Alpine Linux:About: Difference between revisions

From Alpine Linux
No edit summary
(70% Done Updating)
Line 1: Line 1:
[[Image:knotes.svg|96px|left|link=]]
[[Image:knotes.svg|96px|left|link=]]
{{TOC right}}
{{TOC right}}
Alpine Linux is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.
'''Alpine Linux''' is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.


Alpine Linux is and always will be '''free of charge'''. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing.
Alpine Linux is and always will be '''free of charge'''. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing.


Alpine Linux was designed with security in mind. It has '''proactive security''' features such as, [[http://en.wikipedia.org/wiki/PaX PaX]] and [[http://en.wikipedia.org/wiki/Stack-smashing_protection SSP]], that prevent security holes from being exploited.
Alpine Linux was designed with security in mind. It has '''proactive security''' features, such as [http://en.wikipedia.org/wiki/PaX PaX] and [http://en.wikipedia.org/wiki/Stack-smashing_protection SSP], that prevent security holes from being exploited.


Alpine Linux uses the C library [[http://en.wikipedia.org/wiki/UClibc uClibc]] and all of the base tools from [[http://en.wikipedia.org/wiki/BusyBox BusyBox]]. These are normally found in embedded systems and are '''smaller''' than the tools found in GNU/Linux systems.
Alpine Linux uses the [http://en.wikipedia.org/wiki/UClibc uClibc] C library and all of the base tools from [http://en.wikipedia.org/wiki/BusyBox BusyBox]. These are normally found on embedded systems and are '''smaller''' than the tools found on GNU/Linux systems.


== Why Another Distribution? ==
== Why Another Distribution? ==


Alpine Linux started as a fork of the LEAF project. The active project members of that team want to continue to make a Linux distribution that runs off a single floppy. And we think that's great. However, our needs required squid, DansGuardian, Samba, and a slew of other heavyweight applications - so we ended up with a set of packages that fit on a CD ROM.
To answer that question, we must look to the origins of Alpine Linux.
 
Alpine Linux began life as a fork of the [http://en.wikipedia.org/wiki/LEAF_Project LEAF Project]. The active members of the LEAF Project wanted to continue making a Linux distribution that ran off of a single floppy disk — and we think that's great — however, our needs required [http://en.wikipedia.org/wiki/Squid_%28software%29 Squid], [http://en.wikipedia.org/wiki/DansGuardian DansGuardian], [http://en.wikipedia.org/wiki/Samba_%28software%29 Samba], and a slew of other heavyweight applications. So, we ended up with a set of packages that fit on a CD-ROM.


The LEAF concept of "run from RAM" has a number of appealing features, especially on a firewall:
The LEAF concept of "run from RAM" has a number of appealing features, especially on a firewall:


* If your configs are all on a floppy, an upgrade is as simple a burning a new CD and rebooting
* If your configs are all on a floppy, an upgrade is as simple as burning a new CD and rebooting.
* If your configs are all on a write-protected floppy, recovering from root-kits is as simple as rebooting.
* If your configs are all on a write-protected floppy, recovering from a root-kit is as simple as rebooting.


On the other hand, there were some things we wanted to experiment with that weren't easy in the LEAF build environment at the time:
On the other hand, there were some things that we wanted to experiment with that weren't easy in the LEAF build environment at the time, such as:


* Complete build-from source environment (e.g. gentoo-style build world)
* Complete build-from-source environment (e.g. Gentoo-style build world)
* 2.6.x Kernel Support
* 2.6.x Kernel Support
* Stack-Smashing support from GCC
* [http://en.wikipedia.org/wiki/Stack-smashing_protection Stack-Smashing support] from GCC
* PAX kernel security
* [http://en.wikipedia.org/wiki/PaX PaX] kernel security
* Better package manager, with dependencies, upgrade path, pre and post install scripts, etc.
* Better package management with dependencies, upgrade path, pre- and post-install scripts, etc.


The project started from that point. Our goal, however, has always been to be as simple as possible, keeping things very small. Alpine Linux won't quite fit on a floppy disk today - but it certainly runs from a 32MB USB stick.
The project started from there. Our goal, however, has always been to be as simple as possible, keeping things very small. Alpine Linux won't quite fit on a floppy disk today, but it certainly runs from a 32MB USB stick.


== What's It Like? ==
== What's It Like? ==


It started out Gentoo style, but it is self-hosting now. The network configuration is similar to Debian. If you've used a busybox based system before, it is pretty good. The Alpine developers have contributed a number of enhancements to busybox to make the system run like any other.
It started out Gentoo-style, but is now self-hosting. The network configuration is similar to Debian. If you've ever used a BusyBox-based system before, it's pretty good. The Alpine developers have contributed a number of enhancements to BusyBox, in an effort to make the system run like any other.


But it is a busybox-based system. By default, there are no manpages; busybox applets don't have all the features of the real applications, etc. So you will run into situations where things don't run like they do on a "real" linux system. When you get to those situations, remember these two things:
As it is a BusyBox-based system, there are no manpages by default; BusyBox applets do not have all of the features of their real counterparts. So, you will run into situations where things don't run like they do on a "real" Linux system. When you get into those situations, remember these two things:


* The base install is a good firewall/router - there's nothing there except the basics. You can probably get what you need using the tools that are there - although crudely. ( sh / awk / sed / grep can do everything Perl can do... Really.)
* The base installation is good enough for a firewall/router; there's nothing there except the basics. You can probably get what you need out of it using the tools that are there, although crudely. ( sh / awk / sed / grep can do everything Perl can do... Really.)
* Alpine has a complete set of packages. But you need to explicitly choose what you want to install.
* Alpine has a complete set of packages, but you will need to explicitly choose what you wish to install.


== Why Should I Try It? ==
== Why Should I Try It? ==


We're partial, of course. But here's a few reasons
We're partial, of course, but here are a few reasons:


* You can run from USB Stick and have a very usable machine in less than 10 minutes.
* '''It's quick:''' You can run it from a USB stick and have a very usable system in less than 10 minutes.
* Its great for experimentation. Since the config system stores all the configs, you can take that file to a larger server later and extract the configs there.
* '''It's great for experimenting:''' Since the configuration system stores everything in one file, you can take that file to a larger server and extract the configuration there.
* It is more secure. When The Linux 0day vmsplice vulnerability was causing admins everwhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion.
* '''It's more secure:''' When The Linux 0-day vmsplice vulnerability was causing admins everywhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion.
* Its simple. Really. Once you get past the package manager, and the fact that stuff doesn't get saved if you don't do a lbu commit - it really is much simpler to manage.
* '''It's simple:''' Once you get past the package management, and the fact that changes are not saved unless you do a "<code>lbu commit</code>" (on run-from-RAM installs only), it really is much simpler to manage.
* It supports vserver. You can have virtualized hosts running under a run-from-RAM OS. Not very pratical, but worth geek points!
* '''It supports [http://linux-vserver.org/ Linux VServer]:''' You can run virtualized hosts on it, similar to FreeBSD Jails. You can even run them under a run-from-RAM install. Albeit, not very practical, but worth geek points!


== What Do I Need to Watch Out For? ==
== What Do I Need to Watch Out For? ==

Revision as of 18:29, 4 August 2010

Alpine Linux is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.

Alpine Linux is and always will be free of charge. You do not pay any licensing fees. You can download, use and share Alpine Linux with anyone for absolutely nothing.

Alpine Linux was designed with security in mind. It has proactive security features, such as PaX and SSP, that prevent security holes from being exploited.

Alpine Linux uses the uClibc C library and all of the base tools from BusyBox. These are normally found on embedded systems and are smaller than the tools found on GNU/Linux systems.

Why Another Distribution?

To answer that question, we must look to the origins of Alpine Linux.

Alpine Linux began life as a fork of the LEAF Project. The active members of the LEAF Project wanted to continue making a Linux distribution that ran off of a single floppy disk — and we think that's great — however, our needs required Squid, DansGuardian, Samba, and a slew of other heavyweight applications. So, we ended up with a set of packages that fit on a CD-ROM.

The LEAF concept of "run from RAM" has a number of appealing features, especially on a firewall:

  • If your configs are all on a floppy, an upgrade is as simple as burning a new CD and rebooting.
  • If your configs are all on a write-protected floppy, recovering from a root-kit is as simple as rebooting.

On the other hand, there were some things that we wanted to experiment with that weren't easy in the LEAF build environment at the time, such as:

  • Complete build-from-source environment (e.g. Gentoo-style build world)
  • 2.6.x Kernel Support
  • Stack-Smashing support from GCC
  • PaX kernel security
  • Better package management with dependencies, upgrade path, pre- and post-install scripts, etc.

The project started from there. Our goal, however, has always been to be as simple as possible, keeping things very small. Alpine Linux won't quite fit on a floppy disk today, but it certainly runs from a 32MB USB stick.

What's It Like?

It started out Gentoo-style, but is now self-hosting. The network configuration is similar to Debian. If you've ever used a BusyBox-based system before, it's pretty good. The Alpine developers have contributed a number of enhancements to BusyBox, in an effort to make the system run like any other.

As it is a BusyBox-based system, there are no manpages by default; BusyBox applets do not have all of the features of their real counterparts. So, you will run into situations where things don't run like they do on a "real" Linux system. When you get into those situations, remember these two things:

  • The base installation is good enough for a firewall/router; there's nothing there except the basics. You can probably get what you need out of it using the tools that are there, although crudely. ( sh / awk / sed / grep can do everything Perl can do... Really.)
  • Alpine has a complete set of packages, but you will need to explicitly choose what you wish to install.

Why Should I Try It?

We're partial, of course, but here are a few reasons:

  • It's quick: You can run it from a USB stick and have a very usable system in less than 10 minutes.
  • It's great for experimenting: Since the configuration system stores everything in one file, you can take that file to a larger server and extract the configuration there.
  • It's more secure: When The Linux 0-day vmsplice vulnerability was causing admins everywhere to upgrade their kernels post-haste, Alpine Linux systems were basically impervious. Yes, the code crashed the application, but the PaX protection prevented system compromise. The value of PaX and SSP has been proven on more than one occasion.
  • It's simple: Once you get past the package management, and the fact that changes are not saved unless you do a "lbu commit" (on run-from-RAM installs only), it really is much simpler to manage.
  • It supports Linux VServer: You can run virtualized hosts on it, similar to FreeBSD Jails. You can even run them under a run-from-RAM install. Albeit, not very practical, but worth geek points!

What Do I Need to Watch Out For?

  • The package system is different. You need to learn about apk before you can manage a system effectively
  • Everything is in RAM. You lose everything if you don't save your configs somewhere. You need to learn about lbu. Even then, keep in mind that by default lbu only backs up things in /etc. You can change this, but you need to know about lbu.
  • OpenRC isn't like /etc/init.d. OpenRC makes things boot fast really fast. But you need to know how to get openrc to add your daemons to the startup process.
  • We are engineers, not documenters. There's not alot of documentation out there. Well, there is - if you believe "RTFM" is documentation. We're working on it - and could use help! But in many cases, things are not documented as well as they should be.

Why the Name Alpine?

Alpine originally stood for A Linux Powered Itegrated Network Engine. The idea was that the distro would be focused on networking, and be a tiny "engine" or framework to build bigger systems on. Today, Alpine lives up to that name. The first open source implementation of Cisco's DMVPN was written for Alpine Linux. Improvements to networking functions in the Linux Kernel have started from patches or needs from the Alpine Linux team.

On the other hand, there are a number of installations where Alpine Linux is used as the basis for enterprise servers running Postgresql, Postfix, Asterisk, Kamailio, iSCSI SAN. It is the little engine that could.

Anymore, Alpine is just a name.