[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2019-01-07 Thread Launchpad Bug Tracker
This bug was fixed in the package debian-installer -
20101020ubuntu451.27

---
debian-installer (20101020ubuntu451.27) xenial; urgency=medium

  * build/pkg-lists/base: add ca-certificates-udeb to enable HTTPS
without d-i/allow_unauthenticated_ssl in stock initramfs image
as in Debian. (LP: #1807023)

 -- Mauricio Faria de Oliveira   Mon, 26 Nov 2018
16:49:46 -0200

** Changed in: debian-installer (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

** Changed in: ca-certificates (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer:
  Fix Released
Status in ca-certificates package in Ubuntu:
  Invalid
Status in debian-installer package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Trusty:
  Fix Released
Status in debian-installer source package in Trusty:
  Fix Released
Status in ca-certificates source package in Xenial:
  Fix Released
Status in debian-installer source package in Xenial:
  Fix Released
Status in ca-certificates source package in Bionic:
  Invalid
Status in debian-installer source package in Bionic:
  Fix Released
Status in ca-certificates source package in Cosmic:
  Invalid
Status in debian-installer source package in Cosmic:
  Fix Released
Status in ca-certificates source package in Disco:
  Invalid
Status in debian-installer source package in Disco:
  Fix Released
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu 'main' component, but in 'universe',
     despite the normal deb being in 'main'.

     However, when rebuilding in a PPA it goes into
     'main' accordingly, and can be used by default
     by debian-installer (otherwise, UDEB_COMPONENTS
     has to be modified to include universe/d-i).

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive (at least in PPA for testing).

     Hopefully that can be sorted out for this fix
     to work out.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is requested for Bionic, Cosmic, Disco
 at least.

   * The fix for Trusty and Xenial needed a little
     bit more work to build/ship the (new) udeb.
 (reference: Debian Bug #845456 / ca-certificates commit 3acb3a90 [2])

     It would be good to have them too if at all possible.

  [1] 
https://salsa.debian.org/installer-team/debian-installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6
  [2] 
https://salsa.debian.org/debian/ca-certificates/commit/3acb3a9042a00307ba35d10052d81cdc206c34a4

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O- https://github.com >/dev/null
  ...
  Resolving github.com... stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, 
st_size=20, ...}) = 0
  140.82.118.3, 140.82.118.4
  Connecting to github.com|140.82.118.3|:443... connected.
  stat("/usr/lib/ssl/certs/45bfefc3.0", 0x7ffdba51b570) = -1 

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2019-01-07 Thread Launchpad Bug Tracker
This bug was fixed in the package ca-certificates - 20170717~14.04.2

---
ca-certificates (20170717~14.04.2) trusty; urgency=medium

  * Add ca-certificates udeb package (LP: #1807023)

 -- Mauricio Faria de Oliveira   Thu, 06 Dec 2018
16:20:55 -0200

** Changed in: debian-installer (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer:
  Fix Released
Status in ca-certificates package in Ubuntu:
  Invalid
Status in debian-installer package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Trusty:
  Fix Released
Status in debian-installer source package in Trusty:
  Fix Released
Status in ca-certificates source package in Xenial:
  Fix Released
Status in debian-installer source package in Xenial:
  Fix Released
Status in ca-certificates source package in Bionic:
  Invalid
Status in debian-installer source package in Bionic:
  Fix Released
Status in ca-certificates source package in Cosmic:
  Invalid
Status in debian-installer source package in Cosmic:
  Fix Released
Status in ca-certificates source package in Disco:
  Invalid
Status in debian-installer source package in Disco:
  Fix Released
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu 'main' component, but in 'universe',
     despite the normal deb being in 'main'.

     However, when rebuilding in a PPA it goes into
     'main' accordingly, and can be used by default
     by debian-installer (otherwise, UDEB_COMPONENTS
     has to be modified to include universe/d-i).

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive (at least in PPA for testing).

     Hopefully that can be sorted out for this fix
     to work out.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is requested for Bionic, Cosmic, Disco
 at least.

   * The fix for Trusty and Xenial needed a little
     bit more work to build/ship the (new) udeb.
 (reference: Debian Bug #845456 / ca-certificates commit 3acb3a90 [2])

     It would be good to have them too if at all possible.

  [1] 
https://salsa.debian.org/installer-team/debian-installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6
  [2] 
https://salsa.debian.org/debian/ca-certificates/commit/3acb3a9042a00307ba35d10052d81cdc206c34a4

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O- https://github.com >/dev/null
  ...
  Resolving github.com... stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, 
st_size=20, ...}) = 0
  140.82.118.3, 140.82.118.4
  Connecting to github.com|140.82.118.3|:443... connected.
  stat("/usr/lib/ssl/certs/45bfefc3.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or 

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2019-01-07 Thread Launchpad Bug Tracker
This bug was fixed in the package ca-certificates - 20170717~16.04.2

---
ca-certificates (20170717~16.04.2) xenial; urgency=medium

  * Add ca-certificates udeb package (LP: #1807023)

 -- Mauricio Faria de Oliveira   Thu, 06 Dec 2018
16:20:55 -0200

** Changed in: ca-certificates (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer:
  Fix Released
Status in ca-certificates package in Ubuntu:
  Invalid
Status in debian-installer package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Trusty:
  Fix Committed
Status in debian-installer source package in Trusty:
  Fix Committed
Status in ca-certificates source package in Xenial:
  Fix Released
Status in debian-installer source package in Xenial:
  Fix Committed
Status in ca-certificates source package in Bionic:
  Invalid
Status in debian-installer source package in Bionic:
  Fix Released
Status in ca-certificates source package in Cosmic:
  Invalid
Status in debian-installer source package in Cosmic:
  Fix Released
Status in ca-certificates source package in Disco:
  Invalid
Status in debian-installer source package in Disco:
  Fix Released
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu 'main' component, but in 'universe',
     despite the normal deb being in 'main'.

     However, when rebuilding in a PPA it goes into
     'main' accordingly, and can be used by default
     by debian-installer (otherwise, UDEB_COMPONENTS
     has to be modified to include universe/d-i).

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive (at least in PPA for testing).

     Hopefully that can be sorted out for this fix
     to work out.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is requested for Bionic, Cosmic, Disco
 at least.

   * The fix for Trusty and Xenial needed a little
     bit more work to build/ship the (new) udeb.
 (reference: Debian Bug #845456 / ca-certificates commit 3acb3a90 [2])

     It would be good to have them too if at all possible.

  [1] 
https://salsa.debian.org/installer-team/debian-installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6
  [2] 
https://salsa.debian.org/debian/ca-certificates/commit/3acb3a9042a00307ba35d10052d81cdc206c34a4

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O- https://github.com >/dev/null
  ...
  Resolving github.com... stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, 
st_size=20, ...}) = 0
  140.82.118.3, 140.82.118.4
  Connecting to github.com|140.82.118.3|:443... connected.
  stat("/usr/lib/ssl/certs/45bfefc3.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or 

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2018-12-14 Thread Launchpad Bug Tracker
This bug was fixed in the package debian-installer - 20101020ubuntu557.1

---
debian-installer (20101020ubuntu557.1) cosmic; urgency=medium

  * build/pkg-lists/base: add ca-certificates-udeb to enable HTTPS
without d-i/allow_unauthenticated_ssl in stock initramfs image
as in Debian. (LP: #1807023)

 -- Mauricio Faria de Oliveira   Mon, 26 Nov 2018
16:49:46 -0200

** Changed in: debian-installer (Ubuntu Cosmic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer:
  Fix Released
Status in ca-certificates package in Ubuntu:
  Invalid
Status in debian-installer package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Trusty:
  Fix Committed
Status in debian-installer source package in Trusty:
  Fix Committed
Status in ca-certificates source package in Xenial:
  Fix Committed
Status in debian-installer source package in Xenial:
  Fix Committed
Status in ca-certificates source package in Bionic:
  Invalid
Status in debian-installer source package in Bionic:
  Fix Released
Status in ca-certificates source package in Cosmic:
  Invalid
Status in debian-installer source package in Cosmic:
  Fix Released
Status in ca-certificates source package in Disco:
  Invalid
Status in debian-installer source package in Disco:
  Fix Released
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu 'main' component, but in 'universe',
     despite the normal deb being in 'main'.

     However, when rebuilding in a PPA it goes into
     'main' accordingly, and can be used by default
     by debian-installer (otherwise, UDEB_COMPONENTS
     has to be modified to include universe/d-i).

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive (at least in PPA for testing).

     Hopefully that can be sorted out for this fix
     to work out.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is requested for Bionic, Cosmic, Disco
 at least.

   * The fix for Trusty and Xenial needed a little
     bit more work to build/ship the (new) udeb.
 (reference: Debian Bug #845456 / ca-certificates commit 3acb3a90 [2])

     It would be good to have them too if at all possible.

  [1] 
https://salsa.debian.org/installer-team/debian-installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6
  [2] 
https://salsa.debian.org/debian/ca-certificates/commit/3acb3a9042a00307ba35d10052d81cdc206c34a4

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O- https://github.com >/dev/null
  ...
  Resolving github.com... stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, 
st_size=20, ...}) = 0
  140.82.118.3, 140.82.118.4
  Connecting to github.com|140.82.118.3|:443... connected.
  stat("/usr/lib/ssl/certs/45bfefc3.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = 

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2018-12-14 Thread Launchpad Bug Tracker
This bug was fixed in the package debian-installer - 20101020ubuntu543.4

---
debian-installer (20101020ubuntu543.4) bionic; urgency=medium

  * build/pkg-lists/base: add ca-certificates-udeb to enable HTTPS
without d-i/allow_unauthenticated_ssl in stock initramfs image
as in Debian. (LP: #1807023)

 -- Mauricio Faria de Oliveira   Mon, 26 Nov 2018
16:49:46 -0200

** Changed in: debian-installer (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer:
  Fix Released
Status in ca-certificates package in Ubuntu:
  Invalid
Status in debian-installer package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Trusty:
  Fix Committed
Status in debian-installer source package in Trusty:
  Fix Committed
Status in ca-certificates source package in Xenial:
  Fix Committed
Status in debian-installer source package in Xenial:
  Fix Committed
Status in ca-certificates source package in Bionic:
  Invalid
Status in debian-installer source package in Bionic:
  Fix Released
Status in ca-certificates source package in Cosmic:
  Invalid
Status in debian-installer source package in Cosmic:
  Fix Released
Status in ca-certificates source package in Disco:
  Invalid
Status in debian-installer source package in Disco:
  Fix Released
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu 'main' component, but in 'universe',
     despite the normal deb being in 'main'.

     However, when rebuilding in a PPA it goes into
     'main' accordingly, and can be used by default
     by debian-installer (otherwise, UDEB_COMPONENTS
     has to be modified to include universe/d-i).

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive (at least in PPA for testing).

     Hopefully that can be sorted out for this fix
     to work out.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is requested for Bionic, Cosmic, Disco
 at least.

   * The fix for Trusty and Xenial needed a little
     bit more work to build/ship the (new) udeb.
 (reference: Debian Bug #845456 / ca-certificates commit 3acb3a90 [2])

     It would be good to have them too if at all possible.

  [1] 
https://salsa.debian.org/installer-team/debian-installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6
  [2] 
https://salsa.debian.org/debian/ca-certificates/commit/3acb3a9042a00307ba35d10052d81cdc206c34a4

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O- https://github.com >/dev/null
  ...
  Resolving github.com... stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, 
st_size=20, ...}) = 0
  140.82.118.3, 140.82.118.4
  Connecting to github.com|140.82.118.3|:443... connected.
  stat("/usr/lib/ssl/certs/45bfefc3.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = 

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2018-12-07 Thread Launchpad Bug Tracker
This bug was fixed in the package debian-installer - 20101020ubuntu560

---
debian-installer (20101020ubuntu560) disco; urgency=medium

  [ Mauricio Faria de Oliveira ]
  * build/pkg-lists/base: add ca-certificates-udeb to enable HTTPS
without d-i/allow_unauthenticated_ssl in stock initramfs image
as in Debian. (LP: #1807023) (closes: #842040)

 -- Dan Streetman   Mon, 26 Nov 2018 16:49:46
-0200

** Changed in: debian-installer (Ubuntu Disco)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer:
  Unknown
Status in ca-certificates package in Ubuntu:
  Invalid
Status in debian-installer package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Trusty:
  In Progress
Status in debian-installer source package in Trusty:
  In Progress
Status in ca-certificates source package in Xenial:
  In Progress
Status in debian-installer source package in Xenial:
  In Progress
Status in ca-certificates source package in Bionic:
  Invalid
Status in debian-installer source package in Bionic:
  Fix Committed
Status in ca-certificates source package in Cosmic:
  Invalid
Status in debian-installer source package in Cosmic:
  Fix Committed
Status in ca-certificates source package in Disco:
  Invalid
Status in debian-installer source package in Disco:
  Fix Released
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu 'main' component, but in 'universe',
     despite the normal deb being in 'main'.

     However, when rebuilding in a PPA it goes into
     'main' accordingly, and can be used by default
     by debian-installer (otherwise, UDEB_COMPONENTS
     has to be modified to include universe/d-i).

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive (at least in PPA for testing).

     Hopefully that can be sorted out for this fix
     to work out.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is requested for Bionic, Cosmic, Disco
 at least.

   * The fix for Trusty and Xenial needed a little
     bit more work to build/ship the (new) udeb.
 (reference: Debian Bug #845456 / ca-certificates commit 3acb3a90 [2])

     It would be good to have them too if at all possible.

  [1] 
https://salsa.debian.org/installer-team/debian-installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6
  [2] 
https://salsa.debian.org/debian/ca-certificates/commit/3acb3a9042a00307ba35d10052d81cdc206c34a4

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O- https://github.com >/dev/null
  ...
  Resolving github.com... stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, 
st_size=20, ...}) = 0
  140.82.118.3, 140.82.118.4
  Connecting to github.com|140.82.118.3|:443... connected.
  stat("/usr/lib/ssl/certs/45bfefc3.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2018-12-07 Thread Dan Streetman
** Changed in: ca-certificates (Ubuntu Disco)
   Status: In Progress => Invalid

** Changed in: ca-certificates (Ubuntu Disco)
 Assignee: Mauricio Faria de Oliveira (mfo) => (unassigned)

** Changed in: ca-certificates (Ubuntu Cosmic)
   Status: In Progress => Invalid

** Changed in: ca-certificates (Ubuntu Cosmic)
 Assignee: Mauricio Faria de Oliveira (mfo) => (unassigned)

** Changed in: ca-certificates (Ubuntu Bionic)
   Status: In Progress => Invalid

** Changed in: ca-certificates (Ubuntu Bionic)
 Assignee: Mauricio Faria de Oliveira (mfo) => (unassigned)

** Changed in: ca-certificates (Ubuntu Xenial)
   Status: New => Invalid

** Changed in: ca-certificates (Ubuntu Xenial)
   Status: Invalid => In Progress

** Changed in: ca-certificates (Ubuntu Xenial)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

** Changed in: ca-certificates (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: ca-certificates (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: ca-certificates (Ubuntu Trusty)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

** Changed in: ca-certificates (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: debian-installer (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: debian-installer (Ubuntu Xenial)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

** Changed in: debian-installer (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: debian-installer (Ubuntu Trusty)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer:
  Unknown
Status in ca-certificates package in Ubuntu:
  Invalid
Status in debian-installer package in Ubuntu:
  In Progress
Status in ca-certificates source package in Trusty:
  In Progress
Status in debian-installer source package in Trusty:
  In Progress
Status in ca-certificates source package in Xenial:
  In Progress
Status in debian-installer source package in Xenial:
  In Progress
Status in ca-certificates source package in Bionic:
  Invalid
Status in debian-installer source package in Bionic:
  In Progress
Status in ca-certificates source package in Cosmic:
  Invalid
Status in debian-installer source package in Cosmic:
  In Progress
Status in ca-certificates source package in Disco:
  Invalid
Status in debian-installer source package in Disco:
  In Progress
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu 'main' component, but in 'universe',
     despite the normal deb being in 'main'.

     However, when rebuilding in a PPA it goes into
     'main' accordingly, and can be used by default
     by debian-installer (otherwise, UDEB_COMPONENTS
     has to be modified to include universe/d-i).

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive (at least in PPA for testing).

     Hopefully that can be sorted out for this fix
     to work out.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with 

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2018-12-07 Thread Eric Desrochers
** Also affects: debian-installer via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842040
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer:
  Unknown
Status in ca-certificates package in Ubuntu:
  In Progress
Status in debian-installer package in Ubuntu:
  In Progress
Status in ca-certificates source package in Trusty:
  New
Status in debian-installer source package in Trusty:
  New
Status in ca-certificates source package in Xenial:
  New
Status in debian-installer source package in Xenial:
  New
Status in ca-certificates source package in Bionic:
  In Progress
Status in debian-installer source package in Bionic:
  In Progress
Status in ca-certificates source package in Cosmic:
  In Progress
Status in debian-installer source package in Cosmic:
  In Progress
Status in ca-certificates source package in Disco:
  In Progress
Status in debian-installer source package in Disco:
  In Progress
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu archive despite being available for
     download in Launchpad with a link for some reason
     (perhaps a problem during import from Debian/sid?)

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is request for Bionic, Cosmic, Disco.

     The older releases (Trusty, Xenial) are affected,
     but not requested for, and would need more work,
     as the udeb is not yet in the packaging but that
     is doable if required for the process.

  [1] https://salsa.debian.org/installer-team/debian-
  installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O- https://github.com >/dev/null
  ...
  Resolving github.com... stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, 
st_size=20, ...}) = 0
  140.82.118.3, 140.82.118.4
  Connecting to github.com|140.82.118.3|:443... connected.
  stat("/usr/lib/ssl/certs/45bfefc3.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  ERROR: cannot verify github.com's certificate, issued by 'CN=DigiCert SHA2 
Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US':
    Unable to locally verify the issuer's authority.
  To connect to github.com insecurely, use `--no-check-certificate'.
  +++ exited with 5 +++
  ~ #

  ~ # anna-install ca-certificates-udeb  # not in archive yet.
  unknown udeb ca-certificates-udeb

  ~ # wget --no-check-certificate
  https://launchpad.net/ubuntu/+archive/primary/+files/ca-certificates-
  udeb_20180409_all.udeb

  ~ # udpkg -i ca-certificates-udeb_20180409_all.udeb

  ~ # strace -e stat wget -O- 

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2018-12-06 Thread Dan Streetman
** Also affects: ca-certificates (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: ca-certificates (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: ca-certificates (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: ca-certificates (Ubuntu Bionic)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

** Changed in: ca-certificates (Ubuntu Cosmic)
   Importance: Undecided => Medium

** Changed in: ca-certificates (Ubuntu Cosmic)
   Status: New => In Progress

** Changed in: ca-certificates (Ubuntu Cosmic)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

** Changed in: ca-certificates (Ubuntu Disco)
   Importance: Undecided => Medium

** Changed in: ca-certificates (Ubuntu Disco)
   Status: New => In Progress

** Changed in: ca-certificates (Ubuntu Disco)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in ca-certificates package in Ubuntu:
  In Progress
Status in debian-installer package in Ubuntu:
  In Progress
Status in ca-certificates source package in Trusty:
  New
Status in debian-installer source package in Trusty:
  New
Status in ca-certificates source package in Xenial:
  New
Status in debian-installer source package in Xenial:
  New
Status in ca-certificates source package in Bionic:
  In Progress
Status in debian-installer source package in Bionic:
  In Progress
Status in ca-certificates source package in Cosmic:
  In Progress
Status in debian-installer source package in Cosmic:
  In Progress
Status in ca-certificates source package in Disco:
  In Progress
Status in debian-installer source package in Disco:
  In Progress
Status in debian-installer package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu archive despite being available for
     download in Launchpad with a link for some reason
     (perhaps a problem during import from Debian/sid?)

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is request for Bionic, Cosmic, Disco.

     The older releases (Trusty, Xenial) are affected,
     but not requested for, and would need more work,
     as the udeb is not yet in the packaging but that
     is doable if required for the process.

  [1] https://salsa.debian.org/installer-team/debian-
  installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O- https://github.com >/dev/null
  ...
  Resolving github.com... stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, 
st_size=20, ...}) = 0
  140.82.118.3, 140.82.118.4
  Connecting to github.com|140.82.118.3|:443... connected.
  stat("/usr/lib/ssl/certs/45bfefc3.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file or directory)
  stat("/usr/lib/ssl/certs/244b5494.0", 0x7ffdba51b570) = -1 ENOENT (No such 
file 

[Group.of.nepali.translators] [Bug 1807023] Re: installer stock images fail to validate any HTTPS certificates (ca-certificates missing)

2018-12-06 Thread Dan Streetman
** Also affects: debian-installer (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: debian-installer (Ubuntu Disco)
   Importance: Undecided
 Assignee: Mauricio Faria de Oliveira (mfo)
   Status: New

** Also affects: debian-installer (Ubuntu Cosmic)
   Importance: Undecided
   Status: New

** Also affects: debian-installer (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: debian-installer (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: debian-installer (Ubuntu Disco)
   Status: New => In Progress

** Changed in: debian-installer (Ubuntu Cosmic)
   Status: New => In Progress

** Changed in: debian-installer (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: debian-installer (Ubuntu Disco)
   Importance: Undecided => Medium

** Changed in: debian-installer (Ubuntu Cosmic)
   Importance: Undecided => Medium

** Changed in: debian-installer (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: debian-installer (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: debian-installer (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: debian-installer (Ubuntu Cosmic)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

** Changed in: debian-installer (Ubuntu Bionic)
 Assignee: (unassigned) => Mauricio Faria de Oliveira (mfo)

** Bug watch added: Debian Bug tracker #842040
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842040

** Also affects: debian-installer (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842040
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1807023

Title:
  installer stock images fail to validate any HTTPS certificates (ca-
  certificates missing)

Status in debian-installer package in Ubuntu:
  In Progress
Status in debian-installer source package in Trusty:
  New
Status in debian-installer source package in Xenial:
  New
Status in debian-installer source package in Bionic:
  In Progress
Status in debian-installer source package in Cosmic:
  In Progress
Status in debian-installer source package in Disco:
  In Progress
Status in debian-installer package in Debian:
  Unknown

Bug description:
  [Impact]

   * The installer stock images fail to validate any HTTPS
     certificates because ca-certificates is not available
     in the installer environment.

   * This causes wget/download errors for preseed files on
     HTTPS servers (or HTTP servers that redirect to HTTPS,
     which are increasingly common nowadays - e.g., GitHub)
     and theoretically any other files that are downloaded
     with d-i-utils/fetch-url/wget.

   * The fix is to ship ca-certificates-udeb in installer
     stock images.

   * Debian already ships ca-certificate-udeb in the stock
     installer images; the fix is applied since Jan 2017.
     (reference: Debian Bug #842040 / d-i commit 2f00c51a [1])

  [Test Case]

   * In the installer shell:

     ~ # wget http://github.com  # or https://github.com

     - FAIL if ca-certificates-udeb is missing:
   "ERROR: cannot verify github.com's certificate, <...>'

     - PASS if ca-certificates-udeb is available
   "Saving to: 'index.html'"

   * Test steps with virt-install and netboot images
     are provided in the comments, for each release.

  [Regression Potential]

   * Low. This just adds the ca-certificates files in
     /etc/ssl/certs and symlink in /usr/lib/ssl/certs,
     so only tools looking for that would be affected.

   * Apparently only wget checks for/uses those files,
     and the difference in behavior is download errors
     no longer occur.

  [Notes]

   * The ca-certificates-udeb is not currently present
     in the Ubuntu archive despite being available for
     download in Launchpad with a link for some reason
     (perhaps a problem during import from Debian/sid?)

   * So this fix includes a no-change-rebuild for the
     ca-certificates package, in order to publish the
     udeb in the archive.

   * The ca-certificates and debian-installer builds
     have been done in a PPA using all architectures,
     and testing has been done with the amd64 images.

   * This fix is request for Bionic, Cosmic, Disco.

     The older releases (Trusty, Xenial) are affected,
     but not requested for, and would need more work,
     as the udeb is not yet in the packaging but that
     is doable if required for the process.

  [1] https://salsa.debian.org/installer-team/debian-
  installer/commit/2f00c51a7ead982ae1cd71bee06c8416890196b6

  [Debugging]

  For debugging purposes, one can install strace-udeb in the installer
  to verify wget's stat() calls to /usr/lib/ssl/certs.

  ~ # anna-install strace-udeb

  ~ # strace -e stat wget -O-