blob/master/generators/50mirror#L233-245 I suppose the in-target calls might be from apt-setup-verify, called later: https://salsa.debian.org/installer-team/apt-setup/-/blob/master/generators/50mirror#L264 If you want to help troubleshoot that further, checking the debconf exchanges could be interesting. I think we support setting DEBCONF_DEBUG=developer on the kernel command line, which should make debconf queries/answers (as triggered by db_get and friends) appear in the syslog. Past $self seems to agree: https://mraw.org/blog/2012/12/23/d-i_hacking_recipe_3/ Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature