Alpine Linux in a chroot: Difference between revisions

From Alpine Linux
(fix command format of →‎Make bootable the install)
m (Changed mirror link. Old one was infini-spin for me. YMMV.)
 
(10 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{TOC right}}
{{TOC right}}


Inside the chroot environment, you can build, debug, and run alpine packages or develop things. It's the most known way to do so if one wants not to trash their main Alpine system.
Inside the chroot environment, you can build, debug, and run Alpine packages or develop things. It's the most known way to do so without replacing your system or using a Virtual Machine.
This document explains how to set up an Alpine build environment in a chroot under a host Linux distro, that can also be used to install Alpine Linux from a non-Alpine Linux system or live environment.


This document explains how to set up an [[Alpine_newbie#Developer|Alpine build environment]] in a chroot under a host Linux distro, can also be used to install Alpine Linux from a non-Alpine Linux livecd.
{{Tip|You can use the [https://github.com/alpinelinux/alpine-chroot-install/ alpine-chroot-install] script to do all these steps for you.}}


== Requirements ==
== Requirements ==


* Working Linux instalation where to perform all the process
* Working Linux instalation where to perform all the process
* Linux kernel 2.6.22, with <code>wget</code> and <code>chroot</code> installed
* Linux kernel 2.6.22, with <code>curl</code> and <code>chroot</code> binary installed
* target media with at least 100M, 900MB for more complete solution as minimum
* target media with at least 100M, 900MB for more complete solution as minimum
* internet connection
* internet connection
Line 16: Line 17:
The variables below:  
The variables below:  


*'''${chroot_dir}''' = Should point to the chroot directory where you
*'''${chroot_dir}''' = Should point to the new root directory
*'''${mirror}''' = Should be replaced with [http://nl.alpinelinux.org/alpine/MIRRORS.txt one of the available Alpine Linux mirrors].
*'''${mirror}''' = Should be replaced with [https://dl-cdn.alpinelinux.org/alpine/MIRRORS.txt one of the available Alpine Linux mirrors].
*'''${arch}''' =  Should be the cpu architecture like x86 (i386) or amd64(x86_64)..
*'''${arch}''' =  Should be the cpu architecture like x86 (i386) or amd64(x86_64)..


Line 24: Line 25:
Download the latest apk static package (replace <tt>${version}</tt> with actual version):
Download the latest apk static package (replace <tt>${version}</tt> with actual version):


{{Cmd|wget ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk}}
{{Cmd|curl -LO ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk}}


.apk packages are just gzipped tarballs, unpack using:
.apk packages are just gzipped tarballs, you can unpack them using:
{{Cmd|tar -xzf apk-tools-static-*.apk}}
{{Cmd|tar -xzf apk-tools-static-*.apk}}


== Install the alpine base installation onto the chroot ==
== Install the alpine base installation onto the chroot ==


{{Cmd|./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted --root ${chroot_dir} --initdb add alpine-base}}
{{Cmd|./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted -p ${chroot_dir} --initdb add alpine-base}}


== Set up the chroot ==
== Seting up the chroot ==


Before made and enter into the chrooted system must be prepared with device nodes and tempfs :
Before you change root to the new directory, you need to create the required devices


===== Method 1.A fast way: using bind mount =====
===== Method 1.a Simple way: Using the host's /dev =====


{{Note|Mounts with bind, can mount in read-only the /dev at the alpine chroot so due limited will not touch the  access time of the host system}}
{{Cmd|mount -o bind /dev ${chroot_dir}/dev}}


{{Cmd|mount /dev/ ${chroot_dir}/dev/ --bind
{{Note|Bind mounts can be made read-only which would limit the chroot from writing to the devices}}
mount -o remount,ro,bind ${chroot_dir}/dev
}}


If you need SCSI or R/W access only do the first command, mounting with "ro" makes more secure your chroot.
===== Method 1.b Manual way: Creating needed nodes =====


===== Method 1.B manual way: creating need nodes =====
{{Warning|Manually creating devices will only provide the ones that have been created}}
 
{{Warning|Manually creating devices will only provide those representation that you have created.. for auto availability use bind mounts}}


{{Cmd|mknod -m 666 ${chroot_dir}/dev/full c 1 7
{{Cmd|mknod -m 666 ${chroot_dir}/dev/full c 1 7
Line 58: Line 55:
mknod -m 666 ${chroot_dir}/dev/tty c 5 0}}
mknod -m 666 ${chroot_dir}/dev/tty c 5 0}}


If you need SCSI disc access:
If you need SCSI disc access you can create the device nodes like this:
 
{{Note|Every device can have 15 sub-nodes, you should always increment by 16 for every new device}}


{{Cmd|mknod -m 666 ${chroot_dir}/dev/sda b 8 0
{{Cmd|mknod -m 666 ${chroot_dir}/dev/sda b 8 0
Line 64: Line 63:
mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2
mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2
mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3
mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3
mknod -m 666 ${chroot_dir}/dev/sda4 b 8 4
mknod -m 666 ${chroot_dir}/dev/sda5 b 8 5
mknod -m 666 ${chroot_dir}/dev/sda6 b 8 6
mknod -m 666 ${chroot_dir}/dev/sdb b 8 16
mknod -m 666 ${chroot_dir}/dev/sdb b 8 16
mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17
mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17}}
mknod -m 666 ${chroot_dir}/dev/sdb2 b 8 18
mknod -m 666 ${chroot_dir}/dev/sdb3 b 8 19
mknod -m 666 ${chroot_dir}/dev/sdb4 b 8 20
mknod -m 666 ${chroot_dir}/dev/sdb5 b 8 21
mknod -m 666 ${chroot_dir}/dev/sdb6 b 8 22}}


==== Made available proc and sys fs ====
==== Make the process fs and /sys fs available ====


{{Cmd|mount -t proc none ${chroot_dir}/proc
{{Cmd|mount -t proc none ${chroot_dir}/proc
mount -o bind /sys ${chroot_dir}/sys}}
mount -o bind /sys ${chroot_dir}/sys}}


==== Make networking resolution access ====
==== Set up name resolution ====


A resolv.conf is needed for name resolution:  
A resolv.conf is needed for name resolution:  


{{Cmd|cp /etc/resolv.conf ${chroot_dir}/etc/
You can either copy your host's resolv.conf:
mkdir -p ${chroot_dir}/root}}
{{Cmd|cp -L /etc/resolv.conf ${chroot_dir}/etc/}}


If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other):  
or instead you can create a new one (this example uses OpenDNS):
{{Cmd|echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf}}
{{Cmd|echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf}}


==== prepare the apk sources software ====
==== Prepare the APK repositories ====


Set up APK mirror (replace <tt>${branch}</tt> with the latest stable branch name, e.g. v3.3):
Set up APK main repository (replace <tt>${branch}</tt> with the latest stable branch name, e.g. v3.3):


{{Cmd|mkdir -p ${chroot_dir}/etc/apk
{{Cmd|mkdir -p ${chroot_dir}/etc/apk
echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories}}
echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories}}


== Mastering your chroot ==
{{Warning|The chroot methods are commonly used to have Alpine installed in a existing system. Because of this, the steps for preparing a bootloader are not included.}}
 
The chroot methods are commonly used to have alpine in a portion of a already made directory, not forced to be a entire partion, that means Alpine can be in a very minimal directory indise the same partition of a Debian installed linux inclusively, so that why the chroot process does not included the boot method.
 
So then the following commands will described the need procedures only if the chroot instalation was made to a dedicated partition for and not to a directory inside another linux installed.
 
{{Warning|so then by the explained reasons, at this point, Alpine has been succesfully installed onto the chroot directory '''but still not able to boot it'''. }}


==== Entering your chroot ====
==== Entering your chroot ====


Take in consideration that the chroot command are only running as root, no stupid sudo tools are recommended for that.
You then can enter your chroot by running this command as the root user (UID 0).


{{Cmd|chroot ${chroot_dir} /bin/bash -l}}
{{Cmd|chroot ${chroot_dir} /bin/ash -l}}


==== Perform init process ====
==== Preparing init services ====


Need to add some minimal initscripts to appropriate runlevels:
If you plan to use your chroot with a init system or setup a new system on another device you should add these services:


{{Cmd|rc-update add devfs sysinit
{{Cmd|rc-update add devfs sysinit
Line 130: Line 115:
rc-update add savecache shutdown}}
rc-update add savecache shutdown}}


<!-- TODO: Create a page dedicated to installing GRUB and Syslinux and reference them here
==== Adding a bootloader ====


==== Make bootable the install ====
[[GRUB]]
 
WIP:
 
{{Warning|Run only this if Alpine was installed to a dedicated partiton mounted at the <nowiki>${chroot_dir}</nowiki> directory, becose at this point, Alpine has been succesfully installed onto the chroot directory '''but still not able to boot it'''. }}


{{Cmd|<nowiki>dd if=/usr/share/syslinux/mbr.bin of=/dev/sda</nowiki>}}
{{Warning|Run this only if Alpine was installed to a dedicated partiton mounted at the <nowiki>${chroot_dir}</nowiki> directory.}}


Be care of that /dev/sda are the same disk where destination partition was mounted to <nowiki>${chroot_dir}</nowiki>.
{{Cmd|<nowiki>apk add syslinux
dd if=/usr/share/syslinux/mbr.bin of=/dev/sda</nowiki>}}


{{Warning|Make sure that the device you give the <code>dd</code> utility is the one you want to install the bootloader to. This process cannot be reverted!}}
-->
= Troubleshooting =
= Troubleshooting =


== hardened kernels or alpine as chroot host ==
== Hardened kernels or alpine as chroot host ==


If you are using Alpine as a Native build system you will have to make sure that chroot can run chmod. Add following to <code>/etc/sysctl.conf</code>
If you are using Alpine as a native build system you will have to make sure that you can run <code>chmod</code> from a chroot. Add the following to <code>/etc/sysctl.conf</code>


<code>kernel.grsecurity.chroot_deny_chmod = 0</code>
<code>kernel.grsecurity.chroot_deny_chmod = 0</code>


Then run the following command
Then reload the sysctl configuration


<code>sysctl -p</code>
<code>sysctl -p</code>


== chroot: cannot run command ' ... Exec format error ==
== chroot: cannot run command ' ... Exec format error ==


This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). If you plans to make chroot into another installation must use same arch for both host and hosted chrooted!
This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). The binaries must be built for the architecture that the host runs!


Note that with '''one exception you can run 32 bit x86 chroot in x86_64, but not viceversa'''!
Note that with '''one exception you can run 32 bit x86 chroot in x86_64, but not viceversa'''!
Line 162: Line 147:
== WARNING: Ignoring APKINDEX.xxxx.tar.gz ==
== WARNING: Ignoring APKINDEX.xxxx.tar.gz ==


Make sure <code>${chroot_dir}/etc/apk/repositories</code> is valid and inside the chroot run:
Make sure <code>${chroot_dir}/etc/apk/repositories</code> is valid and run:


<code>apk update</code>
<code>apk update</code>
Line 170: Line 155:
* You can also use script [https://github.com/alpinelinux/alpine-chroot-install/ alpine-chroot-install]
* You can also use script [https://github.com/alpinelinux/alpine-chroot-install/ alpine-chroot-install]
* https://web.archive.org/web/20190808203313/https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
* https://web.archive.org/web/20190808203313/https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
* Alpine Linux in a chroot on Fedora : http://git.alpinelinux.org/cgit/user/fab/scripts/tree/alpine-chroot.sh script
* Alpine Linux in a chroot on Fedora : https://git.alpinelinux.org/cgit/user/fab/scripts/tree/alpine-chroot.sh {{dead link}} script
* Alpine Linux aarch64 in a chroot on AWS Linux : https://gist.github.com/emolitor/0567e51c0ce04f4b025fc78d2cf0b4f1 script
* Alpine Linux aarch64 in a chroot on AWS Linux : https://gist.github.com/emolitor/0567e51c0ce04f4b025fc78d2cf0b4f1 script


[[Category:Installation]]
[[Category: Installation]]
[[category: System Administration]]
[[category: System Administration]]

Latest revision as of 19:33, 30 August 2023

Inside the chroot environment, you can build, debug, and run Alpine packages or develop things. It's the most known way to do so without replacing your system or using a Virtual Machine. This document explains how to set up an Alpine build environment in a chroot under a host Linux distro, that can also be used to install Alpine Linux from a non-Alpine Linux system or live environment.

Tip: You can use the alpine-chroot-install script to do all these steps for you.

Requirements

  • Working Linux instalation where to perform all the process
  • Linux kernel 2.6.22, with curl and chroot binary installed
  • target media with at least 100M, 900MB for more complete solution as minimum
  • internet connection

Prerequisites

The variables below:

  • ${chroot_dir} = Should point to the new root directory
  • ${mirror} = Should be replaced with one of the available Alpine Linux mirrors.
  • ${arch} = Should be the cpu architecture like x86 (i386) or amd64(x86_64)..

Set up APK

Download the latest apk static package (replace ${version} with actual version):

curl -LO ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk

.apk packages are just gzipped tarballs, you can unpack them using:

tar -xzf apk-tools-static-*.apk

Install the alpine base installation onto the chroot

./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted -p ${chroot_dir} --initdb add alpine-base

Seting up the chroot

Before you change root to the new directory, you need to create the required devices

Method 1.a Simple way: Using the host's /dev

mount -o bind /dev ${chroot_dir}/dev

Note: Bind mounts can be made read-only which would limit the chroot from writing to the devices
Method 1.b Manual way: Creating needed nodes
Warning: Manually creating devices will only provide the ones that have been created


mknod -m 666 ${chroot_dir}/dev/full c 1 7 mknod -m 666 ${chroot_dir}/dev/ptmx c 5 2 mknod -m 644 ${chroot_dir}/dev/random c 1 8 mknod -m 644 ${chroot_dir}/dev/urandom c 1 9 mknod -m 666 ${chroot_dir}/dev/zero c 1 5 mknod -m 666 ${chroot_dir}/dev/tty c 5 0

If you need SCSI disc access you can create the device nodes like this:

Note: Every device can have 15 sub-nodes, you should always increment by 16 for every new device

mknod -m 666 ${chroot_dir}/dev/sda b 8 0 mknod -m 666 ${chroot_dir}/dev/sda1 b 8 1 mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2 mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3 mknod -m 666 ${chroot_dir}/dev/sdb b 8 16 mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17

Make the process fs and /sys fs available

mount -t proc none ${chroot_dir}/proc mount -o bind /sys ${chroot_dir}/sys

Set up name resolution

A resolv.conf is needed for name resolution:

You can either copy your host's resolv.conf:

cp -L /etc/resolv.conf ${chroot_dir}/etc/

or instead you can create a new one (this example uses OpenDNS):

echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf

Prepare the APK repositories

Set up APK main repository (replace ${branch} with the latest stable branch name, e.g. v3.3):

mkdir -p ${chroot_dir}/etc/apk echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories

Warning: The chroot methods are commonly used to have Alpine installed in a existing system. Because of this, the steps for preparing a bootloader are not included.


Entering your chroot

You then can enter your chroot by running this command as the root user (UID 0).

chroot ${chroot_dir} /bin/ash -l

Preparing init services

If you plan to use your chroot with a init system or setup a new system on another device you should add these services:

rc-update add devfs sysinit rc-update add dmesg sysinit rc-update add mdev sysinit rc-update add hwclock boot rc-update add modules boot rc-update add sysctl boot rc-update add hostname boot rc-update add bootmisc boot rc-update add syslog boot rc-update add mount-ro shutdown rc-update add killprocs shutdown rc-update add savecache shutdown

Troubleshooting

Hardened kernels or alpine as chroot host

If you are using Alpine as a native build system you will have to make sure that you can run chmod from a chroot. Add the following to /etc/sysctl.conf

kernel.grsecurity.chroot_deny_chmod = 0

Then reload the sysctl configuration

sysctl -p

chroot: cannot run command ' ... Exec format error

This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). The binaries must be built for the architecture that the host runs!

Note that with one exception you can run 32 bit x86 chroot in x86_64, but not viceversa!

WARNING: Ignoring APKINDEX.xxxx.tar.gz

Make sure ${chroot_dir}/etc/apk/repositories is valid and run:

apk update

External links