is there a way to prevent a debian package from being removed? I want to prevent any resolution of "replaces" and "breaks" attributes that would lead to removing that package while being able to upgrade it. Everything is fine as long as that package is installed in any version after everything is done.
The only way that I found is putting the package on hold. That is no solution as running an upgrade would require to remove the hold beforehand.
This is in a puppet environment so checking every possible package match-up manually on every host-type is just not possible.
Context:
If you make a mistake in packaging cases occur where package requirement chains lead to removing packages that are fundamental to that server (networking,user management,...). I know there is a lot of unlucky circumstances involved so this happens like testing two packages separately and a race condition between them screwing everything up. The whole point is to provide an lower boundary what can go wrong.
Pointers for others:
You could use one of these options for apt; which puppet respects:
~ $ cat /etc/apt/apt.conf.d/99neverremoveanything
APT::Get::Remove "false";
APT::Get::Upgrade-Allow-New "true";
For myself these options are not completely satisfactory thus leaving this unanswered as only some packages really need this protection.
You could also use the solution proposed here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767891
It involves creating meta packages with the "Priority: required" that depend on the packages you want to protect.