Alpine Linux:Ideas: Difference between revisions
Ginjachris (talk | contribs) |
Ginjachris (talk | contribs) |
||
Line 47: | Line 47: | ||
== Security == | == Security == | ||
=== Protection against cold boot attacks === | === Protection against cold boot attacks === | ||
This is a subject that pages can be written about and everyone has a different opinion. AFAIK there's no real protection against it if your machine is powered on and unattended. Nonetheless limited protection could be afforded by overwriting RAM with zero's or random data whenever a reboot, halt or poweroff command is issued. [ | This is a subject that pages can be written about and everyone has a different opinion. AFAIK there's no real protection against it if your machine is powered on and unattended. Nonetheless limited protection could be afforded by overwriting RAM with zero's or random data whenever a reboot, halt or poweroff command is issued. '''Raised under [http://bugs.alpinelinux.org/issues/2534 Feature #2534]''' | ||
=== sysctl.conf changes === | === sysctl.conf changes === |
Revision as of 09:11, 31 December 2013
This is the place to put feature requests and share ideas for Alpine. From these we'll create tickets in the issue tracking system. Discussions of ideas should probably take place on the Alpine-Devel mailing list, but feel free to use the discussion function of the wiki too.
Package manager
Ideas for apk-tools.
plugin for curl
A dlopened() download plugin that is linked to curl, which is used for remote repositories. By having it as a plugin we dont need libcurl in the initramfs.
wget (current behaviour) could be used as a fallback.
Booting
Booting from net
Priority: low
Provide ip address and remote hostname as kernel parameter and run directly from network. The only thing needed for this would probably be a special initramfs image.
Not sure how useful it would be, but it would be cool.
Installer
Installer templates
Have some "templates", or presseeds or something similar so you can easily install a lot of alpine boxes.
Installer for headless installs
Installer that would create a bootable iso/usbdrive + a working config. Could be written in wxWidgets so it could be run from either Windows or Linux.
Autorun program/script on CD
Could be nice with an autorun program that will be executed when cd is inserted in a windows computer. It could have a menu with the following options:
- create boot floppy for CDROM
- create boot floppy for USB
- install Alpine on an USB drive
Network installs
This is in-tie with headless installing and (at least for me) it's the big white elephant missing feature: to be able to run a server-based remote install of a system without any manual intervention. It might need an upgrade or the hardware could have been replaced after a failure. Driving there and reinstalling packages is a no-go in some places.
(Look at kickstart + cobbler + koan for RHEL as examples). If such a feature is ever add *please* make it compatible to something existing, i.e. even ubuntu is running with cobbler now).
20:46, 1 January 2012 (UTC)
Infrastructure
Package database
A database with all the packages and their status.
Possibility to rate/vote packages? Some easy way for users to give feedback on what packages they think we should focus on.
Security
Protection against cold boot attacks
This is a subject that pages can be written about and everyone has a different opinion. AFAIK there's no real protection against it if your machine is powered on and unattended. Nonetheless limited protection could be afforded by overwriting RAM with zero's or random data whenever a reboot, halt or poweroff command is issued. Raised under Feature #2534
sysctl.conf changes
It seems by default many security features are already enabled, a few not enabled (checked on alpine 2.7.0) that would be a good idea to turn on are:
- TOCTOU prevention
- rfc1337
- magic-sysreq
I've already documented these on the sysctl.conf wiki page. Maybe we could enable these by default in new installs? Also, it would potentially be a good idea to enable the IPv6 privacy extensions via sysctl.conf, for those that do use IPv6. Ginjachris (talk) 08:16, 21 November 2013 (UTC)
Package suggestions
acf-unbound
An ACF interface for unbound DNS server would be awesome :) Ginjachris (talk) 11:23, 21 November 2013 (UTC)
wget
is it possible to have wget compiled for https support (i believe this adds openssl as a dependency; maybe this will increase size too much? See what people think....) Ginjachris (talk) 11:23, 21 November 2013 (UTC)
macchanger
Adding macchanger (github page) package would be cool Ginjachris (talk) 11:23, 21 November 2013 (UTC)
darkhttpd
darkhttpd is a lightweight http server for static content supporting http version 1.1 and automatically provides directory listings. It's also capable of very easily running as a daemon and in a chroot. Would make an excellent replacement to lighttpd for an Alpine mirror. An openrc service file would be great too! Ginjachris (talk) 11:26, 27 December 2013 (UTC)