Alpine Linux in a chroot: Difference between revisions

From Alpine Linux
(Category:Installation)
(use bash, separate initialization runlevel, make note about install are not boot able)
(42 intermediate revisions by 11 users not shown)
Line 1: Line 1:
This document explains how to set up an Alpine build environment in a chroot under a "normal" Linux distro, such as Arch, Debian, Fedora, Gentoo, or Ubuntu. Once inside the chroot environment, you can build, debug, and run alpine packages.
Inside the chroot environment, you can build, debug, and run alpine packages or develop things. It's the most knowed way to do so if not wants to trash your main Alpine system.
 
This document explains how to set up an [[Alpine_newbie#Developer|Alpine build environment]] in a chroot under a host Linux distro, can also be used to install Alpine Linux from a non-Alpine Linux livecd.


== Requirements ==
== Requirements ==
You will need a few gigabytes of free disk space to have enough space for kernel compiling and storing all the binary packages.


== Creating the installation ==
* Working Linux instalation where to perform all the process
This example installation of Alpine Linux in a chroot will work with the lastest release. But it's also possible to make a chroot with '''[[Edge|edge]]''' or older releases of Alpine Linux to test backports.
* Linux kernel 2.6.22, with <code>wget</code> and <code>chroot</code> installed
* target media with at least 100M, 900MB for more complete solution as minimum
* internet connection
 
== Prerequisites ==
 
The variables below:


'''Note:''' The variables below:
*'''${chroot_dir}''' = Should point to the chroot directory where you
*'''${mirror}''' = Should be replaced with [http://nl.alpinelinux.org/alpine/MIRRORS.txt one of the available Alpine Linux mirrors].
*'''${arch}''' =  Should be the cpu architecture like x86 (i386) or amd64(x86_64)..


*'''${build_dir}''' = You can name it whatever you like.
== Set up APK ==
*'''${mirror}''' = Should be replaced with one of the available Alpine Linux mirrors.


Choose a mirror from the [http://dl-2.alpinelinux.org/alpine/MIRRORS.txt mirror list].
Download the latest apk static package (replace <tt>${version}</tt> with actual version):


Let's start by getting the latest apk static package:
{{Cmd|wget ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk}}


{{Tip|In the command below, replace x86_64 with x86 if running on a 32bit installation}}
.apk packages are just gzipped tarballs, unpack using:
{{Cmd|tar -xzf apk-tools-static-*.apk}}


{{Warning|You will need Kernel version 2.6.22 or later to use apk-tools-static}}
== Install the alpine base installation onto the chroot ==


{{Cmd|wget http://dl-3.alpinelinux.org/alpine/v2.3/main/x86_64/apk-tools-static-2.2.5-r0.apk}}
{{Cmd|./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted --root ${chroot_dir} --initdb add alpine-base}}


Unpack the tarball
== Set up the chroot ==
{{Cmd|tar -xzf apk-tools-static-2.2.5-r0.apk}}


We are setting up a basic chroot:  
Before made and enter into the chrooted system must be prepared with device nodes and tempfs :


{{Cmd|mkdir ${build_dir}
===== Method 1.A fast way: using bind mount =====
sudo ./sbin/apk.static -X ${mirror}/v2.3/main -U --allow-untrusted --root ${build_dir} --initdb add alpine-base alpine-sdk
mkdir -p ./${build_dir}/proc}}


Lets setup our needed devices:
{{Note|Mounts with bind, can mount in read-only the /dev at the alpine chroot so due limited will not touch the  access time of the host system}}


{{Cmd|sudo mknod -m 666 ./${build_dir}/dev/full c 1 7
{{Cmd|mount /dev/ /alpine/dev/ --bind
sudo mknod -m 666 ./${build_dir}/dev/ptmx c 5 2
mount -o remount,ro,bind /alpine/dev
sudo mknod -m 644 ./${build_dir}/dev/random c 1 8
}}
sudo mknod -m 644 ./${build_dir}/dev/urandom c 1 9
sudo mknod -m 666 ./${build_dir}/dev/zero c 1 5
sudo mknod -m 666 ./${build_dir}/dev/tty c 5 0}}
seems as /dev/null is wrong


{{Cmd|sudo rm -f ./${build_dir}/dev/null && sudo mknod -m 666 ./${build_dir}/dev/null c 1 3}}
If you need SCSI or R/W access only do the first command, mounting with "ro" makes more secure your chroot.


We need a resolv.conf is needed for the DNS servers and the /root directory:  
===== Method 1.B manual way: creating need nodes =====


{{Cmd|sudo cp /etc/resolv.conf ./${build_dir}/etc/
{{Warning|Manually creating devices will only provide those representation that you have created.. for auto availability use bind mounts}}
mkdir -p ./${build_dir}/root}}


If you don't want to copy the resolv.conf from the local machine, create this file with your DNS server entry.
{{Cmd|mknod -m 666 ${chroot_dir}/dev/full c 1 7
{{Cmd|echo 'nameserver 8.8.8.8' >/etc/resolv.conf}}
mknod -m 666 ${chroot_dir}/dev/ptmx c 5 2
mknod -m 644 ${chroot_dir}/dev/random c 1 8
mknod -m 644 ${chroot_dir}/dev/urandom c 1 9
mknod -m 666 ${chroot_dir}/dev/zero c 1 5
mknod -m 666 ${chroot_dir}/dev/tty c 5 0}}


We are setting up APK mirrors:  
If you need SCSI disc access:


{{Cmd|sudo mkdir -p ./${build_dir}/etc/apk
{{Cmd|mknod -m 666 ${chroot_dir}/dev/sda b 8 0
echo "${mirror}/v2.3/main" > ./${build_dir}/etc/apk/repositories}}
mknod -m 666 ${chroot_dir}/dev/sda1 b 8 1
mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2
mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3
mknod -m 666 ${chroot_dir}/dev/sda4 b 8 4
mknod -m 666 ${chroot_dir}/dev/sda5 b 8 5
mknod -m 666 ${chroot_dir}/dev/sda6 b 8 6
mknod -m 666 ${chroot_dir}/dev/sdb b 8 16
mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17
mknod -m 666 ${chroot_dir}/dev/sdb2 b 8 18
mknod -m 666 ${chroot_dir}/dev/sdb3 b 8 19
mknod -m 666 ${chroot_dir}/dev/sdb4 b 8 20
mknod -m 666 ${chroot_dir}/dev/sdb5 b 8 21
mknod -m 666 ${chroot_dir}/dev/sdb6 b 8 22}}
 
==== Made available proc and sys fs ====
 
{{Cmd|mount -t proc none ${chroot_dir}/proc
mount -o bind /sys ${chroot_dir}/sys}}
 
==== Make networking resolution access ====
 
A resolv.conf is needed for name resolution:
 
{{Cmd|cp /etc/resolv.conf ${chroot_dir}/etc/
mkdir -p ${chroot_dir}/root}}
 
If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other):
{{Cmd|echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf}}
 
==== prepare the apk sources software ====
 
Set up APK mirror (replace <tt>${branch}</tt> with the latest stable branch name, e.g. v3.3):
 
{{Cmd|mkdir -p ${chroot_dir}/etc/apk
echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories}}


== Entering your chroot ==
== Entering your chroot ==
After the installation you should be able to enter your chroot:


<!-- Don't we need to mount more, as in Arch instructions? Also should explain how to cleanly exit the chroot. -->
{{Warning|At this point, Alpine has been succesfully installed onto the chroot directory '''but still not able to boot it'''. }}
 
{{Cmd|chroot ${chroot_dir} /bin/bash -l}}
 
==== Perform init process ====
 
Need to add some minimal initscripts to appropriate runlevels:
 
{{Cmd|rc-update add devfs sysinit
rc-update add dmesg sysinit
rc-update add mdev sysinit


{{Cmd|sudo mount --bind /proc ./${build_dir}/proc
rc-update add hwclock boot
sudo chroot ./${build_dir} /bin/sh -l}}
rc-update add modules boot
rc-update add sysctl boot
rc-update add hostname boot
rc-update add bootmisc boot
rc-update add syslog boot


If you are using Alpine as a Native build system you will have to make sure that chroot can run chmod. Add following to /etc/sysctl.conf
rc-update add mount-ro shutdown
rc-update add killprocs shutdown
rc-update add savecache shutdown}}


kernel.grsecurity.chroot_deny_chmod = 0
 
= Troubleshooting =
 
== hardened kernels or alpine as chroot host ==
 
If you are using Alpine as a Native build system you will have to make sure that chroot can run chmod. Add following to <code>/etc/sysctl.conf</code>
 
<code>kernel.grsecurity.chroot_deny_chmod = 0</code>


Then run the following command
Then run the following command


{{Cmd|sysctl -p}}
<code>sysctl -p</code>
 
 
== chroot: cannot run command ' ... Exec format error ==
 
This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). If you plans to make chroot into another installation must use same arch for both host and hosted chrooted!
 
Note that with '''one exception you can run 32 bit x86 chroot in x86_64, but not viceversa'''!
 
== WARNING: Ignoring APKINDEX.xxxx.tar.gz ==
 
Make sure <code>${chroot_dir}/etc/apk/repositories</code> is valid and inside the chroot run:


== Alpine Linux in a chroot on Fedora ==
<code>apk update</code>


If you want to generate a chroot on a Fedora based system, you can use this [http://git.alpinelinux.org/cgit/fab/scripts/tree/alpine-chroot.sh script].
= External links =


{{Note|Maybe you are able to use this script on other distribution but this is not tested.}}
* You can also use script [https://github.com/alpinelinux/alpine-chroot-install/ alpine-chroot-install]
* https://web.archive.org/web/20190808203313/https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
* Alpine Linux in a chroot on Fedora : http://git.alpinelinux.org/cgit/user/fab/scripts/tree/alpine-chroot.sh script
* Alpine Linux aarch64 in a chroot on AWS Linux : https://gist.github.com/emolitor/0567e51c0ce04f4b025fc78d2cf0b4f1 script


[[Category:Installation]]
[[Category:Installation]]

Revision as of 19:38, 15 August 2019

Inside the chroot environment, you can build, debug, and run alpine packages or develop things. It's the most knowed way to do so if not wants to trash your main Alpine system.

This document explains how to set up an Alpine build environment in a chroot under a host Linux distro, can also be used to install Alpine Linux from a non-Alpine Linux livecd.

Requirements

  • Working Linux instalation where to perform all the process
  • Linux kernel 2.6.22, with wget and chroot installed
  • target media with at least 100M, 900MB for more complete solution as minimum
  • internet connection

Prerequisites

The variables below:

  • ${chroot_dir} = Should point to the chroot directory where you
  • ${mirror} = Should be replaced with one of the available Alpine Linux mirrors.
  • ${arch} = Should be the cpu architecture like x86 (i386) or amd64(x86_64)..

Set up APK

Download the latest apk static package (replace ${version} with actual version):

wget ${mirror}/latest-stable/main/${arch}/apk-tools-static-${version}.apk

.apk packages are just gzipped tarballs, unpack using:

tar -xzf apk-tools-static-*.apk

Install the alpine base installation onto the chroot

./sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted --root ${chroot_dir} --initdb add alpine-base

Set up the chroot

Before made and enter into the chrooted system must be prepared with device nodes and tempfs :

Method 1.A fast way: using bind mount
Note: Mounts with bind, can mount in read-only the /dev at the alpine chroot so due limited will not touch the access time of the host system

mount /dev/ /alpine/dev/ --bind mount -o remount,ro,bind /alpine/dev

If you need SCSI or R/W access only do the first command, mounting with "ro" makes more secure your chroot.

Method 1.B manual way: creating need nodes
Warning: Manually creating devices will only provide those representation that you have created.. for auto availability use bind mounts


mknod -m 666 ${chroot_dir}/dev/full c 1 7 mknod -m 666 ${chroot_dir}/dev/ptmx c 5 2 mknod -m 644 ${chroot_dir}/dev/random c 1 8 mknod -m 644 ${chroot_dir}/dev/urandom c 1 9 mknod -m 666 ${chroot_dir}/dev/zero c 1 5 mknod -m 666 ${chroot_dir}/dev/tty c 5 0

If you need SCSI disc access:

mknod -m 666 ${chroot_dir}/dev/sda b 8 0 mknod -m 666 ${chroot_dir}/dev/sda1 b 8 1 mknod -m 666 ${chroot_dir}/dev/sda2 b 8 2 mknod -m 666 ${chroot_dir}/dev/sda3 b 8 3 mknod -m 666 ${chroot_dir}/dev/sda4 b 8 4 mknod -m 666 ${chroot_dir}/dev/sda5 b 8 5 mknod -m 666 ${chroot_dir}/dev/sda6 b 8 6 mknod -m 666 ${chroot_dir}/dev/sdb b 8 16 mknod -m 666 ${chroot_dir}/dev/sdb1 b 8 17 mknod -m 666 ${chroot_dir}/dev/sdb2 b 8 18 mknod -m 666 ${chroot_dir}/dev/sdb3 b 8 19 mknod -m 666 ${chroot_dir}/dev/sdb4 b 8 20 mknod -m 666 ${chroot_dir}/dev/sdb5 b 8 21 mknod -m 666 ${chroot_dir}/dev/sdb6 b 8 22

Made available proc and sys fs

mount -t proc none ${chroot_dir}/proc mount -o bind /sys ${chroot_dir}/sys

Make networking resolution access

A resolv.conf is needed for name resolution:

cp /etc/resolv.conf ${chroot_dir}/etc/ mkdir -p ${chroot_dir}/root

If you don't want to copy the resolv.conf from the local machine, you can create a new one using OpenDNS servers (or any other):

echo -e 'nameserver 8.8.8.8\nnameserver 2620:0:ccc::2' > ${chroot_dir}/etc/resolv.conf

prepare the apk sources software

Set up APK mirror (replace ${branch} with the latest stable branch name, e.g. v3.3):

mkdir -p ${chroot_dir}/etc/apk echo "${mirror}/${branch}/main" > ${chroot_dir}/etc/apk/repositories

Entering your chroot

Warning: At this point, Alpine has been succesfully installed onto the chroot directory but still not able to boot it.


chroot ${chroot_dir} /bin/bash -l

Perform init process

Need to add some minimal initscripts to appropriate runlevels:

rc-update add devfs sysinit rc-update add dmesg sysinit rc-update add mdev sysinit rc-update add hwclock boot rc-update add modules boot rc-update add sysctl boot rc-update add hostname boot rc-update add bootmisc boot rc-update add syslog boot rc-update add mount-ro shutdown rc-update add killprocs shutdown rc-update add savecache shutdown


Troubleshooting

hardened kernels or alpine as chroot host

If you are using Alpine as a Native build system you will have to make sure that chroot can run chmod. Add following to /etc/sysctl.conf

kernel.grsecurity.chroot_deny_chmod = 0

Then run the following command

sysctl -p


chroot: cannot run command ' ... Exec format error

This usually indicates that you booted with one architecture (e.g. armf) and are trying to chroot into another (e.g. x86_64). If you plans to make chroot into another installation must use same arch for both host and hosted chrooted!

Note that with one exception you can run 32 bit x86 chroot in x86_64, but not viceversa!

WARNING: Ignoring APKINDEX.xxxx.tar.gz

Make sure ${chroot_dir}/etc/apk/repositories is valid and inside the chroot run:

apk update

External links