1

I'm building an install key for a Debian based system. The install key basically copies a disk image onto the system and then in a chroot installs a number of packages that are copied onto the install key during the build process.

One of the things the install key does is wipe the existing ssh keys (so we don't create a bunch of "identical" ssh servers). To try and stick with the debian way of doing things I run dpkg-reconfigure openssh-server to regenerate the keys but at the end of the reconfigure it attempts to restart the server which of course isn't running in the install key chroot.

Is it possible to tell debconf to reconfigure but don't restart services?

stsquad
  • 135
  • 1
  • 5
  • Hmm, I suspect it's not possible without packaging a custom version of openssh with a modified postinst script. – stsquad Oct 16 '09 at 11:57

4 Answers4

4

From what this document says, you should create a /usr/sbin/policy-rc.d script in the chroot which does exit 101.

Teddy
  • 5,134
  • 1
  • 22
  • 27
1

Worthy of note: a service won't be started by invoke-rc.d if you're not in a runlevel which shouldn't have that service running. So one idea might be to convince the chroot that it's in single-user mode.

Teddy
  • 5,134
  • 1
  • 22
  • 27
0

What you are asking isn't a function of debconf or dpkg-reconfigure, directly. If you download the .deb for openssh-server and extract the files from control.tar.gz you will see that the 'postinst' script executes invoke-rc.d or /etc/init.d/ssh:

Line 418:

setup_init() {
  if [ -x /etc/init.d/ssh ]; then
    update-rc.d ssh start 16 2 3 4 5 . stop 84 1 . >/dev/null
    if [ -x /usr/sbin/invoke-rc.d ]; then
      invoke-rc.d ssh restart
    else
      /etc/init.d/ssh restart
    fi
  fi
}
Kyle Smith
  • 9,563
  • 1
  • 30
  • 32
  • Yes, but it's possible to change whether `invoke-rc.d` actually starts anything. See http://serverfault.com/questions/75114/is-it-possible-to-stop-dpkg-reconfigure-restarting-services/79068#79068 – Teddy Mar 14 '11 at 17:44
0

I am using the following script that I put in /usr/sbin/policy-rc.d

#!/bin/sh

SERVICE_NAME="$(ps -o command= --ppid $PPID | cut -d ' ' -f 3 )"
for service in service1 service2 service3
do
  if [ $SERVICE_NAME = $service ]
  then
    exit 101 # Prevent service from running
  fi
done
exit 0 # allow service
  • ps -o command= --ppid $PPID should return the full invoking command, something like /bin/sh /usr/sbin/invoke-rc.d service1 start
  • cut -d ' ' -f 3 cut will split and select the third item, so here "service1".

The script will avoid running invoke-rc.d for service1, service2 and service3 but will leave it on for others.

Sylvain
  • 101
  • 1