Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Strip package scripts from .deb packages (postinst, postrm, preinst, prerm)

The best way to use this tool is to hook apt's use of dpkg to run it before doing any package installs.

In your apt.conf, put this:

DPkg::Pre-Install-Pkgs {"xargs -rL1 bash /path/to/stripdeb.sh 2>&1 | logger -t stripdeb"}

Then, a demo:

% sudo apt-get install mysql-server-5.1
...
Fetched 7,110kB in 3s (2,344kB/s)           
Preconfiguring packages ...
Selecting previously deselected package mysql-server-5.1.
(Reading database ... 231513 files and directories currently installed.)
Unpacking mysql-server-5.1 (from .../mysql-server-5.1_5.1.41-3ubuntu12.8_amd64.deb) ...
Selecting previously deselected package mysql-server.
Unpacking mysql-server (from .../mysql-server_5.1.41-3ubuntu12.8_all.deb) ...
Processing triggers for ureadahead ...
Processing triggers for man-db ...
Setting up mysql-server-5.1 (5.1.41-3ubuntu12.8) ...

Setting up mysql-server (5.1.41-3ubuntu12.8) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place

And from the logs (thanks to | logger -t stripdeb)

Dec 20 11:49:43 snack stripdeb: Stripping /var/cache/apt/archives/mysql-server-5.1_5.1.41-3ubuntu12.8_amd64.deb of pre/post maintainer scripts
Dec 20 11:49:43 snack stripdeb: /var/cache/apt/archives/mysql-server-5.1_5.1.41-3ubuntu12.8_amd64.deb: Stripping postrm
Dec 20 11:49:43 snack stripdeb: /var/cache/apt/archives/mysql-server-5.1_5.1.41-3ubuntu12.8_amd64.deb: Replacing /tmp/tmp.xEyTSHBK7T/postinst with a generic 'ldconfig' script
Dec 20 11:49:43 snack stripdeb: /var/cache/apt/archives/mysql-server-5.1_5.1.41-3ubuntu12.8_amd64.deb: Stripping prerm
Dec 20 11:49:43 snack stripdeb: /var/cache/apt/archives/mysql-server-5.1_5.1.41-3ubuntu12.8_amd64.deb: Stripping preinst
Dec 20 11:49:43 snack stripdeb: Stripping /var/cache/apt/archives/mysql-server_5.1.41-3ubuntu12.8_all.deb of pre/post maintainer scripts

Perfect. Automated madness-removal.

% bash stripdeb.sh deb/mysql-server-5.1_5.1.41-3ubuntu12_amd64.deb
removed `/tmp/tmp.pawYQOWSwK/postrm'
removed `/tmp/tmp.pawYQOWSwK/postinst'
removed `/tmp/tmp.pawYQOWSwK/prerm'
removed `/tmp/tmp.pawYQOWSwK/preinst'

Now demo it with dpkg:

% sudo dpkg -i deb/mysql-server-5.1_5.1.41-3ubuntu12_amd64.deb 
Selecting previously deselected package mysql-server-5.1.
(Reading database ... 233443 files and directories currently installed.)
Unpacking mysql-server-5.1 (from .../mysql-server-5.1_5.1.41-3ubuntu12_amd64.deb) ...
Setting up mysql-server-5.1 (5.1.41-3ubuntu12) ...
Processing triggers for ureadahead ...
Processing triggers for man-db ...

Notice no broken scripts were run!

This fixes:

  • Doesn't start, restart, upgrade, screw up, or otherwise molest your system with the maintainer script antipattern.
  • Lets your config management tool (puppet, chef, cfengine, etc) do the sane service/user/etc management.
#!/bin/bash
# Usage: stripdeb.sh something.deb
echo "Args: $*"
echo "Stripping $1 of pre/post maintainer scripts"
tmpdir=$(mktemp -d)
[ ! -f $1 ] && exit 1
genldconfigscript() {
# Maybe we should just make the always run 'ldconfig'
cat << EOF
#!/bin/sh
[ "\$1" = "configure" ] && ldconfig
[ "\$1" = "remove" ] && ldconfig
true
EOF
}
# The .deb is an 'ar' archive, grab the control files.
ar -p $1 control.tar.gz | tar -C $tmpdir -zxf -
# Kill the stupid package scripts, but log what we do.
for i in $tmpdir/{post,pre}{rm,inst} ; do
if [ -f $i ] ; then
# Linux sucks, so we have to run ldconfig on any library changes.
# So if the post/pre script includes ldconfig
if grep -q ldconfig $i ; then
echo "$1: Replacing $i with a generic 'ldconfig' script"
genldconfigscript > $i
chmod 755 $i
else
echo "$1: Stripping $(basename $i)"
rm $i
fi
fi
done
# Rebuild the control tarball
tar -C $tmpdir -zcf control.tar.gz .
# And replace the old one with the stripped one back into the .deb
ar -r $1 control.tar.gz
# Clean up
rm control.tar.gz

jmtd commented Apr 10, 2015

Stumbled across this whilst looking for something completely different. You might prefer to use dpkg-deb instead of ar for unpacking and repacking .deb files. It would be slightly more verbose (can't do the control extraction in a pipe, iirc) but more robust (would handle changes in the .deb file format away from ar). Actually it might be quite a lot more verbose; rescanning the manpage, I'm not sure you can avoid unpacking the data.tar.gz with dpkg-deb.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment