debconf item apt-setup/security_path not fully honoured

Please use the DEBCONF_DEBUG=developer boot parameter to the installer, and attach the installer syslog to this bug. (It can be found in /var/log/installer/syslog after installation. Make sure not to use a valuable password, as it will be exposed in the log.)

While generating the attached syslog, I've observed that the failure happens while installing the base system.
The "custom" security repository is found later, when installing packages.
Also, if needed, I could supply rather complete description about the PXE & mirroring setup I'm using.

This bug was fixed in the package base-installer - 1.119ubuntu4

---------------
base-installer (1.119ubuntu4) oneiric; urgency=low

  * Honour apt-setup/security_path when constructing initial security
    entries in sources.list (LP: #820306).
 -- Colin Watson <email address hidden> Tue, 16 Aug 2011 10:53:17 +0100

Thanks for your log. Fixes for stable releases are all in progress now; once they're accepted (there'll be mail on this bug to say so), you should be able to test them using the apt-setup/proposed=true boot parameter. Testing will help those fixes progress to -updates.

I have two questions about how to check the fix.
Do I need to download a fresh initrd.gz image, or just the boot parameter should be enough?
Once the email is issued, the required stuff will be on the standard apt-sources, or do I need to use a different repository? (I mean in a way similar to debian backports)

Hello javierpb, or anyone else affected,

Accepted base-installer into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello javierpb, or anyone else affected,

Accepted base-installer into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello javierpb, or anyone else affected,

Accepted base-installer into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hello javierpb, or anyone else affected,

Accepted base-installer into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

What I have done is to download initrd.gz and linux from wget http://archive.ubuntu.com/ubuntu/dists/lucid-proposed/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64
Installing with the new images partially solved the issue. The first access to the security mirror uses the right url
/mirror/ubuntu-security/dists/lucid-security/Release
But later, after configuring the installed base packages, and at the same time that the installer shows the text "Updating the list of available packages", the bad url is attempted again
/ubuntu/dists/lucid-security/Release.gpg

The installer syslog is attached, and the lines at the top of the sources.list file on the resulting system are verbatim pasted below, where commented lines show the rigt url for standard packages, and the bad one for security

# deb http://192.168.40.138/repomirror/ubuntu lucid main restricted
# deb http://192.168.40.138/repomirror/ubuntu lucid-updates main restricted
# deb http://192.168.40.2/ubuntu lucid-security main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

You didn't follow my testing instructions in comment #4 properly. Until
such time as this fix is verified, you need to add this boot parameter:

  apt-setup/proposed=true

There was no need to download an updated kernel and initrd, as the fix
isn't in either of those components.

Please apologize for misreading the comment.
Once enabled the proposed component boot parameter, with the old the security updates were searched on the right place.
I need to manually select a kernel package, but I guess that is unrelated to this bug, which I consider closed (at least for lucid release which I reported and verified now).
In case could be useful, I attach the installer syslog.

Thanks! This looks good - marking as verified for lucid. Yes, kernel package selection is almost certainly unrelated to this.

This bug was fixed in the package base-installer - 1.103ubuntu8

---------------
base-installer (1.103ubuntu8) lucid-proposed; urgency=low

  * Honour apt-setup/security_path when constructing initial security
    entries in sources.list (LP: #820306).
 -- Colin Watson <email address hidden> Tue, 16 Aug 2011 11:11:28 +0100

This bug affects Ubuntu 10.10, Maverick Meerkat. Maverick has reached end-of-life and is no longer supported, so I am closing the bugtask for Maverick. Please upgrade to a newer version of Ubuntu.
More information here: https://lists.ubuntu.com/archives/ubuntu-announce/2012-April/000158.html

This bug was fixed in the package base-installer - 1.86ubuntu2.4

---------------
base-installer (1.86ubuntu2.4) hardy-proposed; urgency=low

  * Honour apt-setup/security_path when constructing initial security
    entries in sources.list (LP: #820306).
 -- Colin Watson <email address hidden> Tue, 16 Aug 2011 11:24:38 +0100

I verified this with current hardy and natty netboot images.

This bug was fixed in the package base-installer - 1.116ubuntu3

---------------
base-installer (1.116ubuntu3) natty-proposed; urgency=low

  * Honour apt-setup/security_path when constructing initial security
    entries in sources.list (LP: #820306).
 -- Colin Watson <email address hidden> Tue, 16 Aug 2011 11:36:25 +0100