Alpine Linux:About
Alpine Linux is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.
Alpine Linux is and always will be free of charge. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing.
Alpine Linux was designed with security in mind. It has proactive security features, such as PaX and SSP, that prevent security holes from being exploited.
Alpine Linux uses the uClibc C library and all of the base tools from BusyBox. These are normally found on embedded systems and are smaller than the tools found on GNU/Linux systems.
Why Should I Try It?
We're partial, of course, but here are a few reasons:
- It's quick: You can run it from a USB stick and have a very usable system in less than 10 minutes.
- It's great for experimenting: Since the configuration can be backed up to a single file, you will be able to test new configurations before installing them on a production system. (See Alpine Local Backup.)
- It's more secure: When The Linux 0-day vmsplice vulnerability was causing admins everywhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion.
- It's simple: Once you get past the package management, and the fact that changes are not saved unless you do a "
lbu commit
" (on run-from-RAM installs, only), it really is much simpler to manage. - It supports Linux VServer: You can run virtualized hosts on it, similar to FreeBSD Jails. (You can even run them in a run-from-RAM install, and although it's not very practical, it is worth geek points!)
What's It Like?
It started out Gentoo-style, but is now self-hosting. The network configuration is similar to Debian. If you've ever used a BusyBox-based system before, it's pretty good. The Alpine developers have contributed a number of enhancements to BusyBox, in an effort to make the system run like any other.
As it is a BusyBox-based system, there are no manpages by default; BusyBox applets do not have all of the features of their real counterparts. So, you will run into situations where things don't run like they do on a "real" Linux system. When you run into those situations, just remember these two things:
- The base installation is small enough for a firewall/router; there's nothing there except the basics. You can probably get what you need out of it using the tools that are there, although crudely. (sh / awk / sed / grep can do everything Perl can do... Really.)
- Alpine has a complete set of packages, but you will need to explicitly choose what you wish to install.
What Should I Know?
In addition to basic UNIX management, you should know that...
- Alpine Linux uses apk-tools for its package management system. You will need to learn about
apk
before you can effectively manage the system. - Alpine Linux uses OpenRC for its init system. You will need to know how to add services to the OpenRC startup process.
- Alpine Linux uses the Alpine Local Backup Utility (
lbu
), primarily on run-from-RAM installs; you use it so you don't lose everything between reboots, but it can also be used to copy a new, tested and working configuration to a production system. You should know thatlbu
will only backup things in/etc
by default.
You should also know that we are engineers, not documenters. There's not alot of documentation out there (yet). We are working on it, but could use the help. So in many cases, things are not documented as well as they should be.
How did Alpine Linux Begin?
Alpine Linux began life as a fork of the LEAF Project. The active members of the LEAF Project wanted to continue making a Linux distribution that ran off of a single floppy disk — and we think that's great — however, our needs required Squid, DansGuardian, Samba, and a slew of other heavyweight applications. So, we ended up with a set of packages that fit onto a CD-ROM.
The LEAF concept of "run from RAM" has a number of appealing features, especially for a firewall:
- If your configs are all on a floppy, an upgrade is as simple as burning a new CD and rebooting.
- If your configs are all on a write-protected floppy, recovering from a root-kit is as simple as rebooting.
On the other hand, there were some things that we wanted to experiment with that wasn't easy to do in the LEAF build environment at that time, such as:
- A Complete Build-from-Source Environment (e.g. Gentoo-Style Build World)
- 2.6.x Kernel Support
- Stack-Smashing Support (SSP) in GCC
- PaX Kernel Security
- Better package management with dependencies, upgrade path, pre- and post-install scripts, etc.
And so the project began. Our goals, however, have always been to keep it as simple and small as possible. Alpine Linux won't fit onto a floppy disk today, but it certainly runs from a 64MB USB stick.
Why the Name Alpine?
Alpine originally stood for A Linux Powered Integrated Network Engine. The idea was that the distro would be focused on networking, and be a tiny "engine" or framework upon which larger systems could be built. Today, Alpine lives up to that name. The first open source implementation of Cisco's DMVPN, called OpenNHRP, was written for Alpine Linux. Improvements to networking functions in the Linux Kernel have started from patches and the needs of the Alpine Linux team.
In addition to its use as a firewall/router, Alpine Linux is also used in a number of installations as the basis for enterprise servers, running software such as PostgreSQL, Postfix, Asterisk, Kamailio, and being used for iSCSI SANs. It is the little engine that could.
Nowadays, Alpine is just a name.