Install Alpine linux using chroot method and btrfs rootfs using grub2 for booting

Alpine chroot btfrs grub2 install.md

Alpine chroot btfrs grub2 install

Mount root subvolume

mount -t btrfs -o subvolid=5,noatime,nodiratime,noacl,nossd 'UUID=68706ead-a626-4209-b3d0-1187b835f803' /mnt/btrfs
mount -o remount,exec /mnt/btrfs

List BTRFS subvolumes

btrfs subvolume list -t --sort=path /mnt/btrfs

Create rootfs subvolume

btrfs subvolume create /mnt/btrfs/data/alpine

Validate Subvolume

btrfs subvolume show /mnt/btrfs/data/alpine
data/alpine
        Name:                   alpine
        UUID:                   c4f02969-6ff7-a141-a740-cd37f4757278
        Parent UUID:            -
        Received UUID:          -
        Creation time:          2020-06-01 13:25:02 -0300
        Subvolume ID:           12706
        Generation:             221198
        Gen at creation:        221198
        Parent ID:              260
        Top level ID:           260
        Flags:                  -
        Snapshot(s):

Download apk-tools
mirrors = http://nl.alpinelinux.org/alpine/MIRRORS.txt

cd /mnt/btrfs/data/alpine
#version=2.10.5-r1
#wget http://linorg.usp.br/AlpineLinux/latest-stable/main/x86_64/apk-tools-static-${version}.apk

wget http://linorg.usp.br/AlpineLinux/latest-stable/main/x86_64/apk-tools-static-2.10.5-r1.apk
tar -xzf apk-tools-static-*.apk
./sbin/apk.static -X http://linorg.usp.br/AlpineLinux/latest-stable/main -U \
	--allow-untrusted --arch x86_64 \
	--root /mnt/btrfs/data/alpine --initdb add \
	musl-utils alpine-base alpine-mirrors \
        linux-lts mkinitfs pigz linux-firmware wireless-regdb \
        ca-certificates ssl_client haveged \
        btrfs-progs e2fsprogs \
        network-extras openssl openssh chrony \
        tzdata acpi hdparm cpufreqd sudo nano \
	iptables ip6tables iputils iproute2 drill bridge

Prepare chroot

cd /mnt/btrfs/data/alpine
cat > /mnt/btrfs/data/alpine/etc/resolv.conf <<-EOF
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2620:0:ccc::2
nameserver 2001:470:20::2
EOF
mkdir -p /mnt/btrfs/data/alpine/etc/apk
cat > /mnt/btrfs/data/alpine/etc/apk/repositories <<-EOF
http://linorg.usp.br/AlpineLinux/v3.12/main
http://linorg.usp.br/AlpineLinux/v3.12/community
EOF

Delete unnecessary folders

rmdir -p /mnt/btrfs/data/alpine/media/cdrom
rmdir -p /mnt/btrfs/data/alpine/media/floppy

Set timezone

mkdir -p /mnt/btrfs/data/alpine/etc/zoneinfo/America/
cp /mnt/btrfs/data/alpine/usr/share/zoneinfo/America/Sao_Paulo /mnt/btrfs/data/alpine/etc/zoneinfo/America/Sao_Paulo
ln -sf zoneinfo/America/Sao_Paulo /mnt/btrfs/data/alpine/etc/localtime
echo "America/Sao_Paulo" | tee /mnt/btrfs/data/alpine/etc/timezone

Enable ipv6

modprobe ipv6
echo "ipv6" >> /mnt/btrfs/data/alpine/etc/modules

Setup console
#FIX ME = grub mkinitfs Add these kernel options during boot = console=ttyS0,9600 console=tty0 earlyprintk=serial,ttyS0,9600,keep

echo 'ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100' >> /mnt/btrfs/data/alpine/etc/inittab
echo ttyS0 >> /mnt/btrfs/data/alpine/etc/securetty

Specify options for building the initial RAM file system

mkdir -p /mnt/btrfs/data/alpine/etc/mkinitfs
echo 'features="base bootchart keymap ata ide scsi usb mmc nvme dhcp network https raid lvm squashfs ubifs btrfs ext4 ext2 f2fs xfs"' | sudo tee -a /mnt/btrfs/data/alpine/etc/mkinitfs/mkinitfs.conf

Start chroot

cd /mnt/btrfs/data/alpine
mount --bind /dev ./dev
#mount --make-private ./dev
#mount -o remount,ro,bind ./dev
mount -t devpts devpts ./dev/pts -o nosuid,noexec
mount -t sysfs sys ./sys -o nosuid,nodev,noexec,ro
mount -t proc proc ./proc -o nosuid,nodev,noexec
mount -t tmpfs tmp ./tmp -o mode=1777,nosuid,nodev,strictatime
mount -t tmpfs run ./run -o mode=0755,nosuid,nodev
# FIXME = if [ -L ./dev/shm ]
mount -t tmpfs shm ./dev/shm -o mode=1777,nosuid,nodev

chroot . /usr/bin/env -i SHELL=/bin/sh HOME=/root TERM="$TERM" \
  PATH=/usr/sbin:/usr/bin:/sbin:/bin PS1='chroot # ' /bin/sh -l "$@"

Minimal initscripts

rc-update add devfs sysinit
rc-update add dmesg sysinit
rc-update add mdev sysinit
rc-update add hwdrivers sysinit
rc-update add cgroups sysinit

rc-update add hwclock boot
rc-update add modules boot
rc-update add sysctl boot
rc-update add hostname boot
rc-update add bootmisc boot
rc-update add syslog boot
rc-update add swap boot
rc-update add networking boot
rc-update add urandom boot

rc-update add mount-ro shutdown
rc-update add killprocs shutdown
rc-update add savecache shutdown

Create user

adduser -u 1000 -G users -s /bin/sh -D "manager" || true
addgroup -S wheel
addgroup manager wheel
cat > /etc/sudoers.d/nopasswd <<-EOF
%wheel ALL = (ALL) NOPASSWD: ALL
Defaults exempt_group = wheel
EOF

Create fstab

cat > etc/fstab <<-EOF
	# <fs>		<mountpoint>	<type>	<opts>		<dump/pass>
	UID=68706ead-a626-4209-b3d0-1187b835f803	/		btrfs	subvolid=12706,noatime,nodiratime,noacl,nossd		0 1
EOF

If host is Alpine that uses the grsecurity kernel patches (before enter chroot)

sysctl -w kernel.grsecurity.chroot_deny_chmod=0 # enable suid/sgid
sysctl -w kernel.grsecurity.chroot_deny_mknod=0
sysctl -w kernel.grsecurity.chroot_deny_mount=0
sysctl -w kernel.grsecurity.chroot_deny_chroot=0
sysctl -w kernel.grsecurity.chroot_deny_unix=0
sysctl -p

Or save these configs to nano /etc/sysctl.conf

kernel.grsecurity.chroot_deny_chmod = 0

Working with grub make sure /etc/mtab is ok (inside chroot)

grep -v rootfs /proc/mounts > /etc/mtab

Setup hostname

setup-hostname -n alpine1
echo "alpine1" > /mnt/btrfs/data/alpine/etc/hostname
cat > /mnt/btrfs/data/alpine/etc/hosts <<-EOF
192.168.1.1   alpine1.casa
#2001:470:ffff:ff::1   alpine1.casa
::1             localhost ipv6-localhost ipv6-loopback
fe00::0         ipv6-localnet
ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
EOF

Setup network

cat > /mnt/btrfs/data/alpine/etc/network/interfaces  <<-EOF
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
  udhcpc_opts -O search
iface eth0 inet6 static
  address 2001:470:ffff:ff::2
  netmask 64
  gateway 2001:470:ffff:ff::1
  pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
auto br0
iface br0 inet static
	bridge-ports eth1
	bridge-stp 0
	address 192.168.1.1
	netmask 255.255.255.0
EOF

Testing chroot

apk update

After exit umount all

umount ./dev/shm
umount ./run
umount ./tmp
umount ./proc
umount ./sys
umount ./dev/pts
umount ./dev

To work with graphical applications

# at host
xhost +local:
# inside chroot
export DISPLAY=:0

links:
https://wiki.alpinelinux.org/wiki/Chroot
https://github.com/alpinelinux/alpine-chroot-install
https://github.com/alpinelinux/alpine-make-vm-image
https://github.com/jirutka/alpine-make-rootfs
https://wiki.alpinelinux.org/wiki/Alpine_Linux_in_a_chroot
https://git.alpinelinux.org/mkinitfs/tree/

apks="$apks
ethtool hwids lftp links doas
logrotate lua5.3 lsof lm_sensors lxc lxc-templates nano
pax-utils paxmark pciutils screen strace sudo tmux
usbutils v86d vim xtables-addons curl
acct arpon arpwatch awall bridge-utils bwm-ng
ca-certificates conntrack-tools cutter cyrus-sasl dhcp
dhcpcd dhcrelay dnsmasq email fping fprobe haserl htop
igmpproxy ip6tables iproute2 iproute2-qos ipsec-tools
iptables iputils irssi ldns-tools links
ncurses-terminfo net-snmp net-snmp-tools nrpe nsd
opennhrp openvpn pingu ppp quagga
quagga-nhrp rng-tools rpcbind sntpc socat ssmtp strongswan
sysklogd tcpdump tinyproxy unbound
wireless-tools wpa_supplicant zonenotify
btrfs-progs cksfv dosfstools cryptsetup
cciss_vol_status efibootmgr
grub-bios grub-efi lvm2 mdadm mkinitfs mtools nfs-utils
parted rsync sfdisk syslinux unrar util-linux xfsprogs
zfs xtables-addons-lts
"

https://wiki.alpinelinux.org/wiki/Initramfs_init

kernel options:

• singlemode => s|single|1

• init=/sbin/init

• init_args

• bootcharting => chart better install pkg acct

• default, search for .boot_repository => alpine_repo=auto or the location of the Alpine repository from which packages are downloaded.

• hide kernel messages => quiet

• blacklist

• apkovl

• nbd

• root

• rootfstype

• rootflags

• modules

• cryptroot cryptdm cryptheader cryptoffset cryptdiscards cryptke

• debug_init <= sets '-x' in the init script and -d for mdev

• Resume from disk => resume

• overlaytmpfs <= mount -t overlay -o lowerdir=/media/root-ro,upperdir=/media/root-rw/root,workdir=/media/root-rw/work overlayfs $sysroot

• usbdelay

• root_size is deprecated. Use rootflags instead ",size="

• apkovl <= Unpack the APK Overlay file from this URL

• pkgs <= pkgs=pkg1,pkg2 other pkgs installed at: $sysroot/etc/apk/world and alpine-base is default

• splash <= /media/*/fbsplash.ppm and /media/*/fbsplash$num.ppm

• ssh_key - better add pkg openssh before. the remote location of your SSH public key.

• alpine_dev <=ALPINE_MNT=/media/$ALPINE_DEV

• autodetect

• autoraid

• y

• dma

• keep_apk_new

• ovl_dev

• ip <= ip=dhcp or ip=client-ip:server-ip:gw-ip:netmask:hostname:device:autoconf:dns1:dns2

• alpine_start <= order of raid/cryptsetup/lvm, default to raid,cryptsetup,lvm

• s390x_net

• dasd

• BOOTIF <= specify the device interface you want to use for boot purposes

• add some boot services by default if file exists $sysroot/etc/.default_boot_services