Puli 32/64 bit

[gjuhasz]

Dear Puli users,


I am proud to announce the 64-bit Puli 7.1.

The main files are available at http://smokey01.com/gjuhasz/Puli-7.1_Aug2019/.

Installation instructions and detailed description of the new version can be found at http://smokey01.com/gjuhasz/readme-701.html and on the first page of this forum thread.

External 32/64 bit packages are regularly updated in the shared folder structure at

https://sourceforge.net/projects/puppys ... iles/Puli/.

Changes include new features such as AppImage support, enhanced sandboxing, newer modules, updated references and bug fixes, too. More details will be available soon.
You can find the development in the features by browsing the readme files of Puli 7.1 and the earlier Pulis at http://www.smokey01.com/gjuhasz.


Have fun!

Regards,

gjuhasz

[gjuhasz]

More details will be available soon.

Please find the main changes as follows:

Improvements:

* Support AppImage format apps (icon pops up on the desk)
* Improve compatibility with the "factory default" version of external apps (.deb, .rpm)
* Firejail support extension (auto-run Firefox in sandbox)
* Nvidia driver support (option to block nouveau at boot time)
* Update/remove obsolete modules
* Improve "Lazy" security profile
* Bugs fixed

Others:

* Bugs fixed
* Puli specific Firefox 68 (stable) and 70 (nightly) versions created
* Uploaded many tested apps to https://sourceforge.net/projects/puppys ... iles/Puli/.

Have a fun!

Regards

gjuhasz

[gjuhasz]

I made a little AddParams.pet package that allows adding runtime parameters to the executable files (application_x-executable) and shared libs (application_x-sharedlib) from their right-click menu.

It can support us when special parameters are needed for running AppImages and/or in the sandboxed environment of firejail.

The prefix and the postfix can be defined separately or can remain blank.

A simple example:

1. Right-click on /usr/bin/links2 and select Apply Runtime Parameters in the menu
2. Enter run-as-spot as Prefix then click OK.
3. Enter -g murga-linux.com/puppy as Postfix, then click OK.
4. The selected app (Links) starts showing our forum page.

For each runs, the latest prefix and postfix are displayed. The edited ones are stored except if you click Cancel. The latest parameters are available in the subfolders of /root/.config/adrtprs/ until shutdown/reboot.

You can play with other executables, add firejail parameters (requires installed firejail, of course). See the attached pictures.

No special message appears in case of runtime errors. However. this info is accessible in /tmp/adrtprs until the next run of AddParams.

Uploaded to:

https://sourceforge.net/projects/puppys ... /packages/

Tested with Puli 7.1 but probably works with many other puplets, too.


Have a fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

I uploaded many 32-bit packages to

https://sourceforge.net/projects/puppys ... /packages/

Tested with Puli 6.2.0

Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

Many of us like playing with midi instruments and need a good soundpack editor.

I pulified a couple of them:

• * Downloaded polyphone 1.8 from Ubuntu Xenial64 launchpad and added some qt5 libraries.
  * Downloaded swami 2.0 (see http://www.swamiproject.org/) from Launchpad and added the missing libraries.

See polyphone_1.8_amd64p.pet and swami_2.0-amd64p.pet at

https://sourceforge.net/projects/puppys ... /packages/

Tested with Puli 7.1 - note that they use the built-in apulse instead of pulseaudio.


Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

SoftMaker FreeOffice 2018 v971 is announced on 2019 Sep 19. Bugfixes made on v970 that was published a couple of weeks earlier.

A 64-bit softmaker18-971_64hup.sfs file is available at

https://sourceforge.net/projects/puppys ... /packages/

Supports en_US and hu_HU languages.

Tested with Puli 7.1, but probably runs with other 64-bit Xenial based puplets, too.


Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

I grabbed a popular midi editor from https://www.midieditor.org then created the

midieditor_3101-amd64.pet

package by adding the required Qt5 libraries.

After testing with Puli 7.1, I uploaded it to my collection at

https://sourceforge.net/projects/puppys ... /packages/

Probably runs with the rest of the Xenial64 based puplets, too.


Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

I found that most of the static TeamViewer packages (pet, sfs, etc) are incompatible with the earlier ones thus the remote instance refuses the connection.
So, for fun, I downloaded the latest TeamViewer plugin for the 64-bit Google Chrome, tailored for Puli 7.1, then created the TeamVplugin_14-64p.sfs package.

I tested it with with Puli 7.1. Available in my collection at

https://sourceforge.net/projects/puppys ... /packages/

It seems that it can connect even to ancient versions. It is recommended to register the controller machine (or its IP address) in the login window. (TeamViewer sends a confirmation email to the registered email address)

Please note that this plugin can be selected only in a normal (non-incognito) window of Chrome.
I am not sure whether it is visible in Chromium/Iron/Slimjet etc.

Probably runs with the rest of the 64-bit puplets, too.


Have fun!

Regards,

gjuhasz

[mikeslr]

Note the "Maybe" in the title of this thread. The described method of creating an ISO works. But, I've yet to test whether that ISO (a) is actually bootable; and (b) it preserves Puli's unique features.

Why an alternate method? LinuxLive USB Creator works fine. However, it creates a bootloader not easily modified. It also creates a single Fat32 formatted disk while Puppies have greater capabilities if booted from a Linux Formatted File system. Neither of those limitations are important if you are only going to use Puli as intended: on a USB-Stick you can remove after booting into it.

LinuxLIveUSB Creator is a program which runs under Windows and, AFAIK, LinuxLIve can't be run under Wine. Consequently, writing Puli to a USB-Stick can't be easily done from a running Puppy. There are ways, but they are not 'Newbie' friendly.

Having a secure operating system you can carry in your pocket when booting from 'chancy' locations and computers is Puli's objective. But there will be many times when neither the location nor the computer into which the USB-Key is plugged is not adequately secure. In the last couple of years the cost of USB-Sticks has plummeted. A 64 GB USB-Stick now sells for as little as $7.00. Why not have the convenience of both a secure operating system and another, albeit less secure but more feature rich operating system on the same USB-Stick.

Enter FrugalPup USB-Installer. Although there are other applications you can use under Puppies to install a different Puppy to a USB-Stick, gyro --with the help of bigpup, rcrsn51, foxpup and others-- has been working on an installer which can boot from either Bios or UEFI computers, creates a Fat32 boot partition and 2nd Linux formatted partition, and can be used to install more than one Puppy to the target USB-Stick. http://www.murga-linux.com/puppy/viewto ... 85#1005485. FrugalPup v15r can be installed into any (recent?) Puppy. I believe it may become a standard Puppy builtin. FrugalPup works with an ISO, as do most other Puppy installers.

Creating an ISO out of Puli's zip package is easy and quick:
(1) Download the zip package.
(2) Right-Click it and select UExtract from the popup menu. An extraction folder will be created.
(3) Optional, Recommended. Right-Click the extraction folder and from the popup menu select rename to rename it; for example Puli_7.1
(4) Open a terminal in "Puli_7.1"'s containing/parent folder: i.e, right-click an empty space next to the Puli_7.1 folder and select Window>Terminal Here.
(5) enter the command dir2iso NAME_of_Puli_folder, e.g.

dir2iso Puli_7.1

a iso will be created next to the Puli_folder; in the given example Puli_7.1.iso.

AFAIK, every recent Puppy includes the dir2iso module. Shinobar created a dir2iso pet, http://www.murga-linux.com/puppy/viewto ... 748#638748 which should work where dir2iso isn't a builtin.

[s243a]

Note the "Maybe" in the title of this thread. The described method of creating an ISO works. But, I've yet to test whether that ISO (a) is actually bootable; and (b) it preserves Puli's unique features.

Why an alternate method? LinuxLive USB Creator works fine. However, it creates a bootloader not easily modified. It also creates a single Fat32 formatted disk while Puppies have greater capabilities if booted from a Linux Formatted File system. Neither of those limitations are important if you are only going to use Puli as intended: on a USB-Stick you can remove after booting into it.

LinuxLIveUSB Creator is a program which runs under Windows and, AFAIK, LinuxLIve can't be run under Wine. Consequently, writing Puli to a USB-Stick can't be easily done from a running Puppy. There are ways, but they are not 'Newbie' friendly.

Having a secure operating system you can carry in your pocket when booting from 'chancy' locations and computers is Puli's objective. But there will be many times when neither the location nor the computer into which the USB-Key is plugged is not adequately secure. In the last couple of years the cost of USB-Sticks has plummeted. A 64 GB USB-Stick now sells for as little as $7.00. Why not have the convenience of both a secure operating system and another, albeit less secure but more feature rich operating system on the same USB-Stick.

Enter FrugalPup USB-Installer. Although there are other applications you can use under Puppies to install a different Puppy to a USB-Stick, gyro --with the help of bigpup, rcrsn51, foxpup and others-- has been working on an installer which can boot from either Bios or UEFI computers, creates a Fat32 boot partition and 2nd Linux formatted partition, and can be used to install more than one Puppy to the target USB-Stick. http://www.murga-linux.com/puppy/viewto ... 85#1005485. FrugalPup v15r can be installed into any (recent?) Puppy. I believe it may become a standard Puppy builtin. FrugalPup works with an ISO, as do most other Puppy installers.

Creating an ISO out of Puli's zip package is easy and quick:
(1) Download the zip package.
(2) Right-Click it and select UExtract from the popup menu. An extraction folder will be created.
(3) Optional, Recommended. Right-Click the extraction folder and from the popup menu select rename to rename it; for example Puli_7.1
(4) Open a terminal in "Puli_7.1"'s containing/parent folder: i.e, right-click an empty space next to the Puli_7.1 folder and select Window>Terminal Here.
(5) enter the command dir2iso NAME_of_Puli_folder, e.g.

dir2iso Puli_7.1

a iso will be created next to the Puli_folder; in the given example Puli_7.1.iso.

AFAIK, every recent Puppy includes the dir2iso module. Shinobar created a dir2iso pet, http://www.murga-linux.com/puppy/viewto ... 748#638748 which should work where dir2iso isn't a builtin.

Thankyou mikeslr for the tip. I'll give it a try.

I've been considering trying puli for a while and I think that puli's security features will match up nicely with the changes I'm working on so that sc0ttman package manager (i.e. pkg) will suport signature checking for either metadata downloads and/or by looking in inside the deb. I think I'm close but I'll let people know when I get it working. See threads:
1 - Using gpg/pgp signatures in Package Managers
2 - Validating Package Archives and Metadata

I know that Puli isn't the only idea for a security based version of puppy (see thread), but so far its the one that has captivated most of my interest for such a distro although fatdog64 and easyos have some features that I would like to see included in Puli such as mulsti-save usbs, the option to remove the usb and easy containers.

P.S. I agree with you that some people might want to install puli alongside another version of puppy on the same USB stick. Whether or not this is acceptable, I suppose will depend both on their threat model and how much space that they have on the stick.

[rufwoof]

Having a secure operating system you can carry in your pocket when booting from 'chancy' locations and computers is Puli's objective. But there will be many times when neither the location nor the computer into which the USB-Key is plugged is not adequately secure. In the last couple of years the cost of USB-Sticks has plummeted. A 64 GB USB-Stick now sells for as little as $7.00. Why not have the convenience of both a secure operating system and another, albeit less secure but more feature rich operating system on the same USB-Stick.

I have a usb stick boot that loads up network and ssh connects to the ssh server I use, where that connection is validated by ssh keys - which mitigates (or rather flags) man in middle attacks. That also has kexec installed, so once booted it can boot any other Puppy - where that other Puppy can be stored on the same device, or even pulled down (downloaded). That's a good combination IMO.

Under insecure circumstances, I can set all traffic to flow through a ssh tunnel (socks5) i.e. the same one that was used for validation. As a alternative to using a third party ssh server to connect and route traffic through, you can set up a ssh server at home and use that instead. Basically a ssh tunnel between the 'unsafe' location to your home network, and then using that as though you were at home for accessing web sites/whatever.

I actually compile a native kernel for that, where everything is contained within the vmlinuz i.e. modules/firmware/initrd are all 'built-in'. Which includes running a checksum and filesize measure on the vmlinuz, so if the usb is plugged into a hostile system that attempts to 'change' things, those changes would be flagged. In my case that vmlinuz is <15MB in size, but that is machine specific (kernel compiled with localyesconfig). For portability (to plug/use other hardware) the size does rise to around 75MB (additional modules/firmware).

Sounds like bother, but in practice is just a case of relatively simple changes and once done is pretty much transparent (except if a issue is encountered). It's like a different bootloader, boots (in a few seconds) to network connected/ssh validated, then I have a script to boot the main fatdog system that I use - but that could be a menu for any other choice of main boot. I store that all of that on the same usb stick, including save files.

[gjuhasz]

A 64 GB USB-Stick now sells for as little as $7.00.

Thank you for your interest in Puli.

In my opinion, one of the main Puli features is that you can unplug the pendrive after the selected additional packages are installed but before the Internet connection becomes active. This way, the pendrive remains intact.

If the same pendrive also boots other systems, it can be infected by cyber attacks with negative outcome for the next boot with Puli.

I propose using a dedicated (cheaper) pendrive for Puli and another one for the rest of the (even better and more beautiful) world.


Have fun!

Regards,

gjuhasz

[rufwoof]

I propose using a dedicated (cheaper) pendrive for Puli and another one for the rest of the (even better and more beautiful) world.

Hi gjuhasz

I cross referenced a Fatdog post to your above post, so just referencing back here.

A dedicated 'clean boot' pendrive is a excellent proposal Thanks.

[mikeslr]

gjuhasz, of course you are right. The surest way to preclude contamination of your operating system is to isolate it by removing the USB-Key.

There's a Cary Grant-Rosalind Russel comedy, "His Girl Friday" well worth watching. One of the sub-plots revolves around the concept "production for use": that is, having produced it, it would be wasteful not to use it. A not-particularly-bright character is facing execution. Without malice, fore-thought or intent, but having somehow acquired a policeman's pistol, he used it, killing the policeman.

Not every idea is a good idea; not even mine . Discourse and experimentation are the best ways for determining the limits of an idea's value. I hope that the procedure for converting a zip file into an ISO will attract more users --those of Puppy and Linux in general-- to the benefits of Puli. I suspect that the embellishment --creation of a multi-boot USB-Key-- was a manifestation of the concept "production of use".

[s243a]

gjuhasz, of course you are right. The surest way to preclude contamination of your operating system is to isolate it by removing the USB-Key.

There's a Cary Grant-Rosalind Russel comedy, "His Girl Friday" well worth watching. One of the sub-plots revolves around the concept "production for use": that is, having produced it, it would be wasteful not to use it. A not-particularly-bright character is facing execution. Without malice, fore-thought or intent, but having somehow acquired a policeman's pistol, he used it, killing the policeman.

Not every idea is a good idea; not even mine . Discourse and experimentation are the best ways for determining the limits of an idea's value. I hope that the procedure for converting a zip file into an ISO will attract more users --those of Puppy and Linux in general-- to the benefits of Puli. I suspect that the embellishment --creation of a multi-boot USB-Key-- was a manifestation of the concept "production of use".

Not everyone has the same security requirements though. For instance, assume that one has a trusted Internet connection and sticks to safe sites. I like your idea but I qualified it above with "depending on one's threat model" for reasons noted above.

[mikeslr]

I agree with you. An alternate way of maintaining integrity to a large extent would be to run all web-browsers in the "other Puppy" as spot. But, do keep in mind:
(a) Puppies, including Puli, do run as Root;
(b) rufwoof's objection that there are techniques for circumventing the permission limitations; and perhaps, most importantly
(c) Puli's modules --mild, rigorous, crazy, lazy-- for dealing with intruders are all bash scripts which install to the top level of the file system and so could be easily located and compromised if permission limitations were circumvented.

Once you go beyond 'Nothing exists', everything becomes both possible and vulnerable. There will always be a trade-off.

[gjuhasz]

Puli's modules --mild, rigorous, crazy, lazy-- for dealing with intruders are all bash scripts which install to the top level of the file system and so could be easily located and compromised if permission limitations were circumvented.

Hm.

If you boot Puli in Lazy mode, and while the /bin folder is being renamed to, let's say, "Hарру_Nеw_Yеаr" or even to a more complex string, the toolset of a malicious intruder becomes very limited or unusable.

Have fun!

Regards,

gjuhasz

[mikeslr]

Hi gjuhasz,

It's been a while since I set up a USB-Key with Puli. So, thought it best to review the instructions.
III. For advanced users, Paragraph 2, regarding smartload, says "Puli seeks those referenced packages in the /packages folder of the boot device and auto-loads them during bootup". With Puli 7.1, no "packages" folder is within the zip file, nor created by 'unzipping'. Is its creation something for the user to do? Or has the need for it been discontinued. I sort of remember that in an earlier "Bark", smartload looked for files on the partition.

I noticed that among the SFS you've provided at SourceForge you have Iron, but not Opera. I'm sure opera will run under Puli 7.1 as it runs under Xenialpup64 (also Bionicpup64). I'm interested in Opera as it provides a free VPN. I wonder what your thoughts are about regarding its use under Puli.

[gjuhasz]

Dear mikeslr,

With Puli 7.1, no "packages" folder is within the zip file, nor created by 'unzipping'. Is its creation something for the user to do?

Thanks for the notification. Puli seeks the referenced packages in this folder by default. An (empty) /packages folder will appear in the zip file of the next updates.

I noticed that among the SFS you've provided at SourceForge you have Iron, but not Opera. I'm sure opera will run under Puli 7.1 as it runs under Xenialpup64 (also Bionicpup64). I'm interested in Opera as it provides a free VPN. I wonder what your thoughts are about regarding its use under Puli.

As you know, Google discontinued supporting hardware acceleration a few months ago causing extremely slow motion in my favorite WebGL sites like http://madebyevan.com/webgl-water/.

So, we have three choices to survive:

1) Use the current versions of the Chromium flavors (including Opera) with closed eyes while visiting slowmo sites.

2) Use earlier versions that enable h/w acceleration

3) Use Firefox or its relatives such as Pale Moon.

I try do my best to keep Puli compatible with the popular browsers. Consequently,

ad 1) You may download the current version of Chrome and/or the Chromium based ones such as Iron, Slimjet, Opera, Vivaldi. Puli can (smart)load and flawlessly run any of them, sharing your bookmark set for each. I don't see the advantage of mirroring these official packages in my SourceForge repo.

ad 2) In my repo however, you see an earlier 64-bit Iron version, the latest one which supports hardware acceleration - note that it is more vulnerable than the current one.

ad 3) As Mozilla does not provide .deb or .rpm package for Firefox, we Puppy fans should create pets that may or may not run in all puplets. I have a Puli specific Firefox pet file (nightly flavor, can be sandboxed with Firejail) among the 64-bit packages and try to refresh it regularly. Feel free to download and update its /opt/firefox folder from the current version then repackage it for yourself any time.

The attached screenshot shows that you can run more than one browser instances in Puli simultaneously, e.g., the current Opera, the earlier Iron, and a Firefox nightly version.

Have fun!

Regards,

gjuhasz

[mikeslr]

Hi gjuhasz,

I think I'm beginning to understand how to fully implement the advantages you've built into Puli. In part, that's a result of your recent guidance. But also, to a large extent I chanced upon a file you named readme-710.html at SOURCEFORGE.

There have been some changes since you started this thread in December 2014. A large part of my confusion resulted from my decision to read thru the thread from its beginning. I strongly recommend that you edit the First post to point to the readme-710.html file. Less strongly, perhaps you could include something like it in /root/my-documents [or /usr/share/doc] in future versions of Pul with perhaps a desktop icon or menu entryi: once setup a User wouldn't have to access the internet to find answers to many questions.

Sorry that I can't give you a url reference to it. As I wrote, I changed upon it and have had the devil of a time trying to find it again.