Alpine Linux in a chroot: Difference between revisions
No edit summary |
Mckaygerhard (talk | contribs) (property explain why we need to use or not mount dev as bind) |
||
| Line 34: | Line 34: | ||
Set up some devices in the chroot | Set up some devices in the chroot | ||
==== fast way: using bind mount ==== | |||
{{Warning|Mounts with bind, can mount in read-only the /dev at the alpine chroot so due limited will not touch the access time of the host system}} | |||
{{Cmd|mount /dev/ /alpine/dev/ --bind | |||
mount -o remount,ro,bind /alpine/dev | |||
}} | |||
If you need SCSI or R/W access only do the first command, mounting with "ro" makes more secure your chroot. | |||
==== manual way: creating need nodes ==== | |||
{{Tip|Manually creating devices is not needed if you choose to mount /dev of the hosts in the chroot described later.}} | {{Tip|Manually creating devices is not needed if you choose to mount /dev of the hosts in the chroot described later.}} | ||
| Line 59: | Line 72: | ||
mknod -m 666 ${chroot_dir}/dev/sdb5 b 8 21 | mknod -m 666 ${chroot_dir}/dev/sdb5 b 8 21 | ||
mknod -m 666 ${chroot_dir}/dev/sdb6 b 8 22}} | mknod -m 666 ${chroot_dir}/dev/sdb6 b 8 22}} | ||
==== make networking resolution access ==== | |||
A resolv.conf is needed for name resolution: | A resolv.conf is needed for name resolution: | ||
| Line 67: | Line 82: | ||
If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other): | If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other): | ||
{{Cmd|echo -e 'nameserver 208.67.222.222\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf}} | {{Cmd|echo -e 'nameserver 208.67.222.222\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf}} | ||
==== prepare the apk sources software ==== | |||
Set up APK mirror (replace <tt>${branch}</tt> with the latest stable branch name, e.g. v3.3): | Set up APK mirror (replace <tt>${branch}</tt> with the latest stable branch name, e.g. v3.3): | ||
| Line 74: | Line 91: | ||
== Entering your chroot == | == Entering your chroot == | ||
At this point, Alpine has been succesfully installed onto the chroot directory. Before you chroot in you | At this point, Alpine has been succesfully installed onto the chroot directory. Before you chroot in you | ||
will probably want to mount /proc and /sys in the chroot: | will probably want to mount /proc and /sys in the chroot: | ||
| Line 129: | Line 147: | ||
{{Cmd|apk update}} | {{Cmd|apk update}} | ||
= External links | |||
* https://web.archive.org/web/20190808203313/https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/ | |||
[[Category:Installation]] | [[Category:Installation]] | ||
Revision as of 20:55, 8 August 2019
This document explains how to set up an Alpine build environment in a chroot under a different Linux distro, such as Arch, Debian, Fedora, Gentoo, or Ubuntu. Once inside the chroot environment, you can build, debug, and run alpine packages. The guide can also be used to install Alpine Linux from a non-Alpine Linux livecd such as Ubuntu or System rescue CD.
This example installation of Alpine Linux in a chroot will work with the latest release. But it's also possible to make a chroot with edge or older releases of Alpine Linux to test backports.
You can also use script alpine-chroot-install that simplifies this process to just two commands. This script is useful especially on CI environment (e.g. Travis CI).
Requirements
For the base Alpine Linux you will only need around 6MB of free space; though to build packages you'll need at least 500 MB.
Prerequisites
The variables below:
- ${chroot_dir} = Should point to the chroot directory where you
- ${mirror} = Should be replaced with one of the available Alpine Linux mirrors.
Set up APK
Download the latest apk static package (replace ${version} with actual version):
wget ${mirror}/latest-stable/main/x86_64/apk-tools-static-${version}.apk
.apk packages are just gzipped tarballs, unpack using:
tar -xzf apk-tools-static-*.apk
Install the alpine base installation onto the chroot
./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted --root ${chroot_dir} --initdb add alpine-base
Set up the chroot
Set up some devices in the chroot
fast way: using bind mount
mount /dev/ /alpine/dev/ --bind mount -o remount,ro,bind /alpine/dev
If you need SCSI or R/W access only do the first command, mounting with "ro" makes more secure your chroot.
manual way: creating need nodes
mknod -m 666 ${chroot_dir}/dev/full c 1 7 mknod -m 666 ${chroot_dir}/dev/ptmx c 5 2 mknod -m 644 ${chroot_dir}/dev/random c 1 8 mknod -m 644 ${chroot_dir}/dev/urandom c 1 9 mknod -m 666 ${chroot_dir}/dev/zero c 1 5 mknod -m 666 ${chroot_dir}/dev/tty c 5 0
If you need SCSI disc access:
mknod -m 666 ${chroot_dir}/dev/sda b 8 0 mknod -m 666 ${chroot_dir}/dev/sda1 b 8 1 mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2 mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3 mknod -m 666 ${chroot_dir}/dev/sda4 b 8 4 mknod -m 666 ${chroot_dir}/dev/sda5 b 8 5 mknod -m 666 ${chroot_dir}/dev/sda6 b 8 6 mknod -m 666 ${chroot_dir}/dev/sdb b 8 16 mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17 mknod -m 666 ${chroot_dir}/dev/sdb2 b 8 18 mknod -m 666 ${chroot_dir}/dev/sdb3 b 8 19 mknod -m 666 ${chroot_dir}/dev/sdb4 b 8 20 mknod -m 666 ${chroot_dir}/dev/sdb5 b 8 21 mknod -m 666 ${chroot_dir}/dev/sdb6 b 8 22
make networking resolution access
A resolv.conf is needed for name resolution:
cp /etc/resolv.conf ${chroot_dir}/etc/ mkdir -p ${chroot_dir}/root
If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other):
echo -e 'nameserver 208.67.222.222\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf
prepare the apk sources software
Set up APK mirror (replace ${branch} with the latest stable branch name, e.g. v3.3):
mkdir -p ${chroot_dir}/etc/apk echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories
Entering your chroot
At this point, Alpine has been succesfully installed onto the chroot directory. Before you chroot in you will probably want to mount /proc and /sys in the chroot:
mount -t proc none ${chroot_dir}/proc mount -o bind /sys ${chroot_dir}/sys
If you don't want to create special device files yourself, mount the hosts device directory onto the chroot:
mount -o bind /dev ${chroot_dir}/dev
You can now chroot:
chroot ${chroot_dir} /bin/sh -l
To make the system actually bootable, we need to add some initscripts to appropriate runlevels:
rc-update add devfs sysinit rc-update add dmesg sysinit rc-update add mdev sysinit rc-update add hwclock boot rc-update add modules boot rc-update add sysctl boot rc-update add hostname boot rc-update add bootmisc boot rc-update add syslog boot rc-update add mount-ro shutdown rc-update add killprocs shutdown rc-update add savecache shutdown
Alpine Linux has a great meta-package for building Alpine packages from source available called alpine-sdk. To install, run:
apk add alpine-sdk
If you are using Alpine as a Native build system you will have to make sure that chroot can run chmod. Add following to /etc/sysctl.conf
kernel.grsecurity.chroot_deny_chmod = 0
Then run the following command
sysctl -p
Alpine Linux in a chroot on Fedora
If you want to generate a chroot on a Fedora based system, you can use this script.
Alpine Linux aarch64 in a chroot on AWS Linux
If you want to generate a aarch64 chroot on most systems you can use this script.
Troubleshooting
WARNING: Ignoring APKINDEX.xxxx.tar.gz
Make sure ${chroot_dir}/etc/apk/repositories is valid and inside the chroot run:
apk update
= External links