/dev/urandom1d ago

feel like the procedure for rebuilding repositories on #AlpineLinux may need some improvement

right now, two packages failing their test suites are delaying a security update for firefox from being deployed, despite not being related in any way

Show threadAriadne Conill ๐Ÿฐ2d ago

@nube we don't have backports because we don't need them. instead, use tagged repositories to scope packages from alpine edge:

# cat /etc/apk/repositories
...
@edge:main https://dl-cdn.alpinelinux.org/alpine/edge/main
@edge:community https://dl-cdn.alpinelinux.org/alpine/edge/community
# apk add nano@edge:main
(1/1) Installing nano@edge:main (9.0-r0)

#AlpineLinux

Thomas Liske3d ago

ifstate 2.3.0 - a tool for declarative network configuration for Linux - was released:
https://codeberg.org/routerkit/ifstate/releases/tag/2.3.0

This is release contains various new features like:
- bridge: VLAN membership for bridge ports
- link: support external created veth ifaces
- routing: ignore routes by ifname regex
- tc: add vlan action (allows remapping); improve change detection

The new release is already available in #AlpineLinux and in the RouterKit Debian package repository.

#linuxnetworking #ifstate #RouterKit

2.3.0 - routerkit/ifstate

## Changes - bridge: implement VLAN filtering and per-port membership (#157) - brvlan: support self-mode entries on bridge devices (#179) - fdb: add `vlan` attribute support for vlan aware bridges (#167) - hooks: make timeout configurable (#178) - link: support external created veth interf...

Codeberg.org
Nube 5d ago
So, it looks like Alpine Linux doesn't have anything like Debian's Backports concept? I don't want to switch my repos to edge, I just want to install a version of a package that's newer in edge than in stable, that's it. But it seems like the only way would be to download the apk and install it, which feels like a hacky solution to me, there should be a clean way to do this from the terminal like in Debian โ€‹โ€‹

#Linux #AlpineLinux
Klaus Zimmermann 6d ago

RE: https://exquisite.social/@thomholwerda/116535458295130039

Ok, so this thread (read it on) changed my views on #Devuan.

And here I was thinking that it was the good version of #Debian, done without systemd etc. Instead, I think I will look for more #AlpineLinux systems to deploy

sayzard6d ago

Serving a website on a Raspberry Pi Zero running in RAM

์ด ๊ธ€์€ Raspberry Pi Zero v1.3์—์„œ Alpine Linux๋ฅผ ๋””์Šคํฌ ์—†์ด RAM์—์„œ๋งŒ ๊ตฌ๋™ํ•˜์—ฌ ์›น์‚ฌ์ดํŠธ๋ฅผ ์„œ๋น™ํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ์ƒ์„ธํžˆ ์„ค๋ช…ํ•ฉ๋‹ˆ๋‹ค. ์ œํ•œ๋œ 512MB ๋ฉ”๋ชจ๋ฆฌ ํ™˜๊ฒฝ์—์„œ darkhttpd ๋˜๋Š” nginx๋ฅผ ์‚ฌ์šฉํ•ด ๊ฒฝ๋Ÿ‰ ์›น์„œ๋ฒ„๋ฅผ ์šด์˜ํ•˜๊ณ , TLS ์ข…๋ฃŒ๋Š” ์™ธ๋ถ€ ์ €์‚ฌ์–‘ VPS(TierHive)์—์„œ ์ฒ˜๋ฆฌํ•˜์—ฌ Pi Zero์˜ ๋ถ€ํ•˜๋ฅผ ์ค„์ž…๋‹ˆ๋‹ค. ๋˜ํ•œ lbu๋ฅผ ํ™œ์šฉํ•ด ์„ค์ •๊ณผ ์›น์‚ฌ์ดํŠธ ํŒŒ์ผ์„ SD ์นด๋“œ์— ์ง€์† ์ €์žฅํ•˜๋ฉฐ, rsync๋กœ ํŒŒ์ผ ๋™๊ธฐํ™”, DDNS ์„ค์ •, ๋ฐฑ์—… ๋ฐฉ๋ฒ•๊นŒ์ง€ ์‹ค๋ฌด์— ๋ฐ”๋กœ ์ ์šฉ ๊ฐ€๋Šฅํ•œ ๊ตฌ์ฒด์  ์ ˆ์ฐจ๋ฅผ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. ์ €์‚ฌ์–‘ ํ•˜๋“œ์›จ์–ด๋กœ๋„ ์•ˆ์ •์ ์ธ ์›น ์„œ๋น„์Šค ์šด์˜์ด ๊ฐ€๋Šฅํ•˜๋„๋ก ํ•œ ์ ์ด ์ธ์ƒ์ ์ž…๋‹ˆ๋‹ค.

https://btxx.org/posts/memory/

#raspberrypi #diskless #alpinelinux #webserver #vps

Serving a Website on a Raspberry Pi Zero Running Entirely in RAM

Ariadne Conill ๐Ÿฐ6d ago

the #dirtyfrag exploit does not run successfully on alpine because the path to the donor SUID binary is hardcoded as /usr/bin/su.

changing that to /bin/bbsuid allows the exploit to run, but it hangs for me on linux-lts 6.18.27.

interestingly, openpax kernels kill the exploit early in the exploit chain.

either way, 6.18.28 fixes it for everyone.

but it goes to show the danger of #SUID binaries and why SUID-less solutions like #capsudo are important.

#alpinelinux

Sammantha6d ago
I'm really glad I moved over to #alpine when I did... #dirtyfrag exploit (horrible name btw) did not execute on my system. Very tempted to move my home server over now!
I'm glad I could also donate some money their way. If you use Alpine in some way (postmarketOS, ProxMox containers, etc.), consider supporting if you're able!
(not paid, I just like the distro)
https://opencollective.com/alpinelinux
#linux #cve #explot #alpinelinux #lgbt #mtf
Alpine Linux - Open Collective

A security-oriented, lightweight Linux distribution

Bradley Taunt May 8

Finally got around to finishing this post:

"Serving a Website on a Raspberry Pi Zero Running Entirely in RAM"

https://btxx.org/posts/memory/

#alpinelinux #raspberrypi #nginx #web #ram

Serving a Website on a Raspberry Pi Zero Running Entirely in RAM

NohamuxMay 7

Dites masto, pour un vieux coucou en 32 bit. Intel Atom, ssd en mSata, ddr2 (oui bon...) Vous conseillรฉ quoi comme distro lรฉgรจre ?

Pas pour aller sur le net, mais plus comme un terminal, prise de note, lecture pdf/ebook ?

Comme les derniรจres distro font l'impasse sur le 32 bit, je sais pas trop. Une ancienne distro #mxlinux ? Une #antixlinux ? Une #alpinelinux ? (Me proposez pas #raspbian). Je reste attachรฉ ร  debian, apt et apt-get...

#linux
#lowtech
#debian
#recycle
#lowtech
#basstechno

ร‰dit : merci pour vos rรฉponses et vos pistes. ร‰tant un fervent utilisateur de MX linux, j'ai choisi la AntiX. On verra ร  la longue.