The void linux distribution

The Void (Linux) distribution

Void is a general purpose operating system, based on the monolithic Linux kernel. Its package system allows you to quickly install, update and remove software; software is provided in binary packages or can be built directly from sources with the help of the XBPS source packages collection.

It is available for a variety of platforms. Software packages can be built natively or cross compiled through the XBPS source packages collection.

Visit the Void build server console for package build status updates.

Contribute to the Void Linux project by adding and updating packages and extending the documentation. More information can be found in the Handbook.

Not a fork!

Void Linux is an independent distribution, developed entirely by volunteers.

Unlike trillions of other existing distros, Void is not a modification of an existing distribution. Void’s package manager and build system have been written from scratch.

Stable rolling release

Void focuses on stability, rather than on being bleeding-edge. Install once, update routinely and safely.

Thanks to our continuous build system, new software is built into binary packages as soon as the changes are pushed to the void-packages repository.

runit

We use runit as the init system and service supervisor.

runit is a simple and effective approach to initialize the system with reliable service supervision. Refer to the Void Handbook for an introduction.

C library diversity

Void Linux supports both the musl and GNU libc implementations, patching incompatible software when necessary and working with upstream developers to improve the correctness and portability of their projects.

xbps is the native system package manager, written from scratch with a 2-clause BSD license.

XBPS allows you to quickly install/update/remove software in your system and features detection of incompatible shared libraries and dependencies while updating or removing packages (among others). Refer to the Handbook for an overview.

xbps-src

xbps-src is the xbps package builder, written from scratch with a 2-clause BSD license.

This builds the software in containers through the use of Linux namespaces, providing isolation of processes and bind mounts (among others). No root required!

Additionally, xbps-src can build natively or cross compile for the target machine, and supports multiple C libraries (glibc and musl currently).

void-packages changes

xbps changes

Recent news

October 03, 2021

US Mirror Retirement

The alpha.us.repo.voidlinux.org mirror has been retired. Users should switch to https://repo-us.voidlinux.org for continued service out of the central US. As part of the switch the US tier one mirror has gained TLS, and is running on a more reliable host.

All contributors with in-flight PRs should rebase to ensure that the latest URL is reflected in your branch’s CI configuration.

September 23, 2021

Hacktoberfest 2021

Are you ready for Hacktoberfest 2021? Void Linux is! We’re excited to be participating for our 5th year. Contributions that help to address our out-of-date packages queue are especially welcome. This is a great way to dip your feet into the world of Linux distro package management and what happens behind the scenes to provide a wide selection of packages and make sure your system remains up to date.

Updating packages is very easy. You can select a package from the list of out of date packages and update it using the tools in the void-packages repo. The manual might be of assistance when you are updating packages.

As a general rule, we recommend that newcommers to the Void Linux project steer clear of “structural” packages unless you have specific domain knowledge that qualifies you to work on high-risk packages. When selecting a package to update, prefer packages registered to orphan@voidlinux.org . These packages are otherwise unmaintained, and your contribution will have a bigger impact. You can update packages that have a maintainer assigned, but understand that conflicting changes between a maintainer and contributor will be resolved at the discretion of Void staff.

Here are some useful tips when updating packages:

While we’re not completely opposed to PRs that add new packages, you’re much more likely to get your PR approved and merged if it’s a well written update.
Don’t PR broken code. Our maintainers are much less likely to give a second look to a PR that didn’t build when it was submitted.
While it’s possible to run xbps-src from an alien distro, this isn’t really supported. If you’re a seasoned Linux user and want to try Void, now is the time!
The update list is sometimes wrong. We’d love to get patches that improve its reliability by ignoring beta versions or adding checks to packages that are not correctly detected as out of date.
If you have expertise in C, GNU Autotools, or other build systems, taking a look at projects that we’ve marked as incompatible with cross compilation and fixing the upstream issue can be an amazing contribution that impacts more than just Void.

We look forward to working with the amazing world of open source developers this month to improve Void and continue our high standards for quality and reliability. To ensure your PR has the best chance at being accepted, feel free to reach out for help as explained in the manual. Together, we can make this a high-impact Hacktoberfest.

Linux® is a registered trademark of Linus Torvalds (info)

Источник

Installation

This section includes general information about the process of installing Void. For specific guides, see the «Advanced Installation» section.

Base system requirements

Void can be installed on very minimalist hardware, though we recommend the following minimums for most installations:

Architecture	CPU	RAM	Storage
x86_64-glibc	x86_64	96MB	700MB
x86_64-musl	x86_64	96MB	600MB
i686-glibc	Pentium 4 (SSE2)	96MB	700MB

Note that flavor installations require more resources; how much more depends on the flavor.

Void is not available for the i386, i486, or i586 architectures.

Before installing musl Void, please read the «musl» section of this Handbook, so that you are aware of software incompatibilities.

It is highly recommended to have a network connection available during install to download updates, but this is not required. ISO images contain installation data on-disk and can be installed without network connectivity.

Downloading installation media

The most recent live images and rootfs tarballs can be downloaded from https://alpha.de.repo.voidlinux.org/live/current/. They can also be downloaded from other mirrors. Previous releases can be found under https://alpha.de.repo.voidlinux.org/live/, organized by date.

Verifying images

Each image release’s directory contains two files used to verify the image(s) you download. First, there is a sha256sum.txt file containing image checksums to verify the integrity of the downloaded images. Second is the sha256sum.sig file, used to verify the authenticity of the checksums.

It is necessary to verify both the image’s integrity and authenticity. It is, therefore, recommended that you download both files.

Verifying image integrity

You can verify the integrity of a downloaded file using sha256sum(1) with the sha256sum.txt file downloaded above. The following command will check the integrity of only the image(s) you have downloaded:

This verifies that the image is not corrupt.

Verifying digital signature

Prior to using any image you’re strongly encouraged to validate the signatures on the image to ensure they haven’t been tampered with.

Current images are signed using a signify key that is specific to the release. If you’re on Void already, you can obtain the keys from the void-release-keys package, which will be downloaded using your existing XBPS trust relationship with your mirror. You will also need a copy of signify(1); on Void this is provided by the outils package.

To obtain signify when using a Linux distribution or operating system other than Void Linux:

Install the signify package in Arch Linux and Arch-based distros.
Install the signify-openbsd package in Debian and Debian-based distros.
Install the package listed here for your distribution.
Install signify-osx with homebrew in macOS.

If you can’t obtain signify for some reason (e.g. you are on Windows and can’t use WSL or MinGW), you can use minisign(1) to verify the file.

If you are not currently using Void Linux, it will also be necessary to obtain the appropriate signing key from our Git repository here.

Once you’ve obtained the key, you can verify your image with the sha256sum.sig file. The following example demonstrates the verification of the GCP musl filesystem from the 20191109 release:

If the verification process does not produce the expected «OK» status, do not use it! Please alert the Void Linux team of where you got the image and how you verified it, and we will follow up on it.

For verification with minisign , it is necessary to rename the sha256sum.sig file to sha256sum.txt.minisig and remove the first line from the .pub release key. The following example demonstrates the verification of the sha256sum.txt file from the 20191109 release:

The same warning as above applies. If the verification process isn’t successful, do not use the file — warn the Void Linux team about it.

Источник

The void linux distribution

All live images and rootfs tarballs are available at:

These files can also be downloaded from other mirrors, which are listed in the documentation. Simply navigate to live -> current to find them.

The requirements for these images can be found in the documentation. An internet connection via Ethernet or WiFi is required for network installation.

Verifying file integrity and its digital signature

It is strongly recommended to validate the integrity and authenticity of any downloaded image or tarball before using it, to ensure it hasn’t been tampered with. Instructions on how to do that are provided in the Void Handbook.

x86_64

Installable live images support a local installation (with the included packages) or a network installation (packages are downloaded from official repository).

You can log into these images as anon or root , and the password is voidlinux .

To start the installer, execute the void-installer utility with appropriate permissions (i.e., sudo void-installer ).

enlightenment

cinnamon

Installable live images support a local installation (with the included packages) or a network installation (packages are downloaded from official repository).

You can log into these images as anon or root , and the password is voidlinux .

To start the installer, execute the void-installer utility with appropriate permissions (i.e., sudo void-installer ).

enlightenment

cinnamon

ROOTFS tarballs can be extracted to a previously prepared partition scheme or used for chroot installation.

General and platform specific instructions are available in the documentation.

armv6l

armv7l

aarch64

arm platforms

Live images can be written onto an SD card (i.e. using dd ) and they provide you with a ready to boot system. These images are prepared for 2GB SD cards. Alternatively, use the ROOTFS tarballs if you want to customize the partitions and filesystems.

Connect to the system using a virtual terminal or SSH and log in as root with password voidlinux .

Platform specific instructions for these images are available in the documentation.

Deprecated instructions for the following platforms can be found in these wiki pages (you can help by porting them over to the Void Handbook):

Источник

The void linux distribution

All contributors with in-flight PRs should rebase to ensure that the latest URL is reflected in your branch’s CI configuration.

September 23, 2021

Hacktoberfest 2021

Here are some useful tips when updating packages:

While we’re not completely opposed to PRs that add new packages, you’re much more likely to get your PR approved and merged if it’s a well written update.
Don’t PR broken code. Our maintainers are much less likely to give a second look to a PR that didn’t build when it was submitted.
While it’s possible to run xbps-src from an alien distro, this isn’t really supported. If you’re a seasoned Linux user and want to try Void, now is the time!
The update list is sometimes wrong. We’d love to get patches that improve its reliability by ignoring beta versions or adding checks to packages that are not correctly detected as out of date.
If you have expertise in C, GNU Autotools, or other build systems, taking a look at projects that we’ve marked as incompatible with cross compilation and fixing the upstream issue can be an amazing contribution that impacts more than just Void.

September 03, 2021

DigitalOcean Renews Sponsorship

Void is pleased to announce that DigitalOcean has renewed their sponsorship of our project as part of the Digital Ocean Open Source program. DigitalOcean provides us with reliable infrastructure on which we run the control plane for our distributed fleet of machines, as well as some assorted monitoring and fleet management services. You can find our full list of sponsors on the Acknowledgements page.

Should you also want to run a Void Linux VM on DigitalOcean’s droplet service, we provide tooling for generating Void Linux images in the mklive repository.

July 17, 2021

Repository Signing Disruption

We are aware of an ongoing infrastructure issue affecting repository synchronization and package signing. We are working to resolve this disruption, but first must resolve another unrelated infrastructure issue. We have no short term ETA for service restoration, however our worst case resolution timeline is Friday the 23rd of July.

Your patience is appreciated while we perform this work as fast as possible.

May 26, 2021

Void Linux freenode Channels Have Been Hijacked

We have been made aware that during the mass channel takeover that is ongoing on freenode that bogus ##voidlinux and ##xbps channels have been created in the secondary namespace.

We do not operate or engage with these channels, and we do not maintain an official presence on the freenode network. We are still in the process of finalizing the shutdown of the #xbps and #voidlinux channels in the primary namespace, and have removed our channels from the public listing as part of this process.

Though you should always exercise caution when running code obtained from the internet, we urge you exercise extreme caution when using any code from any channels on the freenode network that claims affiliation with the Void Linux project. You can always find our official points of presence listed at the top of our home page.

If you want to ask the Void team questions in real-time about this or any other Void related matter, feel free to ask at any time in #voidlinux on irc.libera.chat .

May 21, 2021

IRC network switch to Libera

Given the recent upheaval at Freenode, the Void Linux team has made the decision to switch to another IRC network. Our network of choice is libera.chat, managed by former Freenode staff. When accessing #voidlinux and #xbps , be sure to use irc.libera.chat ! We are excited to welcome you there, and hope this doesn’t inconvenience anyone unduly. Be sure to let us know of any issues.

Contacting us will remain the same: you can open an issue on GitHub or ping us in the new #voidlinux channel on libera.chat.

March 27, 2021

In memoriam pullmoll

Today, we were informed that our long time contributor and maintainer Jürgen Buchmüller (pullmoll) has passed away.

With boundless dedication, Jürgen was one of the most prolific contributors to the Void project and sponsored the project financially, too.

He invested lots of his time in keeping GCC up to date and well tested, supplied tons of patches to port packages to new compilers and platforms and also took care of (co-)maintaining many packages, including several non-trivial ones, like OpenJDK and LibreOffice.

He was not only a dedicated and driven developer in the Void Linux project, he also was one of the friendliest and warmest people we had the pleasure to work with. Jürgen will be missed as a steady force and a calm and wise voice in discussions. Most of all, he will be remembered as a friend to all of us.

Our thoughts and condolences go out to Jürgen’s family, friends, and loved ones.

Thank you, pullmoll.

– The Void Linux maintainers

March 05, 2021

Friday in the Void: OpenSSL and Kernel Hardening

The previously announced OpenSSL switch is now underway. Because OpenSSL is a dependency of a large number of packages, the full rebuild process is expected to take several days. Syncing between the builders and public repositories has been suspended to ensure that the package tree remains consistent. Consequently, no new package updates will appear until the switch is complete.

Once updates appear, we recommend that you perform a complete system update to simplify the transition. Partial updates are possible, but you will need to manually trace all OpenSSL dependants installed on your system and update them atomically.

Since 2016, the default bootloader configuration in Void Linux has set the Linux kernel command-line options slub_debug=P and page_poison=1 to provide some level of kernel hardening. Kernel series 5.3 and later offer alternative measures init_on_alloc and init_on_free (see this kernel commit).

Void’s kernels come with the init_on_alloc option enabled by default where available (i.e., linux5.4>=5.4.102 , linux5.10>=5.10.20 and linux5.11>=5.11.3 ). In most cases, you should not disable this option, as it has a fairly minimal impact on performance (within 1%). The init_on_free option is more expensive (around 5% on average) and needs to be enabled by hand by passing init_on_free=1 on the kernel command line. Similarly, init_on_alloc can be disabled if needed by passing init_on_alloc=0 .

As a consequence of these changes, Void’s default kernel command-line now omits the slub_debug and page_poison options. There is a chance that your existing system still has the old options enabled. They still work in newer kernels, but have a performance impact more in line with init_on_free=1 . On older hardware this can be quite noticeable. If you are running a kernel series older than 5.4, you can keep them (or add them) for extra security at the cost of performance; otherwise, you should remove them.

As always, if you experience any issues, feel free to reach out to us! You can open an issue on GitHub or seek help in the #voidlinux channel on https://freenode.net.

February 23, 2021

Switching back to OpenSSL

The Void Linux team is switching back to OpenSSL on March 5th, 2021 (2021-03-05).

For most users, there should be no noticeable change. If you have any packages installed that are no longer provided by Void, or your system has explicit dependencies on LibreSSL, you will of course need to take action to ensure your system continues to function after the switch.

If you experience any issues, feel free to reach out to us! You can open an issue on GitHub or ping us in the #voidlinux channel on https://freenode.net.

A discussion about switching to OpenSSL began in a Request For Comments (RFC) posted on April 12th, 2020, at void-linux/void-packages#20935. Since then, a majority of Void maintainers have expressed support for the move. The main reasons for the switch are as listed in the RFC:

Because most software targets OpenSSL, Void will no longer have to maintain (in some cases, very complex) patches to support LibreSSL. The complexity of the OpenSSL API makes such patching burdensome and risky, with mistakes potentially causing runtime errors or security issues — we have avoided those, as far as we know, but this has required a lot of effort.
Extensive support for platform specific optimizations outside of x86.
Access to new standards and algorithms earlier, such as full TLS 1.3 support.

As a result of the above, the switch to OpenSSL is expected to lessen the time and effort spent on packages that require an OpenSSL-like library. This is especially notable because most other distributions which used LibreSSL have dropped it, so there aren’t as many people amongst whom to distribute the effort.

Alpine, which switched to LibreSSL temporarily, switched back to OpenSSL in January 2019, with the 3.9.0 release.
More recently, Gentoo, which used to offer LibreSSL as an option, has discontinued that support as well.

For further context, LWN covered the subject of LibreSSL on Linux at the beginning of this year. The article also covers the attention and improvements that the OpenSSL project has received post-Heartbleed, which was one of the main reasons for Void’s initial switch to LibreSSL.

For an example of extra work caused by packages that expect OpenSSL, Void’s version of Qt5 is heavily patched in order to properly support LibreSSL. Furthermore, the just released Qt6 would also need significant effort to be patched and maintained to use LibreSSL, without the possibility of such effort being upstreamed.

At the same time, other software can have limited functionality or hit edge cases when using LibreSSL, due to not being thoroughly tested with it. One example is Python, which is limited in the ciphers available to running programs, since it depends on what the SSL library provides — they are even considering dropping any support for LibreSSL in the future. Another example is OpenVPN, which we have received bug reports for connection issues with LibreSSL (void-linux/void-packages#23413). This required us to switch the package to use Mbed TLS by default, resulting in some limitations to the resulting package. With the switch to OpenSSL, the OpenVPN package will now be provided in the most widely deployed and tested configuration, so similar compatibility hiccups are unlikely to reappear.

Unfortunately, this move has required us to drop some packages that rely on the OpenSSL 1.0.1 API; while LibreSSL maintains compatibility with this legacy API, modern OpenSSL has abandoned it.

One great feature of LibreSSL not offered by OpenSSL is the libtls library, which aims to be a hard to misuse interface for communicating over the web safely, with sane defaults. Some of the packages we ship depend on it, so work has been done to package a standalone version of it in void-linux/void-packages#28732.

The Void Linux team is grateful for the work of the OpenBSD community on libressl-portable, we have greatly benefited from their work. Void continues to package other excellent OpenBSD software, including OpenSSH and signify, which is our tool of choice for signing live images.

In conclusion, we expect our switch to OpenSSL to ease maintenance overhead, provide the same reliable experience to users, and improve functionality in select packages. Look forward to the update landing some time after March 5th!

February 18, 2021

New Images!

We’re pleased to announce that the 20210218 image set has been promoted to current and is now generally available.

You can find the new images on our downloads page and on our many mirrors.

Special thanks for this image set goes out to @ericonr for work in validating the images, and to @paper42 for providing us a new image in the grub splash screen.

You may verify the authenticity of the images by following the instructions on the downloads page, and using the following signify key information:

Linux® is a registered trademark of Linus Torvalds (info)

Источник