Ubuntu
debian-installer-utils package

Comment 6 for bug 1803385

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2018-11-14:

Testing performed with Disco, Cosmic, Bionic, Xenial, and Trusty.

The output is similar if not identical, so pasting just one test, from Disco.

(Web Server, HTTP/HTTPS redirect, setup not included, ping me if interested.)

$ wget http://archive.ubuntu.com/ubuntu/dists/disco/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/{linux,initrd.gz}

$ GUEST=disco

$ virt-install \
  --name $GUEST \
  --vcpus 2 \
  --memory 1024 \
  --disk $GUEST.qcow2,bus=virtio,format=qcow2,size=8 \
  --network bridge=virbr0,model=virtio \
  --graphics none \
  --import \
  --boot \
kernel=linux,\
initrd=initrd.gz,\
kernel_args='console=ttyS0 url=http://192.168.122.1/preseed debian-installer/allow_unauthenticated_ssl=true'

The installer hits an error when trying to get the preseed file:

The synthetic tests with fetch-url:
===

~ # cat /proc/cmdline
console=ttyS0 url=http://192.168.122.1/preseed debian-installer/allow_unauthenticated_ssl=true

~ # cat /etc/default-release
disco

Without patch:
---

~ # fetch-url http://192.168.122.1/preseed preseed
ERROR: cannot verify 192.168.122.1's certificate, ...
...
To connect to 192.168.122.1 insecurely, use `--no-check-certificate'.

~ # echo $?
1

With patch:
---

~ # wget --no-check-certificate http://192.168.122.1/di-utils_1.124ubuntu2_amd64.udeb
~ # udpkg -i di-utils_1.124ubuntu2_amd64.udeb

~ # fetch-url http://192.168.122.1/preseed preseed
WARNING: cannot verify 192.168.122.1's certificate, ...
...
2018-11-14 13:17:03 URL:https://192.168.122.1//preseed [11/11] -> "./_fetch-url_preseed.1467" [1]

~ # echo $?
0

With patch and Without d-i/allow_unauthenticated_ssl=true: No Change
---

~ # cat /proc/cmdline
console=ttyS0 url=http://192.168.122.1/preseed

~ # wget --no-check-certificate http://192.168.122.1/di-utils_1.124ubuntu2_amd64.udeb
~ # udpkg -i di-utils_1.124ubuntu2_amd64.udeb

~ # fetch-url http://192.168.122.1/preseed preseed
ERROR: cannot verify 192.168.122.1's certificate, ...
...
To connect to 192.168.122.1 insecurely, use `--no-check-certificate'.

~ # echo $?
1

Testing performed with Disco, Cosmic, Bionic, Xenial, and Trusty.

The output is similar if not identical, so pasting just one test, from Disco.

(Web Server, HTTP/HTTPS redirect, setup not included, ping me if interested.)

$ wget http://archive.ubuntu.com/ubuntu/dists/disco/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/{linux,initrd.gz}

$ GUEST=disco

$ virt-install \
  --name $GUEST \
  --vcpus 2 \
  --memory 1024 \
  --disk $GUEST.qcow2,bus=virtio,format=qcow2,size=8 \
  --network bridge=virbr0,model=virtio \
  --graphics none  \
  --import \
  --boot \
kernel=linux,\
initrd=initrd.gz,\
kernel_args='console=ttyS0 url=http://192.168.122.1/preseed debian-installer/allow_unauthenticated_ssl=true'

The installer hits an error when trying to get the preseed file:

┌──────────┤ [!!] Download debconf preconfiguration file ├──────────┐
     │                                                                   │
     │           Failed to retrieve the preconfiguration file            │
     │ The file needed for preconfiguration could not be retrieved from  │
     │ http://192.168.122.1/preseed. The installation will proceed in    │
     │ non-automated mode.                                               │
     │                                                                   │
     │                            <Continue>                             │
     │                                                                   │
     └───────────────────────────────────────────────────────────────────┘

The synthetic tests with fetch-url:
===

~ # cat /proc/cmdline
console=ttyS0 url=http://192.168.122.1/preseed debian-installer/allow_unauthenticated_ssl=true

~ # cat /etc/default-release
disco

Without patch:
---

~ # fetch-url http://192.168.122.1/preseed preseed
ERROR: cannot verify 192.168.122.1's certificate, ...
...
To connect to 192.168.122.1 insecurely, use `--no-check-certificate'.

~ # echo $?
1

With patch:
---

~ # wget --no-check-certificate http://192.168.122.1/di-utils_1.124ubuntu2_amd64.udeb
~ # udpkg -i di-utils_1.124ubuntu2_amd64.udeb

~ # echo $?
0

With patch and Without d-i/allow_unauthenticated_ssl=true:   No Change
---

~ # cat /proc/cmdline
console=ttyS0 url=http://192.168.122.1/preseed

~ # wget --no-check-certificate http://192.168.122.1/di-utils_1.124ubuntu2_amd64.udeb
~ # udpkg -i di-utils_1.124ubuntu2_amd64.udeb

~ # fetch-url http://192.168.122.1/preseed preseed
ERROR: cannot verify 192.168.122.1's certificate, ...
...
To connect to 192.168.122.1 insecurely, use `--no-check-certificate'.

~ # echo $?
1

Ubuntudebian-installer-utils package

Comment 6 for bug 1803385

Ubuntu
debian-installer-utils package