I’m trying to create a Debian package that doesn’t delete an empty directory after it’s purged. Specifically, I’m creating my own package containing some CA certificates I trust.
I’m following Debian’s suggested method of installing the certificates to /usr/local/share/ca-certificates. The problem I’m running in to is that the ca-certificates package creates /usr/local/share/ca-certificates when it’s installed and I’d like that directory to stick around when my package is purged.
My goal is to install my trust chain into /usr/local/share/ca-certificates/mychain but when my Debian package is removed I want dpkg to not remove /usr/local/share/ca-certificates if it’s empty since the ca-certificates package explicitly created that directory.
I searched around for a definitive answer but all I managed to find were long forum posts and e-mail threads.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Add postrm script:
#!/bin/sh
set -e
case "$1" in
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
# Recreate the /usr/local/share/ca-certificates directory, since we are
# ignoring Debian Policy by intentionally installing here. Removal of
# ca-certificates-local removes this directory if empty.
if [ ! -e /usr/local/share/ca-certificates ]; then
if mkdir /usr/local/share/ca-certificates 2>/dev/null; then
chown root:staff /usr/local/share/ca-certificates
chmod 2775 /usr/local/share/ca-certificates
fi
fi
;;
*)
echo "postrm called with unknown argument `$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0
This code is from ca-certificates-local:
This is an example stub source package that includes a dummy CA
certificate in the local/ directory. Remove the dummy certificate, copy
your trusted local root CA (in PEM format with the filename ending in
“.crt”) to the local/ directory, edit files in the debian/ directory as
desired, and build your custom package.
See README, Steps to build your custom local root CA package from this example
So, the quick way to create and install such packages:
git clone git://anonscm.debian.org/collab-maint/ca-certificates.git ~/ca-certificates cd ~/ca-certificates/examples/ca-certificates-local/ rm local/Local_Root_CA.crt cp <path-to-your-cert> local/ # edit debian/control: change package-name, description, etc # install build dependencies: http://unix.stackexchange.com/questions/177505/how-to-install-parse-build-dependencies-from-debian-control/211319#211319 dpkg-buildpackage dpkg -i ../<package-name-version>.deb
Method 2
Install to a different local path and write a postinst script to create the directory in /usr/local and copy the files there.
As you can imagine, this probably violates both the letter and the spirit of the Debian policy. But it’s your network, your rules, your users (and their easily discoverable workarounds).
For better usability, you could mark these files as conffiles so that at least they will be removed if you purge the package, but stay if you merely uninstall it.
Bottom line, files dpkg doesn’t know about, it cannot remove.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0