5

So, after an accidential fat finger with aptitude today, it wanted to uninstall mysql-server, this was on our database server. Since it was a pile of text, I just pressed Y, blindly trusting apt to not do anything insane. And it went ahead and uninstalled our mysql on our database server.

So, to prevent this happening again, is there anyway I can set up apt/dpkg/aptitude/etc. to not remove a certain package, ever?

The ideal solution would be a file somewhere listing packages, and none of those packages would be able to be uninstalled using the standard tools. You'd have to edit that file in order to allow that package to be uninstalled. Sort of "extra step to prevent stupid sysadmins"?

I tried aptitude hold mysql-server, and then aptitude remove mysql-server, but aptitude happily removed mysql

Amandasaurus
  • 31,471
  • 65
  • 192
  • 253
  • This has been answered here -- http://unix.stackexchange.com/questions/29652/block-a-package-from-being-uninstalled-in-apt – Chida Aug 20 '12 at 11:34
  • 1
    The solution there doesn't work. `apt-get` will uninstall held packages, as the *question* already states. – bahamat Aug 20 '12 at 20:24

2 Answers2

3

The answer to this is to pay attention to what you're doing. See also my answer to the question What are the recommended ways of defending a remote *nix install from a hamfisted admin?

As I said there nothing can protect you from your own stupidity. You, being the systems administrator, are the only thing standing between your stupidity and utter disaster. It is your job to avoid that.

Any technological measure you try to put into place will eventually fail because someday you'll be working at a level underneath whatever you put in place. You, in particular, can't even rely on the computer double checking every action with you, since you blatantly ignored the warning.

When the system tells you something read it. Then think about it. Then act.

Community
  • 1
bahamat
  • 6,263
  • 24
  • 28
0

Something like this may work:

Edit or create file /etc/apt/preferences and add:

Package: icedove
Pin: version 2.0*
Pin-Priority: 1001

In this example it will prevent icedove from being updated to a version above 2.0*. Which means if you installed lenny's icedove package by hand (say you hate the newer slow and cumbersome interface) which has version 2.0.0.24-0 it will not be overwritten (when you run an apt-get upgrade for example) by squeeze's icedove which is at version 3.0.11-1 right now.

For more information look for documentation about "apt pinning" wich is what this is: http://wiki.debian.org/AptPreferences

aseq
  • 4,610
  • 1
  • 24
  • 48
  • Pinning or holding packages does not prevent their removal. – bahamat Aug 20 '12 at 20:23
  • True, I think though this (and http://unix.stackexchange.com/questions/29652/block-a-package-from-being-uninstalled-in-apt) is about as close as you can get without making it more messy. Apt has a logic and reason for doing things and trying to really force it to do otherwise could prove to be problematic at some point. – aseq Aug 20 '12 at 20:58