|
|
(35 intermediate revisions by 9 users not shown) |
Line 1: |
Line 1: |
| [[Image:knotes.svg|96px|left|link=]]
| | This page moved to https://alpinelinux.org/about |
| {{TOC right}}
| |
| '''Alpine Linux''' is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.
| |
| | |
| Alpine Linux is and always will be '''free of charge'''. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing.
| |
| | |
| Alpine Linux was designed with security in mind. It has '''proactive security''' features, such as [http://en.wikipedia.org/wiki/PaX PaX] and [http://en.wikipedia.org/wiki/Stack-smashing_protection SSP], that prevent security holes from being exploited.
| |
| | |
| Alpine Linux uses the [http://en.wikipedia.org/wiki/UClibc uClibc] C library and all of the base tools from [http://en.wikipedia.org/wiki/BusyBox BusyBox]. These are normally found on embedded systems and are '''smaller''' than the tools found on GNU/Linux systems.
| |
| | |
| == Why Another Distribution? ==
| |
| | |
| To answer that question, we must look to the origins of Alpine Linux.
| |
| | |
| Alpine Linux began life as a fork of the [http://en.wikipedia.org/wiki/LEAF_Project LEAF Project]. The active members of the LEAF Project wanted to continue making a Linux distribution that ran off of a single floppy disk — and we think that's great — however, our needs required [http://en.wikipedia.org/wiki/Squid_%28software%29 Squid], [http://en.wikipedia.org/wiki/DansGuardian DansGuardian], [http://en.wikipedia.org/wiki/Samba_%28software%29 Samba], and a slew of other heavyweight applications. So, we ended up with a set of packages that fit on a CD-ROM.
| |
| | |
| The LEAF concept of "run from RAM" has a number of appealing features, especially on a firewall:
| |
| | |
| * If your configs are all on a floppy, an upgrade is as simple as burning a new CD and rebooting.
| |
| * If your configs are all on a write-protected floppy, recovering from a root-kit is as simple as rebooting.
| |
| | |
| On the other hand, there were some things that we wanted to experiment with that weren't easy in the LEAF build environment at the time, such as:
| |
| | |
| * Complete build-from-source environment (e.g. Gentoo-style build world)
| |
| * 2.6.x Kernel Support
| |
| * [http://en.wikipedia.org/wiki/Stack-smashing_protection Stack-Smashing support] from GCC
| |
| * [http://en.wikipedia.org/wiki/PaX PaX] kernel security
| |
| * Better package management with dependencies, upgrade path, pre- and post-install scripts, etc.
| |
| | |
| The project started from there. Our goal, however, has always been to be as simple as possible, keeping things very small. Alpine Linux won't quite fit on a floppy disk today, but it certainly runs from a 32MB USB stick.
| |
| | |
| == What's It Like? ==
| |
| | |
| It started out Gentoo-style, but is now self-hosting. The network configuration is similar to Debian. If you've ever used a BusyBox-based system before, it's pretty good. The Alpine developers have contributed a number of enhancements to BusyBox, in an effort to make the system run like any other.
| |
| | |
| As it is a BusyBox-based system, there are no manpages by default; BusyBox applets do not have all of the features of their real counterparts. So, you will run into situations where things don't run like they do on a "real" Linux system. When you run into those situations, remember these two things:
| |
| | |
| * The base installation is good enough for a firewall/router; there's nothing there except the basics. You can probably get what you need out of it using the tools that are there, although crudely. ( sh / awk / sed / grep can do everything Perl can do... Really.)
| |
| * Alpine has a complete set of packages, but you will need to explicitly choose what you wish to install.
| |
| | |
| == Why Should I Try It? ==
| |
| | |
| We're partial, of course, but here are a few reasons:
| |
| | |
| * '''It's quick:''' You can run it from a USB stick and have a very usable system in less than 10 minutes.
| |
| * '''It's great for experimenting:''' Since the configuration system stores everything in one file, you can take that file to a larger server and extract the configuration there.
| |
| * '''It's more secure:''' When The Linux 0-day vmsplice vulnerability was causing admins everywhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion.
| |
| * '''It's simple:''' Once you get past the package management, and the fact that changes are not saved unless you do a "<code>lbu commit</code>" (on run-from-RAM installs only), it really is much simpler to manage.
| |
| * '''It supports [http://linux-vserver.org/ Linux VServer]:''' You can run virtualized hosts on it, similar to FreeBSD Jails. You can even run them under a run-from-RAM install. Albeit, not very practical, but worth geek points!
| |
| | |
| == What Do I Need to Watch Out For? ==
| |
| | |
| * The package system is different. You need to learn about apk before you can manage a system effectively
| |
| * Everything is in RAM. You lose everything if you don't save your configs somewhere. You need to learn about lbu. Even then, keep in mind that by default lbu only backs up things in /etc. You can change this, but you need to know about lbu.
| |
| * OpenRC isn't like /etc/init.d. OpenRC makes things boot fast really fast. But you need to know how to get openrc to add your daemons to the startup process.
| |
| * We are engineers, not documenters. There's not alot of documentation out there. Well, there is - if you believe "RTFM" is documentation. We're working on it - and could use help! But in many cases, things are not documented as well as they should be.
| |
| | |
| == Why the Name Alpine? ==
| |
| | |
| Alpine originally stood for A Linux Powered Itegrated Network Engine. The idea was that the distro would be focused on networking, and be a tiny "engine" or framework to build bigger systems on. Today, Alpine lives up to that name. The first open source implementation of Cisco's DMVPN was written for Alpine Linux. Improvements to networking functions in the Linux Kernel have started from patches or needs from the Alpine Linux team.
| |
| | |
| On the other hand, there are a number of installations where Alpine Linux is used as the basis for enterprise servers running Postgresql, Postfix, Asterisk, Kamailio, iSCSI SAN. It is the little engine that could.
| |
| | |
| Anymore, Alpine is just a name.
| |