Software management: Difference between revisions

From Alpine Linux
m (→‎Chroot method: recommend putting the command at the top)
m (Change Arch Linux bootstrap download to zst)
 
(70 intermediate revisions by 14 users not shown)
Line 1: Line 1:
{{Draft}}
This page documents various ways to manage software in Alpine Linux. [[#Graphical software manager|Graphical software managers]] are available to supplement [[#Alpine Package Keeper|apk]] to manage official software packages along with [[#Flatpak|Flatpaks]].


If you want to run [https://www.gnu.org/software/libc/ glibc] programs in Alpine Linux, there are a few ways of doing so. You could install glibc as additional to [https://uclibc.org/about.html uclibc] (you would have to do this manually), or you could do it the easy way and use a chroot.<br>
This page also documents ways to [[#Running glibc programs|run software compiled with glibc]] including graphical programs like {{ic|Visual Studio Code}}, {{ic|google-chrome}}, {{ic|obsidian}} etc...


Because there are different use cases, this is just a slight overview about what's possible and what's intelligent.<br>
== Alpine package keeper ==
{{Main|Alpine Package Keeper}}
The official package manager in Alpine Linux [[Alpine Package Keeper|Alpine Package Keeper(apk)]] is a cli tool. [[Comparison_with_other_distros#Comparison_chart/Rosetta_Stone|Rosetta stone]] shows how standard package management tasks are done in Alpine Linux compared to other popular distributions.  


== Graphical software manager ==


= Your options =
The following graphical tools are available to manage software packages from [[Repositories|official repositories]] and [[#Flatpak|Flatpaks]].


== Using BusyBox ==
=== Gnome software ===


First, the simplest approach for setting up a chroot is by using a glibc build of [https://www.busybox.net/about.html BusyBox].
Gnome [[GNOME#Configuration|Software]] can be used as a GUI front end for apk for managing official software packages and flatpaks.


This approach has just a few downsides:-
=== KDE Discover ===
* You have to link most <code>/bin/</code> and <code>/usr/bin</code> programs against <code>/bin/busybox</code>, and some BusyBox builds break if you don't configure them correctly.
* You have to manually download every library you need for your program manually.


However, if you want a small environment for one simple use case, then this is the solution you want.
KDE [[KDE#Discover|Discover]] can be used as a GUI front end for apk for managing official software packages and flatpaks.


== Using a live CD ==
== Flatpak ==
{{Main|Flatpak}}


If you prefer using any special distro, you can always download and extract a live CD and use it as a chroot enviroment.
[[Flatpak#Installing_Flatpak|Flatpak]] is by far the easiest method for running programs not available in the official Alpine Linux [[Repositories|repositories]]. To use flatpaks, ensure that [[Flatpak#Installing_Flatpak|Flathub repository]] is enabled.


== Using an image ==
== Running glibc programs ==


For Gentoo, it is the slowest approach especially on slow machines since it is not binary distribution and can be indecisive, but you have the advantage of controlling the package version of whichever library you will install. A drawback would be a big build. You have to install a Portage tree, which uses up a lot of space.  (It's not 100% necessary if you don't have to install any additional content that you won't need.)  Sometimes the package will fail on compilation phase of emerge.  You either end up patching it yourself or waiting for a fix to appear on their Bugzilla from an experienced user.
If you want to run [https://www.gnu.org/software/libc/ glibc] programs in Alpine Linux, there are a few ways of doing so.  


For Arch or Debian, it is recommended since packages are precompiled and better at unattended package installation. This approach isn't as easily executed as the other alternatives, but this may be the cleanest and most recommended one for the every day user.
For simpler binaries, you can install [[#gcompat|gcompat]] a compatibility layer or you could do it the easy way and use [[#Flatpak|Flatpaks]]. See [[#Containers|containers]] or [[#Chroot|chroot]] section for ways to run glibc programs including graphical ones.


= How to do it =
=== gcompat ===


This is just a quick draft, so here it comes.
[https://git.adelielinux.org/adelie/gcompat gcompat] is a library which provides glibc-compatible APIs for use on musl libc systems like Alpine Linux. To install issue the command: {{cmd|apk add {{pkg|gcompat}}}}
After that you run your binaries as normal.


== Using BusyBox ==
For an usage example, refer [[Firefox#DRM_content_using_Widevine_workaround|Firefox]] page, where gcompat is used to run glibc compiled Widevine binary.


First, we need to download BusyBox. You can choose any of your favourite distros to download a prebuilt version.  For instance, you could use Arch Linux [https://www.archlinux.org/packages/?q=busybox packages], as follows:
== Chroot ==
{{Main|Chroot}}
An option that's easier to generalize to other glibc applications is installing a glibc-based distribution into a chroot. You can then either chroot into it, or use a symlink and some configuration to make its glibc (and associated libraries) usable from Alpine.


wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
{{Tip|The most reliable way to enter a chroot is to use the [[Chroot#Enter_chroot|start-chroot]] script.}}
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc}
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
cp /etc/resolv.conf ~/chroot/etc/
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln
sudo chroot ~/chroot/ /bin/sh


This creates a simple chroot enviroment, which we will expand through all the commands included in BusyBox:
After setting up a chroot using any of the methods described below, the loader can be set up in Alpine like so (these instructions are for a Debian chroot in /var/chroots/debian, on x86_64, but can be adapted to other systems by using the appropriate paths):


for i in $(busybox --list);do ln -s /bin/busybox /usr/bin/$i;done
{{cmd|mkdir -p /lib64
 
ln -s /var/chroots/debian/lib/x86_64-linux-gnu/ld-2.33.so /lib64
 
printf '/var/chroots/debian/lib/x86_64-linux-gnu\n/var/chroots/debian/usr/lib/x86_64-linux-gnu\n' > /etc/ld.so.conf
== Using a live CD ==
/var/chroots/debian/sbin/ldconfig}}
{{Draft|Contributions welcome}}
 
 
== Using an image ==


=== Gentoo Linux ===
=== Gentoo Linux ===
Line 62: Line 54:
Select a stage3 from [https://www.gentoo.org/downloads/ here] and portage latest from [https://www.gentoo.org/downloads/mirrors/ here] at gentoo/snapshots/portage-latest.tar.xz.
Select a stage3 from [https://www.gentoo.org/downloads/ here] and portage latest from [https://www.gentoo.org/downloads/mirrors/ here] at gentoo/snapshots/portage-latest.tar.xz.


First,
First,{{cmd|doas apk add {{pkg|xz}}}}
 
sudo apk add xz
 
You also may need the vanilla kernel.  If any time Gentoo decides to update PAM, you need it for it to emerge successfully without problems.
 
sudo apk add kernel-vanilla
 
Add the kernel-vanilla to Grub and reboot with the vanilla kernel if you are going to pull in both git and layman which they use to download user community supported packages.


Enter the chroot:
Enter the chroot:
mkdir ~/chroot
{{cmd|mkdir ~/chroot
cd ~/chroot
cd ~/chroot
tar -xvf stage3-*.tar.xz
tar -xvf stage3-*.tar.xz
tar -xvf portage-latest.tar.xz
tar -xvf portage-latest.tar.xz
mv portage usr
mv portage usr
sudo mount --bind /dev dev
doas mount --bind /dev dev
sudo mount --bind /sys sys
doas mount --bind /sys sys
sudo mount -t proc proc proc
doas mount -t proc proc proc
cp /etc/resolv.conf etc
cp /etc/resolv.conf etc
sudo chroot . /bin/bash
doas chroot . /bin/bash}}


And voilà, you have your working Gentoo chroot!<br>
And voilà, you have your working Gentoo chroot!<br>
Line 95: Line 79:
CHROOT_PATH="/home/$USER/chroot"
CHROOT_PATH="/home/$USER/chroot"
cd $CHROOT_PATH
cd $CHROOT_PATH
mount | grep $CHROOT_PATH/dev || sudo mount --bind /dev dev
mount | grep $CHROOT_PATH/dev || doas mount --bind /dev dev
mount | grep $CHROOT_PATH/sys || sudo mount --bind /sys sys
mount | grep $CHROOT_PATH/sys || doas mount --bind /sys sys
mount | grep $CHROOT_PATH/proc || sudo mount -t proc proc proc
mount | grep $CHROOT_PATH/proc || doas mount -t proc proc proc
cp /etc/resolv.conf etc
cp /etc/resolv.conf etc
sudo chroot --userspec=$USER:users . /bin/bash
doas chroot --userspec=$USER:users . /bin/bash
echo "You must manually unmount $CHROOT_PATH/dev, $CHROOT_PATH/sys, $CHROOT_PATH/proc."
echo "You must manually unmount $CHROOT_PATH/dev, $CHROOT_PATH/sys, $CHROOT_PATH/proc."
</nowiki>
</nowiki>
Line 107: Line 91:


=== Arch Linux ===
=== Arch Linux ===
{{Seealso|Installing ArchLinux inside an Alpine chroot}}
Either use '''pacstrap''' (included with the arch-install-scripts package) or an Arch bootstrap image:


Although '''pacstrap''' is included with the arch-install-scripts package, it will not work unless the target directory is a mountpoint, so the Arch bootstrap image must be used instead (the image is updated every month, so change the date in the link as required):
{{cmd|doas apk add {{pkg|arch-install-scripts}}
 
mkdir ~/chroot && cd ~/chroot
  sudo apk add arch-install-scripts
curl -O https://mirrors.edge.kernel.org/archlinux/iso/latest/archlinux-bootstrap-x86_64.tar.zst
  mkdir ~/chroot && cd ~/chroot
doas tar -x --zstd -f archlinux-bootstrap-x86_64.tar.zst && rm archlinux-bootstrap-x86_64.tar.zst
  curl -O https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2018.01.01-x86_64.tar.gz
doas sed -i '/evowise/s/^#//' root.x86_64/etc/pacman.d/mirrorlist
  tar xzf archlinux-bootstrap-2018.01.01-x86_64.tar.gz && rm archlinux-bootstrap-2018.01.01-x86_64.tar.gz
doas sed -i '/CheckSpace/s/^/#/' root.x86_64/etc/pacman.conf
  sed -i '/evowise/s/^#//' root.x86_64/etc/pacman.d/mirrorlist
doas arch-chroot root.x86_64
  sudo arch-chroot root.x86_64
[chroot]# pacman-key --init
  [chroot]# pacman-key --init
[chroot]# pacman-key --populate archlinux}}
  [chroot]# pacman-key --populate archlinux


Once that is done, update the system and install the desired package(s) (denoted by ''"foo"'' in this example):
Once that is done, update the system and install the desired package(s) (denoted by ''"foo"'' in this example):
    
    
  [chroot]# pacman -Syu ''foo''
{{cmd|[chroot]# pacman -Syu ''foo''}}


=== Debian ===
=== Debian ===


Use the provided debootstrap package to create the Debian chroot. <code>--arch</code> is optional, depending of your needs.
Alpine Linux provides {{pkg|debootstrap}} package to create the Debian chroot. Here are the steps: {{cmd|<nowiki># apk add debootstrap
 
# mkdir -p /var/chroots/debian
On the '''linux-grsec''' kernel, you will need to relax chroot limitations:
# debootstrap --arch amd64 stable /var/chroots/debian/ https://deb.debian.org/debian </nowiki>}}
 
  sudo apk add debootstrap
  for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 0 | sudo tee $i; done
  mkdir ~/chroot
  sudo debootstrap --arch=i386 wheezy ~/chroot http://http.debian.net/debian/
  for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 1 | sudo tee $i; done
  sudo chroot ~/chroot /bin/bash
 
You can now use <code>apt-get</code> to install needed packages.
 
== Examples ==
 
=== Source dedicated server ===
 
Here is an easy example of how you can run [http://www.srcds.com srcds] in a simple BusyBox chroot.
 
For this server, you will only need the basic chroot and an advanced tar version (the BusyBox version is not sufficient because of the missing -U command):
 
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/tar/download/ -O tar.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc}
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
cp /etc/resolv.conf ~/chroot/etc/
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln
sudo chroot ~/chroot/ /bin/sh
 
Now that you are in a working chroot, you can download the server and install it.  You just have to execute the following self-explaining commands...
 
mkdir ~/work
cd ~/work
busybox wget http://www.steampowered.com/download/hldsupdatetool.bin
chmod +x hldsupdatetool.bin
ln -s /bin/busybox ./uncompress
cp /bin/tar . #right now executing programs from $PATH is buggy, soon to be fixed (no bug in BusyBox, but in my script)
./hdsupdatetool.bin #you can accept it or not ;)
./steam
./steam
 
...and you should have a working chroot with '''srcds''' installed in it.
 
If you think you are clever or elegant, you can use the server with a bash script:
 
#!/bin/bash
chroot ~/chroot /root/work/steam $@
 
Just save it (in your Alpine installation) under <code>/usr/bin/steam</code>, do a <code>chmod +x /usr/bin/steam</code> and have fun!
 
{{Warning|This script would let '''Steam''' run with root priviliges.  This is not recommended.}}


=== MegaCli ===
The {{ic|--arch}} is optional, depending on your needs.


So let's run [https://wikitech.wikimedia.org/wiki/MegaCli MegaCli] in a chroot too, shall we? ;)
For updating the Chroot or for installing applications i.e packages and their dependencies using {{ic|apt-get}}, mount it and then login as root:
{{cmd|<nowiki># mount --bind /dev /var/chroots/debian/dev
# mount --bind /proc /var/chroots/debian/proc
# mount --bind /dev/pts /var/chroots/debian/dev/pts
# chroot /var/chroots/debian /bin/bash
[chroot]# apt update && apt upgrade</nowiki>}}


First we set up a uclibc chroot :)
After installing the necessary applications and what you might want to do, exit the chroot and umount the binds for /dev/pts, dev and proc to avoid issues.
{{cmd|<nowiki># umount /var/chroots/debian/dev/pts
# umount /var/chroots/debian/dev
# umount /var/chroots/debian/proc</nowiki>}}


'''MegaCli''' needs more than just glibc.  It needs [https://www.gnu.org/software/ncurses/ ncurses] and the gcc-libs:
== Containers ==


wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
=== Distrobox + Podman ===
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/ncurses/download/ -O ncurses.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/gcc-libs/download/ -O gcc-libs.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc,sys}
cp /etc/resolv.conf ~/chroot/etc/
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln


After this, we visit [http://www.lsi.com/downloads/Public/MegaRAID%20Common%20Files/8.02.16_MegaCLI.zip this] site and download '''8.02.16_MegaCLI.zip'''.
[[Distrobox]] combined with [[Podman|podman]] container running in rootless mode allows running [[Distrobox#Running_graphical_programs|glibc compiled graphical programs]] easy. This doesn't require root privileges once set up.


mkdir tmp
=== Bubblewrap + Chroot===
cd tmp
unzip ../8.02.16_MegaCLI.zip
cd LINUX
unzip MegaCliLin.zip
#Now comes code stolen from rpm2cpio
o=`expr 96 + 8`
set `od -j $o -N 8 -t u1 MegaCli-8.02.16-1.i386.rpm`
il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5`
dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9`
sigsize=`expr 8 + 16 \* $il + $dl`
o=`expr $o + $sigsize + \( 8 - \( $sigsize \% 8 \) \) \% 8 + 8`
set `od -j $o -N 8 -t u1 MegaCli-8.02.16-1.i386.rpm`
il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5`
dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9`
hdrsize=`expr 8 + 16 \* $il + $dl`
o=`expr $o + $hdrsize`
dd if=MegaCli-8.02.16-1.i386.rpm ibs=$o skip=1 2>/dev/null |bsdtar -xf -
#wow ...
rm opt/MegaRAID/MegaCli/MegaCli64 # who needs 64bit?
cp -r opt/ ~/chroot/


Now we have a working '''MegaCli''' client in our chroot.
A script {{ic|glibc}} is used to create a container using [[Bubblewrap]] where a [[#Debian|Debian chroot]] is the content of that container. It's not just a chroot anymore; it's a bubblewrap powered isolated environment. This allows running graphical programs easy and doesn't require root privileges once installed.  


As with '''srcds''', we do not want to operate from inside the chroot, so here is a little script that should ease you up (use at your own risk):
[[Install]] the {{pkg|bubblewrap}} package.


#!/bin/bash
Set up [[#Debian|Debian chroot]] at {{path|/var/chroots/debian}} and install necessary glibc applications using {{ic|apt-get}}.
user=$(whoami)
if [ "$user" != "root" ];then
echo "This script needs root access"
exit
fi
mount -t proc proc ~/chroot/proc/
mount --bind /dev/ ~/chroot/dev/
mount --bind /sys/ ~/chroot/sys/
#we may need dev and maybe proc too to use this program
chroot ~/chroot /opt/MegaRAID/MegaCli/MegaCli $@
umount ~/chroot/proc
umount ~/chroot/dev
umount ~/chroot/sys


Save it under <code>/usr/bin/MegaCli</code>.  Do a <code>chmod +x /usr/bin/MegaCli</code> and good luck.
Create an alias {{ic|glibc}} using bwrap in the Alpine Linux host to start applications from the [[#Debian|Debian chroot]].


Note:  This method takes around 50mb. If you need something smaller, then you can strip a few files from glibc (not recommended), or work on a squashfs.
{{cmd|$ alias glibc{{=}}"LANG{{=}}en_US.UTF-8 bwrap --bind /var/chroots/debian / --dev-bind /dev /dev --proc /proc --bind /sys /sys --bind /run /run --bind /home /home --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/passwd /etc/passwd --ro-bind /etc/group /etc/group"}}


With the following, you can create a squashfs that is around 15mb small:
To run programs that use X11/Xorg you can use:  
mksquashfs ~/chroot/ /chroot.sfs -b 65536
{{cmd|$ alias glibcX11{{=}}"LANG{{=}}en_US.UTF-8 bwrap --bind /var/chroots/debian / --dev-bind /dev /dev --proc /proc --bind /sys /sys --bind /run /run --bind /home /home --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/passwd /etc/passwd --ro-bind /etc/group /etc/group --bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0 --setenv DISPLAY :0"}}


When you add a [https://en.wikipedia.org/wiki/UnionFS unionfs] layer, you can even use it with write access, or you can bind some directories to the writeable directories before you chroot into it.
In this case you might need to use {{ic|xhost}} on the Alpine Linux host to allow local connections, e.g.:
 
{{cmd|# xhost + local:}}
I will look into it later on.
 
You can save the chroot in another directory than your home directory, and you can even install a chroot through an APKBUILD (after someone wrote it).
 
With this, you could use many glibc-dependent programs through one chroot, but be aware that running programs like this should not be standard.  This should only be used in extreme situations, as in _closed source_ tools linked against glibc.
 
=== Skype on Debian chroot ===
 
{{Draft|Not yet validated}}
 
This is an example on how to run '''Skype''' from a Debian 32b chroot.
 
  sudo chroot ~/chroot
  wget http://www.skype.com/go/getskype-linux-deb
  dpkg -i getskype-linux-deb
 
To fix missing dependencies, you will want to use:
 
  apt-get -f install
 
Then, exit the chroot:
 
  exit
 
Fix PAX flags on Skype binary - '''linux-grsec''' only.
 
ELF marking with paxctl cannot be used because Skype binary refuses to run if modified.
 
<code>CONFIG_PAX_XATTR_PAX_FLAGS</code> is NOT yet available in '''linux-grsec'''.
 
  sudo apk add attr
  sudo setfattr -n user.pax.flags -v "em" ~/chroot/usr/bin/skype
 
Mount needed directories in the chroot read-only to limit access to the system devices.
 
Give write access to <code>/dev/v4l</code> and to <code>/dev/snd</code> in order to let Skype use the webcam device:  Skype is not compatible with Alsa anymore and requires Pulseaudio to be running.
 
  sudo mount -o bind /proc ~/chroot/proc
  sudo mount -o bind,ro,remount /proc ~/chroot/proc
  sudo mount -o bind /sys ~/chroot/sys
  sudo mount -o bind,ro,remount /sys ~/chroot/sys
  sudo mount -o bind /dev ~/chroot/dev
  sudo mount -o bind,ro,remount /dev ~/chroot/dev
  sudo mount -o bind /dev/v4l ~/chroot/dev/v4l
  sudo mount -t tmpfs -o nodev,nosuid,noexec shm $CHROOT_PATH/dev/shm
 
Enter the chroot and create a user:
 
  sudo chroot ~/chroot
  useradd -G audio,video <username>
  exit
 
Then run Skype as your newly created user:
 
  sudo chroot ~/chroot /bin/su - <username> -c /usr/bin/skype
 
 
=== Dungeon Crawl (Stone Soup) on Arch ===
 
Once the Arch system is laid down (to <code>~/chroot/root.x86_64</code> in this example), install the game:
 
  sudo arch-chroot ~/chroot/root.x86_64
  [chroot]# pacman -Syu crawl-tiles
 
Then exit the chroot and run it with this command:
 
  sudo arch-chroot ~/chroot/root.x86_64 /bin/su -c 'DISPLAY=:0 crawl-tiles'
 
A separate user can also be created to run the game, if preferred.
 
 
=== Spotify ===
 
==== Docker method ====
 
Read the [[Docker]] page to install it.  Then clone the repository, as shown below.  It will automate the process of pulling all the dependencies, and '''PaX''' marks it for the hardened kernel.  The advantage of this container is that it is ready-to-use and has stripped down many of the <code>/usr/bin</code> executables.  The downside is that is unstable.
 
git clone https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked
 
Follow the instructions in the <code>README.md</code>
 
==== Chroot method ====
 
The Chroot method the preferred method;  it doesn't have the black screen bug and is more stable.  Just translate the [https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked/blob/master/Dockerfile Dockerfile instructions] into native '''sh''' (Bourne shell).  The trick again is to run Spotify as root with sudo inside the chroot – not as regular user. 
 
Use <code>sudo aplay -l</code> to verify that the soundcard is detected.  When you use either this or the Docker method, which relies on ALSA, there could be a conflict depending on who grabs the sound card.  Stop all browsers or programs using the sound device outside of the chroot or the docker image so that Spotify can use it.
 
I did some translation.  You may need to make changes.
 
To update, just delete it and call <code>alpine-spotify-installer.sh</code> again.  You will still need the Arch Linux bootstrap image.  Extract the image.  Next, copy and paste the code shown below into root.x86_64;  <code>chmod +x alpine-spotify-installer.sh</code>. Then, run <code>sudo arch-chroot root.x86_64</code>.  Then, run <code>./alpine-spotify-installer.sh</code>.
 
{{Cat|alpine-spotify-installer.sh|<nowiki>
# Copyright (c) 2018 Orson Teodoro <orsonteodoro@hotmail.com>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
 
pacman --noconfirm -Syu
 
pacman --noconfirm -S base-devel
pacman --noconfirm -S xorg-server
pacman --noconfirm -S shadow
pacman --noconfirm -S sudo
pacman --noconfirm -S git
chmod 0660 /etc/sudoers
sed -i -e 's|# %wheel ALL=(ALL) NOPASSWD: ALL|%wheel ALL=(ALL) NOPASSWD: ALL\nspotify ALL=(ALL:ALL) NOPASSWD:ALL\n|g' /etc/sudoers || return 1
chmod 0440 /etc/sudoers
 
echo "Creating user spotify"
useradd -m spotify
echo "Deleting password for spotify"
passwd -d spotify
 
gpasswd -a spotify users
gpasswd -a spotify audio
gpasswd -a spotify video
gpasswd -a spotify wheel
 
echo "switching to spotify nix account"
su spotify
 
cd /home/spotify
mkdir aur
cd aur
 
cd /home/spotify/aur
git clone https://aur.archlinux.org/spotify.git
cd /home/spotify/aur/spotify
sudo -u spotify makepkg --noconfirm -si
 
cd /home/spotify/aur/
git clone https://aur.archlinux.org/paxctl.git
cd /home/spotify/aur/paxctl
sudo -u spotify makepkg --noconfirm -si
#for grsecurity kernels like Alpine
sudo paxctl -C /usr/share/spotify/spotify
sudo paxctl -z /usr/share/spotify/spotify
sudo paxctl -m /usr/share/spotify/spotify
 
sudo pacman --noconfirm -S alsa-lib
sudo pacman --noconfirm -S alsa-utils
 
#confirm that the sound card(s) shows up
sudo aplay -l
 
sudo spotify
</nowiki>
}}
 
To make this easier, create a launcher script:
 
{{Cat|run.sh|<nowiki>!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $DIR
sudo arch-chroot -u spotify root.x86_64 /bin/sh -c "sudo spotify"
</nowiki>
}}


If it shows <code>(spotify:4): Gtk-WARNING **: cannot open display: :0.0</code> Before running Spotify try:
Now we can invoke glibc-built binaries using the alias from the Alpine Linux host like so:
{{cmd|$ glibc ./binary}} or {{cmd|$ glibcX11 ./binary}}


  xhost +local:
When [[Wayland]] desktop like [[Sway]] runs without {{pkg|xwayland}} on the Alpine Linux host, electron apps like {{ic|vscode}}, {{ic|google-chrome}} etc needs to be started as follows:{{ic|<nowiki>$ glibc code --ozone-platform=wayland</nowiki>}}.


You could insert it at the very top in the above wrapper script.
== See also ==


You may want to look at [https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked/blob/master/deflate.sh this script] to learn how to lock it down by removing the unnecessary cruft in your chroot collections that may be abused.
* [[Alpine Package Keeper]]
* [[Installing ArchLinux inside an Alpine chroot]]
* [[Compile software from source]]


[[Category:Package Manager]]
[[Category:Development]]
[[Category:Development]]
[[Category:Installation]]

Latest revision as of 23:55, 17 July 2025

This page documents various ways to manage software in Alpine Linux. Graphical software managers are available to supplement apk to manage official software packages along with Flatpaks.

This page also documents ways to run software compiled with glibc including graphical programs like Visual Studio Code, google-chrome, obsidian etc...

Alpine package keeper

Main article: Alpine Package Keeper

The official package manager in Alpine Linux Alpine Package Keeper(apk) is a cli tool. Rosetta stone shows how standard package management tasks are done in Alpine Linux compared to other popular distributions.

Graphical software manager

The following graphical tools are available to manage software packages from official repositories and Flatpaks.

Gnome software

Gnome Software can be used as a GUI front end for apk for managing official software packages and flatpaks.

KDE Discover

KDE Discover can be used as a GUI front end for apk for managing official software packages and flatpaks.

Flatpak

Main article: Flatpak

Flatpak is by far the easiest method for running programs not available in the official Alpine Linux repositories. To use flatpaks, ensure that Flathub repository is enabled.

Running glibc programs

If you want to run glibc programs in Alpine Linux, there are a few ways of doing so.

For simpler binaries, you can install gcompat a compatibility layer or you could do it the easy way and use Flatpaks. See containers or chroot section for ways to run glibc programs including graphical ones.

gcompat

gcompat is a library which provides glibc-compatible APIs for use on musl libc systems like Alpine Linux. To install issue the command:

apk add gcompat

After that you run your binaries as normal.

For an usage example, refer Firefox page, where gcompat is used to run glibc compiled Widevine binary.

Chroot

Main article: Chroot

An option that's easier to generalize to other glibc applications is installing a glibc-based distribution into a chroot. You can then either chroot into it, or use a symlink and some configuration to make its glibc (and associated libraries) usable from Alpine.

Tip: The most reliable way to enter a chroot is to use the start-chroot script.

After setting up a chroot using any of the methods described below, the loader can be set up in Alpine like so (these instructions are for a Debian chroot in /var/chroots/debian, on x86_64, but can be adapted to other systems by using the appropriate paths):

mkdir -p /lib64 ln -s /var/chroots/debian/lib/x86_64-linux-gnu/ld-2.33.so /lib64 printf '/var/chroots/debian/lib/x86_64-linux-gnu\n/var/chroots/debian/usr/lib/x86_64-linux-gnu\n' > /etc/ld.so.conf /var/chroots/debian/sbin/ldconfig

Gentoo Linux

Select a stage3 from here and portage latest from here at gentoo/snapshots/portage-latest.tar.xz.

First,

doas apk add xz

Enter the chroot:

mkdir ~/chroot cd ~/chroot tar -xvf stage3-*.tar.xz tar -xvf portage-latest.tar.xz mv portage usr doas mount --bind /dev dev doas mount --bind /sys sys doas mount -t proc proc proc cp /etc/resolv.conf etc doas chroot . /bin/bash

And voilà, you have your working Gentoo chroot!

You can now take a look at Gentoo's Handbook to find out how you can configure and install your system, or simply extract/copy the program you need to run in your chroot enviroment and execute it.

Here is a wrapper script that is similar to arch-chroot when you frequently reuse this chroot:

Also, create an account with the same user name as host current user to the chroot or make changes to the userspec option to chroot line.

Contents of gentoo-chroot.sh

!/bin/bash CHROOT_PATH="/home/$USER/chroot" cd $CHROOT_PATH mount | grep $CHROOT_PATH/dev || doas mount --bind /dev dev mount | grep $CHROOT_PATH/sys || doas mount --bind /sys sys mount | grep $CHROOT_PATH/proc || doas mount -t proc proc proc cp /etc/resolv.conf etc doas chroot --userspec=$USER:users . /bin/bash echo "You must manually unmount $CHROOT_PATH/dev, $CHROOT_PATH/sys, $CHROOT_PATH/proc."

Do at chmod +x gentoo-chroot.sh to get it to work.

Arch Linux

See also: Installing ArchLinux inside an Alpine chroot

Either use pacstrap (included with the arch-install-scripts package) or an Arch bootstrap image:

doas apk add arch-install-scripts mkdir ~/chroot && cd ~/chroot curl -O https://mirrors.edge.kernel.org/archlinux/iso/latest/archlinux-bootstrap-x86_64.tar.zst doas tar -x --zstd -f archlinux-bootstrap-x86_64.tar.zst && rm archlinux-bootstrap-x86_64.tar.zst doas sed -i '/evowise/s/^#//' root.x86_64/etc/pacman.d/mirrorlist doas sed -i '/CheckSpace/s/^/#/' root.x86_64/etc/pacman.conf doas arch-chroot root.x86_64 [chroot]# pacman-key --init [chroot]# pacman-key --populate archlinux

Once that is done, update the system and install the desired package(s) (denoted by "foo" in this example):

[chroot]# pacman -Syu foo

Debian

Alpine Linux provides debootstrap package to create the Debian chroot. Here are the steps:

# apk add debootstrap # mkdir -p /var/chroots/debian # debootstrap --arch amd64 stable /var/chroots/debian/ https://deb.debian.org/debian

The --arch is optional, depending on your needs.

For updating the Chroot or for installing applications i.e packages and their dependencies using apt-get, mount it and then login as root:

# mount --bind /dev /var/chroots/debian/dev # mount --bind /proc /var/chroots/debian/proc # mount --bind /dev/pts /var/chroots/debian/dev/pts # chroot /var/chroots/debian /bin/bash [chroot]# apt update && apt upgrade

After installing the necessary applications and what you might want to do, exit the chroot and umount the binds for /dev/pts, dev and proc to avoid issues.

# umount /var/chroots/debian/dev/pts # umount /var/chroots/debian/dev # umount /var/chroots/debian/proc

Containers

Distrobox + Podman

Distrobox combined with podman container running in rootless mode allows running glibc compiled graphical programs easy. This doesn't require root privileges once set up.

Bubblewrap + Chroot

A script glibc is used to create a container using Bubblewrap where a Debian chroot is the content of that container. It's not just a chroot anymore; it's a bubblewrap powered isolated environment. This allows running graphical programs easy and doesn't require root privileges once installed.

Install the bubblewrap package.

Set up Debian chroot at /var/chroots/debian and install necessary glibc applications using apt-get.

Create an alias glibc using bwrap in the Alpine Linux host to start applications from the Debian chroot.

$ alias glibc="LANG=en_US.UTF-8 bwrap --bind /var/chroots/debian / --dev-bind /dev /dev --proc /proc --bind /sys /sys --bind /run /run --bind /home /home --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/passwd /etc/passwd --ro-bind /etc/group /etc/group"

To run programs that use X11/Xorg you can use:

$ alias glibcX11="LANG=en_US.UTF-8 bwrap --bind /var/chroots/debian / --dev-bind /dev /dev --proc /proc --bind /sys /sys --bind /run /run --bind /home /home --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/passwd /etc/passwd --ro-bind /etc/group /etc/group --bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0 --setenv DISPLAY :0"

In this case you might need to use xhost on the Alpine Linux host to allow local connections, e.g.:

# xhost + local:

Now we can invoke glibc-built binaries using the alias from the Alpine Linux host like so:

$ glibc ./binary

or

$ glibcX11 ./binary

When Wayland desktop like Sway runs without xwayland on the Alpine Linux host, electron apps like vscode, google-chrome etc needs to be started as follows:$ glibc code --ozone-platform=wayland.

See also

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Software_management&oldid=30465"