#alpine-linux — Public Fediverse posts

@nube we don't have backports because we don't need them. instead, use tagged repositories to scope packages from alpine edge:

# cat /etc/apk/repositories
...
@edge:main https://dl-cdn.alpinelinux.org/alpine/edge/main
@edge:community https://dl-cdn.alpinelinux.org/alpine/edge/community
# apk add nano@edge:main
(1/1) Installing nano@edge:main (9.0-r0)

#AlpineLinux

ifstate 2.3.0 - a tool for declarative network configuration for Linux - was released:
https://codeberg.org/routerkit/ifstate/releases/tag/2.3.0

This is release contains various new features like:
- bridge: VLAN membership for bridge ports
- link: support external created veth ifaces
- routing: ignore routes by ifname regex
- tc: add vlan action (allows remapping); improve change detection

The new release is already available in #AlpineLinux and in the RouterKit Debian package repository.

#linuxnetworking #ifstate #RouterKit

So, it looks like Alpine Linux doesn't have anything like Debian's Backports concept? I don't want to switch my repos to edge, I just want to install a version of a package that's newer in edge than in stable, that's it. But it seems like the only way would be to download the apk and install it, which feels like a hacky solution to me, there should be a clean way to do this from the terminal like in Debian ​:thinking_miku:​

#Linux #AlpineLinux

the #dirtyfrag exploit does not run successfully on alpine because the path to the donor SUID binary is hardcoded as /usr/bin/su.

changing that to /bin/bbsuid allows the exploit to run, but it hangs for me on linux-lts 6.18.27.

interestingly, openpax kernels kill the exploit early in the exploit chain.

either way, 6.18.28 fixes it for everyone.

but it goes to show the danger of #SUID binaries and why SUID-less solutions like #capsudo are important.

#alpinelinux

Dites masto, pour un vieux coucou en 32 bit. Intel Atom, ssd en mSata, ddr2 (oui bon...) Vous conseillé quoi comme distro légère ?

Pas pour aller sur le net, mais plus comme un terminal, prise de note, lecture pdf/ebook ?

Comme les dernières distro font l'impasse sur le 32 bit, je sais pas trop. Une ancienne distro #mxlinux ? Une #antixlinux ? Une #alpinelinux ? (Me proposez pas #raspbian). Je reste attaché à debian, apt et apt-get...

#linux
#lowtech
#debian
#recycle
#lowtech
#basstechno

Oh #AlpineLinux has apparently the same issue as #ArchLinux.
When you don't update it for an extended period of time and then just do "apk update; apk upgrade; reboot" then it'll shit itself...

And there wasn't even anything special in this VM.
1) XFCE
2) Tor
3) Firefox

@gbetous @FiolaKais @itsfoss Distro does matter a bit. On #AlpineLinux GNOME takes less than 1GB, sometimes around 900MB or a bit less.

Btw, I'm currently testing Alpine #XFCE on one old PC and #FunOS (Ubuntu with systemd but no Snap + #JWM) on another, and both around 300MB or less! Flatpaks enabled on both.

All our systems hosted at Linode are suspended at the moment due to some billing issue, including gitlab. We are working with them to get it resolved.

#AlpineLinux

I tried a bit more Linux distro investigation, and I think I just should have listened to @hipsterelectron in the first place.

TL;DR: If you want to run Linux without systemd, with something other than GNOME as a desktop (which is implied if you don't want systemd), and if you're comfortable with using the command line for installation, Alpine Linux is a great choice. The default install has zero systemd.

Yes, it's a command-line install, but it's far easier to install than Gentoo. The core OS install was so fast that I thought it had failed. Once I had that sorted and had installed a few support items, the setup-desktop script installed the whole of KDE and Wayland in a couple of minutes. I rebooted and everything worked. It even got the high DPI screen's resolution right for both KDE and sddm, which literally no other distro I've tried has managed.

A lack of bloat doesn't just make Alpine good for containers, it's also really responsive in general use. (Which is how computers ought to be with modern hardware.)

The package manager is nice. Think APT, but much faster. It automatically keeps a separate record of what you've actually asked to install versus dependencies that were dragged in, for easy automatic bloat removal.

Downsides:

- No proprietary Nvidia driver available, you need to use nouveau, so no CUDA or high performance gaming.
- Documentation (including installation) is scattered in pieces on a wiki.
- A lot less stuff prepackaged for you than Debian. Check https://pkgs.alpinelinux.org/ to see if things you need are available.
- You'll need to get used to some things being different thanks to use of busybox, no sudo, no bash by default, and so on.

My conclusion: Command line user? Try Alpine. Everyone else? Use Debian, and hope they move away from systemd.

I might revise this opinion if things break a lot during regular updates (hello Fedora), time will tell. #AlpineLinux #Linux

Releases are still pending, but our repositories all received upgraded kernels to address copy.fail (CVE-2026-31431).

So make sure you upgrade to the latest available kernels.

edge: >= linux-lts-6.18.22
3.23: >= linux-lts-6.18.22
3.22: >= linux-lts-6.12.85
3.21: >= linux-lts-6.12.85
3.20: >= linux-lts-6.6.137
3.19: >= linux-lts-6.6.137
3.18: >= linux-lts-6.1.170
3.17: >= linux-lts-5.15.204

#AlpineLinux #security

Checking the #CopyFail #CVE_2026_31431 status on #AlpineLinux, again nothing heard officially from @alpinelinux but I did see this:

https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/4#issuecomment-4354558846

Maybe the issue has been quietly dealt with or was never an issue to begin with? It'd be nice to know for certain.

@chuso Probably worth mentioning the related bug on #Gentoo Bugzilla.

https://bugs.gentoo.org/show_bug.cgi?id=CVE-2026-31431

Looks like @thesamesam is well and truly onto it.

Also for #Debian users, at the moment they're working on fixes: https://security-tracker.debian.org/tracker/CVE-2026-31431

Edit: Nothing seen on the #AlpineLinux front, I guess we'll hear from @alpinelinux in due course.

Pro-Grade Ham Radio Displays: Integrating OpenHamClock into PiSignage

758 words, 4 minutes read time.

A Helping Hand Needed for a Fellow Programmer

I’m reaching out to see if you can lend a hand to a talented software developer who’s currently on the job hunt. With over 30 years of experience in C#, .NET (Core/6–8), REST APIs, SQL Server, Angular/Razor, Kubernetes, and cloud CI/CD, he’s a seasoned pro with a proven track record of leading modernization projects and delivering production systems.

Some of his notable accomplishments include DB2 to SQL migrations, building real-time SignalR apps, and developing full-stack API and frontend projects. Based in Southeast Michigan, he’s looking for senior engineering, architecture, or technical lead roles that will challenge him and utilize his skills.

If you’re in a position to help, you can check out his resume and portfolio at http://charles.friasteam.com.

Let’s all look out for each other – if you know of any opportunities that might be a good fit, could you please consider passing this along to your network?

—

If you are a ham radio operator, you know that a HamClock is the ultimate shack companion. But what if you want to move beyond a dedicated small screen and integrate that data-rich display into a professional digital signage environment?

By using PiSignage, you can rotate your HamClock with other station metrics, weather, or club announcements. However, getting a clean, secure, and “pop-up free” experience requires a few tricks.

In this post, I’ll show you how to deploy OpenHamClock using Docker and how to strip away the UI clutter for a seamless kiosk experience.

The Setup

To follow along, you will need a PiSignage server instance. I personally run mine as a Docker container, which keeps the server stack isolated and easy to back up.

1. The Docker Compose Configuration

PiSignage and modern browsers often require secure contexts (HTTPS) for certain features. Since the standard HamClock output is HTTP, we’ll use a two-service setup: the clock itself and a lightweight SSL-wrap sidecar using socat and openssl.

docker-componse.yml

 services:    openhamclock:      image: ghcr.io/accius/openhamclock:latest      container_name: openhamclock      expose:        - "3000"      environment:        - CALLSIGN=<CALL SIGN>        - LOCATOR=<Grid Square Locator>        - THEME=dark        - UNITS=imperial      restart: unless-stopped     ssl-wrap:      image: alpine      container_name: hamclock-ssl      ports:        - "3000:3000"      command: >        sh -c "apk add --no-cache socat openssl &&                openssl req -x509 -newkey rsa:2048 -keyout /tmp/key.pem -out /tmp/cert.pem -days 365 -nodes -subj '/CN=localhost' &&               cat /tmp/cert.pem /tmp/key.pem > /tmp/combined.pem &&               socat OPENSSL-LISTEN:3000,cert=/tmp/combined.pem,verify=0,fork,reuseaddr TCP:openhamclock:3000"      restart: unless-stopped 

2. Silencing the “What’s New” Pop-ups

When using HamClock as a signage element, you want it to be “set and forget.” The “What’s New” slide-ins are helpful for desktop users but ruin a clean kiosk display.

While there is a formal change request pending for a toggle, you can currently “force” these elements to stay hidden by injecting a bit of CSS directly into the distribution files. Run this command within your app environment:

find /app/dist -name "*.css" -exec sh -c 'echo "div[style*=\"whatsNewSlideIn\"], div[style*=\"backdrop-filter\"] { display: none !important; }" >> {}' \;

3. Setting Up the Slide in PiSignage

Once your containers are humming along, you need to tell PiSignage how to display the clock.

Create the Weblink Asset

1. Log in to your PiSignage Admin Panel.
2. Navigate to Assets > Add > Weblink.
3. Fill in the details:
   • Name: OpenHamClock
   • Link Address: https://<YOUR-HOSTNAME>:3000/?kiosk=true
4. Click Save.

Pro Tip: The ?kiosk=true suffix is critical. It tells HamClock to hide its own internal menus and headers, giving you a dedicated, high-contrast dashboard perfect for a wall-mounted display.

Deploy to Your Player

1. Go to Playlists and add your new “OpenHamClock” asset.
2. Set the Duration: Set this to 0 for a permanent display, or a high number (like 300 for 5 minutes) if it’s part of a rotation.
3. Go to Groups, select your player, and deploy the playlist.

Your screen should refresh and show a beautiful, clean HamClock interface within seconds!

Running PiSignage in Docker?

For those of you looking to keep your entire server stack contained, running the PiSignage central server in Docker is the way to go. It keeps your host OS clean and makes management a breeze.

If you’d like me to discuss how to set up a dockerized PiSignage server, please comment below!

— 73 —

Call to Action

Getting this stack to play nice wasn’t a “one-and-done” install. It was a hard-fought process that took multiple attempts to finally crack the code on bypassing those “What’s New” screens and forcing a clean kiosk display. But the victory is in the uptime.

Don’t just lurk. If you’ve got the guts to show how you’re rebuilding your station on the wreckage of the old ways, drop a comment below. How are you occupying the victory today?

D. Bryan King

Sources

• OpenHamClock GitHub Repository (accius)
• Original HamClock Source by Clear Sky Institute
• PiSignage Official Documentation
• Docker Compose Specification and Documentation
• Alpine Linux Official Docker Image
• Socat Man Page – Multipurpose Relay Tool
• OpenSSL Official Documentation
• Maidenhead Locator System Overview
• Deep Dive: HamClock on Raspberry Pi
• PiSignage Server Docker Implementation
• Raspberry Pi Kiosk Mode Configuration
• MDN Web Docs: CSS Display Property
• Docker CMD vs Entrypoint Explained
• Understanding Self-Signed SSL Certificates
• ARRL: Understanding Grid Squares
• CSS Attribute Selectors (For Style Injection)
• Docker Container Networking Guide
• Linux Find Command Documentation
• Portainer: Managing Dockerized Signage Stacks
• PiSignage Community Support Forum

Disclaimer:

I love sharing what I’m learning, but please keep in mind that everything I write here—including this post—is just my personal take. These are my own opinions based on my research and my understanding of things at the time I’m writing them. Since life moves way too fast and things change quickly, please use your own best judgment and consult the experts for your specific situations!

Related Posts

Rate this:

ifstate 2.2.6 - a tool for declarative network configuration for Linux - was released:
https://codeberg.org/routerkit/ifstate/releases/tag/2.2.6

This is a bug-fix only release:
- fix MTU configuration for newly created tun links
- fix exception if wireguard sockets cannot be opened (i.e. due to missing kernel modules)

The new release is already available in #AlpineLinux and in the RouterKit Debian package repository.

#linuxnetworking #ifstate #RouterKit

to advance the alpine AI policy conversation, i have proposed simply aligning alpine's AI policy with the one introduced in postmarketOS.

it is good enough for now.

#alpinelinux

oh, great, alpine linux VMs are about to be represented as indications of compromise by shitty security scanners

https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/

#alpinelinux

@witix next time use the #AlpineLinux hashtag :)

Though #alpinelinux is pulling on me as well. So much to like!