
ISH: An Alpine Linux Shell on iOS - qubex
https://ish.app
======
supdatecron
Wow. This gave me a flashback to the early days of iOS jailbreaking, back in
late 2000's. Wasn't "alpine" the password for the original jailbreak (that you
downloaded over a safari/web PDF link if I recall). I never did learn exactly
why "alpine" was the password...

~~~
seltzered_
Yes, alpine was the password. I'm hoping ipadOS (not iOS) will eventually get
some ability to compute/develop/run software without the hacks, just because
the current state is absurd. I've made a collage to illustrate this:
[https://imgur.com/a/CQwApt8](https://imgur.com/a/CQwApt8)

Text summary:

iSH - enable location services to run things in the background.

A couple youtube videos talking about having yet another device to do things
like terminal access (via having a raspi over usb-c) or

UTM (virtual machine host) - which from my understanding requires a paid 99/yr
developer profile to run.

~~~
layoutIfNeeded
Thanks, I’ve reported iSH to Apple for misusing the location API for
background execution.

~~~
lawfulcactus
...why? If you don't like it, just don't install it. Not sure why you feel the
need to ruin it for everyone else.

~~~
saagarjha
Because they, like some people I know, think that Apple should enforce their
rules consistently but fail to realize that the position they’re in means they
will never do so, and as such their actions are merely petty regardless of
their end goal.

------
miguelmota
I just noticed that there's a word counter badge on the ISH github README that
counts how many times the word fuck shows up in the codebase

[https://github.com/tbodt/ish](https://github.com/tbodt/ish)

------
headmelted
ISH makes me happy and frustrates me in equal measure.

On one hand, it’s exactly what I want on iOS in terms of a shell and Posix
sandbox.

On the other, it forces x86 emulation on me that I don’t want. If ISH could
just give me an aarch64 environment without QEMU at all I’d be in love.

~~~
nneonneo
The biggest problem is that iOS completely bans executing native code that
isn’t code signed, with the sole exception of the Safari JIT (and possibly
Swift Playgrounds - not sure how that works). There’s weird hacks to get
around this, e.g. a JIT compiler that compiles native code into ROP chains
that jump around gadgets precompiled into your native binary, but otherwise
there’s really no way to run arbitrary CPU-native code. Hence, the emulator.
And if you have to emulate the CPU, you might as well emulate the most popular
CPU for compatibility.

~~~
saagarjha
Swift Playgrounds has the com.apple.private.amfi.can-execute-cdhash
entitlement, which allows it to dynamically load unsigned code.

------
sigjuice
Apple should officially expose the Unix underneath so ARM homebrew can be a
possibility.

~~~
headmelted
This isn’t needed though.

Chrome OS handles this quite gracefully by having container support baked in.
You can just install whatever distro you need in the container and get rolling
with it. It would make iPad Pro my perfect device (I’d replace my MBP in a
heartbeat).

~~~
josteink
ChromeOS can do that because it has already booted a Linux-kernel and the
container is also a Linux-distro, so it’s essentially just a chroot. I.e.
computationally really cheap.

An iPad boots a (modified?) XNU kernel and can’t just “chroot” into a Linux-
distro because the right kernel won’t be there to support the Linux userspace.

~~~
jedieaston
Then let us chroot into a Darwin container, which supports the GNU coreutils
and most every programming language anyway (well, presuming they were
recompiled for ARM64, but that's very little work for the maintainers of those
projects). If I need to test against a Linux system, I can just SSH, but this
would be a bare minimum for working on stuff without bringing the laptop.

~~~
josteink
Do you seriously think Apple is going to provide that sort of godsend to the
jailbreaking community?

It may have a significant amount of absolutely useful use-cases, but this one
aspect is what’s going to make sure it never happens.

Edit: and who is going to provide those GNU Coreutils? Apple? No way.

------
nneonneo
Apple is in a bit of an odd place right now with respect to development and
end-user programming. Ever since they released Swift Playgrounds they’ve
seemingly decided to be much nicer to programming apps.

Pythonista is probably the most prominent such app, with deep integration with
iOS features and full access to every API (thanks to ctypes you can even
dlopen private APIs and use them...shhh). But there are some new ones too,
like Play.js (full node.js environment), Scriptable, and probably dozens of
others that I haven’t tried.

It’s a bit of an interesting time. The real question will be whether Apple
continues the slow path towards openness or whether they choose to go back to
locking things down. I suspect their push to make the iPad more “pro” will
inevitably force them towards the former.

~~~
mark_l_watson
Pythonista is really very good, and it is easy to pip install pure Python
libraries. Too bad Python is not one of my favorite languages. The Raskell app
used to provide a decent Haskell environment in iOS, but, file access stopped
working. Really too bad since it was fun to hack Haskell on airplanes, etc.

Swift Playgrounds on iOS are very interesting and makes me wonder if XCode
might someday live in iOS, with appropriate code sandboxing.

Apple has made iOS and macOS app development much simpler with SwiftUI, simple
enough that I enjoy using it. I think Apple will jump through hoops in the
coming years to make app development easier.

------
deeblering4
There are a couple interesting choices that I'd like to understand the
reasoning for:

* The shell runs as root as soon as you open it, why not a use less privileged user and sudo?

* There are getty processes running on tty[1-6] what is the purpose of this?

~~~
tbodt
iSH author here. Answer to both: because that's how the Alpine Linux
minirootfs image is set up.

------
madushan1000
It looks interesting, great work! I'm curious why you chose x86 emulation
instead of arm emulation though, provided that this is running on an arm
processor?

~~~
saagarjha
Not the author, but I did write the FAQ entry for this:
[https://github.com/tbodt/ish/wiki/FAQ#q-why-does-ish-not-
emu...](https://github.com/tbodt/ish/wiki/FAQ#q-why-does-ish-not-emulate-arm-
or-some-other-architecture)

~~~
fragmede
The FAQ answer only answers one very specific aspect of things.

The broader question is that emulating a foreign chipset (especially one as
complex as x86), in order to have a local terminal, is ridiculous. Why be so
ridiculous?

The answer is that it has to be that way, due to Apple's restrictions on what
is allowed to run, so iSH is a very clever hack on top of those restrictions,
in order to get a "blessed" local unix environment on an iOS device.

~~~
saagarjha
Fewer people asked that question, so it never got added. Feel free to add it
yourself if you think you have a good answer.

------
fbn79
I'm quite sure this kind of application is against Apple store rules and would
be banned if published:

2.5.2 Apps should be self-contained in their bundles, and may not read or
write data outside the designated container area, nor may they download,
install, or execute code which introduces or changes features or functionality
of the app, including other apps. Educational apps designed to teach, develop,
or allow students to test executable code may, in limited circumstances,
download code provided that such code is not used for other purposes. Such
apps must make the source code provided by the Application completely viewable
and editable by the user.

~~~
Wingy
It stays within the container. It just emulates alpine linux. It's a VM. If
that weren't allowed, how is Pythonista on the app store?

~~~
saagarjha
Pythonista readily lets you inspect the code you’re running, since it’s just a
Python script.

------
miguelmota
I get 'The beta is full' when clicking on the TestFlight link.

~~~
mmcwilliams
If you have an Apple developer account the app is relatively simple to build
and install with your own profile.

------
chadlavi
I joined the testflight beta for this a while ago, then got a "the developer
removed you" message and could never get back in. But it was convenient to
have on hand.

~~~
saagarjha
Send him an email, he'll add you back. The beta can only fit 10,000 people and
it gets cleaned regularly in an attempt to stay below this limit.

~~~
q3k
At this point, why does Apple even still bother preventing people from
sideloading apps?

~~~
saagarjha
Because Apple is extremely inconsistent at enforcing their rules.

------
KiDD
I've loved watching this app grow from the beginning in TestFlight to what it
has become now!

------
ezequiel-garzon
I love this, got removed due to inactivity and am lazy enough to not bug
anybody with an email. Does anybody know why they don’t offer this as an app?
I’m sure people would be willing to pay quite a bit for it.

~~~
evanextreme
As far as I'm aware, they're still working on bugs and it's not ready for
release

~~~
ezequiel-garzon
Thanks, such a shame... It feels way less buggy than plenty of paid apps.

------
chc4
I recommend people check the GitHub readme for a good laugh too :)

------
dang
Related from 2018:
[https://news.ycombinator.com/item?id=18421016](https://news.ycombinator.com/item?id=18421016)

~~~
saagarjha
Also a previous submission of the website, a day later:
[https://news.ycombinator.com/item?id=18430031](https://news.ycombinator.com/item?id=18430031)

------
rcarmo
iSH is pretty great. I've been using it for a while, and (even with all its
shortcomings) it really drives home the point that the iPad (even the Mini 5)
is a beast of a machine.

------
monkin
Is there an option to switch ESC with Tab?

~~~
saagarjha
With tab? No. But on iOS 13.4 you can remap caps lock.

------
classified
Yummy. Does it have a C compiler?

~~~
saagarjha
If you install one:

    
    
      app add gcc

------
cosmiccatnap
Now if only you could just install Linux directly to your laptop you wouldn't
need a Mac at all

