Force non-interactive `apt-get install` to fail on config file conflict

aptconfigurationdpkgsoftware installation

I'm doing unattended / non-interactive package installations via

DEBIAN_FRONTEND=noninteractive apt-get install -y my_package

This works as attended in most cases, but still gives me an interactive prompt if there is config file conflict, e.g. something like this:

Configuration file '/etc/foo'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation

I know that I can choose the answer to this by passing a suitable dpkg option to apt-get via -o, e.g.

DEBIAN_FRONTEND=noninteractive apt-get -o DPkg::Options::=--force-confdef install -y  my_package

However, the corresponding options offered by dpkg seem not to include a way to abort the installation upon a conflict, which is what I would need.

How can I non-interactively install a package via apt-get and fail if a config conflict is encountered?

The following would also be acceptable to me:

  • Non-interactively check before calling apt-get whether there will be a conflict
  • Keep the versions of the config files on disk (like --confold) but then exit with a non-zero exit code or having another way of detecting this afterwards.

Best Answer

I haven’t checked this in your scenario, but dpkg should abort if it needs to ask for information and can’t read from its standard input; so

DEBIAN_FRONTEND=noninteractive apt-get install -y my_package < /dev/null

should abort with an error if there’s a configuration file conflict.

If that doesn’t work, you can always look for leftovers from conflicts: depending on your --conf options, dpkg will either leave the old version with a .dpkg-old suffix, or the new version with a .dpkg-new suffix. You can therefore look for new .dpkg-* files in /etc after an installation attempt to determine whether there were any conflicts.