1
I'm looking for a Linux live-cd image with openssl installed. I do not want a graphical interface and the image must be as small as possible (< 500MB). The purpose is to build a certificate authority.
madjack
Posted 2017-08-23T14:24:39.597
Reputation: 301
2
Have you looked at Alpine? The standard edition (which which does not include OpenSSL, but allows it to be installed trivially with apk add openssl) is roughly 110MB for 64-bit x86, and the extended edition is about 300MB (which does include OpenSSL according to the package list here). IF you're just looking for a bare-bones system with a known state, Alpine is probably one of your best pre-built options.
If you're willing to do a bit more work, it would not be hard to put something together yourself with Buildroot. I've actually used that for similar one-sff stuff, and it's pretty easy to get a basic system that takes up less than 50MB.
One word of caution though, be careful using such a system for a CA. The known and verified boot state is nice, but you're probably going to be starved for entropy at least initially unless you're running on a recent Intel CPU (AMD still doesn't have RDRAND or RDSEED yet) or manually inject entropy.
Austin Hemmelgarn
Posted 2017-08-23T14:24:39.597
Reputation: 4 345
I had already checked Alpine, seems very good, but it does not provide openssl, even in the extended version. For the entropy, I did not though about it, is it gonna be even worse with QEMU? – madjack – 2017-08-23T14:40:37.383
Huh, I could have sworn that Alpine included openssl. FWIW, it's pretty trivial to install (apk add openssl), and Alpine does support installing new packages in the LiveCD environment (and the result is 100% reproducible). As far as entropy and QEMU, there is a VirtIO RNG device you can add to the VM to pass through the host's /dev/urandom as an entropy source, but it's kind of complicated to configure. – Austin Hemmelgarn – 2017-08-23T14:44:36.147
I know but I do not want to have to install packages – madjack – 2017-08-23T14:48:12.413
Also, the extended edition does have OpenSSL (just cross verified with their upstream package list and a downloaded copy). – Austin Hemmelgarn – 2017-08-23T14:49:36.783
This is weird, I just ran the image with QEMU and tried running it – madjack – 2017-08-23T14:51:41.820
Did you have the basic version or the extended one? – Austin Hemmelgarn – 2017-08-23T14:52:44.320
Well the extended one. I'm gonna try again. – madjack – 2017-08-23T14:54:25.973
I just tried again, openssl is not in alpine extended. – madjack – 2017-08-23T15:08:30.723
0
Devuan has a minimal live-cd with openssl (~300MB).
madjack
Posted 2017-08-23T14:24:39.597
Reputation: 301
Try PuppyLinux. You can install it on a USB pendrive.
– Burgi – 2017-08-24T08:15:42.553