{"id":48561,"date":"2022-09-22T17:47:27","date_gmt":"2022-09-22T17:47:27","guid":{"rendered":"http:\/\/2ce4110c-c967-40da-8a1b-0d4ec9ca7bd6"},"modified":"2022-09-22T17:47:27","modified_gmt":"2022-09-22T17:47:27","slug":"chainguard-releases-wolfi-a-linux-undistribution","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chainguard-releases-wolfi-a-linux-undistribution\/","title":{"rendered":"Chainguard releases Wolfi, a Linux ‘undistribution’"},"content":{"rendered":"
\n
\n
\"Open<\/picture><\/div>\n

<\/div>\n

Wright Studio\/Shutterstock<\/span><\/figcaption><\/figure>\n

There are many Linux distributions designed expressly for containers. Even Microsoft has one, Common Base Linux (CBL)-Mariner<\/a>. Others include Alpine Linux<\/a>, Flatcar Container Linux<\/a>, Red Hat Enterprise Linux CoreOS (<\/a>RHCOS<\/a>)<\/a>, and RancherOS<\/a>. Now Chainguard<\/a>, a cloud-native software security company, has a new take on this popular cloud-friendly kind of Linux: Wolfi, an “undistribution.” <\/p>\n

I asked Chainguard CEO and founder Dan Lorenc at Open Source Summit Europe<\/a> in Dublin what he meant by an “undistrbution.” He explained, “We call it an undistribution because that’s technically correct. Inside of a container, you have everything but Linux, right? So, even though it’s based on Linux, it’s not really correct to call it a Linux distribution.” <\/p>\n

What most people call a Linux container, Lorenc continued, is “a distro that boots up on hardware and gets you to a container runtime. Alpine is probably the most heavily used such distro. Wolfi is the opposite of this. It’s distroless. It’s minimal to the point of not even having a package manager.” It has just enough to run your containerized application, and that’s it.  <\/p>\n

To make this new Linux variant, Lorenc said, “We hired a bunch of the original Alpine team. But, Alpine was never designed for containers. It was originally designed for routers, firmware, and that kind of thing. What made it attractive for containers was its size and security.” Wolfi takes that minimal approach to an extreme for the sake of security. <\/p>\n

Also:<\/strong> Rust will go into Linux 6.1, Linus Torvalds says<\/strong><\/a><\/p>\n

Lorenc explained, “We believe in minimizing dependencies as much as possible, which simplifies auditing, updating, and transferring images, as well as reducing the potential attack surface. Wolfi [named for the smallest and most flexible octopus] is designed from the ground up to take full advantage of these containerized environments while maximizing security.”  <\/p>\n

Wolfi does more than just cut out all the fat to secure itself. It also comes with built-in software supply chain security measures. Specifically, key features are: <\/p>\n