Ubuntu

debconf item apt-setup/security_path not fully honoured

Reported by javierpb on 2011-08-03
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
base-installer (Ubuntu)
High
Colin Watson
Hardy
High
Colin Watson
Lucid
High
Colin Watson
Maverick
High
Colin Watson
Natty
High
Colin Watson

Bug Description

Stable release update justification:

Impact: When the -security URL uses some path other than /ubuntu, security updates may not be installed as early during installation as they're supposed to be, and it's possible that there are corner cases where the -security entries are never set up correctly.
Development branch: Fixed in base-installer 1.119ubuntu4.
Patch: http://bazaar.launchpad.net/~ubuntu-core-dev/base-installer/ubuntu/revision/959
TEST CASE: Find a -security mirror which is not rooted at /ubuntu. Use preseeding similar to that used in the original report to select it during a server installation. Look for 404 errors referring to Ubuntu in the logs during the base-installer phase of installation: there should be none. You will need to use the 'apt-setup/proposed=true' boot parameter to test the proposed update for this bug.
Regression potential: As long as installations complete successfully and the 'apt-get update' during base-installer is free of errors, we should be fine.

Original report follows:

I do a 10.04 netinstall with a preseed file, using local mirrors for the repositories. Security repository is defined with
d-i apt-setup/security_host string 192.168.40.2
d-i apt-setup/security_path string /mirror/ubuntu-security
And the logs from the apache serving the mirror shows some attempts for http://192.168.40.2/ubuntu.
So it looks like that '/ubuntu' is somewhere hardcoded in the installer.

When doing the same for lenny, I use
apt-setup/security_host string 192.168.40.2/repomirror/debian-security
and works without any issue

Colin Watson (cjwatson) wrote :

Please use the DEBCONF_DEBUG=developer boot parameter to the installer, and attach the installer syslog to this bug. (It can be found in /var/log/installer/syslog after installation. Make sure not to use a valuable password, as it will be exposed in the log.)

Changed in debian-installer (Ubuntu):
status: New → Incomplete
javierpb (javiplx) wrote :

While generating the attached syslog, I've observed that the failure happens while installing the base system.
The "custom" security repository is found later, when installing packages.
Also, if needed, I could supply rather complete description about the PXE & mirroring setup I'm using.

Colin Watson (cjwatson) on 2011-08-16
affects: debian-installer (Ubuntu) → base-installer (Ubuntu)
Changed in base-installer (Ubuntu):
assignee: nobody → Colin Watson (cjwatson)
importance: Undecided → High
status: Incomplete → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package base-installer - 1.119ubuntu4

---------------
base-installer (1.119ubuntu4) oneiric; urgency=low

  * Honour apt-setup/security_path when constructing initial security
    entries in sources.list (LP: #820306).
 -- Colin Watson <email address hidden> Tue, 16 Aug 2011 10:53:17 +0100

Changed in base-installer (Ubuntu):
status: In Progress → Fix Released
Colin Watson (cjwatson) on 2011-08-16
description: updated
Changed in base-installer (Ubuntu Natty):
importance: Undecided → High
Changed in base-installer (Ubuntu Lucid):
importance: Undecided → High
Changed in base-installer (Ubuntu Maverick):
importance: Undecided → High
Changed in base-installer (Ubuntu Lucid):
assignee: nobody → Colin Watson (cjwatson)
Changed in base-installer (Ubuntu Maverick):
assignee: nobody → Colin Watson (cjwatson)
Changed in base-installer (Ubuntu Natty):
assignee: nobody → Colin Watson (cjwatson)
Changed in base-installer (Ubuntu Lucid):
status: New → Triaged
Changed in base-installer (Ubuntu Maverick):
status: New → Triaged
Changed in base-installer (Ubuntu Natty):
status: New → Triaged
Changed in base-installer (Ubuntu Lucid):
milestone: none → ubuntu-10.04.4
Colin Watson (cjwatson) on 2011-08-16
Changed in base-installer (Ubuntu Hardy):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Colin Watson (cjwatson)
Colin Watson (cjwatson) on 2011-08-16
Changed in base-installer (Ubuntu Hardy):
status: Triaged → In Progress
Changed in base-installer (Ubuntu Lucid):
status: Triaged → In Progress
Changed in base-installer (Ubuntu Maverick):
status: Triaged → In Progress
Changed in base-installer (Ubuntu Natty):
status: Triaged → In Progress
Colin Watson (cjwatson) wrote :

Thanks for your log. Fixes for stable releases are all in progress now; once they're accepted (there'll be mail on this bug to say so), you should be able to test them using the apt-setup/proposed=true boot parameter. Testing will help those fixes progress to -updates.

javierpb (javiplx) wrote :

I have two questions about how to check the fix.
Do I need to download a fresh initrd.gz image, or just the boot parameter should be enough?
Once the email is issued, the required stuff will be on the standard apt-sources, or do I need to use a different repository? (I mean in a way similar to debian backports)

Hello javierpb, or anyone else affected,

Accepted base-installer into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in base-installer (Ubuntu Hardy):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in base-installer (Ubuntu Lucid):
status: In Progress → Fix Committed
Clint Byrum (clint-fewbar) wrote :

Hello javierpb, or anyone else affected,

Accepted base-installer into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in base-installer (Ubuntu Maverick):
status: In Progress → Fix Committed
Clint Byrum (clint-fewbar) wrote :

Hello javierpb, or anyone else affected,

Accepted base-installer into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in base-installer (Ubuntu Natty):
status: In Progress → Fix Committed
Clint Byrum (clint-fewbar) wrote :

Hello javierpb, or anyone else affected,

Accepted base-installer into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

javierpb (javiplx) wrote :

What I have done is to download initrd.gz and linux from wget http://archive.ubuntu.com/ubuntu/dists/lucid-proposed/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64
Installing with the new images partially solved the issue. The first access to the security mirror uses the right url
/mirror/ubuntu-security/dists/lucid-security/Release
But later, after configuring the installed base packages, and at the same time that the installer shows the text "Updating the list of available packages", the bad url is attempted again
/ubuntu/dists/lucid-security/Release.gpg

The installer syslog is attached, and the lines at the top of the sources.list file on the resulting system are verbatim pasted below, where commented lines show the rigt url for standard packages, and the bad one for security

# deb http://192.168.40.138/repomirror/ubuntu lucid main restricted
# deb http://192.168.40.138/repomirror/ubuntu lucid-updates main restricted
# deb http://192.168.40.2/ubuntu lucid-security main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

You didn't follow my testing instructions in comment #4 properly. Until
such time as this fix is verified, you need to add this boot parameter:

  apt-setup/proposed=true

There was no need to download an updated kernel and initrd, as the fix
isn't in either of those components.

javierpb (javiplx) wrote :

Please apologize for misreading the comment.
Once enabled the proposed component boot parameter, with the old the security updates were searched on the right place.
I need to manually select a kernel package, but I guess that is unrelated to this bug, which I consider closed (at least for lucid release which I reported and verified now).
In case could be useful, I attach the installer syslog.

Colin Watson (cjwatson) wrote :

Thanks! This looks good - marking as verified for lucid. Yes, kernel package selection is almost certainly unrelated to this.

tags: added: verification-done-lucid
tags: added: testcase
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package base-installer - 1.103ubuntu8

---------------
base-installer (1.103ubuntu8) lucid-proposed; urgency=low

  * Honour apt-setup/security_path when constructing initial security
    entries in sources.list (LP: #820306).
 -- Colin Watson <email address hidden> Tue, 16 Aug 2011 11:11:28 +0100

Changed in base-installer (Ubuntu Lucid):
status: Fix Committed → Fix Released
JC Hulce (soaringsky) on 2012-03-12
Changed in base-installer (Ubuntu Hardy):
status: Fix Committed → Invalid
status: Invalid → Fix Committed
JC Hulce (soaringsky) wrote :

This bug affects Ubuntu 10.10, Maverick Meerkat. Maverick has reached end-of-life and is no longer supported, so I am closing the bugtask for Maverick. Please upgrade to a newer version of Ubuntu.
More information here: https://lists.ubuntu.com/archives/ubuntu-announce/2012-April/000158.html

Changed in base-installer (Ubuntu Maverick):
status: Fix Committed → Invalid
Colin Watson (cjwatson) on 2012-07-04
tags: added: verification-done-hardy
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package base-installer - 1.86ubuntu2.4

---------------
base-installer (1.86ubuntu2.4) hardy-proposed; urgency=low

  * Honour apt-setup/security_path when constructing initial security
    entries in sources.list (LP: #820306).
 -- Colin Watson <email address hidden> Tue, 16 Aug 2011 11:24:38 +0100

Changed in base-installer (Ubuntu Hardy):
status: Fix Committed → Fix Released
Colin Watson (cjwatson) wrote :

I verified this with current hardy and natty netboot images.

tags: added: verification-done
removed: verification-done-hardy verification-done-lucid verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package base-installer - 1.116ubuntu3

---------------
base-installer (1.116ubuntu3) natty-proposed; urgency=low

  * Honour apt-setup/security_path when constructing initial security
    entries in sources.list (LP: #820306).
 -- Colin Watson <email address hidden> Tue, 16 Aug 2011 11:36:25 +0100

Changed in base-installer (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers