For a long time, we were unhappy with having to care about security issues and Linux distribution maintenance on our various Raspberry Pis.
Then, we had a crazy idea: what if we got rid of memory-unsafe languages and all software we don’t strictly need?
Turns out this is feasible. gokrazy is the result.
All are updated using the same command.
On a regular Linux distribution, we’d largely use systemctl’s start, stop, restart and status verbs to manage our applications. gokrazy comes with a convenient web interface for seeing process status and stopping/restarting processes.
Sometimes, an interactive
busybox session or a quick
tcpdump run are invaluable. breakglass allows
you to temporarily enable SSH/SCP-based authenticated remote code
execution: scp your statically compiled binary, then run it
interactively via ssh.
Due to no C runtime environment being present, your code must compile
with the environment variable
cross-compile for the Raspberry Pi 3 or 4,
GOARCH=arm64. If your program still builds, you’re
good to go!
After building a new gokrazy image on your computer, you can easily
update an existing gokrazy installation in-place thanks to the A/B
partitioning scheme we use. Just specify the
flag when building your new image.
A tiny amount of configuration is built into the images (e.g. hostname, password, serial console behavior). In general, we prefer auto-configuration (e.g. DHCP) over config files. If you need more configurability, you may need to replace some of our programs.