I was making a matrix of releases and features, one of which is “MUSL” (or alternatively uClibc) build for small fast secure operation. Usually those two alternative libraries are used for things like embedded systems or routers. Places where size matters rather a lot since they are often very starved for hardware. Many still use 16 bit chips and memory measured in megs.
There are a few desktop systems built with them too, but often that is “experimental”. One is Sabotage, that is a port of Linux From Scratch (LFS) using MUSL and with an abhorrence of the HFS (file system name space standard). As I’m rather fond of already knowing where things are located, moving them all around again on theoretical grounds (good though they may be) doesn’t excite me much… I may yet build Sabotage just to experience it, but learning yet another package manager and having yet another place where “everything you know is wrong” on name space is low on my ‘Oh Boy!’ list…
While digging around there, I found that Alpine Linux is already built on MUSL. Not only that, it has a hardened kernel build. They have a default “run from memory” mode and use OpenRC, not systemd. They have a port that runs on the Raspberry Pi. Since all of those are things I wanted, it is an obvious place to try.
From their “about” tab:
Alpine Linux is an independent, non-commercial, general purpose Linux distribution designed for power users who appreciate security, simplicity and resource efficiency.
Alpine Linux is built around musl libc and busybox. This makes it smaller and more resource efficient than traditional GNU/Linux distributions. A container requires no more than 8 MB and a minimal installation to disk requires around 130 MB of storage. Not only do you get a fully-fledged Linux environment but a large selection of packages from the repository.
Binary packages are thinned out and split, giving you even more control over what you install, which in turn keeps your environment as small and efficient as possible.
Alpine Linux is a very simple distribution that will try to stay out of your way. It uses its own package manager called apk, the OpenRC init system, script driven set-ups and that’s it! This provides you with a simple, crystal-clear Linux environment without all the noise. You can then add on top of that just the packages you need for your project, so whether it’s building a home PVR, or an iSCSI storage controller, a wafer-thin mail server container, or a rock-solid embedded switch, nothing else will get in the way.
Alpine Linux was designed with security in mind. The kernel is patched with grsecurity/PaX out of the box, and all userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and other vulnerabilities.
Essentially, the first cluster of my goals for a linux. It would be far far easier to start from their base rather than redo all of that myself, and likely me doing it less well. They state that historically they had begun as a Gentoo fork (or copy), which was also a strong candidate for me too. All in all, highly promising.
So I installed it, following the directions here:
The install is very fast and very easy. Essentially download a tarball of about 79 MB, extract it onto a Fat32 formatted SD card, stick that in the Pi and boot.
No, you don’t need to pay attention to Pi or Pi Model 2, it figures it out… Well, you need to use the right SD or micro-SD for your box…
I installed it on a crappy PNY 8 MB class 4 card (that failed to boot Raspbian…) since that was what I had empty. It booted and ran fine and fast.
There are some config steps you go through, listed on their page, but nothing particularly hard. The major thing was just how startlingly fast it was at booting, at handling packages, et everything. All this with a 200 ish MB memory footprint including running from a RAM disk!
If nothing else, it is a stellar proof of concept for a small fast secure distribution based on MUSL and with a hardened kernel.
It has Yet Another Package Manager. Called “apk”. it is sort of like pacman and sort of like apt-get and sort of like… but seems to work well. Doing an “apk add FOO” on a few things was OK and very very fast. But really, we can’t standardize on one package manager name with optional flags?
The biggest issue for me was that the directions for Setting Up X and getting xfce desktop running didn’t work. Typing “startx” gave me a black screen and a locked up system (well, it might have been running, but with monitor, keyboard, and mouse out of action…) For further debugging, I’ll need to set up a second box so I can rsh into it to kill the X process when it locks the screen… Sigh.
OTOH, while I rate my desire to do debugging of X-windows problems slightly below tooth extractions, root canals, and playing on fire ant hills, it is a lot less work than starting a port from near scratch to end up debugging your own X-windows problems… At least some folks have gotten it to to work already on Alpine.
I found one chat log from late 2015 where one of the developers said, in response to someone relating troubles, “getting a desktop going in Alpine is a labor of love”…
As it stands now, I’m very impressed with Alpine for its stated goal of headless and embedded systems. I will most likely covert my Pi B+ to it as my DNS and misc. server since it always runs headless anyway.
Over time, I’m slowly going to whack on it when there’s nothing immediate on the plate, to see if I can find the formula to make lxde or xfce or whatever desktop run.
However, at the present moment, it is too “user hostile” for setting up a desktop for use by the average Joe or Jane. Since one of my goals is a completely “cook book” install with as much as possible built locally from source code if desired, my present first target is unlikely to be Alpine. (But who knows, I might discover some simple PIBKAC error in the install and be all over it tomorrow…)
As of now, the most likely candidates are Slackware and LFS. LFS has a small lead since it has a CLFS version based on MUSL already running. Slackware comes with “distcc” already built and installed (!) so clearly has a head start in the area of “built to build”, but I’m still working on their build packages system (slackbuilds). It does a lot of ‘from source’ stuff, but it is all user driven with hand reconciliation of dependencies… Not a NOOBS kind of thing. LFS is “follow the cookbook” clean, though with fewer options and packages. Decisions decisions… More on that in another post later.
OK, enough on that. Alpine is impressive kit inside their stated domain, “needs work” on the desktop front. I’m gonna whack on it at medium low priority over time. IF it had a larger user base, it would be a simple web search, but as a low usage distro, especially on the Pi, that didn’t turn over much. So up to me, if slowly. Anyone else wants to “run out ahead”, feel free. I’m going to try a LFS build next and see how many months it takes ;-)