Alpine Linux Template (non-official) available for testing

quber · August 27, 2023, 6:46am

Thanks to Antoine Martin we have now a alpine(.rpm package for dom0) template. Thankyou very much!

Alpine Linux Template

opened 12:49AM - 05 Mar 22 UTC

T: enhancement P: default community dev S: in progress C: Alpine Linux

## description QubeOS should have an Alpine Linux template. This has been reque…sted in the past, and I've finally decided to tackle it, having packaging experience with this distro. This space is for tracking issues. ## current state * xorg works * memory ballooning works * copy / paste works + qvm-copy * OpenRC scripts generally working, but things lack finesse * tempate builder not implemented yet * automatic assignment of ip address broken (now fixed) * apk does not work on templates without networking ## steps * Create qubes-vm packages ([repo](https://gitlab.alpinelinux.org/ayakael/qubes-alpine)) * Test packages within Alpine HVM with the goal of creating a functional TemplateVM * Create builder-alpine ([repo](https://gitlab.alpinelinux.org/ayakael/qubes-builder-alpine)) * Test within qubes-builder environment with the goal of creating a tar.gz file that matches TemplateVM on test system ## hurdles * Alpine uses OpenRC as its init system, while afaik every other template uses Systemd. A major part of the work will be updating existing initd scripts, and creating them where they don't exist. * Alpine uses musl rather than libc, but this doesn't seem to be a major issue.

solene · August 27, 2023, 7:16am

alpine?

awesome!

tanky0u · August 27, 2023, 9:39am

Interesting. I would like to see an official Alpine template.

quber · August 27, 2023, 10:26am

For an official release, this should be first implemented:

Service VMs (sys-net, sys-usb, sys-firewall)
Firewall (not tested)
apk proxying from within template (thus you must allow internet access to template to install packages)
qubes-vm-kernel-support Not adapted for use on Alpine yet, due to it providing a Dracut module. In most cases, it is not necessary as Qubes provides the kernel. This package is only neccessary when VM uses its own kernel, thus a hook is added to Dracut to generate the initrd for use within qubes.

tempmail · August 31, 2023, 11:16pm

Since I’m using only minimal templates, I admit I don’t see a reason to use any more than single-distro based templates, beside whonix. Well, if you choose fedora minimal based templates only, and you want to use cacher qube as well, you’ll need one debian minimal template for it in addition.

I mean, they’re templates - untouchable from outside, and app qubes are considered as compromised by default in Qubes philosophy, regardless of template. So using “secure” template as Alpine is, could give a false sense of security while using app qubes based on this template?

I respect if there’s a specific application that cannot be found in fedora/debian repositories and is needed, though.