For a long time, we were unhappy about having to spend so much time on each of our various Raspberry Pis, taking care of security updates and other general Linux distribution maintenance.
Then, we had a crazy idea: what if we massively reduced the overall system complexity by getting rid of all software we don’t strictly need, and instead built up a minimal system from scratch entirely in Go, a memory safe programming language?
Turns out this is feasible. gokrazy is the result. See it in action in this first installation demo video:
What’s appealing about building an appliance entirely in Go? You get the same advantages you get when building Go software elsewhere:
gok runcommand allows for a fast edit-run loop.
On a regular Linux distribution, we’d largely use systemctl’s start, stop, restart and status verbs to manage our applications. gokrazy comes with a convenient web interface for seeing process status and stopping/restarting processes.
Sometimes, an interactive
busybox session or a quick
tcpdump run are invaluable. breakglass allows
you to temporarily enable SSH/SCP-based authenticated remote code
execution: scp your statically compiled binary, then run it
interactively via ssh.
Due to no C runtime environment being present, your code must compile
with the environment variable
cross-compile for the Raspberry Pi 3 or 4,
GOARCH=arm64. If your program still builds, you’re
good to go!
After building a new gokrazy image on your computer, you can easily
update an existing gokrazy installation in-place thanks to the A/B
partitioning scheme we use. Just use the
A tiny amount of configuration is built into the images (e.g. hostname, password, serial console behavior). In general, we prefer auto-configuration (e.g. DHCP) over config files. If you need more configurability, you may need to replace some of our programs.