DocumentationSystemOperating system

Operating system

We configure the PC and install Alpine Linux operating system.

Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox.

To make this guide as universal as possible, it uses only standard POSIX compliant commands. As a result, it should work smoothly with a personal computer while still being compatible with most other hardware platforms running a POSIX compliant shell.

Which operating system to use?

We use Alpine Linux. This provides the best stability for the PC and makes the initial setup a breeze.

Alpine Linux is available for most hardware platforms. There is so little need for hardware that can run in a router.

Requirements

AlpineUbuntu
RAM128MB1GB
Storage700MB2.5GB

Source(s):

Security

Alpine Linux is small, it has a minimal attack surface. Less code leads to fewer bugs and vulnerabilities but does not make it more secure.

Alpine Linux says it is more secure because of all user-land binaries:

  • Are compiled as Position Independent Executables (PIE)
  • Has Stack-Smashing Protection (SSP) enabled by default

Thus, preventing the exploitation of zero-day and other vulnerabilities. PIE achieves this in an interesting way. It loads itself (and its dependencies) into random locations within virtual memory. Stack Smashing Protection helps detect stack buffer overruns. SSP makes return-oriented programming attacks much more difficult to execute.

Ubuntu has also implemented PIE by default as of 17.10 for all architectures in the Ubuntu archive. Also, Ubuntu has stack protection enabled on the Kernel.

Additionally, Ubuntu is bundled with a complete set of GNU C libraries and standard tools. And, since GNU Compiler Collection contains roughly 15 million code lines (as of 2019). You can thus understand that with a large library comes the overhead of maintaining.

At the time of writing:

CVE Details reported 6 CVEs for Alpine Linux and 90 for Ubuntu. Searching a CVE Mitre, “Alpine Linux” finds 10 CVE records, while “Ubuntu” finds 7063 CVE records.

Source(s):

Core components

musl libc vs. GNU glibc

musl libc is a complete rewrite of C and provides a clean, modern code-base. As a result, musl libc is lightweight and requires about 600 KB vs. GNU, which requires about 10 MB. Furthermore, musl libc is best-suited in corner cases, especially with threading. Low memory or other resource-exhaustion conditions are never fatal to musl libc. Finally, musl libc provides first-class support for UTF-8/multilingual text.

Source(s):

BusyBox vs. GNU Core Utils

BusyBox combines small versions of common UNIX utilities into a single executable. And it provides a minimalist replacement for most utilities you use. It also contains tools from GNU Coreutils, util-linux, and others. The utilities in BusyBox generally have fewer options than GNU Core Utils. But the options provide the same expected functionality. And BusyBox should behave similarly to GNU Core Utils. BusyBox removes some GNU extensions, localization data, and more.

GNU Utilities provides many more tools, and it is backward compatible. Of course, this makes it more extensive and complex than BusyBox. You can install GNU Core Utils on Alpine Linux if needed.

Source(s):

APK vs. APT

Ubuntu uses APT for package management. Hence, software installation and removal are handled via the apt utility. On the other hand, Alpine uses the APK for package management. Thus, software installation is handled by the apk add utility. Similarly, apk del can be used to remove a package. Thus, both the APK and APT utilities function similarly.

Here are some of the differences when using these commands:

APT (Ubuntu)APK (Alpine)
Updateapt updateapk update
Adding packageapt install pkg1 pkg2apk add pkg1 pkg2
Reinstall packageapt install --reinstall pkgapk del pkg; apk add pkg
Searchapt-cache search keywordapk search keyword
Remove packageapt remove pkgapk del pkg

APK is faster than APT. APT is resource-intensive as it takes three reads and two write operations. APK, almost always, completes before other package managers. The APK process requires only one read and one write.

Ash vs. Dash

Ubuntu uses Debian Almquist’s shell (Dash). The Almquist shell (also known as ash or sh) is used on Alpine Linux. Ash is more lightweight than Dash. Dash and Ash are not 100% compatible, but you would rarely encounter inconsistencies.

Source:

Flash Alpine Linux image to USB/SD

Microbolt has currently been tested using Alpine Linux 3.20 on a x86_64 architecture, it has not been tested on other distributions, architectures or older versions and there is no guarantee that it will work well on them

Download Alpine Linux by going to the official website

https://alpinelinux.org/downloads/

UsuallyPCRaspberry Pi {3,4,5}
versionstandardraspberry pi
architecturex86_64aarch64

There’s also official cloud images here, use at your own risk

Connect the USB/SD to your host computer

Flash it

dd if=<iso-file> of=<target-device> bs=4M; eject <target-device>

Start your computer

  • Plug in the USB/SD to your computer
  • Attach a screen, a keyboard, and an ethernet cable
  • Enter to the BIOS setup or boot menu and select the USB/SD you flashed

Some computers have an option to start automatically after a power loss, it is interesting to enable it if you want to make sure your node is available as soon as possible in your absence

Alpine Linux installation

Alpine Linux can be used in any of the following three modes

Diskless mode

You’ll boot from read-only medium such as the installation CD, a USB drive, or a Compact Flash card.

When you use Alpine in this mode, you need to use Alpine Local Backup (lbu) to save your modifications between reboots. That requires some writable medium, usually removable. (If your boot medium is, for example, a USB drive, you can save modifications there; you don’t need a separate partition or drive.) See also Local APK cache.

Data mode

As in diskless mode, your OS is run from a read-only medium. However, here a writable partition (usually on a hard disk) is used to store the data in /var. That partition is accessed directly, rather than copied into a tmpfs; so this is better-suited to uses where large amounts of data need to be preserved between reboots.

Sys mode

This is a traditional hard-disk install. Both the boot system and your modifications are written to the hard disk, in a standard Linux hierarchy.

  • Login with root user (no password needed)

  • Setup environment variables, defaults are:

Defaults are not needed to setup, this block of code are for references if you want to customize your installation

export BOOT_SIZE=100 #Size of the boot partition in MB; defaults to 100
export SWAP_SIZE= #Size of the swap volume in MB; set to 0 to disable swap
export ROOTFS=ext4 #Filesystem for / volume; supported: ext{2,3,4} btrfs xfs
export BOOTFS=ext4 #Filesystem for /boot volume; supported: ext{2,3,4} btrfs xfs
export VARFS=ext4 #Filesystem for /var volume; supported: ext{2,3,4} btrfs xfs
export BOOTLOADER=syslinux #Bootloader to use; supported: grub syslinux zipl
export DISKLABEL=dos #Disklabel to use; supported: dos gpt eckd
  • Execute setup-alpine

Enter the following into the prompt of the installer:

Keymap

Select keyboard layout: none (or whatever suits your preference)

Hostname

Enter system hostname nakamoto01

Interface

Which one do you want to initialize? eth0

Ip address for eth0? dhcp (or whatever suits your preference)

Do you want to do any manual network configuration? n

Root Password

New password: changeme

Retype password: changeme

Timezone

Which timezone are you in? UTC (or whatever suits your preference)

Proxy

HTTP/FTP proxy URL? none (or whatever suits your preference)

Network Time Protocol

Which NTP client to run? busybox (or whatever suits your preference)

APK Mirror

Enter mirror number or URL: c

Enter mirror number or URL: f (or whatever suits your preference)

User

Setup a user? no

Which ssh server? dropbear (or whatever suits your preference)

Disk and install

Which disk(s) would you like to use: none

Enter where to store configs none

Enter apk cache directory none

  • Setup installation disk
DEFAULT_DISK=none setup-disk -q

Which disk would you like to use: sdX (choose your hard disk, usually sda)

How would you like to use it? sys

WARNING: Erase the above disk(s) and continue? y

Your installation is done when you see this: Installation is complete. Please reboot.

  • Reboot
reboot
💡

If you exported SWAP_SIZE=0 you can create a swapfile on next boot

  • Allocate swapfile
dd if=/dev/zero of=/var/swapfile bs=1K count=4M
mkswap /var/swapfile
chmod 600 /var/swapfile
  • Put swapfile on fstab
printf "%s\n" \
    "/var/swapfile none swap sw 0 0" \
    >> /etc/fstab
  • Start and enable swapfile on boot
rc-service swap start
rc-update add swap default