Perform an unattended installation of a Debian package

Objective

To install a package on a Debian-based system without prompting the user to answer any questions

Scenario

Suppose you are writing a shell script to configure a machine as a server for a particular web site. As part of this process it needs to install the packages apache2 and mysql-server. The script must be able to operate without human intervention.

Method

Overview

There are three types of prompt which must be suppressed because they could otherwise stall the installation process:

• confirmatory prompts from APT,
• prompts from dpkg to resolve conffile differences, and
• requests for information during package configuration.

To produce output that is more suitable for logging you may also want to disable the progress indicator that is normally displayed during downloads.

Finally, it would be prudent to update the package index before attempting any downloads.

For installation using apt-get a suitable sequence of commands would be:

export DEBIAN_FRONTEND=noninteractive
apt-get update -q
apt-get install -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" apache2 mysql-server

Similarly for aptitude:

export DEBIAN_FRONTEND=noninteractive
aptitude update -q
aptitude install -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" apache2 mysql-server

Suppress confirmatory prompts from APT

APT will prompt for confirmation if it needs to install or remove packages beyond those explicitly requested, or if it is unable to verify the authenticity of a package. You can suppress this behaviour by setting the APT::Get::Assume-Yes option to true. This can be done temporarily using the -y command line option of apt or aptitude.

Suppress prompts from dpkg to resolve conffile differences

Installing one package may cause other packages to be upgraded. If this involves upgrading a configuration file that has also been changed locally then dpkg normally asks the user what to do: keep the existing copy, overwrite it with the new copy, or resolve the conflict manually.

The safest course of action is to keep the existing configuration file if it has local changes, but otherwise allow the upgrade. This can be achieved using a combination of two dpkg options:

• --force-confdef (upgrade the configuration file if there are no local changes), and
• --force-confold (otherwise, preserve the existing configuration file).

An alternative would be to use --force-confnew in place of --force-confold, which would overwrite any local changes in the event of a conflict. This might be appropriate if there should not be any local changes beyond those put there by your script.

The above settings can be passed into dpkg using the -o command line option of apt-get or aptitude. It is possible that they could leave the relevant package or packages in an unusable state, but that is an unavoidable risk if you want the installation to proceed without manual intervention.

Suppress requests for information during package configuration

Debian packages can request information from the user during installation in order to generate customised configuration files. The preferred method for doing this is through the configuration management protocol provided by DebConf. One of the benefits of DebConf is that it provides a central point of control over how and whether any questions are asked.

The required effect in this instance can be obtained by setting the environment variable DEBIAN_FRONTEND to the value noninteractive:

export DEBIAN_FRONTEND=noninteractive

Packages can still ask questions, and DebConf will answer them if it can do so from the package configuration database, but it will not attempt to gather any further infomation from the user.

The consequences of leaving a question unanswered will depend on the installation script of the package in question. For example, not providing a MySQL root password will leave the server in a state where anyone able to connect can log in as root. Generally, questions with a high enough priority to be asked by default are usually there for a good reason and it is likely that you will want or need to provide the information somehow.

Be aware that it is technically possible for packages to ask questions by other means, although that would be against current policy for approved Debian and Ubuntu packages. If that happens then you should check that DebConf is installed, as some packages use DebConf if it is available (without necessarily declaring it as a dependency) but fall back to another method if it is not. Failing that you could try patching the relevant postinstallation script to remove the questions, or as a last resort, driving the terminal from some form of chatscript.

Suppress the progress indicator from APT

If you will be writing the output to a log file then you should suppress the progress indicator which apt-get or aptitude would normally display during downloads. This can be achieved using the -q option, both when updating the package index and when installing the required packages.

Variations

Supplying answers by preseeding DebConf

If you want to supply an answer to a configuration question but do not want to be prompted for it then this can be arranged by preseeding the DebConf database with the required information. You will need to know:

• the name of the package responsible for asking the question (which might not be the one you asked to install if there are dependencies),
• the configuration database key against which the answer is recorded, and
• the type of the answer (string, boolean, select, multiselect or password).

In the specific case of mysql-server on Ubuntu 12.04 (Precise):

• The relevant package name is mysql-server-5.5.
• There are two keys, mysql-server/root_password and mysql-server/root_password_again. Two identical copies of the password are required, one recorded against each of these keys.
• Both keys take a value of type passwd.

The required values should be piped into the debconf-set-selections command. Each line of input should consist of four space-separated fields, those being the package name, key, type and value. For example, to set the password to ‘xyzzy’:

echo mysql-server-5.5 mysql-server/root_password password xyzzy | debconf-set-selections
echo mysql-server-5.5 mysql-server/root_password_again password xyzzy | debconf-set-selections

Because this particular package name is tied to a version number it is quite likely to change between releases of the operating system. For example, for Ubuntu 10.04 (Lucid) it would need to be changed to mysql-server-5.1.

To determine the required package name, key and type you can perform a trial installation then search the configuration database. For example, making the assumption that the package name in this instance will contain the string ‘mysql-server’:

debconf-get-selections | grep mysql-server

During testing this found nine matches, of which the first two are clearly the ones wanted (on account of being the only two that are of type ‘password’):

mysql-server-5.5	mysql-server/root_password_again	password	
mysql-server-5.5	mysql-server/root_password	password	
mysql-server-5.5	mysql-server/error_setting_password	error	
mysql-server-5.5	mysql-server-5.5/postrm_remove_databases	boolean	false
mysql-server-5.5	mysql-server-5.5/start_on_boot	boolean	true
mysql-server-5.5	mysql-server-5.5/nis_warning	note	
mysql-server-5.5	mysql-server-5.5/really_downgrade	boolean	false
mysql-server-5.5	mysql-server/password_mismatch	error	
mysql-server-5.5	mysql-server/no_upgrade_when_using_ndb	error	

The command debconf-get-selections is provided by the package debconf-utils, which you may need to install.

• Conventions
• Privacy
• Legal