Search⌘ K
AI Features
Home
Courses
Creating Alpine Linux Packages

Install abuild via Docker

Explore the process of setting up abuild within an Alpine Linux Docker container. This lesson guides you through installing required tools, configuring build dependencies, generating cryptographic keys for signing packages, and preparing your environment for building Alpine Linux packages securely.

We'll cover the following...

Preface

Now that we have learned the basics of Alpine Linux, we can start practicing how to build packages.

Setting up a Docker container

The easiest way to start using Alpine Linux is through Docker. We can use Docker via the terminal widgets that are built into this course. We can run any command we could run in a usual Alpine Linux Docker container with these widgets. Let’s try running cat /etc/os-release in the terminal below to see what Alpine Linux release version we’re using!

Shell
cat /etc/os-release

Try running the command in the terminal below:

Terminal 1
Terminal
Loading...

Running Alpine Linux

The terminal widget above runs the Alpine Linux Docker container for us. If we wanted to start a Docker container locally on our computer later on, we could use the command below. This would start an ash shell in an Alpine Linux container:

Shell
docker run --interactive --tty --name educative-alpine alpine:3.15

Let’s go over the individual parts of the command above:

  • run means that the specified container image (alpine:3.15) should be started.

  • --interactive means that we want to run an interactive session in this container where we can enter commands in a shell.

  • --tty opens a terminal in the container upon start. Since --interactive and --tty are usually used together, the short form -it is used to enable both of these options in the following lessons.

  • --name sets the name of the container so we can interact with the container later on via its name.

  • alpine:3.15 This specifies the container image to run. In this case, we want to run Alpine Linux with the release version 3.15.

After the program has been executed, we are greeted by a shell in the container. We can run commands on this shell:

Shell
cat /etc/os-release

This produces the following output:

Shell
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.15.0
PRETTY_NAME="Alpine Linux v3.15"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

We can exit the container by typing exit into the terminal.

Setting up abuild

Now that we have done the initial setup, we can reenter our Alpine Linux container by typing docker start -ai educative-alpine in our terminal, or we can use the terminal widget below. This will resume the previous session in this container. We specify -a to connect the container’s output to our terminal (so we can see what output the commands we’ve entered produce) and -i in order for the container to receive the input we type into our terminal.

We can start installing abuild afterward because first, we have to install alpine-sdk. The latter package installs all build dependencies, like a C compiler, that are required for almost all packages:

Shell
apk add abuild alpine-sdk sudo

Afterward, we can set up the cache directory for distfiles (files that are downloaded during the package build):

Shell
mkdir -p /var/cache/distfiles

Then, we can generate our private and public keys that are used to cryptographically sign the packages we build to ensure integrity:

Shell
$ abuild-keygen -ain
/ # abuild-keygen -ain
>>> Generating public/private rsa key pair for abuild
Enter file in which to save the key [/root/.abuild/-61d19ddf.rsa]: 
Generating RSA private key, 2048 bit long modulus (2 primes)
.........................................................+++++
....................................................+++++
e is 65537 (0x010001)
writing RSA key
>>> Installing /root/.abuild/-61d19ddf.rsa.pub to /etc/apk/keys...
>>> 
>>> Please remember to make a safe backup of your private key:
>>> /root/.abuild/-61d19ddf.rsa
>>>

Let’s go over the arguments to abuild-keygen again.

  • -a: Automatically set the generated key as our default signing key.
  • -i: Automatically install the public key.
  • -n: Run in noninteractive mode, which automatically uses the defaults of abuild.

As noted in the output, the public key has been written to /etc/apk/keys. This is, as the name suggests, supposed to be available to everyone that uses our repository because apk uses this key to verify packages after downloading them. Since abuild-keygen already installed the public key in the right directory for our installation (because we specified -i), we don’t have to worry about this for now. We’ll talk about distributing the packages in a later lesson. We can check how the format of the RSA-key looks:

Shell
$ cat /etc/apk/keys/-61d19ddf.rsa.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NMR5WZ1EZdBQOFZDahV
+c84bxT7o8B5rVkW5Ds4usuRHFlFkCKVsjTkr5AtWn61U7qxmCLutoH/z1XlXjJS
Plg0fvFWep7jNSpikPJSZ8OTzZXhhb58no1yA1NTy28afTBDewy3mjfyRvZIJECO
ZBI/RWEdem6vULRl5B05D0BLfVKG/LryxYz8Ye5OTl+Kp20j0wYiTqptcTu8+kDM
c2puTB0o+6yJ5xi8Z9VVrDn/goRF9sDtZhusrRq7Vn87K554Mb0nXohvNNepFVYT
QctLyhu6xrYBJ1QUmdl4HFhtdCL/kYD8lekkUnS8aLfQaCcFO6QAD+efZGIeb9TV
NQIDAQAB
-----END PUBLIC KEY-----

A private key has also been generated for us by abuild-keygen. We can use it for signing the packages we build. This key has to be kept private since it would allow others to impersonate our package builds if they had our private key.

Try following along the setup process in the terminal below:

Shell
apk add abuild alpine-sdk sudo
mkdir -p /var/cache/distfiles
abuild-keygen -ain

The first command adds the required packages, which are as follows:

  • abuild provides the abuild-keygen command to generate the keypair.
  • alpine-sdk is a required dependency for using abuild.
  • sudo is used by abuild to install the keypair.

Afterward, we create the distfiles cache with mkdir, and finally, we generate our keypair.

Terminal 1
Terminal
Loading...

Now that we have set up abuild, we can go ahead and build our first APKBUILD.