Alpine Linux in a chroot
Inside the chroot environment, you can build, debug, and run Alpine packages or develop things. It's the most known way to do so without replacing your system or using a Virtual Machine. This document explains how to set up an Alpine build environment in a chroot under a host Linux distro, that can also be used to install Alpine Linux from a non-Alpine Linux system or live environment.
Requirements
- Working Linux instalation where to perform all the process
- Linux kernel 2.6.22, with
curl
andchroot
binary installed - target media with at least 100M, 900MB for more complete solution as minimum
- internet connection
Prerequisites
The variables below:
- ${chroot_dir} = Should point to the new root directory
- ${mirror} = Should be replaced with one of the available Alpine Linux mirrors.
- ${arch} = Should be the cpu architecture like x86 (i386) or amd64(x86_64)..
Set up APK
Download the latest apk static package (replace ${version} with actual version):
curl -LO ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk
.apk packages are just gzipped tarballs, you can unpack them using:
tar -xzf apk-tools-static-*.apk
Install the alpine base installation onto the chroot
./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted -p ${chroot_dir} --initdb add alpine-base
Seting up the chroot
Before you change root to the new directory, you need to create the required devices
Method 1.a Simple way: Using the host's /dev
mount -o bind /dev ${chroot_dir}/dev
Method 1.b Manual way: Creating needed nodes
mknod -m 666 ${chroot_dir}/dev/full c 1 7 mknod -m 666 ${chroot_dir}/dev/ptmx c 5 2 mknod -m 644 ${chroot_dir}/dev/random c 1 8 mknod -m 644 ${chroot_dir}/dev/urandom c 1 9 mknod -m 666 ${chroot_dir}/dev/zero c 1 5 mknod -m 666 ${chroot_dir}/dev/tty c 5 0
If you need SCSI disc access you can create the device nodes like this:
mknod -m 666 ${chroot_dir}/dev/sda b 8 0 mknod -m 666 ${chroot_dir}/dev/sda1 b 8 1 mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2 mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3 mknod -m 666 ${chroot_dir}/dev/sdb b 8 16 mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17
Make the process fs and /sys fs available
mount -t proc none ${chroot_dir}/proc mount -o bind /sys ${chroot_dir}/sys
Set up name resolution
A resolv.conf is needed for name resolution:
You can either copy your host's resolv.conf:
cp -L /etc/resolv.conf ${chroot_dir}/etc/
or instead you can create a new one (this example uses OpenDNS):
echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf
Prepare the APK repositories
Set up APK main repository (replace ${branch} with the latest stable branch name, e.g. v3.3):
mkdir -p ${chroot_dir}/etc/apk echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories
Entering your chroot
You then can enter your chroot by running this command as the root user (UID 0).
chroot ${chroot_dir} /bin/ash -l
Preparing init services
If you plan to use your chroot with a init system or setup a new system on another device you should add these services:
rc-update add devfs sysinit rc-update add dmesg sysinit rc-update add mdev sysinit rc-update add hwclock boot rc-update add modules boot rc-update add sysctl boot rc-update add hostname boot rc-update add bootmisc boot rc-update add syslog boot rc-update add mount-ro shutdown rc-update add killprocs shutdown rc-update add savecache shutdown
Troubleshooting
Hardened kernels or alpine as chroot host
If you are using Alpine as a native build system you will have to make sure that you can run chmod
from a chroot. Add the following to /etc/sysctl.conf
kernel.grsecurity.chroot_deny_chmod = 0
Then reload the sysctl configuration
sysctl -p
chroot: cannot run command ' ... Exec format error
This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). The binaries must be built for the architecture that the host runs!
Note that with one exception you can run 32 bit x86 chroot in x86_64, but not viceversa!
WARNING: Ignoring APKINDEX.xxxx.tar.gz
Make sure ${chroot_dir}/etc/apk/repositories
is valid and run:
apk update
External links
- You can also use script alpine-chroot-install
- https://web.archive.org/web/20190808203313/https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
- Alpine Linux in a chroot on Fedora : https://git.alpinelinux.org/cgit/user/fab/scripts/tree/alpine-chroot.sh script
- Alpine Linux aarch64 in a chroot on AWS Linux : https://gist.github.com/emolitor/0567e51c0ce04f4b025fc78d2cf0b4f1 script