The Alpine Linux distribution is described as ‘minimal’ and best suited for ‘power users’.
Originally created by Gentoo, the project is now wholly independent and, as such, it is self-hosting.
Gentoo Linux is another distribution… but built with the Portage package management system. This project is essentially a security-oriented lightweight Linux distribution based on musl libc and Busybox.
Tough hardened kernel
This distribution uses a hardened kernel and compiles all user space binaries as position-independent executables with stack-smashing protection.
Alpine has been compared to NanoBSD – a tool developed by Poul-Henning Kamp which creates a FreeBSD system image for embedded applications – in that it can be provisioned for the precise job in hand without additional complexities, hindrances or indeed any extraneous functions.
The project was elevated in perception and status in recent times as a result of it being selection by Docker as its new base ‘image’ – the previous image being Ubuntu.
According to the development team, “Alpine Linux is a very simple distribution that will try to stay out of your way. It uses its own package manager called apk, the OpenRC init system, script driven set-ups and that’s it! This provides you with a simple, crystal-clear Linux environment without all the noise. You can then add on top of that just the packages you need for your project, so whether it’s building a home PVR, or an iSCSI storage controller, a wafer-thin mail server container, or a rock-solid embedded switch, nothing else will get in the way.”
Why is Alpine so technically efficient?
Partly due to the way it has been built… almost all of the binaries in the core kernel fabric are links to Busybox — this is a group of regularly used user and system utilities all presented in one single binary.
The use of links to Busybox allows Alpine Linux to achieve speedier startup time and a smaller storage space requirements overall.
An OS lesson for the future?
According to the Alpine Linux Wiki pages, another distinctive part of Alpine is its variety of ‘installation modes’.
It can be installed to a hard disk/SSD/other storage medium like any other distro; this is called the sys mode. The storage medium in question can be removable, if you like, so long as you can configure your machine to boot from it.
“The kernel is patched with an unofficial port of grsecurity/PaX, and all userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and other vulnerabilities,” notes the team.
Binary packages are thinned out and split, giving users more control over what they install, which in turn keeps the computing environment as small and efficient as possible… and, in theory, more secure. There is a lot to like here.