Alpine Linux:About: Difference between revisions
No edit summary |
|||
Line 1: | Line 1: | ||
[[Image:knotes.svg|96px|left|link=]] | [[Image:knotes.svg|96px|left|link=]] | ||
{{TOC right}} | {{TOC right}} | ||
Alpine Linux is a community developed operating system designed for x86 | Alpine Linux is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers. | ||
Alpine Linux is and always will be '''free of charge'''. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing. | Alpine Linux is and always will be '''free of charge'''. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing. | ||
Alpine Linux was designed with security in mind. It has '''proactive security''' features | Alpine Linux was designed with security in mind. It has '''proactive security''' features such as, [[http://en.wikipedia.org/wiki/PaX PaX]] and [[http://en.wikipedia.org/wiki/Stack-smashing_protection SSP]], that prevent security holes from being exploited. | ||
Alpine Linux uses the C library [[http://en.wikipedia.org/wiki/UClibc uClibc]] and all of the base tools from [[http://en.wikipedia.org/wiki/BusyBox BusyBox]]. These are normally found in embedded systems and are '''smaller''' than the tools found in GNU/Linux systems. | |||
== Why Another Distribution? == | == Why Another Distribution? == |
Revision as of 16:51, 4 August 2010
Alpine Linux is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.
Alpine Linux is and always will be free of charge. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing.
Alpine Linux was designed with security in mind. It has proactive security features such as, [PaX] and [SSP], that prevent security holes from being exploited.
Alpine Linux uses the C library [uClibc] and all of the base tools from [BusyBox]. These are normally found in embedded systems and are smaller than the tools found in GNU/Linux systems.
Why Another Distribution?
Alpine Linux started as a fork of the LEAF project. The active project members of that team want to continue to make a Linux distribution that runs off a single floppy. And we think that's great. However, our needs required squid, DansGuardian, Samba, and a slew of other heavyweight applications - so we ended up with a set of packages that fit on a CD ROM.
The LEAF concept of "run from RAM" has a number of appealing features, especially on a firewall:
- If your configs are all on a floppy, an upgrade is as simple a burning a new CD and rebooting
- If your configs are all on a write-protected floppy, recovering from root-kits is as simple as rebooting.
On the other hand, there were some things we wanted to experiment with that weren't easy in the LEAF build environment at the time:
- Complete build-from source environment (e.g. gentoo-style build world)
- 2.6.x Kernel Support
- Stack-Smashing support from GCC
- PAX kernel security
- Better package manager, with dependencies, upgrade path, pre and post install scripts, etc.
The project started from that point. Our goal, however, has always been to be as simple as possible, keeping things very small. Alpine Linux won't quite fit on a floppy disk today - but it certainly runs from a 32MB USB stick.
What's It Like?
It started out Gentoo style, but it is self-hosting now. The network configuration is similar to Debian. If you've used a busybox based system before, it is pretty good. The Alpine developers have contributed a number of enhancements to busybox to make the system run like any other.
But it is a busybox-based system. By default, there are no manpages; busybox applets don't have all the features of the real applications, etc. So you will run into situations where things don't run like they do on a "real" linux system. When you get to those situations, remember these two things:
- The base install is a good firewall/router - there's nothing there except the basics. You can probably get what you need using the tools that are there - although crudely. ( sh / awk / sed / grep can do everything Perl can do... Really.)
- Alpine has a complete set of packages. But you need to explicitly choose what you want to install.
Why Should I Try It?
We're partial, of course. But here's a few reasons
- You can run from USB Stick and have a very usable machine in less than 10 minutes.
- Its great for experimentation. Since the config system stores all the configs, you can take that file to a larger server later and extract the configs there.
- It is more secure. When The Linux 0day vmsplice vulnerability was causing admins everwhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion.
- Its simple. Really. Once you get past the package manager, and the fact that stuff doesn't get saved if you don't do a lbu commit - it really is much simpler to manage.
- It supports vserver. You can have virtualized hosts running under a run-from-RAM OS. Not very pratical, but worth geek points!
What Do I Need to Watch Out For?
- The package system is different. You need to learn about apk before you can manage a system effectively
- Everything is in RAM. You lose everything if you don't save your configs somewhere. You need to learn about lbu. Even then, keep in mind that by default lbu only backs up things in /etc. You can change this, but you need to know about lbu.
- OpenRC isn't like /etc/init.d. OpenRC makes things boot fast really fast. But you need to know how to get openrc to add your daemons to the startup process.
- We are engineers, not documenters. There's not alot of documentation out there. Well, there is - if you believe "RTFM" is documentation. We're working on it - and could use help! But in many cases, things are not documented as well as they should be.
Why the Name Alpine?
Alpine originally stood for A Linux Powered Itegrated Network Engine. The idea was that the distro would be focused on networking, and be a tiny "engine" or framework to build bigger systems on. Today, Alpine lives up to that name. The first open source implementation of Cisco's DMVPN was written for Alpine Linux. Improvements to networking functions in the Linux Kernel have started from patches or needs from the Alpine Linux team.
On the other hand, there are a number of installations where Alpine Linux is used as the basis for enterprise servers running Postgresql, Postfix, Asterisk, Kamailio, iSCSI SAN. It is the little engine that could.
Anymore, Alpine is just a name.