Alpine Linux
Encyclopedia
Alpine Linux is a Linux distribution
based on uClibc
and BusyBox
, which has the goal of being lightweight and secure by default
while still being useful for general-purpose tasks. Alpine Linux uses PaX
and grsecurity
patches in the default kernel and compiles all packages with stack-smashing protection
. It is primarily designed for x86 Routers, Firewalls, VPNs, VoIP and servers.
. The members of LEAF wanted to continue making a Linux distribution that could fit on a single floppy disk, whereas the Alpine Linux wished to include some more heavyweight packages such as Squid and Samba, as well as additional security features and a newer kernel. One of the original goals was to create a framework for larger systems; although usable for this purpose, this is no longer a primary goal.
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
based on uClibc
UClibc
In computing, uClibc is a small C standard library intended for embedded Linux systems. uClibc was created to support uClinux, a version of Linux not requiring a memory management unit and thus suited for microcontrollers .The project lead is Erik Andersen. The other main contributor is Manuel...
and BusyBox
BusyBox
BusyBox provides several stripped-down Unix tools in a single executable. It runs in a variety of POSIX environments such as Linux, Android, FreeBSD and others, such as proprietary kernels, although many of the tools it provides are designed to work with interfaces provided by the Linux kernel. It...
, which has the goal of being lightweight and secure by default
Secure by default
Security by default, in software, means that the default configuration settings are the most secure settings possible, which are not necessarily the most user friendly settings. In many cases, security and user friendliness is waged based on both risk analysis and usability tests. This leads to the...
while still being useful for general-purpose tasks. Alpine Linux uses PaX
PaX
PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000.PaX flags data memory as...
and grsecurity
Grsecurity
grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in computer systems that accept remote connections from untrusted locations, such as web servers and systems offering shell access to its users.Released under the GNU General...
patches in the default kernel and compiles all packages with stack-smashing protection
Stack-smashing protection
Buffer overflow protection refers to various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables as they occur and preventing them from becoming serious security vulnerabilities...
. It is primarily designed for x86 Routers, Firewalls, VPNs, VoIP and servers.
History
Originally, Alpine Linux began as a fork of the LEAF projectLEAF Project
The LEAF Project is a collection of Linux distributions that began as a fork from the the Linux Router Project "linux-on-a-floppy" distribution...
. The members of LEAF wanted to continue making a Linux distribution that could fit on a single floppy disk, whereas the Alpine Linux wished to include some more heavyweight packages such as Squid and Samba, as well as additional security features and a newer kernel. One of the original goals was to create a framework for larger systems; although usable for this purpose, this is no longer a primary goal.
Features
- Package management: Alpine uses the its own package management system, apk-tools, which originally was a collection of shell scipts but was later rewritten in C. Alpine currently contains most commonly used packages such as GNOMEGNOMEGNOME is a desktop environment and graphical user interface that runs on top of a computer operating system. It is composed entirely of free and open source software...
, XfceXfceXfce is a free software desktop environment for Unix and other Unix-like platforms, such as Linux, Solaris, and BSD – though recent compatibility issues have arisen with regard to BSD Unix platforms...
, Firefox, and others. However, some packages, such as KDEKDEKDE is an international free software community producing an integrated set of cross-platform applications designed to run on Linux, FreeBSD, Microsoft Windows, Solaris and Mac OS X systems...
, have not been ported yet. - Running from RAM: By default, Alpine Linux is a run-from-ram distribution. The LBU (Local BackUp) tool optionally allows all configuration files to be backed up to an APK overlay file (usually shortened to apkovl), a tar.gz file that by default stores a copy of all changed files in /etc (with the option to add more directories).
- Security: PaXPaXPaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000.PaX flags data memory as...
and grsec are included in the default Alpine Linux kernel, which aids in reducing the impact from exploits similar to the vmsplice local root exploit. All packages are also compiled with stack-smashing protection to help mitigate the effects of userland buffer overflowBuffer overflowIn computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
s. - Size: the base system in Alpine Linux is designed to be only 4-5MB in size (excluding the kernel).
- Alpine Configuration Framework (ACF): While optional, ACF is an application for configuring an Alpine Linux machine, with goals similar to DebianDebianDebian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
's debconfDebconf (software package)debconf is a software utility for performing system-wide configuration tasks on Unix-like operating systems. It is developed for the Debian GNU/Linux distribution, and is closely integrated with Debian's package management system, dpkg....
. - C standard libraryC standard libraryThe C Standard Library is the standard library for the programming language C, as specified in the ANSI C standard.. It was developed at the same time as the C POSIX library, which is basically a superset of it...
: Alpine Linux uses uClibcUClibcIn computing, uClibc is a small C standard library intended for embedded Linux systems. uClibc was created to support uClinux, a version of Linux not requiring a memory management unit and thus suited for microcontrollers .The project lead is Erik Andersen. The other main contributor is Manuel...
instead of the traditional glibc most commonly used. Although lighter weight, it does have the significant drawback of being binary incompatible with glibc. Thus, all software must be compiled for use with uClibc to work properly.