How can I install packages without starting their associated services?

Solution 1:

For debian you can do this with policy-rc.d. Here's one explanation:

A package’s maintainer scripts are supposed to only interface with the init system by means of invoke-rc.d, update-rc.d and the LSB init script headers... invoke-rc.d will, before taking its action, check whether /usr/sbin/policy-rc.d is executable, will call it with the respective service name and the current runlevel number on its command line and act according to its exit code. For example, a return value of 101 will prevent the planned action from being taken. This includes the automated start of the service upon package installation as well as the stop of the service on package removal and reduces the stop-upgrade-restart ritual during package upgrades to just performing the upgrade which might leave the old version of the service running

Since you don't want any services to ever start, your policy-rc.d script can be simply

#!/bin/sh
exit 101

This is the technique used by tools like pbuilder and Docker's mkimage-debootstrap.

Unfortunately, this technique does not work with Ubuntu chroots. Packages that integrate with the upstart init system call /usr/sbin/initctl instead of invoke-rc.d during installation, and initctl doesn't consult policy-rc.d. According to upstart's author the workaround is to replace /sbin/initctl with a symlink to /bin/true in a chroot. You can see this in mkimage-debootstrap as well, they do

dpkg-divert --local --rename --add /sbin/initctl
ln -sf /bin/true sbin/initctl

Solution 2:

You can do:

export RUNLEVEL=1
for template in /var/lib/libvirt/filesystems/{debian,ubuntu}*_template; do
    chroot $template apt-get install rsyslog
done
exit

I haven't tested it with chroot, but it should work. At first it sets RUNLEVEL environment variable, so processes initiated by apt-get will not start any services, because they will "think" system is running in single mode. As environment is modified the way it may affect future commands, it is required to exit shell when modified environment is no longer needed, this is accomplished by exit command at the end. There may be some (rare?) packages that won't install properly in single mode (but AFAIK this should not be problem in most cases).