Alpine Linux in a chroot: Difference between revisions
Mckaygerhard (talk | contribs) (remove newbie reference to stop the discussion) |
(Add Tip for alpine-chroot-install to a visible place) |
||
Line 3: | Line 3: | ||
Inside the chroot environment, you can build, debug, and run Alpine packages or develop things. It's the most known way to do so without replacing your system or using a Virtual Machine. | Inside the chroot environment, you can build, debug, and run Alpine packages or develop things. It's the most known way to do so without replacing your system or using a Virtual Machine. | ||
This document explains how to set up an Alpine build environment in a chroot under a host Linux distro, that can also be used to install Alpine Linux from a non-Alpine Linux system or live environment. | This document explains how to set up an Alpine build environment in a chroot under a host Linux distro, that can also be used to install Alpine Linux from a non-Alpine Linux system or live environment. | ||
{{Tip|You can use the [https://github.com/alpinelinux/alpine-chroot-install/ alpine-chroot-install] script to do all these steps for you.}} | |||
== Requirements == | == Requirements == |
Revision as of 16:48, 1 October 2022
Inside the chroot environment, you can build, debug, and run Alpine packages or develop things. It's the most known way to do so without replacing your system or using a Virtual Machine. This document explains how to set up an Alpine build environment in a chroot under a host Linux distro, that can also be used to install Alpine Linux from a non-Alpine Linux system or live environment.
Requirements
- Working Linux instalation where to perform all the process
- Linux kernel 2.6.22, with
curl
andchroot
binary installed - target media with at least 100M, 900MB for more complete solution as minimum
- internet connection
Prerequisites
The variables below:
- ${chroot_dir} = Should point to the new root directory
- ${mirror} = Should be replaced with one of the available Alpine Linux mirrors.
- ${arch} = Should be the cpu architecture like x86 (i386) or amd64(x86_64)..
Set up APK
Download the latest apk static package (replace ${version} with actual version):
curl -LO ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk
.apk packages are just gzipped tarballs, you can unpack them using:
tar -xzf apk-tools-static-*.apk
Install the alpine base installation onto the chroot
./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted -p ${chroot_dir} --initdb add alpine-base
Seting up the chroot
Before you change root to the new directory, you need to create the required devices
Method 1.a Simple way: Using the host's /dev
mount -o bind /dev ${chroot_dir}/dev
Method 1.b Manual way: Creating needed nodes
mknod -m 666 ${chroot_dir}/dev/full c 1 7 mknod -m 666 ${chroot_dir}/dev/ptmx c 5 2 mknod -m 644 ${chroot_dir}/dev/random c 1 8 mknod -m 644 ${chroot_dir}/dev/urandom c 1 9 mknod -m 666 ${chroot_dir}/dev/zero c 1 5 mknod -m 666 ${chroot_dir}/dev/tty c 5 0
If you need SCSI disc access you can create the device nodes like this:
mknod -m 666 ${chroot_dir}/dev/sda b 8 0 mknod -m 666 ${chroot_dir}/dev/sda1 b 8 1 mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2 mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3 mknod -m 666 ${chroot_dir}/dev/sdb b 8 16 mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17
Make the process fs and /sys fs available
mount -t proc none ${chroot_dir}/proc mount -o bind /sys ${chroot_dir}/sys
Set up name resolution
A resolv.conf is needed for name resolution:
You can either copy your host's resolv.conf:
cp -L /etc/resolv.conf ${chroot_dir}/etc/
or instead you can create a new one (this example uses OpenDNS):
echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf
Prepare the APK repositories
Set up APK main repository (replace ${branch} with the latest stable branch name, e.g. v3.3):
mkdir -p ${chroot_dir}/etc/apk echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories
Entering your chroot
You then can enter your chroot by running this command as the root user (UID 0).
chroot ${chroot_dir} /bin/ash -l
Preparing init services
If you plan to use your chroot with a init system or setup a new system on another device you should add these services:
rc-update add devfs sysinit rc-update add dmesg sysinit rc-update add mdev sysinit rc-update add hwclock boot rc-update add modules boot rc-update add sysctl boot rc-update add hostname boot rc-update add bootmisc boot rc-update add syslog boot rc-update add mount-ro shutdown rc-update add killprocs shutdown rc-update add savecache shutdown
Troubleshooting
Hardened kernels or alpine as chroot host
If you are using Alpine as a native build system you will have to make sure that you can run chmod
from a chroot. Add the following to /etc/sysctl.conf
kernel.grsecurity.chroot_deny_chmod = 0
Then reload the sysctl configuration
sysctl -p
chroot: cannot run command ' ... Exec format error
This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). The binaries must be built for the architecture that the host runs!
Note that with one exception you can run 32 bit x86 chroot in x86_64, but not viceversa!
WARNING: Ignoring APKINDEX.xxxx.tar.gz
Make sure ${chroot_dir}/etc/apk/repositories
is valid and run:
apk update
External links
- You can also use script alpine-chroot-install
- https://web.archive.org/web/20190808203313/https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
- Alpine Linux in a chroot on Fedora : http://git.alpinelinux.org/cgit/user/fab/scripts/tree/alpine-chroot.sh script
- Alpine Linux aarch64 in a chroot on AWS Linux : https://gist.github.com/emolitor/0567e51c0ce04f4b025fc78d2cf0b4f1 script