Debian 10 PXE installation enters endless loop in apt-setup-udeb

[serhepopovych]

It is strange, but on network (PXE) setup Debian 10 fails at apt-setup-udeb stage with following messages in /var/log/syslog:

Nov 27 06:17:08 in-target: E: The repository 'http://<host>/debian/10/amd64/iso-root buster Release' is not signed.
Nov 27 06:17:08 apt-setup: dpkg-divert: warning: diverting file '/sbin/start-stop-daemon' from an Essential package with rename is dangerous, use --n
Nov 27 06:17:09 in-target: Ign:1 http://<host>/debian/10/amd64/iso-root buster InRelease
Nov 27 06:17:09 in-target: Hit:2 http://<host>/debian/10/amd64/iso-root buster Release
Nov 27 06:17:09 in-target: Ign:3 http://<host>/debian/10/amd64/iso-root buster Release.gpg
Nov 27 06:17:09 in-target: Reading package lists...
Nov 27 06:17:09 in-target:.
Nov 27 06:17:09 in-target: E: The repository 'http://<host>debian/10/amd64/iso-root buster Release' is not signed.
Nov 27 06:17:09 apt-setup: dpkg-divert: warning: diverting file '/sbin/start-stop-daemon' from an Essential package with rename is dangerous, use --n
Nov 27 06:17:10 in-target: Ign:1 http://<host>/debian/10/amd64/iso-root buster InRelease
Nov 27 06:17:10 in-target: Hit:2 http://<host>/debian/10/amd64/iso-root buster Release
Nov 27 06:17:10 in-target: Ign:3 http://<host>/debian/10/amd64/iso-root buster Release.gpg
Nov 27 06:17:10 in-target: Reading package lists...
Nov 27 06:17:10 in-target:.
Nov 27 06:17:10 in-target: E: The repository 'http://<host>/debian/10/amd64/iso-root buster Release' is not signed.
Nov 27 06:17:10 apt-setup: dpkg-divert: warning: diverting file '/sbin/start-stop-daemon' from an Essential package with rename is dangerous, use --n
Nov 27 06:17:10 in-target: Ign:1 http://<host>/debian/10/amd64/iso-root buster InRelease
Nov 27 06:17:10 in-target: Hit:2 http://<host>/debian/10/amd64/iso-root buster Release

Note that installer errors caused by unsigned Release file isn't fatal and handled by workaround described in #5

[serhepopovych]

It appears to be apt-setup-verify fault and apt-setup/mirror/error isn't Ignore when input in 50mirror:

Nov 27 09:51:18 main-menu[208]: (process:25820): apt-setup-verify
Nov 27 09:51:18 main-menu[208]: (process:25820):  --from
Nov 27 09:51:18 main-menu[208]: (process:25820):  200
Nov 27 09:51:18 main-menu[208]: (process:25820):  --to
Nov 27 09:51:18 main-menu[208]: (process:25820):  300
Nov 27 09:51:18 main-menu[208]: (process:25820):  /target/tmp/fileB5J5sG
Nov 27 09:51:18 main-menu[208]: (process:25820):.
Nov 27 09:51:18 main-menu[208]: (process:25820): + db_set apt-setup/mirror/error Retry
Nov 27 09:51:18 main-menu[208]: (process:25820): + _db_cmd 'SET apt-setup/mirror/error' Retry
Nov 27 09:51:18 main-menu[208]: (process:25820): + IFS=' ' printf '%s\n' 'SET apt-setup/mirror/error Retry'
Nov 27 09:51:18 main-menu[208]: (process:25820): + IFS='
Nov 27 09:51:18 main-menu[208]: (process:25820): ' read -r _db_internal_line
Nov 27 09:51:18 main-menu[208]: (process:25820): + RET='value set'
Nov 27 09:51:18 main-menu[208]: (process:25820): + return 0
Nov 27 09:51:18 main-menu[208]: (process:25820): + db_input critical apt-setup/mirror/error
Nov 27 09:51:18 main-menu[208]: (process:25820): + _db_cmd 'INPUT critical' apt-setup/mirror/error
Nov 27 09:51:18 main-menu[208]: (process:25820): + IFS=' ' printf '%s\n' 'INPUT critical apt-setup/mirror/error'
Nov 27 09:51:18 main-menu[208]: (process:25820): + IFS='
Nov 27 09:51:18 main-menu[208]: (process:25820): ' read -r _db_internal_line
Nov 27 09:51:18 main-menu[208]: (process:25820): + RET='30 question skipped'
Nov 27 09:51:18 main-menu[208]: (process:25820): + return 30
Nov 27 09:51:18 main-menu[208]: (process:25820): + true
Nov 27 09:51:18 main-menu[208]: (process:25820): + db_go
Nov 27 09:51:18 main-menu[208]: (process:25820): + _db_cmd 'GO '
Nov 27 09:51:18 main-menu[208]: (process:25820): + IFS=' ' printf '%s\n' 'GO '
Nov 27 09:51:18 main-menu[208]: (process:25820): + IFS='
Nov 27 09:51:18 main-menu[208]: (process:25820): ' read -r _db_internal_line
Nov 27 09:51:18 main-menu[208]: (process:25820): + RET=ok
Nov 27 09:51:18 main-menu[208]: (process:25820): + return 0
Nov 27 09:51:18 main-menu[208]: (process:25820): + db_get apt-setup/mirror/error
Nov 27 09:51:18 main-menu[208]: (process:25820): + _db_cmd 'GET apt-setup/mirror/error'
Nov 27 09:51:18 main-menu[208]: (process:25820): + IFS=' ' printf '%s\n' 'GET apt-setup/mirror/error'
Nov 27 09:51:18 main-menu[208]: (process:25820): + IFS='
Nov 27 09:51:18 main-menu[208]: (process:25820): ' read -r _db_internal_line
Nov 27 09:51:18 main-menu[208]: (process:25820): + RET=Retry
Nov 27 09:51:18 main-menu[208]: (process:25820): + return 0
Nov 27 09:51:18 main-menu[208]: (process:25820): + '[' Retry '=' 'Change mirror' ]
Nov 27 09:51:18 main-menu[208]: (process:25820): + '[' Retry '=' Ignore ]
Nov 27 09:51:18 main-menu[208]: (process:25820): + '[' '!'  ]

[serhepopovych]

It seems there are two problems here:

1) apt-setup-verify fails due to insecure repository on ISO shared via http being used and recent versions of apt-get require -o Acquire::AllowInsecureRepositories=true to force insecure repos (in addition to debian-installer/allow_unauthenticated preseed)

  This needs to be addressed in simple-cdd-ext project (scripts/debian/partman
  /early_command.sh) by adding 9b-allow-insecure-repositories to /etc/apt/apt.conf.d
  and removed once #5 is fixed.

2) Incorrect do_set apt-setup/mirror/error in /usr/lib/apt-setup/generators/50mirror that overrides value specified in preseed: apt-setup/mirror/error string Ignore. This is root cause of endless loop since apt-setup-verify from (1) fails and apt-setup/mirror/error is always Retry.

  This should be fixed in apt-setup package but to support old releases (e.g. stretch) and
  to bypass potential delays caused by upstreaming process add this as runtime debian-installer
  environment patch in simple-cdd-ext (scripts/debian/partman/early_command.sh) project.