Alpine Linux - User contributions [en]

Release Notes for Alpine 3.23.0

2025-11-26T20:01:18Z

Liske: update ifstate's versioned docs link to the version shipped in 3.23

As always, make sure to read [[Upgrading Alpine to a new major release]] when upgrading to a new release.

If you experience any issues with the upgrade, please let us know and file an issue in our repositories.

== Important changes ==

=== {{pkg|apk-tools}} v3 ===

After 5 years of development in the <code>master</code> branch of apk-tools, apk v3 is now ready for Alpine v3.23.0. This should be a safe and seamless upgrade from apk v2, but might has some breaking changes if you use <code>libapk</code>.

Note that we will only transition the package manager to v3, but will keep the v2 index and package format. We plan to move to the v3 index and package format after Alpine v3.23.

For more information, take a look at the release notes of apk v3: TODO

=== /usr merge ===

New installations are now /usr-merged, and people are encouraged to merge their systems after upgrade. See the [https://alpinelinux.org/posts/2025-10-01-usr-merge.html official announcement] for more details.

=== {{Pkg|linux-stable}} replaces {{Pkg|linux-edge}} ===

For years, {{Pkg|linux-lts}} and {{Pkg|linux-edge}} grew apart and developed their own kernel configs, different architectures, etc.

Now {{Pkg|linux-edge}} gets replaced with {{Pkg|linux-stable}} which has the identical configuration as {{Pkg|linux-lts}}, but follows the stable releases instead of the long-term releases (see https://kernel.org/).

If you had {{Pkg|linux-edge}} installed, apk automatically installs {{Pkg|linux-stable}} as a replacement. There is a reasonably amount of kernel config differences, if you need a config option that existed previously in {{Pkg|linux-edge}}, please open a issue to add the required option to {{Pkg|linux-lts}}. Also this change might involve manual boot loader configuration, as the kernel has been renamed and follows {{Pkg|linux-lts}}' packaging recipe.

== Significant changes ==

=== Static binaries are built as PIE ===

{{Note|TODO: https://gitlab.alpinelinux.org/alpine/aports/-/issues/17294#note_524739}}

=== LLVM metapackage ===

{{Note|TODO}}

=== nftrules ===

{{Note|TODO: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/67137}}

=== curl HTTP/3 ===

{{Note|TODO: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/89382}}

== Note-worthy updates ==

As always, many packages were upgraded. Make sure to read the individual release notes of the projects you use.

* BIRD 3.1.4
* busybox 1.37.0
* Deno 2.3.1
* ffmpeg 8
* GCC 15.2.0
* GNOME 49
* Go 1.25
* ISC BIND 9.20.16
* ISC Kea 3.0.3
* KDE Plasma 6.5.2
* Linux 6.12
* LLVM 21.1.2
* LXQt 2.30.
* nginx 1.28
* NodeJS 24.11.1 (LTS)
* PHP 8.5.0
* Qt 6.10
* Ruby 3.4.7
* Rust 1.91.1
* wlroots 0.19
* zigbee2mqtt 2.6.3

=== GCC 15 ===

=== LLVM 21 ===

=== ifupdown-ng 0.13 ===

{{Note|TODO}}

=== GNOME 49 ===

https://release.gnome.org/49/

* We kept gnome-session (and gdm) at 48 because of the [https://release.gnome.org/49/developers/index.html#stronger-systemd-dependencies stricter systemd dependency] ({{Issue|17514}})
* Our gdk-pixbuf didn't enable the glycin sandboxing library yet ({{Issue|17550}})

=== ffmpeg 8 ===

The {{Pkg|ffmpeg}} package got upgraded from version 6 to 8.

Most consumers of ffmpeg are now built against ffmpeg 8, but some packages might still use ffmpeg 6 or 7, depending on its API compatability. Therefore the {{Pkg|ffmpeg6}} and {{Pkg|ffmpeg7}} packages are also still available.

Also note that {{Pkg|ffmpeg4}} got removed and all consumers were migrated to at least ffmpeg 6.

=== ifstate 2 ===

The declarative network configuration tool {{Pkg|ifstate}} has been upgraded from version 1.x to version 2. It is not possible to use the old configuration file of ifstate 1.x with ifstate 2.x! The configuration file '''must''' be adapted to the new schema and file name to prevent breaking the host's network the next time it is booted! More information about the required config changes can be found in the [https://ifstate.net/2.2/docs/upgrades/#ifstate-20 ifstate documentation].

== Significant removals ==



=== More Qt5 removals ===

{{Note|TODO}}

=== ffmpeg4 ===

{{Note|TODO}}

=== LLVM 17 ===

=== rssh ===

rssh package has been removed due to the dead upstream.

<hr><center>[[Release Notes for Alpine 3.22.0|← Previous page: Release Notes for Alpine 3.22.0]]</center>

Release Notes for Alpine 3.23.0

2025-10-17T20:40:05Z

Liske: add hint on major ifstate upgrade

As always, make sure to read [[Upgrading Alpine to a new major release]] when upgrading to a new release.

If you experience any issues with the upgrade, please let us know and file an issue in our repositories.

{{Note|We're beginning to work on the roadmap for Alpine Linux v3.23. To view the upcoming changes, see {{Issue|17294}}.}}

== Important changes ==

=== {{pkg|apk-tools}} v3 ===

After 5 years of development in the <code>master</code> branch of apk-tools, apk v3 is now ready for Alpine v3.23.0. This should be a safe and seamless upgrade from apk v2, but might has some breaking changes if you use <code>libapk</code>.

Note that we will only transition the package manager to v3, but will keep the v2 index and package format. We plan to move to the v3 index and package format after Alpine v3.23.

For more information, take a look at the release notes of apk v3: TODO

=== /usr merge ===

New installations are now /usr-merged, and people are encouraged to merge their systems after upgrade. See the [https://alpinelinux.org/posts/2025-10-01-usr-merge.html official announcement] for more details

=== {{Pkg|linux-stable}} replaces {{Pkg|linux-edge}} ===

For years, {{Pkg|linux-lts}} and {{Pkg|linux-edge}} grew apart and developed their own kernel configs, different architectures, etc.

Now {{Pkg|linux-edge}} gets replaced with {{Pkg|linux-stable}} which has the identical configuration as {{Pkg|linux-lts}}, but follows the stable releases instead of the long-term releases (see https://kernel.org/).

If you had {{Pkg|linux-edge}} installed, apk automatically installs {{Pkg|linux-stable}} as a replacement. There is a reasonably amount of kernel config differences, if you need a config option that existed previously in {{Pkg|linux-edge}}, please open a issue to add the required option to {{Pkg|linux-lts}}. Also this change might involve manual boot loader configuration, as the kernel has been renamed and follows {{Pkg|linux-lts}}' packaging recipe.

=== ifstate breaking changes ===

The declarative network configuration tool {{Pkg|ifstate}} has been upgraded from version 1.x to version 2. It is not possible to use the old configuration file of ifstate 1.x with ifstate 2.x! The configuration file '''must''' be adapted to the new schema and file name to prevent breaking the host's network the next time it is booted! More information about the required config changes can be found in the [https://ifstate.net/2.0/docs/upgrades/#ifstate-20 ifstate documentation].

== Significant changes ==

=== Static binaries are built as PIE ===

{{Note|TODO: https://gitlab.alpinelinux.org/alpine/aports/-/issues/17294#note_524739}}

=== LLVM metapackage ===

{{Note|TODO}}

=== nftrules ===

{{Note|TODO: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/67137}}

=== curl HTTP/3 ===

{{Note|TODO: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/89382}}

== Note-worthy updates ==

As always, many packages were upgraded. Make sure to read the individual release notes of the projects you use.

* BIRD TODO
* busybox TODO
* Deno TODO
* GCC TODO
* GNOME TODO
* Go TODO
* ISC BIND TODO
* KDE Plasma TODO
* Linux TODO
* LLVM TODO
* LXQt TODO
* nginx TODO
* NodeJS TODO (LTS)
* PHP TODO
* Qt TODO
* Ruby TODO
* Rust TODO
* wlroots TODO
* zigbee2mqtt TODO
* ffmpeg TODO

=== GCC 15 ===

=== LLVM 21 ===

=== ifupdown-ng 0.13 ===

{{Note|TODO}}

=== GNOME 49 ===

https://release.gnome.org/49/

* We kept gnome-session (and gdm) at 48 because of the [https://release.gnome.org/49/developers/index.html#stronger-systemd-dependencies stricter systemd dependency] ({{Issue|17514}})
* Our gdk-pixbuf didn't enable the glycin sandboxing library yet ({{Issue|17550}})

=== ffmpeg 8 ===

6 -> 8

6 and 7 are still available as ffmpeg6 and ffmpeg7

4 gets removed

== Significant removals ==



=== More Qt5 removals ===

{{Note|TODO}}

=== ffmpeg4 ===

{{Note|TODO}}

=== LLVM 17 ===

=== rssh ===

rssh package has been removed due to the dead upstream.

<hr><center>[[Release Notes for Alpine 3.22.0|← Previous page: Release Notes for Alpine 3.22.0]]</center>

Release Notes for Alpine 3.19.0

2023-11-19T17:32:04Z

Liske: Add netns section.

== Base System ==

=== iptables-nft ===

the <code>/sbin/iptables{,-save,-restore}</code> symlinks now point to xtables-nft-multi instead of xtables-legacy-multi. this means they use the nftables kernel backend instead of the legacy iptables one.

since the new iptables- binaries also don't use the iptables backend, to work with any existing rules and save them, you need to install <code>iptables-legacy</code> and use <code>iptables-legacy-save</code>.

because mixing backends is not supported, you should reboot your system if you have to use the iptables commands after upgrading.

=== netns ===

The OpenRC package contains a patch to make it possible to start most services in netns namespaces. See also [[Netns|netns]].

[[Category:News]]

Netns

2023-09-26T20:02:44Z

Liske: Minor format fixes.

'''Netns''' (network namespaces) are another instance of the network stack with its own network devices (links), ip setup and firewall rules. Besides of using netns for building containers they can be used to get a stricter isolation than using [[VRF]]s.

== Prerequisites ==

The packages and patches described in this article are available in Alpine edge and ≥3.19.

== NETNS management ==

=== iproute2 ===

Netns can be ad-hoc managed using the <code>ip netns</code> commands.

<pre>
ip netns
ip netns add tenant1
ip netns del tenant1
ip netns exec tenant1 ip -br link
</pre>

=== ifstate ===

[https://ifstate.net IfState], a declarative network configuration tool, is full netns aware since IfState 1.9.0. The following config example creates a wireguard tunnel and a vlan sub-interface. The wireguard link <code>wg0</code> and the vlan sub-interface are moved into the <code>vpn</code> netns.

<pre>
# root netns
interfaces:
- name: eth0
addresses:
- 198.51.100.2/31
link:
state: up
kind: physical
routing:
routes:
- to: 0.0.0.0/0
via: 198.51.100.1
rules: []

namespaces:
# "vpn" netns
vpn:
interfaces:
- name: eth0.42
addresses:
- 192.0.2.1/25
link:
state: up
kind: vlan
vlan_id: 42
link: eth0
# link to eth0 in root netns
link_netns: null
- name: wg0
addresses:
- 192.0.2.254/30
link:
state: up
kind: wireguard
# bind wireguard to the root netns
bind_netns: null
wireguard:
private_key: !include /etc/wireguard/secret.key
peers:
- public_key: 3Eimby+9YtJwtx+peCsz6RiubRqAp+cATHNiGWsUsEU=
endpoint: 203.0.113.42
persistent_keepalive_interval: 30
allowedips:
- 0.0.0.0/0
routing:
routes: []
- to: 0.0.0.0/0
dev: wg0
rules: []
</pre>

== NETNS-based Service Isolation ==

Services can be run isolated in a NETNS ('''and''' [[VRF]] inside the NETNS) when running at least OpenRC 0.49.0-r1. You can set the <code>$netns</code> variable for the service in <code>/etc/conf.d</code> in most cases.

''The netns must already be created before a service can be started inside of it!''

== NETNS-compatible initd scripts ==

Not all initd scripts might be netns compatible. Some network stack related packages have been patched to be netns aware:

* ipset
* iptables
* nftables

Netns

2023-09-26T20:01:04Z

Liske: Initial content about Alpine's netns superpower.

'''Netns''' (network namespaces) are another instance of the network stack with its own network devices (links), ip setup and firewall rules. Besides of using netns for building containers they can be used to get a stricter isolation than using [[VRF]]s.

== Prerequisites ==

The packages and patches described in this article are available in Alpine edge and ≥3.19.

== NETNS management ==

=== iproute2 ===

Netns can be ad-hoc managed using the <code>ip netns</code> commands.

<pre>
ip netns
ip netns add tenant1
ip netns del tenant1
ip netns exec tenant1 ip -br link
</pre>

=== ifstate ===

[https://ifstate.net IfState], a declarative network configuration tool, is full netns aware since IfState 1.9.0. The following config example creates a wireguard tunnel and a vlan sub-interface. The wireguard link <code>wg0</code> and the vlan sub-interface are moved into the <code>vpn</code> netns.

<pre>
# root netns
interfaces:
- name: eth0
addresses:
- 198.51.100.2/31
link:
state: up
kind: physical
routing:
routes:
- to: 0.0.0.0/0
via: 198.51.100.1
rules: []

namespaces:
# "vpn" netns
vpn:
interfaces:
- name: eth0.42
addresses:
- 192.0.2.1/25
link:
state: up
kind: vlan
vlan_id: 42
link: eth0
# link to eth0 in root netns
link_netns: null
- name: wg0
addresses:
- 192.0.2.254/30
link:
state: up
kind: wireguard
# bind wireguard to the root netns
bind_netns: null
wireguard:
private_key: !include /etc/wireguard/secret.key
peers:
- public_key: 3Eimby+9YtJwtx+peCsz6RiubRqAp+cATHNiGWsUsEU=
endpoint: 203.0.113.42
persistent_keepalive_interval: 30
allowedips:
- 0.0.0.0/0
routing:
routes: []
- to: 0.0.0.0/0
dev: wg0
rules: []
</pre>

== NETNS-based Service Isolation ==

Services can be run isolated in a NETNS ('''and''' [[VRF]] inside the NETNS) when running OpenRC 0.49.0-r1+. You can set the <code>$netns</code> variable for the service in <code>/etc/conf.d</code> in most cases.

''The netns must already be created before a service can be started inside of it!''

== NETNS-compatible initd scripts ==

Not all initd scripts might be netns compatible. Some network stack related packages have been patched to be netns aware:

- ipset
- iptables
- nftables