Should you switch to Alpine Linux? If so, why? Let’s forget the hype and do a detailed Alpine Linux vs. Ubuntu comparison. This post is not intended to be a “which is better” guide; it is a comparison of Alpine Linux vs. Ubuntu. Both operating systems are great, and each one has its own pros and cons. Also, we will look at using Alpine Linux as a host operating system and as a container base image.
Table of Contents
What is Ubuntu?
Ubuntu is a Linux distribution based on Debian GNU/LINUX. And it is one of the most downloaded Linux distributions. It supports the GNU C library and has APT-based package management tools.
What is Alpine Linux?
Alpine Linux is an independent, non-commercial, general-purpose Linux distribution. That said. Power users love Alpine Linux because they like its security, simplicity, and efficiency.
Alpine Linux vs Ubuntu comparison
Hardware
The hardware requirements depend on your needs. For example, you will need more RAM and storage if you want a GUI/Desktop. The examples below focus on a minimal install without a GUI interface. Besides, Alpine Linux has no official desktop. And, a GUI is completely up to you. You can use Xfce or KDE (among others) if you want a GUI.
Alpine Linux requires at least 100 MB of RAM and between 0 and 700 MB of storage space. In comparison, Ubuntu requires at least 512 MB of RAM and at least 1 GB of storage.
Alpine Linux’s minimal hardware need makes it ideal for running on small devices. Much like DD-WRT, OpenWrt, and Tomato, you can even run it as a router operating system.
Also, Alpine Linux provides limited support for peripherals. You may want to check the compatibility for Nvidia, ATI/AMD, etc.
Source(s):
- https://wiki.alpinelinux.org/wiki/Installation
- https://wiki.alpinelinux.org/wiki/Requirements
- https://www.techrepublic.com/article/ubuntu-server-the-smart-persons-guide/
- https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions
Security
Since Alpine Linux is small, it has a minimal attack surface. Less code leads to fewer bugs and vulnerabilities but does not make it more secure.
Alpine Linux says it is more secure because of all user-land binaries:
- Are compiled as Position Independent Executables (PIE)
- Has Stack-Smashing Protection (SSP) enabled.
Thus, preventing the exploitation of zero-day and other vulnerabilities. PIE achieves this in an interesting way. It loads itself (and its dependencies) into random locations within virtual memory. Stack Smashing Protection helps detect stack buffer overruns. SSP makes return-oriented programming attacks much more difficult to execute.
Ubuntu has also implemented PIE by default as of 17.10 for all architectures in the Ubuntu archive. Also, Ubuntu has stack protection enabled on the Kernel. According to Ubuntu, PIE has a 5-10% performance penalty on x86_32, but this is not the case for x86_64.
Additionally, Ubuntu is bundled with a complete set of GNU C libraries and standard tools. And, since GNU Compiler Collection contains roughly 15 million code lines (as of 2019). You can thus understand that with a large library comes the overhead of maintaining.
At the time of writing:
CVE Details reported 3 CVEs for Alpine Linux and 89 for Ubuntu. Searching a CVE Mitre, “Alpine Linux” finds 7 CVE records, while “Ubuntu” finds 8327 CVE records.
Source(s):
- https://www.cvedetails.com/vendor/16697/Alpinelinux.html
- https://www.cvedetails.com/vendor/51/Ubuntu.html
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=alpine+linux
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ubuntu
- https://access.redhat.com/blogs/766093/posts/1975793
- https://wiki.ubuntu.com/Security/Features#pie
Performance
As mentioned before, Alpine Linux requires less code. A smaller code-base allows for the faster building, pushing, and pulling of images. Start times are reduced, and scanning does not take long. See the testing result section further below for evidence.
Note: This is not always the case. According to this post, dated 06 Apr 2021, Alpine Linux can make Python Docker builds 50x slower. This is due to differences between musl libc and GNU glibc.
Support
Alpine Linux releases a new main version each May and November. The main repository is typically supported for two years. In contrast, the community repository is supported until the next stable release.
Ubuntu is released every six months. And a long-term support (LTS) version is released in April every two years. LTS releases are “enterprise-grade” and are supported for five years.
Unlike Ubuntu, Alpine Linux does not currently provide commercial support.
Source(s):
Core Components
musl libc vs. GNU glibc
musl libc is a complete rewrite of C and provides a clean, modern code-base. As a result, musl libc is lightweight and requires about 600 KB vs. GNU, which requires about 10 MB. Furthermore, musl libc is best-suited in corner cases, especially with threading. Low memory or other resource-exhaustion conditions are never fatal to musl libc. Finally, musl libc provides first-class support for UTF-8/multilingual text.
Source(s):
BusyBox vs. GNU Core Utils
BusyBox combines small versions of common UNIX utilities into a single executable. And it provides a minimalist replacement for most utilities you use. It also contains tools from GNU Coreutils, util-linux, and others. The utilities in BusyBox generally have fewer options than GNU Core Utils. But the options provide the same expected functionality. And BusyBox should behave similarly to GNU Core Utils. BusyBox removes some GNU extensions, localization data, and more.
GNU Utilities provides many more tools, and it is backward compatible. Of course, this makes it more extensive and complex than BusyBox. You can install GNU Core Utils on Alpine Linux if needed.
Source(s):
- https://www.busybox.net/downloads/BusyBox.html
- https://en.wikipedia.org/wiki/Util-linux
- https://pkgs.alpinelinux.org/package/v3.3/main/x86/coreutils
APK vs. APT
Ubuntu uses APT for package management. Hence, software installation and removal are handled via the “apt-get” utility. On the other hand, Alpine uses the APK for package management. Thus, software installation is handled by the “apk add” utility. Similarly, “apk del” can be used to remove a package. Thus, both the APK and APT utilities function similarly.
Here are some of the differences when using these commands:
APT (Ubuntu) | APK (Alpine) | |
Update | apt-get update | apk update |
Version | apt-get -V -s upgrade | apk version -v |
Adding Package | apt-get install pkg1 pkg2 | apk add pkg1 pkg2 |
Reinstalling a particular package | apt-get install –reinstall pkg1 pkg2 | apk del pkg1 && apk add pkg1 |
Search | apt-cache search keyword | apk search keyword |
Remove package | apt-get remove pkg1 | apk del pkg1 |
APK is faster than APT. APT is resource-intensive as it takes three reads and two write operations. APK, almost always, completes before other package managers. The APK process requires only one read and one write.
Ash vs. Dash
Ubuntu uses Debian Almquist’s shell (Dash). The Almquist shell (also known as ash or sh) is used on Alpine Linux. Ash is more lightweight than Dash. Dash and Ash are not 100% compatible, but you would rarely encounter inconsistencies. See the testing result section below for evidence.
You can access a container running Ubuntu’s dash shell by running:
docker exec -it <container_name> bash
On the other hand, you can access a container running Alpine Linux’s ash shell by running:
docker exec -it <container_name> /bin/ash
Source:
Testing results
The following tests do a comparison using Alpine Linux v3.13 and Ubuntu Server 20.04.2 LTS. Each instance was using an AWS T2 Micro sizing with 1 core and 1 vCPU.
We can prove some of the previously mentioned topics using the time command in Linux. This will give us the elapsed time from when you hit the enter key until the command is completed.
Test startup of WordPress on Alpine Linux
Result: Average startup 0.49 seconds.
root@ip-10-0-2-234:/home/alpine# time docker run --rm -d wordpress
92a19eed723cdb6ef073fd58b0fed45ba02320986c8d2dc4b964bf21c89b255c
real 0m 0.47s
user 0m 0.02s
sys 0m 0.02s
root@ip-10-0-2-234:/home/alpine# time docker run --rm -d wordpress
26c80fb4ad321ab79fae5148fdab2406b288e0efdc1af211bda680836d5563e9
real 0m 0.51s
user 0m 0.02s
sys 0m 0.01s
root@ip-10-0-2-234:/home/alpine# time docker run --rm -d wordpress
e4bfc492ba28c77c0b18c4ece1bd27201e00f0e2193f133d5a251f39566f835c
real 0m 0.49s
user 0m 0.02s
sys 0m 0.02s
Test startup of WordPress on Ubuntu
Result: The average startup is 0.587 seconds.
root@ip-172-31-10-179:/home/ubuntu# time docker run --rm -d wordpress
1709d25e62778342503175a65b29fe625d022565587763f5c82d3efdddf4fcf8
real 0m0.507s
user 0m0.028s
sys 0m0.020s
root@ip-172-31-10-179:/home/ubuntu# time docker run --rm -d wordpress
b46cbff58939db2c3b9eeff6e565b6e943db218463b30df0f1681405b1ab3a76
real 0m0.703s
user 0m0.022s
sys 0m0.026s
root@ip-172-31-10-179:/home/ubuntu# time docker run --rm -d wordpress
6aa712fb5b333b23b77ed056354d06dc5ace92d804ef6032f20bb36511244174
real 0m0.551s
user 0m0.028s
sys 0m0.019s
Compare base image sizes
Result: The Alpine Linux image is 5.61 MB, which is considerably smaller than Debian or Ubuntu.
root@ip-10-0-2-234:/home/alpine# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 6dbb9cc54074 2 days ago 5.61MB
debian latest 0d587dfbc4f4 7 days ago 114MB
ubuntu latest 26b77e58432b 2 weeks ago 72.9MB
Compare WordPress image size
Result: The Alpine Linux image version of WordPress is 351 MB smaller.
root@ip-172-31-10-179:/home/ubuntu # docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
wordpress php8.0-fpm-alpine 6b5f99037a83 38 hours ago 199MB
wordpress latest c01290f258b3 38 hours ago 550MB
Compare Dash vs Ash
Results: There are differences in the way scripts are handled.
On Ubuntu Dash:
ubuntu@ip-172-31-10-179:~$ echo a{p,c,d,b}e
ape ace ade abe
ubuntu@ip-172-31-10-179:~$ echo {a,b,c}{d,e,f}
ad ae af bd be bf cd ce cf
ubuntu@ip-172-31-10-179:~$ echo file{1..4}.txt
file1.txt file2.txt file3.txt file4.txt
And then, on Alpine Linux Ash:
alpine@ip-10-0-2-234:~$ echo a{p,c,d,b}e
a{p,c,d,b}e
alpine@ip-10-0-2-234:~$ echo {a,b,c}{d,e,f}
{a,b,c}{d,e,f}
alpine@ip-10-0-2-234:~$ echo {1..10}
{1..10}
Compare Docker stats for 10 WordPress on Ubuntu containers using Alpine Linux vs. Ubuntu as the host
Results: Alpine Linux seems to use less memory than Ubuntu as a host.
On Alpine Linux:
And then, on Ubuntu:
Compare Docker stats for 10 WordPress on Ubuntu vs. Alpine Linux containers
Results: Alpine Linux containers seem to use less memory and processes.
WordPress Ubuntu base container:
And then, on WordPress with an Alpine Linux base container:
Source(s):
- https://nickjanetakis.com/blog/the-3-biggest-wins-when-using-alpine-as-a-base-docker-image
- https://linuxize.com/post/linux-time-command/
Wrapping up
Alpine Linux and Ubuntu both have their own pros and cons. Choosing one or the other can depend on many factors. Hopefully, the comparison between Alpine Linux and Ubuntu gave you some tips.
You should not choose Alpine Linux if you are concerned about the following:
- Commercial support – since Alpine Linux does not provide this.
- Good localization – since musl libc and BusyBox provides limited localization support.
- Package support – since musl libc and glibc have different approaches. Some precompiled applications need glibc and cannot use musl libc.
- Kernel differences – Alpine Linux ships with Open JDK and not Oracle Java due to grsec.
- Linux skills – since Alpine Linux is aimed at Linux power users. Some tasks may need a few extra steps and advanced skills.
It is better to use Alpine Linux if you have processing, memory, network, or storage constraints. Luckily, storage and networking are affordable in most instances. Alpine Linux is also a clear winner if you are concerned about the attack surface.
Finally, use scientific methods to determine the best choice for you. Then, please test it out, and consider all the factors, including the human costs to learn, support, and adapt existing systems.