Alpine Linux in a chroot: Difference between revisions
(Add link to script alpine-chroot-install) |
Mckaygerhard (talk | contribs) (use bash, separate initialization runlevel, make note about install are not boot able) |
||
(13 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
Inside the chroot environment, you can build, debug, and run alpine packages or develop things. It's the most knowed way to do so if not wants to trash your main Alpine system. | |||
This | This document explains how to set up an [[Alpine_newbie#Developer|Alpine build environment]] in a chroot under a host Linux distro, can also be used to install Alpine Linux from a non-Alpine Linux livecd. | ||
== Requirements == | |||
* Working Linux instalation where to perform all the process | |||
* Linux kernel 2.6.22, with <code>wget</code> and <code>chroot</code> installed | |||
* target media with at least 100M, 900MB for more complete solution as minimum | |||
* internet connection | |||
== Prerequisites == | == Prerequisites == | ||
The variables below: | The variables below: | ||
*'''${chroot_dir}''' = Should point to the chroot directory where you | *'''${chroot_dir}''' = Should point to the chroot directory where you | ||
*'''${mirror}''' = Should be replaced with [http://nl.alpinelinux.org/alpine/MIRRORS.txt one of the available Alpine Linux mirrors]. | *'''${mirror}''' = Should be replaced with [http://nl.alpinelinux.org/alpine/MIRRORS.txt one of the available Alpine Linux mirrors]. | ||
*'''${arch}''' = Should be the cpu architecture like x86 (i386) or amd64(x86_64).. | |||
== Set up APK == | == Set up APK == | ||
Download the latest apk static package (replace <tt>${version}</tt> with actual version): | Download the latest apk static package (replace <tt>${version}</tt> with actual version): | ||
{{Cmd|wget ${mirror}/latest-stable/main/ | {{Cmd|wget ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk}} | ||
.apk packages are just gzipped tarballs, unpack using: | .apk packages are just gzipped tarballs, unpack using: | ||
Line 33: | Line 33: | ||
== Set up the chroot == | == Set up the chroot == | ||
Before made and enter into the chrooted system must be prepared with device nodes and tempfs : | |||
{{ | |||
===== Method 1.A fast way: using bind mount ===== | |||
{{Note|Mounts with bind, can mount in read-only the /dev at the alpine chroot so due limited will not touch the access time of the host system}} | |||
{{Cmd|mount /dev/ /alpine/dev/ --bind | |||
mount -o remount,ro,bind /alpine/dev | |||
}} | |||
If you need SCSI or R/W access only do the first command, mounting with "ro" makes more secure your chroot. | |||
===== Method 1.B manual way: creating need nodes ===== | |||
{{Warning|Manually creating devices will only provide those representation that you have created.. for auto availability use bind mounts}} | |||
{{Cmd|mknod -m 666 ${chroot_dir}/dev/full c 1 7 | {{Cmd|mknod -m 666 ${chroot_dir}/dev/full c 1 7 | ||
Line 53: | Line 66: | ||
mknod -m 666 ${chroot_dir}/dev/sda6 b 8 6 | mknod -m 666 ${chroot_dir}/dev/sda6 b 8 6 | ||
mknod -m 666 ${chroot_dir}/dev/sdb b 8 16 | mknod -m 666 ${chroot_dir}/dev/sdb b 8 16 | ||
mknod -m 666 ${chroot_dir}/dev/ | mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17 | ||
mknod -m 666 ${chroot_dir}/dev/ | mknod -m 666 ${chroot_dir}/dev/sdb2 b 8 18 | ||
mknod -m 666 ${chroot_dir}/dev/ | mknod -m 666 ${chroot_dir}/dev/sdb3 b 8 19 | ||
mknod -m 666 ${chroot_dir}/dev/ | mknod -m 666 ${chroot_dir}/dev/sdb4 b 8 20 | ||
mknod -m 666 ${chroot_dir}/dev/ | mknod -m 666 ${chroot_dir}/dev/sdb5 b 8 21 | ||
mknod -m 666 ${chroot_dir}/dev/ | mknod -m 666 ${chroot_dir}/dev/sdb6 b 8 22}} | ||
==== Made available proc and sys fs ==== | |||
{{Cmd|mount -t proc none ${chroot_dir}/proc | |||
mount -o bind /sys ${chroot_dir}/sys}} | |||
==== Make networking resolution access ==== | |||
A resolv.conf is needed for name resolution: | A resolv.conf is needed for name resolution: | ||
Line 66: | Line 86: | ||
If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other): | If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other): | ||
{{Cmd|echo -e 'nameserver | {{Cmd|echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf}} | ||
==== prepare the apk sources software ==== | |||
Set up APK mirror (replace <tt>${branch}</tt> with the latest stable branch name, e.g. v3.3): | Set up APK mirror (replace <tt>${branch}</tt> with the latest stable branch name, e.g. v3.3): | ||
Line 74: | Line 96: | ||
== Entering your chroot == | == Entering your chroot == | ||
{{Cmd| | {{Warning|At this point, Alpine has been succesfully installed onto the chroot directory '''but still not able to boot it'''. }} | ||
{{Cmd|chroot ${chroot_dir} /bin/bash -l}} | |||
==== Perform init process ==== | |||
Need to add some minimal initscripts to appropriate runlevels: | |||
{{Cmd|rc-update add devfs sysinit | {{Cmd|rc-update add devfs sysinit | ||
rc-update add dmesg sysinit | rc-update add dmesg sysinit | ||
Line 102: | Line 120: | ||
rc-update add savecache shutdown}} | rc-update add savecache shutdown}} | ||
If you are using Alpine as a Native build system you will have to make sure that chroot can run chmod. Add following to /etc/sysctl.conf | = Troubleshooting = | ||
== hardened kernels or alpine as chroot host == | |||
If you are using Alpine as a Native build system you will have to make sure that chroot can run chmod. Add following to <code>/etc/sysctl.conf</code> | |||
<code>kernel.grsecurity.chroot_deny_chmod = 0</code> | |||
Then run the following command | Then run the following command | ||
<code>sysctl -p</code> | |||
== | == chroot: cannot run command ' ... Exec format error == | ||
This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). If you plans to make chroot into another installation must use same arch for both host and hosted chrooted! | |||
Note that with '''one exception you can run 32 bit x86 chroot in x86_64, but not viceversa'''! | |||
== WARNING: Ignoring APKINDEX.xxxx.tar.gz == | == WARNING: Ignoring APKINDEX.xxxx.tar.gz == | ||
Make sure < | |||
Make sure <code>${chroot_dir}/etc/apk/repositories</code> is valid and inside the chroot run: | |||
<code>apk update</code> | |||
= External links = | |||
* You can also use script [https://github.com/alpinelinux/alpine-chroot-install/ alpine-chroot-install] | |||
* https://web.archive.org/web/20190808203313/https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/ | |||
* Alpine Linux in a chroot on Fedora : http://git.alpinelinux.org/cgit/user/fab/scripts/tree/alpine-chroot.sh script | |||
* Alpine Linux aarch64 in a chroot on AWS Linux : https://gist.github.com/emolitor/0567e51c0ce04f4b025fc78d2cf0b4f1 script | |||
[[Category:Installation]] | [[Category:Installation]] |
Revision as of 19:38, 15 August 2019
Inside the chroot environment, you can build, debug, and run alpine packages or develop things. It's the most knowed way to do so if not wants to trash your main Alpine system.
This document explains how to set up an Alpine build environment in a chroot under a host Linux distro, can also be used to install Alpine Linux from a non-Alpine Linux livecd.
Requirements
- Working Linux instalation where to perform all the process
- Linux kernel 2.6.22, with
wget
andchroot
installed - target media with at least 100M, 900MB for more complete solution as minimum
- internet connection
Prerequisites
The variables below:
- ${chroot_dir} = Should point to the chroot directory where you
- ${mirror} = Should be replaced with one of the available Alpine Linux mirrors.
- ${arch} = Should be the cpu architecture like x86 (i386) or amd64(x86_64)..
Set up APK
Download the latest apk static package (replace ${version} with actual version):
wget ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk
.apk packages are just gzipped tarballs, unpack using:
tar -xzf apk-tools-static-*.apk
Install the alpine base installation onto the chroot
./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted --root ${chroot_dir} --initdb add alpine-base
Set up the chroot
Before made and enter into the chrooted system must be prepared with device nodes and tempfs :
Method 1.A fast way: using bind mount
mount /dev/ /alpine/dev/ --bind mount -o remount,ro,bind /alpine/dev
If you need SCSI or R/W access only do the first command, mounting with "ro" makes more secure your chroot.
Method 1.B manual way: creating need nodes
mknod -m 666 ${chroot_dir}/dev/full c 1 7 mknod -m 666 ${chroot_dir}/dev/ptmx c 5 2 mknod -m 644 ${chroot_dir}/dev/random c 1 8 mknod -m 644 ${chroot_dir}/dev/urandom c 1 9 mknod -m 666 ${chroot_dir}/dev/zero c 1 5 mknod -m 666 ${chroot_dir}/dev/tty c 5 0
If you need SCSI disc access:
mknod -m 666 ${chroot_dir}/dev/sda b 8 0 mknod -m 666 ${chroot_dir}/dev/sda1 b 8 1 mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2 mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3 mknod -m 666 ${chroot_dir}/dev/sda4 b 8 4 mknod -m 666 ${chroot_dir}/dev/sda5 b 8 5 mknod -m 666 ${chroot_dir}/dev/sda6 b 8 6 mknod -m 666 ${chroot_dir}/dev/sdb b 8 16 mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17 mknod -m 666 ${chroot_dir}/dev/sdb2 b 8 18 mknod -m 666 ${chroot_dir}/dev/sdb3 b 8 19 mknod -m 666 ${chroot_dir}/dev/sdb4 b 8 20 mknod -m 666 ${chroot_dir}/dev/sdb5 b 8 21 mknod -m 666 ${chroot_dir}/dev/sdb6 b 8 22
Made available proc and sys fs
mount -t proc none ${chroot_dir}/proc mount -o bind /sys ${chroot_dir}/sys
Make networking resolution access
A resolv.conf is needed for name resolution:
cp /etc/resolv.conf ${chroot_dir}/etc/ mkdir -p ${chroot_dir}/root
If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other):
echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf
prepare the apk sources software
Set up APK mirror (replace ${branch} with the latest stable branch name, e.g. v3.3):
mkdir -p ${chroot_dir}/etc/apk echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories
Entering your chroot
chroot ${chroot_dir} /bin/bash -l
Perform init process
Need to add some minimal initscripts to appropriate runlevels:
rc-update add devfs sysinit rc-update add dmesg sysinit rc-update add mdev sysinit rc-update add hwclock boot rc-update add modules boot rc-update add sysctl boot rc-update add hostname boot rc-update add bootmisc boot rc-update add syslog boot rc-update add mount-ro shutdown rc-update add killprocs shutdown rc-update add savecache shutdown
Troubleshooting
hardened kernels or alpine as chroot host
If you are using Alpine as a Native build system you will have to make sure that chroot can run chmod. Add following to /etc/sysctl.conf
kernel.grsecurity.chroot_deny_chmod = 0
Then run the following command
sysctl -p
chroot: cannot run command ' ... Exec format error
This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). If you plans to make chroot into another installation must use same arch for both host and hosted chrooted!
Note that with one exception you can run 32 bit x86 chroot in x86_64, but not viceversa!
WARNING: Ignoring APKINDEX.xxxx.tar.gz
Make sure ${chroot_dir}/etc/apk/repositories
is valid and inside the chroot run:
apk update
External links
- You can also use script alpine-chroot-install
- https://web.archive.org/web/20190808203313/https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
- Alpine Linux in a chroot on Fedora : http://git.alpinelinux.org/cgit/user/fab/scripts/tree/alpine-chroot.sh script
- Alpine Linux aarch64 in a chroot on AWS Linux : https://gist.github.com/emolitor/0567e51c0ce04f4b025fc78d2cf0b4f1 script