See them at http://murga-linux.com/puppy/viewtopic.php?t=96964
Welcome to Puli 3.8.3 bark 6, released Nov 2014
Puli is a member of the Puppy Linux family: a high security, "kiosk" flavor of pemasu's Upup Precise v3.8.3.1, intended to boot from a USB pendrive and run safely even if the boot device is unplugged.
The Puppy Linux Project was established by Barry Kauler in 2003. See legal notice at the bottom of this page.
Special thanks to smokey01, pemasu and OscarTalks.
Changelog related to its predecessor released Aug 2014:
- # Auto-boot:
Any number of .pet and/or .sfs packages plus ONE official Chrome .deb file can be auto-booted. Auto-boot is controlled by loadsfs file.
In loadsfs, package referencing is easy: finds the package on boot device based on the first few characters - even the extension can be omitted. Wildcard "?" is allowed.
Tip: Keeping in mind that searching on the USB drive takes time (about 1-2 seconds), you can list all your favourite pet, sfs and Chrome deb files in loadsfs with minus sign (-) at the beginning of lines. Then only those will be auto-loaded for which you removed the minus sign.
Notes:
1. The files extracted from the packages will be copied into the memory in the order of their appearance (means files in a package may overwrite the same-name files of earlier installed packages).
2. This is not a regular install but a simple copy thus the dependencies are not examined. Moreover, this "installation" is not registered in the system. To resolve possible collision(s) between packages, try to change the order of listed packages in loadsfs, or remove/replace those conflicting item(s). Also, you may add some workaround script in /root/zsupp.
Added "Skip auto-loading user packages during boot time" feature. When asked, any char including space can skip loading user packages.
# Size:
Footprint is even smaller than of bark5 and before.
Backup size dramatically reduced (to a few megabytes) in spite of an additional folder (opt) is included. However, you need to use the same auto-load selection in loadsfs to successfully restore the exact status in the past (when the backup happened).
Full backup option: if you run /usr/bin/fullbackup, the backup file will include the (merged) files of the auto-loaded packages, too. Note that the size of the backup file can be hundreds of megabytes in this case.
# Bugs fixed:
Bash "Shellshock" Vulnerability (CVE-2014-6271, 6277, 6278, 7169. 7186, 7187, ////) fixed. Bash upgraded to bash-3.0.22.
Test vulnerabilities: curl -k https://shellshocker.net/shellshock_test.sh | bash
Poodle bugfix included for Chrome (Links2 not affected)
wine collides with Chrome - fixed by uploading new wine package
shrink provides buggy result (typo fixed in remove_builtin script)
no default codec defined for mplayer (now vo=xv)
(workaround) 32-bit PepperFlash in Chrome v38 and above manifests 64-bit fixed (in the updated petget script)
Heartbleed vulnerability fixed (by updating openssl and also by upgrading LibreOffice to v4.3.2)
wget ftp symlink vulnerability (CVE-2014-4877) fixed, too.
Note: extra mplayer options (lavdopts) removed to provide higher quality videos. However, they might be necessary for old and slow PCs. Copy the content of /root/.config/nome-mplayer to /root/.config/gnome-mplayer
# Builtin modules removed:
pbackup
pcd
pmusic
cdrkit
pburn
# Modules added:
deadbeef-0.6.1.3-precise
cdrtools-3.01a16
nrg2iso-0.4-i486
pburn-4.3.10
peasydisc-3.2
# New auto-loadable packages created/tested/uploaded:
audacity-2.0.5-wheezy.pet
azdrawing-1.4.pet
AzPainter-puli.sfs
Calibre-2.5p.pet
gimp-precise-2.8.10p.pet
inkscape-0.48.0pt.pet
jre-1.7u71-i586.sfs (and .pet)
jre-1.8u25-i586.sfs (and .pet)
LibreOffice-4.3.2p.pet
linphone-3.6.1-xv-precise.pet
mypaint-1.1.0_asri20140326_310.pet (and sfs)
pmusic-4.4.1.pet
libcdio12-0.82-12.1.2.i586.pet
libcddb-1.3.2_20130430-wheezy.pet
Skype-4.3.0.37ap-puli.pet
Skype-4.3.0.37pa-puli.pet
wine_puli_wt-1.7.21.pet (includes winetricks)
xmahjongg_3.7-3_asri20140507_310.pet
pets2sfsgui-1.3.1.pet
# New features:
The browse desktop icon has this preference order to open: Chrome, Links2 - depending on which one is installed.
The paint desktop icon has this preference order to open: Gimp, Mypaint, AzPainter, mtpaint - depending on which one is installed.
The draw desktop icon has this preference order to open: Inkscape, AzDrawing, Inklite - depending on which one is installed.
The Skype desktop icon was replaced by a phone icon. The Chat feature behind it has this preference order: Skype, linphone, xchat - depending on which one is installed. Note that Chrome v35 and above block websites to access microphone/camera thus some popular AV chat URLs such as https://appear.in/puli may not work.
After boot-up, the adblock feature starts and updates the /etc/hosts file.
A newly installed/upgraded/downgraded Chrome attempts to import its preferences from the /root/spot/.config/google-chrome/Default/Preferences.ori file (that the user optionally prepared for this purpose, e.g., for language settings).
Any version of LibreOffice precedes the rest of Office apps, i.e., SoftMaker, and Goffice.
1. Create a bootable USB pendrive
- a. In any Puppy Linux distro/puplet such as pemasu's Upup Precise 3.8.3.1, run the Setup / BootFlash install Puppy to USB utility and follow the instructions there.
b. When finished, delete all files from the pendrive except ldlinux.sys.
- a. Puli and its updates are available at http://www.smokey01.com/gjuhasz in form of compressed files. Download then unpack the Puli_install.tar.gz file to access the Puli_install folder.
b. Open the Puli_install folder and copy its content into the (root of the) USB pendrive.
c. It does worth to download the sfs folder from http://www.smokey01.com/gjuhasz into the USB pendrive, too. Puli offers advanced Office options and the newest Java runtime module in those sfs files.
* Alternatively, you can use LibreOffice (without registration) by putting a LibreOffice line in loadsfs file.
* You can reference any number of .sfs and/or .pet files simply by referencing their file name in separate lines of the loadsfs file as shown in the above examples. Puli will find those .sfs files (on the USB boot device) and load them during bootup. Note that the first score will be loaded even if the USB pendrive has multiple files with the same file name.
3. Unmount the pendrive. You are ready, Puli is installed.
4. Before rebooting your machine from the pendrive
- a. I recommend to read the following sections, too.
b. If you know what to do, you may configure some startup parameters in syslinux.cfg right now.
c. Ensure that the BIOS is configured to boot from pendrive.
II. Puli in a nutshell:
1. Boot-up the PC from the USB pendrive pre-installed with Puli.
- a. When asked, log in as root.
b. Type root as password. Later you can change the password and save it for next logins.
- a. Check whether timezone, locale and keyboard, etc., are correct and change them if needed.
b. You may right-click the Volume tray icon, select Full window and check/adjust Capture, Mic boost, etc.
4. It is recommended to set your own session password.
- a. Open console
b. Issue the busybox passwd command.
6. There are different methods to save your work on the (replugged) USB pendrive:
- a. Clicking the backup icon on the right of the Desktop immediately creates a compressed Puli_backup_YYYY_MM_DD_HH_MM.tar.gz backup file in the /backup folder of the USB pendrive. Backups include Backup description. Note that the password files and the content of the .sfs files (installed into /initrd/pup_ro2 and /initr/pup_ro4 folders) are excluded. While those .sfs files are the same, you can restore a previous status from a backup if you drag-and-drop its icon onto the Restore icon next to it.
b. You can decide to create backup by selecting Save: backup on the Shutdown dialog.
c. You can preserve the current settings without creating backup file by clicking the Save: patch button on the Shutdown dialog.
* Based on the preset user profile, some features, such as Office programs, evince, etc., may start in offline mode for your security
III. For advanced users:
* The installed mesa graphics accelerator version is 9.0.2 for Intel video hardware while 8.0.4 for Nvidia and Radeon devices.
* You may add boot parameters, e.g., pkeys=hu plang=hu_HU.UTF-8, to syslinux.cfg on the pendrive (see among the install files).
* The default timezone is GMT. However, Puli overwrites it with the content of the single-line timezone file from the (root of the) pendrive. Take a look into the /usr/share/zoneinfo folder for correct timezone strings such as Australia/Perth
* If the USB pendrive contains a /patch and optionally a /profiles/Common folder, then Puli updates the filesystem with their merged content during bootup (before X starts).
* The last executed script in the /root/Startup folder is zsupp. It may worth looking into it for the tricks it does. Of course, even zsupp could be updated from /patch before it (zsupp) would run.
* In the Puli package, you can find tricky user profile examples realized by different patch structures. They can be selected/activated (copied into /patch folder on the pendrive) by clicking their fantasy-named profile selector icon.
Mild-tempered
- a. This is the default profile, i.e., when there is no /patch folder on the pendrive or it is empty.
b. The network_tray icon becomes red while suspicious connections are active. They are logged in /var/log/suspicious_connections file.
- a. Barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.
b. Puli does not release the suspicious host but occupies its available ports in SYN_SENT or similar mode. For details, see profile-specific scripts such as /usr/local/apps/defaultbrowser and /usr/bin/chromium.
c. If you accidentally get false alarm(s), move those friendly IP addresses from /etc/suspicious_hosts to /etc/friends file (and update your patch structure accordingly).
- a. According to the profile name, Puli makes hackers crazy. It disables the network periodically to prevent their session become effective.
b. Consider to download and enable the Disconnect extension in Crazy profile even if you are in Incognito mode.
- a. Download a 32-bit Debian (*_i386.deb) package (any stable, beta or dev) from
http://google-chrome.en.uptodown.com/ubuntu/old,
or based on query
https://www.google.hu/search?q=inurl:/d ... le-chrome-.
The actual stable version is at
https://dl.google.com/linux/direct/goog ... t_i386.deb.
b. After downloaded, simply click on it (or select Smart Install from the right-click menu).
c. If you like the just installed version, then copy the .deb file to somewhere on your boot device and update the loadsfs file accordingly.
* Parental control: Append IP addresses or even domain names (e.g., 1.2.3.4 and/or somename.com) as separate lines to the /etc/suspicious_hosts file (of course, copy it into your favorite patch structure on the UBS pendrive, together with /etc/friends). Puli interprets them and feeds the blacklist automatically.
* Notice that some common Puppy utilities, e.g., default applications chooser and firewall generator, have been removed in favor of the patch-based features.
* Notice also that the .DirIcon of the selected profile folder appears on the Desktop as backup icon.
* If you connected an MTP (Media Transfer Protocol)-capable device (e.g. a mobile phone) via USB cable, open a terminal window and issue mtp+. Now, you can access the device thru the /root/MTP folder. If you finished, issue mtp- before disconnecting the USB cable.
IV. For enthusiasts:
You may need to customize Puli if you want to run it on the same computer. Puli supports this in many ways as follows. But keep in mind that different computers' settings can be incompatible with each other thus their settings should be stored separately, i.e., in different patch profiles.
* During bootup, the .sfs and .pet files listed in loadsfs file on the USB boot device, either as /patch/loadsfs or /profiles/Common/loadsfs, (don't mix - the former overrides the latter, other locations are ignored) will also be loaded if they exist somewhere on the USB boot device. You can reference there as many files as you want - even a truncated but unique basename, e.g., "wine", or (if you are unsure about capitals in the filename) "?ine" is enough to locate "wine_puli-1.7.21.pet". Note that while, on the one hand, only the memory limits the number of the auto-loaded files; on the other hand, they cannot be unloaded in the current session. Puli is prepared to auto-load an (ONE) official chrome .deb package referenced in loadsfs, too. The chrome package name must be like "google-chrome-stable_34.0.1847.137-1_i386.deb" (this is how an official Google Chrome package name looks like).
* Notice that the auto-loaded files are merged into the /initrd/pup_rw folder: they arrive there in the order of their appearence in your loadsfs file. As in other Puppies, you may install five additional .sfs files on-the-fly later (into /initrd/pup_ro4 ... /initrd/pup_ro8). However, Puli offers a workaround if you need to load more than five .sfs files on-the-fly. Menu item Setup > Merge SFS files gets (based on their alphabetical order) the *.sfs files found in /root folder, then merges them into /root/puli.sfs. Move it to the pendrive and reference it as a single item to load/unload it using the Settings > SFS-Load menu item from the desktop.
* You can save your session settings to auto-load them on the same machine next time. The following examples are here only to help understand the basics. However, their result should be similar to what you get by clicking the Save: patch button on the Shutdown dialog.
Example A. Preserving only the audio configuration:
- a. Set up the sounds with the Retrovol tray icon.
b. Open a terminal.
c. Issue alsactl -f /etc/asound.state store
d. Copy the /etc/asound.state file into your machine-specific profile on the pendrive.
e. Puli restores the same settings at every boot time.
- a. In Puli, Barry's sns is used to establish network connection. It stores your machine-specific preferences in /etc/simple_network_setup/ folder. Here, wpa_supplicant.conf files contain colons ( : ) in their name which cannot be copied to your pendrive if it is FAT-formatted. If so, replace these colons with equals sign ( = )
b. Copy the /etc/simple_network_setup/ folder to the patch structure of the machine-specific profile on the pendrive.
c. Puli restores those filenames when loading the patch files at startup.
- a. Set up the sounds with the Retrovol tray icon.
b. Check that sns is configured well.
c. If you chose the default Softmaker FreeOffice program, click the write desktop icon to enter the Softmaker FreeOffice licence key. The key is free for registered users. You need to do this only once, at the first usage.
d. In a terminal window, issue permanent
e. The /usr/bin/permanent script asks for a permanent password then saves the sound and network settings into the /patch folder on the pendrive. You can add more lines to save other session files, e.g., bookmarks, browser profile, desktop background or even downloaded files that have been arrived into the /root/spot/Downloads/ folder.
f. Puli reads the saved settings at every boot time from the actual content of /patch folder of the pendrive. It is recommended to store those machine-specific sets in separate profiles then populate the pendrive's /patch folder from the appropriate profile when necessary.
* You may refresh the puppy_puli_3.8.3.sfs file with the content of the actual patch structure:
- a. Ensure that the pendrive is plugged in (either mounted or unmounted).
b. Open a terminal and issue refresh
c. The temporary files are in the /root/squashfs-root folder. You can manually edit their content there when the script asks for this.
d. Wait until all operations are finished.
* The paint desktop icon has this preference order to open: Gimp, Mypaint, AzPainter, mtpaint - depending on which one is installed.
* The draw desktop icon has this preference order to open: Inkscape, AzDrawing, Inklite - depending on which one is installed.
* The phone desktop icon has this preference order to open: Skype, linphone, xchat - depending on which one is installed.
* Skype installed from Skype-4.3.0.37ap-puli.pet runs as spot but may be silent if the 'apulse' emulator is incompatible with your hardware. Use Skype-4.3.0.37pa-puli.pet to force sound by pulseaudio - but in this case Skype runs as root, which can be insecure.
Have fun!
Regards,
gjuhasz