#  Alpine Linux

[ Alpine Linux](/https://en.wikipedia.org/wiki/Alpine_Linux )

is a security-oriented, lightweight Linux distribution based on

[ musl libc](/https://en.wikipedia.org/wiki/Musl ), 

[ busybox](/https://en.wikipedia.org/wiki/BusyBox ) and uses

[ OpenRC](/https://en.wikipedia.org/wiki/OpenRC ) for its init system.

## Pros

* small, simple and secure.

* Uses musl, busyBox and OpenRC.

## Cons

* Includes [ non-free blobs](/https://en.wikipedia.org/wiki/Binary_blob ).

* No way to prevent these blobs from installing.

## Overview

This guide will show you how you can install Alpine Linux on Openbsd's VMM.

## NOTE

* Replace all instance of `username` with your username.

* Replace all instance of `host.example.com` with the hostname of host system.

* Replace all instance of `username.host.example.com` with the hostname of your virtual machine.

## Login to Virtual Machine

First let's login to the host operating system.

    $ ssh username@host.example.com


**NOTE :** Hostname should be `username@host.example.com` **not**

`username@username.host.example.com`.

## Download the iso image

Alpine provides different type of iso image for different use case.

But you will be going to running it on a virtual machine so you need to download

the latest stable version of **virtual** iso image from their [ download page](/https://www.alpinelinux.org/downloads )

At the time of writing, the latest stable version is 3.16.

    $ wget https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.0-x86_64.iso


Also download the SHA256 signatures.

    $ wget https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.0-x86_64.iso.sha256


Now let's verify the iso image.

    $ sha256 -C alpine-*.sha256 alpine-*.iso
    (SHA256) alpine-virt-3.16.0-x86_64.iso: OK


If the output is **OK** then you good to go, however if your output is **FAILED**

then you should contact to a sysadmin for confirmation before reporting to

Alpine linux.

**NOTE :** Never run any iso image before verifying it.

Now delete the signature and rename the iso image to `username.iso`.

    $ rm alpine-*.sha256
    $ mv alpine-*.iso username.iso


## Create a VM disk image file

Before creating disk image file make sure to stop and remove any

`username.qcow2` disk image if exist.

    $ vmctl stop username
    $ rm username.qcow2


To create a disk image file of 20 GB size.

    $ vmctl create -s 20G username.qcow2


## Check VMM configuration

VMM configuration file is located at /etc/vm.conf. The file contains all the

entries of users of that host server.

So to find your entry, run:

    $ sed -ne '/username/,$p' /etc/vm.conf | head -n10
    vm "username" {
    	owner username
    	memory 1024M
    	cdrom "/home/username/username.iso"
    	disk /home/username/username.qcow2
    	interface { 
    		locked lladdr aa:bb:cc:dd:ed:03
    		switch "switch0"
    	}
    }


In this command `sed` searches `/etc/vm.conf` for `username` and returns the

all the lines after the match including the matched line then pipe the

result to `head` to only print 10 lines from start.

From the result, make sure `cdrom` and `disk` points to the right path. If not,

move the iso image and disk image files to the right path.

**NOTE :** You can't edit `/etc/vm.conf` because it need root permission.

## Start the Installation

Start the virtual machine.

    $ vmctl start username


Open the serial console and press Enter.

    $ vmctl console username
    Connected to /dev/ttypj (speed 115200)


Now press Enter to continue.

    Welcome to Alpine Linux 3.16
    Kernel 5.15.41-0-virt on an x86_64 (/dev/ttyS0)


**NOTE :** At any time, if you want to exit the serial console, type `~^d`

(tilde followed by ctrl+d).

## Install Alpine Linux

Login as root.

    localhost login: root


Start the `setup-alpine` installer script.

    # setup-alpine


**NOTE :** Text inside `[...]` is default answer. Type `Enter` without answer to

go with the default answer and type `?` for brief explanation of the question.

Enter the hostname of your virtual machine (given by your trainer).

    Enter system hostname (fully qualified form, e.g. 'foo.example.org') [localhost] username.host.example.com


Select the ethernet interface.

    Available interfaces are: eth0.
    Enter '?' for help on bridges, bonding and vlans.
    Which one do you want to initialize? (or '?' or 'done') [eth0] eth0


Enter the static IP address of your virtual machine (given by your trainer).

    Ip address for eth0? (or 'dhcp', 'none', '?') [dhcp] 38.87.162.41/24


Enter the Gateway of your virtual machine (given by your trainer).

    Gateway? (or 'none') [none] 38.87.162.1


We will set IPv6 later.

    Do you want to do any manual network configuration? (y/n) [n] n


Leave it blank.

    DNS domain name? (e.g 'bar.com')


For privacy reasons, don't use Google DNS server (8.8.8.8 or 8.8.4.4). Here I

am using [ quad9](/https://www.quad9.net/ ) DNS server.

    DNS nameserver(s)? 9.9.9.9


Enter your root password.

    Changing password for root
    New password:
    Retype password:


Select your timezone. Type `?` to list all timezone or sub-timezone.

    Which timezone are you in? ('?' for list) [UTC] UTC


We don't need proxy server.

    HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none


Select `chrony`.

    Which NTP client to run? ('busybox', 'openntpd', 'chrony' or 'none') [chrony] chrony


Select `f` to find the fastest mirror.

    r) Add random from the above list
    f) Detect and add fastest mirror from above list
    e) Edit /etc/apk/repositories with text editor
    Enter mirror number (1-74) or URL to add (or r/f/e/done) [1] f


We will setup users later.

    Setup a user? (enter a lower-case loginname, or 'no') [no] no


Select `openssh`

    Which ssh server? ('openssh', 'dropbear' or 'none') [openssh] openssh


**NOTE :** You should never allow root ssh login.

    Allow root ssh login? ('?' for help) [prohibit-password] no


Select the disk from the list (there should be only one because we are in VM).

    Available disks are:
      vda	(21.5 GB 0x0b5d )
    Which disk(s) would you like to use? (or '?' for help or 'none') [none] vda


Select `sys` to install the system on disk.

    How would you like to use it? ('sys', 'data', 'crypt', 'lvm' or '?' for help) [?] sys


Select `y`.

    WARNING: The following disk(s) will be erased:
      vda	(21.5 GB 0x0b5d )
    WARNING: Erase the above disk(s) and continue? (y/n) [n] y


After the installation, reboot the system.

    Installation is complete. Please reboot.
    # reboot


Press `~^d` to exit the serial console.

You no longer need the iso image file.

    $ rm username.iso


Start the virtual machine.

    $ vmctl start username


Open the serial console and press Enter.

    $ vmctl console username


Login as root.

    username.host.example.com login: root
    Password: 


To update the system, run:

    apk update
    apk upgrade


## Create a User

To add a user, run:

    # adduser username
    Changing password for username
    New password:
    Retype password:


To add user to wheel, run:

    # adduser username wheel


## Configure doas

Login as root.

    $ su
    Password:


Install doas:

    # apk add doas


In Alpine Linux, default configuration file is located at `/etc/doas.d/doas.conf`.

To allow doas for wheel group.

    # echo "permit persist :wheel" >> /etc/doas.d/doas.conf


To allow doas for wheel group without password.

    # echo "permit nopass :wheel" >> /etc/doas.d/doas.conf


## Setup SSH

**NOTE:** Make sure your are able to login to your virtual machine from your

local computer.

    $ ssh username@username.host.example.com
    username@username.host.example.com's password: 


Now, Setup [ Public Key Authentication](/https://fossdev.host.oddprotocol.org/wiki/ssh.html#Public Key Authentication ) and

[ Disable Password Authentication](/https://fossdev.host.oddprotocol.org/wiki/ssh.html#Disable Password Authentication ).