EasyOS version 2.3.2, June 22, 2020

For talk and support relating specifically to Puppy derivatives
Message
Author
User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1516 Post by rufwoof »

Finding that running large LibreOffice spreadsheet or word documents across Xephyr is very laggy. i.e. DISPLAY=:1 swriter from the main session, so I can cut/paste from firefox running inside the (:1) container, has swriter as good as useless (very slow to scroll etc.).

Seems to be Xephyr alone causing that lag.

In view of that, had the idea to drop containers and just use the main session, but where the main session has cap_sys_chroot capability dropped. I renamed /root/.xinitrc to .xinitrc-capd and created a .xinitrc that calls .xinitrc-capd with the chroot capabilities dropped i.e. .xinitrc contains ...

#!/bin/sh
capsh --drop=cap_sys_chroot -- /root/.xinitrc-capd

Also inside initrd I modified init to chroot into the main session rather than switch-root. I also mount my sda3 (data partition) inside init so that partition is inaccessible within X. So the tail end of init inside initrd now looks like

Code: Select all

mount -t devtmpfs devtmpfs /easy_new/dev #need to do this before switch_root.
sync
#umount /sys
#umount /proc
#exec switch_root /easy_new /sbin/init

# mount our data partition outside of the main system, so inaccessible to X
# i.e. console login and exit-chroot to access data (mc)
mkdir /mnt/sda3
mount /dev/sda3 /mnt/sda3
exec chroot /easy_new /sbin/init
To access data I ctrl-alt-F3 and login and root, escape the chroot (I have posted exit-chroot.c code for that in previous posts) and I've also installed mc inside initrd so I can use that to move files in/out of my data partition as desired (to make data files/folders visible (or not) to X).

Rebooting to 'clean' each/every time (no saves) and that's moderately secure. Data is isolated, a cracked firefox (root cli) cannot chroot into initrd; Could see other X windows and/or keystrokes, but no different to how it might also see other windows inside a container.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1517 Post by rufwoof »

Dropping capabilities in /root/.xinitrc is weak, easily uncoded by a cracker and X restarted.

So ...

Compiled exit-chroot.c of

Code: Select all

#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>

int main(int argc, char** argv) {
    int dir_fd, x;
    setuid(0);
    mkdir(".42", 0755);
    dir_fd = open(".", O_RDONLY);
    chroot(".42");
    fchdir(dir_fd);
    close(dir_fd); 
    for(x = 0; x < 1000; x++) chdir("..");
    chroot("."); 
    return execl("/bin/busybox", "sh",argv[1], NULL);
}
and adding

Code: Select all

exit-chroot /tmp/CHR
to the end of /etc/profile, along with modified the end of init (inside initrd) code to look like

Code: Select all

mount -t devtmpfs devtmpfs /easy_new/dev #need to do this before switch_root.
sync
#umount /sys
#umount /proc
#exec switch_root /easy_new /sbin/init

echo "#!/bin/sh" >/tmp/CHR
echo "capsh --drop=cap_sys_admin,cap_sys_chroot --chroot=/easy_new --keep=1 -- /usr/bin/xwin" >>/tmp/CHR
chmod +x /tmp/CHR

# mount our data partition outside of the main system, so inaccessible to X
# i.e. console login and exit-chroot to access data partition (sda3) 
mkdir /mnt/sda3
mount /dev/sda3 /mnt/sda3
exec chroot /easy_new /sbin/init
... has the system boot as normal, but chroot the main session instead of switch-root, and the end sof /etc/profile results in a exit-chroot action (as the first time through chroot capabilities are enabled), and that exit-chroot results in /tmp/CHR being run in the initrd space, which restarts the main session, but with cap_sys_admin and cap_sys_chroot capabilities dropped. So that next time around the exit-chroot at the end of /etc/profile simply fails, as chroot capabilities are no longer enabled.

That also mounts sda3 (my data partition) from within initrd, i.e. outside of the main systems space, so inaccessible. To get to data (sda3) ctrl-alt-F3 and login as root and run exit-chroot to gain access to the initrd space ... and hence sda3 (data). I've installed mc inside of the initrd to make moving files around easier.

In effect the real root main X desktop is restricted. It can't mount sda3 as its already mounted outside of X space, can't change it with gparted ...etc. And X can't exit-chroot as chroot capabilities are dropped.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1518 Post by rufwoof »

Plenty of links/files for Puppy in Gopherspace, but nowt for EasyOS :(
Attachments
gopher-EasyOS.png
(83.82 KiB) Downloaded 1774 times
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1519 Post by rufwoof »

I do like the EasyOS 1.0 (more extensive) busybox. My 'mini' boot of just the vmlinuz and initrd - with additionals, works very well. Basically I just installed the sky2 ethernet (for my hardware) module into that and have it so it boots to net connected (using static IP) and it loads/starts with tmux loaded and tmux windows of calcurse (diary), weather (via wttr.in), mc (file manager/text editor), lynx (browser), sc-im (spreadsheet), top and ssh (dropbear) auto connected to sdf.org (from where I can browse the web/gopher/message boards etc. through that ssh link).

Runs totally in ram, all changes lost, but I've included capabilities support (along with framebuffer pdf viewing etc.), so being frugally booted I can mount sda1 and open up initrd/record changes/close initrd ... so that changes persist, whilst being able to drop the capabilities of the ssh/lynx processes.

I had previously attempted to xz extreme compress that initrd, but it wouldn't boot. Then I remembered you have to include the --check=crc32 xz compression parameter when forming a initrd.xz with extreme compression and that boots fine. 12MB xz compressed initrd.xz filesize (alongside a 5MB vmlinuz).
Attachments
c.png
(9.55 KiB) Downloaded 1719 times
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1520 Post by rufwoof »

I've set my (1.0) main desktop so that both seamonkey and firefox portable are available running under spot. Where spot's default shell is set in /etc/passwd to be /bin/limited-shell ... which is a simple script that just permits very few commands/programs to be run. I also added that /bin/limited-shell to the /etc/shells list. Similar code as per http://murga-linux.com/puppy/viewtopic. ... 44#1023044

Found that doing real work inside the container with largish docs/spreadsheets (libreoffice) wasn't really workable for me. Having a main desktop spot browser and using the main sessions LibreOffice works better, at least for me. Not that the container is redundant, as for other activities it shines.

I'm sticking with having the main desktop tray as most of the width, but with a smaller area left free for the container's tray when that is activated. I personally find that works better for me than the alt-F6 type switching.

Image
(clickable thumbnail animated gif)

Desktop 1 for browser and general work; Desktop 2 for music (typically for me its headphones on as soon as I sit down at the PC); Desktop 3 for cli (tmux, mc, calcurse, ssh ...etc.).
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1521 Post by rufwoof »

Can't get this http://murga-linux.com/puppy/viewtopic. ... 16#1006716 to compile under EasyOS. Any suggestions (or alternatives for dynamic dns updating under EasyOS?).
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1522 Post by rufwoof »

As a alternative I did try ddnsclient https://github.com/ddclient/ddclient, but that's perl and in EasyOS some of the required modules for that to run are apparently missing.

EDIT: With much compilation hand-holding by OscarTalks (thanks Oscar) managed to create a easyPak (sfs) for inadyn ... http://murga-linux.com/puppy/viewtopic. ... 55#1023355
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1523 Post by BarryK »

rufwoof wrote:Finding that running large LibreOffice spreadsheet or word documents across Xephyr is very laggy. i.e. DISPLAY=:1 swriter from the main session, so I can cut/paste from firefox running inside the (:1) container, has swriter as good as useless (very slow to scroll etc.).

Seems to be Xephyr alone causing that lag.

In view of that, had the idea to drop containers and just use the main session, but where the main session has cap_sys_chroot capability dropped. I renamed /root/.xinitrc to .xinitrc-capd and created a .xinitrc that calls .xinitrc-capd with the chroot capabilities dropped i.e. .xinitrc contains ...

#!/bin/sh
capsh --drop=cap_sys_chroot -- /root/.xinitrc-capd

Also inside initrd I modified init to chroot into the main session rather than switch-root. I also mount my sda3 (data partition) inside init so that partition is inaccessible within X. So the tail end of init inside initrd now looks like

Code: Select all

mount -t devtmpfs devtmpfs /easy_new/dev #need to do this before switch_root.
sync
#umount /sys
#umount /proc
#exec switch_root /easy_new /sbin/init

# mount our data partition outside of the main system, so inaccessible to X
# i.e. console login and exit-chroot to access data (mc)
mkdir /mnt/sda3
mount /dev/sda3 /mnt/sda3
exec chroot /easy_new /sbin/init
To access data I ctrl-alt-F3 and login and root, escape the chroot (I have posted exit-chroot.c code for that in previous posts) and I've also installed mc inside initrd so I can use that to move files in/out of my data partition as desired (to make data files/folders visible (or not) to X).

Rebooting to 'clean' each/every time (no saves) and that's moderately secure. Data is isolated, a cracked firefox (root cli) cannot chroot into initrd; Could see other X windows and/or keystrokes, but no different to how it might also see other windows inside a container.
Yes, I wondered about offering something like that at bootup. That alternative busybox utility to switch_root that I mentioned awhile back, that can drop capabilities. Offer at the first bootup menu, to run "more secure", and drop one or more of the capabilites.
[url]https://bkhome.org/news/[/url]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#1524 Post by BarryK »

Doing a complete recompile of all packages, based on latest OpenEmbedded release codenamed "Thud".

My port of OE has about 150 extra packages that I had imported and developed compile recipes for.

Recompiling everything, much is broken, had to do many fixes. Still on-going.

The original intention was that when I rebased EasyOS on a new release of OE, I would bump the major version number of Easy. So 1.x will become 2.x, so the first release of Easy based on "Thud" will be 2.0.

Have to make this major version bump, as many of the previous packages will be broken. For example, now using openssl 1.1.x, before it was 1.0.x. However, I do plan to include the 1.0.x library in the Easy build.

If I do include some older libs in the build, then perhaps pre-installed older binary packages won't get broken when do an update. That's what I have to think very carefully about, people who have installed Easy 1.0.x to hd and want to do the simple method of upgrading. I am also in that situation, so will test the upgrading carefully.
[url]https://bkhome.org/news/[/url]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1525 Post by rufwoof »

Fundamentally, without Xephyr (X separation) container security is relatively weak. Accordingly I've simplified my setup to be just the main session and a Xephyr/unshare/capsh/chroot container session, that both use the same easy.sfs base, but each having its own separate changes folder.

I've also set it up so that at each reboot, and each start of the container results in a sfs copy of the 'clean' changes folder content being used. i.e. at bootup the main systems changes.sfs is unsquashed as the changes folder area, and the same for the container. In effect not saving changes. Only when I run a mksquashfs of the changes folder are changes applied to future boots/loads.

I've also split the main tray to be shorter, with the containers tray filling the gap whenever that's loaded.

Makes EasyOS a lot easier IMO. Validation of the mbr, grldr, vmlinuz, initrd, easy.sfs, main systems changes.sfs and container systems changes.sfs ... also provides potential intrusion detection flags.

Another issue I have with EasyOS 1 is of conflict if other sfs's such as devx are loaded. I found that merging the main sfs with devx sfs to work better for me. But I frugal boot and don't copy the main sfs into ram at bootup, so size of easy.sfs isn't a issue (mines around 1GB when lzo level 1 compressed i.e. perhaps around 2GB uncompressed). That would perhaps be a issue for flashstick based boots.

Yes it does make bootup or starting the container slower. For instance both of my changes sfs files for the main and container are around 130MB, predominately because I have firefox portable also installed into both. But I show the unsquashfs progress bar as a visual indicator and it only takes a few seconds to complete, such that in a 'typical' setup the delay is acceptably small. Whilst I could run firefox portable outside of EasyOS space (same version used for both the main session and container) which would reduce down bootup and container load times, I prefer rolling back to clean versions of firefox at each reboot/container start.

Typically now I only update the snapshots (clean versions) when a new firefox version is apparent. i.e. when I see firefox was updated, then reboot (or restart container) clean, and let firefox update again, then run the snapshot update so that new version of firefox is used in subsequent reboots (or container started).

Quite a few do seem confused by EasyOS. Perhaps simplification in Easy 2.0 such as the above two desktops only arrangement might help reduce such confusion. That way, the default version would comprise vmlinuz, initrd, easy.sfs, container-changes.sfs (that likely would be very small). And then once installed/run, the main sessions changes.sfs is added to that (after the user 'saves' (creates a snapshot of the main systems changes).
Attachments
s.png
(53.74 KiB) Downloaded 1342 times
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1526 Post by rufwoof »

Cautionary advice. If like me you're no firewall rules expert then be mindful that Puppy (or at least EasyOS 1.0) creates a allow all rule as the first line in iptables.

You can inspect the rules using

Code: Select all

iptables -L -n --line
I'm running a open ssh server in a container and wanted to block China IP's due to the high volume of ssh hack attempts that originate out of China, and originally created a script to add (append) those IP's into iptables, but had to change that code to insert each DROPped IP at the start of iptables i.e. now looks like ...

Code: Select all

cd /etc
wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone
# Add each IP address from the downloaded list into iptables
for i in $(cat /etc/cn.zone ); do 
	iptables -I INPUT 1 -s $i -j DROP 
done
If (as per my original code) the IP drops are just appended (-A) then as sequence/order matters in iptables, the seemingly dropped IP's could still connect due to being overiden by the very first allow all default rule that puppy firewall sets up.

I call that script in /etc/init.d/rc.firewall (appended it at the end), which does slow down initial net connect upon bootup considerably, can be a few minutes before the trays network icon changes from disconnected to connected (i.e. the above script completes due to the high number of IP's being inserted one by one into iptables). For me that isn't a issue and there are quicker/easier ways, such as using iptables-save and then restoring the save, however for my purposes as the China list is quite dynamic I prefer to grab (wget) and install the latest version of IP's at each reboot. Doesn't seem to affect just restarting X, i.e. exit/restartx again and it net connects quickly (I guess the firewall/network doesn't cycle as part of just restartX).

I verified that insertions at the top of dropped IP's did work by using a online ssh in browser service and connected using that, noted its IP number (/var/log/messages) and then inserted a DROP for that IP into IP tables, after which I couldn't connect.

I have my ssh running without userid and without key authentication i.e anyone can access it running as spot inside a Easy container where spot has its own bespoke shell ... that has very limited commands available. That's only accessible when my PC is booted and the container is running, but you might be able to drop in by opening a terminal and running

Code: Select all

ssh -t -p 443 ssh@ssh.ddnsfree.com
.
If once connected you type help, there's a few other tricks you can do, such as directly download/play sounds/videos. Bear in mind however that I don't check connections before rebooting etc. so being able to connect is subjective as is continuity of connections. I've another thread about ssh here

For instance open a terminal window and run

Code: Select all

ssh ssh-p 443 ssh@ssh.ddnsfree.com 'testvideo' | mpv -
You can even run mpv (or vlc) in the framebuffer i.e. ctrl-alt-F2 and login as root (woofwoof password unless you've changed it). On my kit I have to actually download the video i.e.

Code: Select all

ssh -p 443 ssh@ssh.ddnsfree.com 'testvideo' >bb.mkv
and then I can run that in the framebuffer (i.e. run mpv bb.mkv)
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
FeodorF
Posts: 293
Joined: Wed 07 Jul 2010, 09:44
Location: Heidelberg, Germany

Scanner doesn't work in EasyOS 0.9.x ... 1.0.xx [SOLVED]

#1527 Post by FeodorF »

My scanner doesn't work with EasyOS [SOLVED]

I'm still using two old Mustek-600-III EP (ccd300) scanners with Quirky Xerus 8.5 via line printer port. The scanners were never detected while using EasyOS. Yesterday I did some reading at:

//forum.ubuntuusers.de
user 'Kellerkind_2009' from Schleswig-Holstein had a smart idea.

Entering "export SANE_DEBUG_DLL=255 && scanimage -L" into the terminal.

This showed right away what was wrong.

Troubles found:
=========
1) /etc/sane.d/DLL.conf 'mustek_pp' is not activated
2) /etc/sane.d/ 'mustek_pp.conf' is missing
3) /usr/lib/sane/ 'libsane-mustek_pp.so.1.0.25' and 'libsane-mustek_pp.so.1' (link) are missing
4) /usr/lib/ 'libieee1284.so.3.2.2' and /usr/lib/ 'libieee1284.so.3' (link) are missing

To fix the problem I copied everything that showed up missing from Quirky Xerus 64-bit to my EasyOS setups.

mustek_pp.conf needs three entries:
#
option no_epp
auto probing:
scanner mustek-ccd300 * ccd300
Attachments
Scanner-not-found.png
(7.93 KiB) Downloaded 823 times
Last edited by FeodorF on Wed 17 Apr 2019, 09:05, edited 1 time in total.

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

EasyOS as a ssh server

#1528 Post by rufwoof »

For cross reference purposes ... http://murga-linux.com/puppy/viewtopic. ... 91#1024991 ... that outlines a potential means to have multiple ssh logins to EasyOS (i.e. EasyOS running as a ssh server), to each have their own unique environment upon login. ssh login in as user 'ssh' and end up running as user spot within a EasyOS container, that is separate from anyone else that might also ssh login as user 'ssh'.

And where for each, its just a aufs mount of the EasyOS sfs, alongside a 'changes' folder, that yields a 'top' folder that is chroot'ed into. i.e. very low overheads (and very quick to set up).

I have ssh userid set with no password, so ssh'ing into it doesn't require a password of ssh keys. Open access. As chroot and sys_admin capabilities are dropped, and its running as spot that can't su or sudo inside the container, nor can it see/mount the main systems HDD's then very limited to what damage such open access might achieve, other than the destruction of the containers content, which is disposable anyway (I remove the 'changes' folder after disconnect/logoff, so each new login starts 'clean'). As security flaws/cracks could still potentially occur however, it would be best if that sort of setup was run on a DVD based setup, with no local HDD's and ideally on a separate LAN segment (isolated from the rest of the LAN).
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

wiak
Posts: 2040
Joined: Tue 11 Dec 2007, 05:12
Location: not Bulgaria

#1529 Post by wiak »

rufwoof wrote:Finding that running large LibreOffice spreadsheet or word documents across Xephyr is very laggy. i.e. DISPLAY=:1 swriter from the main session, so I can cut/paste from firefox running inside the (:1) container, has swriter as good as useless (very slow to scroll etc.).

Seems to be Xephyr alone causing that lag.
I haven't tried EasyOS as yet but often used Xnest and Xephyr in the past and been doing a lot with overlayfs in VoidLinux of late to provide persistence and allow use of sfs files using chroot into separate overlays of main system. If you are running apps in some kind of chroot setup, an alternative to using Xnest or Xephyr is simply to do things the other way round to what I gather you've been doing i.e. start the app up in the chroot but make DISPLAY point back to the main session DISPLAY as outlined here:

https://wiki.gentoo.org/wiki/Project:X8 ... the_chroot

In terms of security, I suggest using sshd server running in your container and then ssh -X (tunnel) into that from client on main desktop session (if that is possible?) - that should set DISPLAY automatically whilst providing secure X communications. Then I guess cut and paste and so on would work fine.

Whilst I don't know how EasyOS implements containers, I came across the following for Docker (EDIT: though I haven't myself ever used Docker so don't know the ins and outs of it):

https://stackoverflow.com/questions/478 ... containers
https://docs.docker.com/engine/examples ... h_service/

https://unix.stackexchange.com/question ... s-remotely

Alternatively, and even safer, use VNC over ssh.

http://nnc3.com/mags/Networking2/ssh/ch09_03.htm
https://help.ubuntu.com/community/VNC

wiak

User avatar
FeodorF
Posts: 293
Joined: Wed 07 Jul 2010, 09:44
Location: Heidelberg, Germany

Pale Moon as an alternative to Sea Monkey 2.49.4

#1530 Post by FeodorF »

If someone would like to give 'Pale Moon 28.4.1' a go on EasyOS look right there for your download:
http://linux.palemoon.org/datastore/rel ... 64.tar.bz2
Download x64 tar.bz2 (direct download)
Size: 46.64 MB
SHA-256 checksum: fcf92a086019f22880e54fa83d5a43033d0c26349d3a86cbc64612443146e37a
System requirements: http://linux.palemoon.org/download/mainline/

How-To-Install/Setup:
Click on the downloaded file and extract it to /usr/lib
pull /usr/lib/palemoon/ palemoon to the desktop

The following changes might be helpful:
->Tools->Prefrencess->General->Startup: file:///usr/share/doc/easy/home_en.htm
->Tools->Preferences->General->Startup: Show my windows and tabs from last time
->Tools->Preferences->Tabs: Always show the tab bar
->Tools->Preferences->Advanced: deactivate 'Use smooth scrolling'
Attachments
PaleMoon.png
(8.01 KiB) Downloaded 667 times

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#1531 Post by rufwoof »

wiak wrote:
rufwoof wrote:Finding that running large LibreOffice spreadsheet or word documents across Xephyr is very laggy. i.e. DISPLAY=:1 swriter from the main session, so I can cut/paste from firefox running inside the (:1) container, has swriter as good as useless (very slow to scroll etc.).

Seems to be Xephyr alone causing that lag.
I haven't tried EasyOS as yet but often used Xnest and Xephyr in the past and been doing a lot with overlayfs in VoidLinux of late to provide persistence and allow use of sfs files using chroot into separate overlays of main system. If you are running apps in some kind of chroot setup, an alternative to using Xnest or Xephyr is simply to do things the other way round to what I gather you've been doing i.e. start the app up in the chroot but make DISPLAY point back to the main session DISPLAY as outlined here:

https://wiki.gentoo.org/wiki/Project:X8 ... the_chroot

In terms of security, I suggest using sshd server running in your container and then ssh -X (tunnel) into that from client on main desktop session (if that is possible?) - that should set DISPLAY automatically whilst providing secure X communications. Then I guess cut and paste and so on would work fine.

Whilst I don't know how EasyOS implements containers, I came across the following for Docker (EDIT: though I haven't myself ever used Docker so don't know the ins and outs of it):

https://stackoverflow.com/questions/478 ... containers
https://docs.docker.com/engine/examples ... h_service/

https://unix.stackexchange.com/question ... s-remotely

Alternatively, and even safer, use VNC over ssh.

http://nnc3.com/mags/Networking2/ssh/ch09_03.htm
https://help.ubuntu.com/community/VNC

wiak
Thanks for the suggestions (only just seen your post).

The first method is indeed insecure. Running a rover (similar to spot) window on the main desktop (DISPLAY :0) from within the container ... opens up rover elevating to root outside of the container (main root) easily (just to be sure, I verified that as per the attached image). ssh tunneling or vnc over ssh would be more secure.

Fully opening up the main desktops /dev - for instance amongst other things opens up the frambuffer - and the framebuffer could be repeatedly cat (piped through compress and ssh to a crackers ssh server) i.e. 'console' seen/watched. Generally if root is cracked via other simpler means that's not a great issue (too much bandwidth/effort for a cracker to really be bothered with, as that's typically around 1K/frame/snapshot). More generally they'd be looking for private keys/passwords - easy access into other systems/boxes/devices (router etc), such as ~/.ssh private keys (that even if password protected, once copied to the crackers system are generally relatively easily/quickly cracked).

As its just Libre writer, for just some files, that can run slow in a Easy Container, I'm not too bothered myself as I can use googledocs for not fully trusted, or the main systems Libre writer when trusted. Everything else seems to run fine, so it may all just be a Easy 1.0 (that I'm running, haven't tracked the later releases) or the specific compiled Libre version contained within that. May have been indirectly (or directly) fixed in later versions or the upcoming Easy 2.0 series.
Attachments
s.png
(116.19 KiB) Downloaded 2279 times
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

laptop lid closed sleep mode

#1532 Post by rufwoof »

1.0.14 frugal installed to Acer laptop (usb booted has the usb's light flashing more often that I would like).

Touchpad et al all working fine (had problems with the touchpad when using dpup on the same laptop). Dpup's lid close sleep mode however worked fine, whilst in EasyOS it doesn't. So I just created my own

Code: Select all

#!/bin/sh

# Rufwoof April 2019
# Laptop lid closed, then put into standby
# Add this script to your Startup folder

R=0
while :; do
   if [ "`cat /proc/acpi/button/lid/LID/state | grep open`" = "" ]; then
      if [ $R -ne 1 ]; then
         R=1
         echo -n mem >/sys/power/state	# put laptop to sleep
         # more ideally we should do other tidying up things before this, but for now !!!
      fi
   else
      R=0
   fi
   sleep 5
done
... which works for me. Goes into sleep when the lid is closed. When re-opened press Enter to bring it back to life.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

Re: laptop lid closed sleep mode

#1533 Post by BarryK »

rufwoof wrote:1.0.14 frugal installed to Acer laptop (usb booted has the usb's light flashing more often that I would like).

Touchpad et al all working fine (had problems with the touchpad when using dpup on the same laptop). Dpup's lid close sleep mode however worked fine, whilst in EasyOS it doesn't. So I just created my own

Code: Select all

#!/bin/sh

# Rufwoof April 2019
# Laptop lid closed, then put into standby
# Add this script to your Startup folder

R=0
while :; do
   if [ "`cat /proc/acpi/button/lid/LID/state | grep open`" = "" ]; then
      if [ $R -ne 1 ]; then
         R=1
         echo -n mem >/sys/power/state	# put laptop to sleep
         # more ideally we should do other tidying up things before this, but for now !!!
      fi
   else
      R=0
   fi
   sleep 5
done
... which works for me. Goes into sleep when the lid is closed. When re-opened press Enter to bring it back to life.
That is a topic that I have not looked at!

I think that the ACPI daemon can handle that. The script to start it is /etc/init.d/acpid, however, in EasyOS, the execute flags on that script are not set, so it doesn't run.

But, if it was set as executable, I don't know much about what it will do. There would be some way of telling it to respond to a lid closure.

Ah, here we are, how to handle the lid:

http://www.linuxfromscratch.org/blfs/vi ... acpid.html

Excuse me for not being active on this forum or EasyOS lately. If you watch my blog, you will see that my interest is on other things! Hope to get back onto Easy sometime.

Note, I was disappointed by the Thud upgrade for Easy, so have backed off, and now thinking that will use Slackware 15.0 binary packages for the next major release of Easy -- if/when Patrick releases 15.0!
[url]https://bkhome.org/news/[/url]

Terry H
Posts: 708
Joined: Sun 29 Mar 2009, 16:48
Location: The Heart of Muskoka, ON Canada

syslinux.cfg assistance

#1534 Post by Terry H »

I created a folder on /sdb2 to try to run a frugal install puppy on the same USB flash I am using for Easy 1.0.14. I haven't used syslinux before, but in checking online I thought I had a correct entry. When I attempt to boot I don't see any messages only the screen blinks, with no indication that any thing is happening when I select the scpup64 entry and press Enter. Initial entry below, have also tried without 'rw'

Code: Select all

label SCpup64
menu label SCpup64 startup
kernel SCpup64/vmlinuz
append vga=792 root=/dev/sdb2 initrd=SCpup64/initrd.gz rw
Then I thought it may be the encryption that is created on the work parition sdb2 in easyOS. I shrank sdb2 and created an new partition sdb3 with ext4 file system. I added the following sttanzas to syslinux.cfg. Any attempts to boot with any of the entries has no effect, same as above. Any assistance to get a correct syslinux.cfg would be greatly appreciated.

Code: Select all

label Scpup64
menu label SCpup64 startup
kernel SCpup64/vmlinuz
append vga=792 root=UUID=ede7abbd-01fb-45ba-819d-fc8fd463dca3 initrd=SCpup64/initrd.gz rw

label Scpup64
menu label SCpup64 startup
kernel SCpup64/vmlinuz
append vga=792 root=/dev/sdb3 initrd=SCpup64/initrd.gz rw
As a work around I have installed legacy grub to sdb3 and am booting the puppies I have on the new partition and hard drive via legacy boot. Thisis a pain and would prefer to not have to intervene in the boot process by pressing F12 (Dell Laptop).

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

battery or mains - processor scaling

#1535 Post by rufwoof »

Just messing around with this laptop, created this Startup script to adjust the processor scaling to performance if mains connected, or on-demand if the laptop is running on battery

Code: Select all

#!/bin/sh

# ondemand or performance
# according to whether mains on-line or off-line

# initial assumption of mains and set to performance
C="mains"
for F in `ls /sys/devices/system/cpu/cpu[0-9]/cpufreq/scaling_governor`; do 
	echo performance > $F
done

while :; do
	if [ ! -z "`cat /proc/acpi/ac_adapter/ACAD/state | grep on-line`" ]; then
		if [ "$C" = "battery" ]; then
			C="mains"
			# scale to performance
			for F in `ls /sys/devices/system/cpu/cpu[0-9]/cpufreq/scaling_governor`; do 
				echo performance > $F
			done
		fi
	else
		if [ "$C" = "mains" ]; then
			C="battery"
			# scale to ondemand
			for F in `ls /sys/devices/system/cpu/cpu[0-9]/cpufreq/scaling_governor`; do
				echo ondemand > $F
			done
		fi
	fi
	sleep 5
done
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

Post Reply