Puli 32/64 bit

[gjuhasz]

Dear Puli users,

As the Murga-Linux forum runs in read-only mode now, let me continue here.
If you want to visit the old posts, please note that the main URL "http://murga-linux.com/" has been replaced with "https://oldforum.puppylinux.com/". The rest of the characters in the references remain the same. Sorry for the inconvenience.

Puli threads are archived at https://smokey01.com/gjuhasz/Puli-forum-archive/. Created from the Puli posts among Puppy Projects https://oldforum.puppylinux.com/viewtopic.php?t=96964 and Puppy Derivatives https://oldforum.puppylinux.com/viewtopic.php?t=88691.

I am proud to see that those Puli threads have been visited more than 270 thousand times since Nov 2014. (Edited: 285.000+ on 29-Sep-2020) (Edited: 309.000+ on 01-Mar-2025)

To browse the archive, click the pdf files one-by-one in https://smokey01.com/gjuhasz/Puli-forum-archive/, or for the earlier barks of Puli, in https://smokey01.com/gjuhasz/Puli-forum ... e/Earlier/.

More details in https://smokey01.com/gjuhasz/readme-archive.html.

[gjuhasz]

Welcome to Puli

Announcement and changelog for the latest 32-bit version: 6.2.0, for the 64-bit versions: 7.0, 7.1, 7.2, 7.3, and 8.x.

Magyarul itt, itt, itt, itt és itt

Deutsche Roh-Übersetzung (vielen Dank, oui): viewtopic.php?f=110&t=744&p=4581#p4581

Puli is a member of the Puppy Linux family: a high security, "kiosk" flavor of 666philb's Tahrpup 6.0.6 CE (32-bit Puli 6), Xenialpup64 CE 7.5 (Puli 7), and Fossapup64 (Puli 8), intended to boot from a USB pendrive and run safely even if the boot device is unplugged.

Puli supports booting various software-combinations by multiple users on many hardware using the same boot device.

The Puppy Linux Project was established by Barry Kauler in 2003. See legal notice at the bottom of this page.

Special thanks to John de Murga, BarryK, 666philb, smokey01, pemasu, S-kami, Kros54, Asterix, Sylvander, members of Puppy Linux forums, and to my colleagues, including ethical hackers who helped me with their feedback about Puli.

Kudos to my friend László Fekete for the background pictures. These "brown puli" pics are under copyright protection and can be used exclusively with reference to/within the Puli software.

The 32-bit Puli 6 (v6.2.0) is published with 3.14.79 non-PAE kernel. The 3.14.56 PAE kernel is also preferred. Some k4.x series are available, too. See the tested kernels here.

The 64-bit Puli 8 (latest v8.2) has kernel version 6.12.6. Tested with many kernels from series k4.9.x to k6.12.x

Earlier barks of Puli are discussed at https://oldforum.puppylinux.com/viewtopic.php?t=96964 and https://oldforum.puppylinux.com/viewtop ... repository in form of compressed files in Puli-(version_issuedate) folders. Download the preferred Puli_install.zip file (this description references to Puli 6.0.4 and later versions).

b. Download the latest version of LinuxLive USB Creator from http://www.linuxliveusb.com. If you have any issue, you can find its earlier, tested and virus-free version at smokey01.com/gjuhasz/LiLi.

2. Create the Puli pendrive.

Plug in the pendrive (recommended capacity: 4 GB or bigger) and Run LiLi. Complete the install steps from top to down as follows:

Step 1: Choose your pendrive in the selection box (be careful - do not select another drive accidentally)

Step 2: Choose a source - click on the ISO/IMG/ZIP icon and select the Puli_install.zip file

Step 3: Select Live Mode in the Persistence pane

Step 4: Tick only the second (FAT32) box

Step 5: Click the lightning icon. The installation takes about 25-30 seconds. In the below picture, you see the LiLi interface before the installation starts and after it has finished:
.

PuLiLi.jpg (75.38 KiB) Viewed 11828 times

.
Step 6: You can download some useful packages from Puli-(64/32 bit)/packages subfolders of sourceforge.net repository. Download the selected ones and put them into the /packages folder of your boot pendrive. I uploaded validation files, too (sha and/or md5), so you may check the downloaded stuff if you want. Note that you may find newer versions at the download page of their distributor. See the Useful links section below.

3. Unmount the pendrive. You are ready, Puli is installed.

4. Before rebooting your machine from the Puli pendrive

a. I recommend to read the following sections, too.

b. If you know what to do, you may configure some startup parameters in syslinux.cfg and /env-0/puli.cfg right now.

c. Ensure that the BIOS/UEFI is configured to boot from pendrive.

5. Give Puli a go!

II. Puli in a nutshell:

1. Boot-up the PC from the USB pendrive pre-installed with Puli.

a. When asked, log in as root.

b. At the first login, type root as password. (Later you can change it and save it for next logins).

2. The Session Setup dialog pops up.

a. Check whether timezone, numlock, timesync, hwclock, firewall, locale, and keyboard, etc., are suitable for this session and change them if needed. Your changes in this dialog affect the current session but you can preserve them for the future sessions, too.

b. You may right-click the Volume tray icon, select Full window and check/adjust Capture, Mic boost, etc.

3. The USB pendrive gets unmounted. Consider pulling it out when the popup message reminds you.

4. Before you finish, be sure that you left no data on the PC.

5. There are different methods to save your work on the (replugged) USB pendrive:

a. You can preserve the main settings (including passwords, too) by clicking the Save: smart button on the Shutdown dialog or, within the session, in the dialog of the backup desktop icon.. See the next sections for details of this Smart save feature.

b. Clicking the backup icon on the right of the Desktop immediately creates a compressed Puli_backup_YYYY_MM_DD_HH_MM.tar.gz backup file in the /backup folder of the USB pendrive. Backups include Backup description.

c. You can decide to create backup at the end of the session, too, by selecting Save: backup on the Shutdown dialog.

• Note that the password files, the smartloaded packages (installed into /initrd/pup_rw) and the on-the-fly added .sfs files (arrived into the /initr/pup_ro4... ro8 folders) are excluded from the backups.

6. You can restore a previous status from a backup if you open the /backups folder on the pendrive then drag-and-drop a backup file onto the Restore icon next to it. Of course, the selection of the smartloaded packages should be the same as it was previously. You will receive notification about the packages omitted during backup.

7. Puli provides you with a secure environment. It helps you fight against malicious attackers.

• Be wary of hardware keyloggers. From the tray, open the virtual keyboard and use it any time to enter passwords or other sensitive text. This way your data will not be disclosed.

• You may start some features, such as Office programs, evince, etc., in offline mode for your security.

• See more details about the available security profiles in the next sections.

• It is recommended to change your session password as follows:

  a. Open console

  b. Issue the passwd command and follow the instructions.

  c. At shutdown time, save your environment with smart save. The new password shall be used for future logins. See the next sections for details.

• If you right-click on a folder, you can encrypt / decrypt its content. See more details in the next section.

III. For advanced users:

1. To have additional packages, browse the content of the packages subfolder(s) here and download the selected 32/64 bit ones into the /packages folder of your USB pendrive. Among the proposed packages, you can find advanced Office programs, Java runtime module and other useful software - each of them tested with Puli. Note that the 64-bit Puli is able to run some 32-bit software (the 32bit-compat.sfs package provides multi-arch support for them).

2. You probably don't use all downloaded packages in a given session. Puli offers easy selection among them in boot time, with the help of the smartload feature:

• Together with the built-in Puli packages, you can boot any number of extra .sfs, .pet, .deb, .AppImage, .tar.7z, .tar.bz2, .tar.xz and/or .rpm files simply by referencing their file name in separate lines of the /profiles/Common/smartload file of the USB boot device. See the default smartload file included in the release. Puli seeks those referenced packages in the /packages folder of the boot device and auto-loads them during bootup (in the order of their appearance in the smartload file), before the graphic environment (X) starts.

• For example, to smartload SoftMaker FreeOffice, put a softmaker line in smartload file on your USB boot device. (This is a kind of free but licensed software thus you need to register and obtain your personal license at Softmaker Software GmbH. Alternatively, you can use LibreOffice (without registration) by putting a LibreOffice line in smartload file. See the Useful links section below.

• The content of the smartloaded .tar.bz2 and .tar.xz packages will be unpacked to /opt/ folder (in the preserved structure of the package).
  Note that the .tar.7z packages can be encrypted - Puli asks for password at boot time.

• The AppImage files will be smartloaded to the /opt/AppImages folder. An extra icon pops up in the desktop while one or more AppImages present in this folder. (Puli accepts the .AppImage, .appImage, .Appimage, and .appimage file extensions in the same way.) You can run them directly by left-clicking the folder icon then selecting the filename. AppImages (and other executable files) can be run sandboxed if you right-click their name and select firejail in the menu - providing that the firejail package is (smart)loaded.

• You may have more smartload type files prepared, i.e., smartload, smartload1 ... smartload9, smartloada, smartloadb, etc. Then, you may select one from them during bootup by hitting a character (e.g., 1, or 2, or a, or b, or c) when asked. If you don't act, the default smartload file will be used. If your selection refers to a non-existing file or you hit space, then the smartload feature is omitted.

3. Other settings:

• You may add boot parameters, e.g., pkeys=hu plang=hu_HU.UTF-8, to syslinux.cfg on the pendrive (see among the install files) that will be applied in all cases for all machines you want boot with Puli.

• In addition, you can define machine specific parameters (timezone, numlock, timesync, hwclock, firewall, plang, pkeys, etc) in the env-<macaddress> folders of the (root of the) boot device. The default folder is env-0, that can be accompanied by various env-001ee4532a23 etc., folders after running Puli on different machines. Those folders will be prepared and filled up in /root/tmp folder by Puli that saves them on the boot device if you select the smart save option at the exit or click on the save "Puli-head" any time.

• Booting Puli on the same machine next time, you don't need to deal with the settings. For example, the default timezone (GMT) will be overwritten with the timezone data of puli.cfg found in the machine specific folder. The applicable timezone codes can be read from /usr/share/zoneinfo, such as Australia/Perth.

• You can place one smartload file in the (root of the) env-<macaddress> folder if you need to load machine specific modules (e.g., nvidia driver) before X starts. For help, an empty smartload file is included in env-0, you only need to (find and) populate its copy in the env-<macaddress> folder.

• It can happen that some .pet, .sfs, or .deb modules shall be auto-loaded in the X environment. Put a + (plus) sign as the first character in such lines of the selected smartload file (do NOT rename or reassemble the package itself).
  Note that the postXload feature of the earlier Pulis can be applied too: you can list such modules, without the starting plus sign, in a postXload file (next to the smartload). There can be only one postXload per env-<macaddress> folders. However, you can apply one common postXload next to the other smartloads in /profiles/Common folder of the boot device. The Puli package includes an empty postXload there (and another one in the env-0 folder, too).

• Just after boot-up, the advert-blocker feature updates the /etc/hosts file to block annoying commercials.

• By clicking on different Office files, the appropriate program opens based on MIME type, e.g., abiword can catch the .docx files while textmaker can handle the .doc; clicking an .xls can open planmaker while .xlsx can invoke gnumeric, etc.

• Puli automatically creates a Linux swap file in the memory unless you prepare a swap on the hard disk (e.g., using gparted. The swap is pr eferably the same or twice the size as the memory. There is no reason to configure a swap bigger than 4 GB.

• If the USB boot device includes folders named /patch and/or /profiles/Common folder, then Puli merges their content and copies them in the filesystem before starting X. (the content of the patch folder may overwrite those files come from Common).

• In the Puli package, you can find tricky security profile examples realized by different file structures. They can be selected/activated by clicking their fantasy-named security profile selector icon (the profile name will be copied into the /patch folder on the pendrive). Those profiles are mainly used during browsing the net:

Puli_profiles.png (17.7 KiB) Viewed 11828 times

Mild-tempered

a. This is the default security profile, the only profile in which multiple browser windows or even multiple browsers can run simultaneously.

b. Chrome, Iron, Slimjet, and Vivaldi browsers open here in Incognito mode. I propose to not change this setting.

c. The network_tray icon becomes red while suspicious connections are active. They are logged in /var/log/suspicious_connections file.

Rigorous

a. In this profile, Puli disables all disk drives (e.g., the hard disks stop rotating). The boot device remains active, however it can be plugged out when Puli recommends.

b. Puli barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.

c. Puli does not release the suspicious host but occupies its available ports in SYN_SENT or similar mode. For details, see profile-specific scripts such as /usr/local/bin/defaultbrowser and /usr/bin/netchecker.

d. If you accidentally get false alarm(s), move those friendly IP addresses from /etc/suspicious_hosts to /etc/friends file (and update your patch structure accordingly).

Crazy

a. In this profile, Puli disables all disk drives (e.g., the hard disks stop rotating). The boot device remains active, however it can be plugged out when Puli recommends.

b. Chrome, Iron, Slimjet, and Vivaldi browsers open here in Incognito mode. I propose to not change this setting.

c. According to the profile name, Puli makes hackers crazy. It disables the network periodically to prevent their session become effective. See the details in /usr/bin/netkiller.

d. Some browser versions may fail in this profile if the communication with the selected server is wery slow.

Lazy

a. Similar to the mild profile with one tricky exception. While browsing in this unique profile, your lovely Puli becomes lazy and goes asleep. More precisely, the Linux utilities (those in the /bin folder) become inexecutable, preventing a hacker or even a trojan malware to initiate shell scripts or issue commands. In the script behind the lazy profile selector icon on your USB boot device, you can define the full path where you want to run the "disappeared" Linux utilities in lazy mode. You may leave the default /ban/ setting as is, or write a path like lazybin="/usr/share/foo/" (with slash at the end). Of course, you need to re-activate the lazy profile by clicking its profile selector icon, then reboot. Be careful! If you put an existing folder name above, its original content may be overwritten! Warning! Do NOT select a folder from those in the search path!

b. Chrome, Iron, Slimjet, and Vivaldi browsers open here in Incognito mode, and you cannot run multiple browsers/browser windows simultaneously. I propose to leave this setting "as is". Firefox runs as spot with limited lazy features, but opens in a sandbox if firejail is installed.

c. Some features behind icons file, info, edit, write, calc, phone remain active only for you.

d. During browsing, clicking on the leftmost dog icon toggles between the lazy and the mild profiles. While you see a "glowing" mild icon, you can click on the rest of desktop icons, and the menu items.

e. The drive icons are replaced by an inactive drives icon during browsing in lazy mode. While toggled to mild mode, clicking on the drives icon invokes pmount.

f. Warning! Do not unplug any mounted drive while browsing in lazy mode!

g. If you close the browser, all features are restored in a few seconds (i.e., the dog icon initiates backup and the drive icon(s) appear again).

• It is preferred to browse with the latest version of a properly sandboxed Chromium flavor, or use a modern Mozilla based version.

• Puli supports the following 32/64-bit browsers (in order of preference, which is NOT the order of quality): Chrome-64bit; Iron; SlimJet; Vivaldi; Firefox; Opera; Links and runs them by spot user. It is recommended to use the smartload feature for booting them by selecting one of them in the smartload file. (Note that you if you install more than one browsehere rs, they may interact or even block each other).

• By default, the Iron, Slimjet and Vivaldi browsers run in Incognito mode, using common bookmarks and settings. It can happen that later versions (which are recommended anyway) cannot keep this compatibility.

• Due to licensing issues, some Chromium based browsers cannot play mpeg4 videos. In those cases, installing or smartloading extra ffmpeg codecs can be a cure. A couple of extra ffmpeg packages are referenced/available in the Puli codec repository.The Opera version is probably compatible with Slimjet and Vivaldi browsers, too.

  • In all profiles, clicking the info icon invokes the preferred browser (in case of the Chromium-based browsers, in non-accelerated, Normal mode). If nothing selected, the Links browser appears. It is configured for smart media recognition capabilities.

• Puli supports Firefox. You can download a relatively new version from the link in my packages. Auto-update to the latest version is configured in Puli. However, you can update my pet package by replacing its /opt/firefox folder with the latest version. Firefox starts in sandbox if firejail is installed.

• You can download the latest Flash player plugin from this link. Its filename is like "adobe-flashplugin<latest date>.1-0ubuntu0.14.04.1_i386.deb" or its 64-bit counterpart "adobe-flashplugin<latest date>.1-0ubuntu0.16.04.1_amd64.deb" . Put this smartloadable .deb file in the /packages folder on your boot device. Be sure that only one adobe-flashplugin*.deb file appears among the packages. It installs to /usr/lib/adobe-flashplugin folder (for all browsers).

• Parental control: Append IP addresses or even domain names (e.g., 1.2.3.4 and/or somename.com) as separate lines to the /etc/suspicious_hosts file (of course, copy it into your favorite patch structure on the UBS pendrive, together with /etc/friends). Puli interprets them and feeds the blacklist automatically.

• If you right-click on a folder, you can encrypt / decrypt its content with the menu items. I propose storing your sensitive files in /root/my-documents/Secret/ folder which is encrypted (with AES 256 and password "root") by default. Of course, it is strongly recommended to change the default password to your one at your earliest convenience. The encryption-related options can be found in the dialogs behind the right-click menu items. Note that the Secret folder will be automatically unmounted (i.e., its content toggled to encrypted status) if you create a backup or select smartsave.

• In Puli, the background picture (wallpaper) is the /usr/share/backgrounds/default.jpg, referenced in the third line of /root/Choices/ROX-Filer/PuppyPin file. This line in PuppyPin also defines its displaying mode (Centred, Scaled, Fit, Stretched, Tiled). You can copy your favorite wallpaper to /usr/share/backgrounds/default.jpg to see it on the computer you are actually using (then restart X). Later, if you select Save: smart at shutdown, then these settings will be saved to the env-<macaddress> folder on the boot device. You may try the Desktop > Pwallpaper menu item to change the wallpaper but do this with care.

• If you connected an MTP (Media Transfer Protocol)-capable device (e.g. a mobile phone) via USB cable but the device is not recognized automatically, open a terminal window and issue mtp+. Now, you can access the device thru the /root/MTP folder. If you finished, issue mtp- before disconnecting the USB cable.

IV. For enthusiasts:

You may need to customize Puli if you want to run it on the same computer. Puli supports this in many ways as follows. But keep in mind that different computers' settings can be incompatible with each other thus their settings should be stored separately, i.e., in different environment folders on the boot device.

• The naming convention for the environment folders is: env-<macaddress> where macaddress is a 12-position hexadecimal number, for example, env-0123456789ab. Puli recognizes whether the name of one environment folder matches with the given machine at boot time. If no matching folder found, it will be created in /root/tmp using the content of the env-0 folder and your actual settings (and will be saved at shutdown time if you select Save:smart)

• You can select a smartload file during the boot process, earliest after the purple "copying to ram" text appears, but latest in 5 seconds after you see the "Press a key to smartload a package set..." message. You can reference there as many files as you want - even a truncated but unique basename, e.g., "wine", or (if you are unsure about capitals in the filename), even "?ine" can be enough to locate "wine-3.10_v3.1.pet". Note that while, on the one hand, only the memory limits the number of the auto-loaded packages; on the other hand, they cannot be uninstalled in the given session (however, try to re-install the same package then uninstall it). The possible errors are displayed in a simplified mode and logged in the /root/tmp/ folder with details.

• The auto-loaded files are merged into the /initrd/pup_rw folder: first, the content of the Common folder, then the content of the environment<macaddress> folder, then the content of the smartloaded files (starting with the environment-specific smartload tem the rest in the order of their appearance), then the content of the patch folder, then the content of the security profile. That is, you can overwrite a just loaded file with another one, e.g., files loaded from /Common folder with files loaded from /patch folder, etc., but each overwrite their counterpart in /initrd/pup_ro2. Puli uses the rsync -a command for this.

• Note that although Puli accepts .rpm files, they mostly need additional libraries to run properly.

• The firewall can either be set as strong or lite. If you need to create a different firewall, you may set up the firewall rules manually then put them in your patch structure. Later, you can easily recognize the active one based on the color of the tray icon (green = strong-Puli version, yellow = lite-Puli version, blue = user-configured).

• In the Session Setup dialog, you can decide whether the current session settings are valid for the future sessions, too.

• After login (more specifically, after you click OK on the QuickSetup window in the X environment), files in the /root/Startup folder are executed. Intentionally, the Puli-specific zsupp script is the last one amongst them. Of course, you can amend it and put in the /patch folder to replace its default version.

• Note that the files in the /root/.config/autostart folder are executed each time just after restarting X. Consequently, at first boot, they start BEFORE you click OK on the QuickSetup window.

• The BootManager has been tailored for Puli as some of its functions are not applicable in PUPMODE 5, and others are implemented in a better way. Use with caution.

• As in other Puppies, you may install five additional .sfs files on-the-fly later (into /initrd/pup_ro4 ... /initrd/pup_ro8). However, Puli offers a workaround if you need to load more than five .sfs files on-the-fly. Menu item Setup > Merge SFS files gets (based on their alphabetical order) the *.sfs files found in /root folder, then merges them into /root/puli.sfs. Move it to the pendrive and reference it as a single item to load/unload it using the Settings > SFS-Load menu item from the desktop.

• In contrast to other puppies, you cannot save your session as puli.2fs on the USB pendrive or elsewhere. Instead, use the backup desktop icon or the Save: backup option at the Shutdown dialog. Note that the auto-loaded extra packages are not included in the backup file thus you may need to use the same smartload file next time to restore the same environment.

• As already mentioned, you can save some session settings to auto-load them next time by clicking the Save: smart button either in the Shutdown dialog or, within the session, in the dialog of the backup desktop icon. If clicked, then the control files within the /smartsave folder will be executed. Note that some Puli-specific .pet or .sfs packages may add their own control files to the /smartsave folder on the boot device as /profiles/Common/smartsave.

• If you are experienced enough, you may activate the restore_latest.pet package by the appropriate row in your smartload file (as an example, see the /smarloadr file in the install kit). With these settings the latest backup will be auto-restored at boot time. Note that cumulative backups are possible, i. e., you may restore more backup files after each other, even those created in different security setups on different machines. Puli tries to manage this, and sends warning messages if needed. You may see unforeseen behavior in extreme cases, however.

• Beyond the above mentioned dynamically changing "latest" backup, you can auto-restore another "fixed" backup, too. For this, activate the restore_fixed.pet package in your smartload file. With these settings, Puli will seek a backup file placed in the /backups/fixed folder of the boot device to auto-restore it at boot time. Note that this is independent from the restore_latest feature, so you can apply them even together if needed. Restoring backups begin after the security profile is in place. Note that no security profile will be restored from backups.

• In your smartload file, you can reference a specific package (force_mild.pet, or force_rigorous.pet, etc.,) to replace the preset security profile with another one. With this feature, the single-key boot-time setup can include a smart security pr ofile selection.

• You may refresh the puli<version>.sfs file, e.g., to update it with the content of the actual patch structure:

  a. Ensure that the pendrive is plugged in (either mounted or unmounted).

  b. Open a terminal and issue refresh

  c. The temporary files are in the /root/squashfs-root folder. When the script asks for this, you can manually edit the content of /root/squashfs-root, update it with patch files, etc. Be careful with adding new links: relative links should not point out of the /ro ot/squashfs-root folder.

  d. Wait until all operations are finished.

• The shrink script does the same as refresh except that it calls the Remove Builtin Files utility before writing back to the USB pendrive. The temporary files are in the /root/squashfs-root folder. You can manually edit the content there when the script asks for this.

• Clicking some icons open built-in or smartloaded programs based on their preference order. You can change the preferences in the /usr/local/bin/defaultxxx files of the given profile(s). For example, the write desktop icon may have this preference order to open: LibreOffice, SoftMaker FreeOffice, Abiword - depending on which one is installed; the paint desktop icon may havepreference order as: Gimp, Mypaint, LazPaint, nomacs, mtpaint. The draw desktop icon may have this preference order to open: Inkscape, AzDrawing, Inklite; the record desktop icon has this preference order to open: SimpleScreenRecorder, XvidCap - the latter is the default. The phone desktop icon has this preference order to open: Skype, https:/appear.in, xchat, etc. Note that usage of https:/appear.in is limited in some browser versions because they do not allow camera/mic in WebRTC API.

• Skype is not available for 32-bit Linux anymore.

• You can try web plugins available for some browsers and can even create smartloadable modules from them. Such modules can replace the standard Skype, Teamviewer, etc packages.

• The zip desktop icon opens PackIt. Xarchive remains available via the menus.

• Notice that some common Puppy utilities, e.g., default applications chooser, have been removed in favor of the Puli specific features.

• Notice also that the .DirIcon of the selected profile folder appears on the Desktop as backup icon.

• As mentioned above, Puli intends to disable all disk drives except the boot device. This is made by the /usr/bin/diskdrop script, which runs in all cases by default. However, this function is enabled only in the Crazy profile and neutralized in the rest (by an empty diskdrop script in the /usr/bin folder of those profiles). The disabled drives cannot be fully restored within the session. However, you can try to restore them with the /usr/bin/diskrise script, which needs the boot device be plugged in. After diskrise, identifiers of the restored drives can change (e.g., sda1 appears instead of hda1 stb).

• Warning! Puli detaches the pendrive at the end of the shutdown process to prevent the dirty bit set. Some machines remember this detached status until they are physically removed. In this case, unplug the pendrive after Shutdown. Never fix t he dirty bit in Windows! Puli resets it next time during the bootup process.

• To accelerate its boot process, Windows 10 doesn’t fully shut down by default. Instead, it actually hibernates. Thus, the NTFS filesystem of Windows 10 appears as read-only in Puli (as in all Linux flavors). If you need to write to this partition from Puli, either permanently change the default power options of your Windows 10 or keep the Shift button while selecting Shutdown in your Windows 10.

• By default, the Windows-encrypted drives are inaccessible. You may download and try Linux-based decrypting programs such as dislocker.

• Some USB install tools, other than LiLi, do not accept .zip files. In this case, simply rename the Puli_install.zip file to Puli_install.iso. This renamed file will be accepted for installation.

• The Puli package includes the folders/files for booting in UEFI mode.

V. Useful links

• Puli homepage with links to mirrors
  Mirror including the proposed additional packages for Puli here.
  Puppy Linux knowledge base
  [URL=https://oldforum.puppylinux.com[/URL] (huge collection of HOWTOs, ideas, and installable packages)
  32-bit and 64-bit Puppy Linux packages (programs, Nvidia drivers, etc)
  Adobe Flash plugin (See details above in section "For advanced users")
  Extra ffmpeg codecs for chromium flavors such as Slimjet or Vivaldi (Earlier extra ffmpeg codec versions may not work with the latest browser)
  Common CA certificates (You can browse this link for the latest ones - the ca-certificates] associated with the newest Ubuntu versions may be OK for browsers such as Netsurf or Links)
  USB install tools (Some of them are Linux based, others are created for Windows only)

Appendix A. How to install Puli in Linux environment

In the first section above, I described an easy method for installing Puli in Windows XP/7/8/10 environment. For an experienced Linux user having root privileges, the below solution is also easy and straightforward.
Providing that you have Puli 7.x or another, relatively new 32/64 bit Linux version:

1. Create a bootable pendrive

   a. Put a 4 GB or higher capacity USB pendrive to a free USB slot. Warning! It will be wiped during the install process!
   b. Use GParted to create a single, bootable FAT32 partition on it. The result is an empty device being registered, let's say, as /dev/sdb1
   c. Open a terminal and enter syslinux -i /dev/sdb1 to put ldlinux.sys over the current bootsector of the pendrive with bigger that 32000 bytes of size. (You may need syslinux version 6 and/or mtools - the latter is available in the PPM of all newer puplets)

2. Copy Puli to the pendrive.

   a. Download the latest Puli_install.zip file from my sourceforge.net repository and extract it, e.g., with uextract.
   b. Open the unpacked Puli structure and copy its content into the (root of the) USB pendrive, next to ldlinux.sys

3. Unmount the pendrive.

Before rebooting your machine from the pendrive

a. You can find some useful packages, e.g., browser(s), Adobe Flash plugin, Java runtime (jre) environment, Office packages, wine, etc from Puli-(64/32 bit)/packages subfolders of my sourceforge.net repository. Take a look at the proposed closed source packages referenced in the +externals.txt file, too. Download the selected ones and put them into the /packages folder of your boot pendrive. Note that you may find newer versions at the download page of their distributor. See also the Useful links section above.
b. I recommend to read the above sections, too.
c. If you know what to do, you may configure some startup parameters in syslinux.cfg and in puli.cfg right now.
d. Ensure that the BIOS/UEFI allows booting from the USB device.

• The boot procedure may fail if some Puli files, i.e., initrd.gz, *drv_puli(version).sfs, and/or puli(version).sfs remained accessible on your hard disk.

You are ready. Puli is installed. Give it a go!

[mikeslr]

Hi gjuhasz,

I am interested in trying puli-7.3_April2020 (not the iskola version) which I downloaded from https://sourceforge.net/projects/puppys ... 3_Apr2020/. Rather than booting into Windows, I was hoping that frugalpup, http://www.murga-linux.com/puppy/viewto ... 85#1005485 could be used to successfully write it to a USB-Key. Unfortunately, using frugalpup (its main version, its stickpup module and just trying to install the bootloader after manually placing puli's files on the second partition of a USB-Key) no boot was successful: all efforts failed with the report "puli7.3.sfs could not be found" or words to that effect.
I used the recipe here to first create an ISO in order to work with applications which can't manage zip files. http://www.murga-linux.com/puppy/viewto ... 04#1042604

So I booted into windows. I didn't have LinuxLIve USB-Creator installed. I tried rufus. http://www.murga-linux.com/puppy/viewto ... 04#1042604. That also failed with the same report. I then took a break and by the time I decided to try again I was in Bionicpup64. As I don't have a UEFI computer, I figured I had nothing to loose by first attempting the method I had successfully used with puli_7.1 spelled out in my 24 Nov 2019 post. Both grub4dos and Legacy grub failed to create a viable boootloader.

I will boot into Windows 7 again and use Linux Live USB Creator. But it would be of value if frugalpup* could be used by those who run Puppies. I suspect the problem is either the name format given to puli's main file system, puli7.3.sfs, or the booting instructions which I think are in initrd.gz.

-=-=-=-=-=-=-
* frugalpup will most likely become a standard built into Puppies: I can be used to create a bootloader for bios, UEFI computer or both.

[oui]

deutsche Roh-Übersetzung der 2 ersten Wortmeldungen: viewtopic.php?f=110&t=744&p=4581#p4581

[oui]

I did download it (but miss some devx system) and did try to try it out a usual frugal install !

without success as login and password where on the way...

above literature were to much for me for that evening (as it is already 22:40 h).

and it is to much to prepare a stick out a running Puppy (Dpup buster with xfce4 32 bit). why no frugal install?

[williams2]

failed with the report "puli7.3.sfs could not be found" or words to that effect

Basically, all that the bootloader does is copy the kernel, vmlinuz, to ram, and also copy initrd.gz to ram.
Then the bootloader passes control to vimlinuz in ram.
The bootloader has finished running, it has done it's job.

The puli7.3.sfs message means that the bootloader did it's job,
and that vmlinuz did it's job and passed control to initrd.gz.
initrd.gz contains a tiny Puppy Linux.
It's the little Puppy in the initrd.gz that is trying to find the sfs files.

It may not find the sfs files:
if they don't exist,
or if they have a wrong name,
or if they are not where they should be.

For example, if pmedia=cd was passed to initrd.gz from the bootloader config file,
it might only look on the cd drive.

If pmedia=usbflash was passed to initrd.gz from the bootloader config file,
it will probably try to find the sfs files on a usb flash drive.

Sometimes it works best to have no pmedia= option,
which makes it look everywhere.

[mikeslr]

Thanks for the explanation, williams2.

As I mentioned I was going to in my prior post I booted into Windows and installed puli7.3 to a USB-Key using LinuxLive USBCreator. That worked as puli booted to desktop on my Laptop. Unfortunately, the kernel (and drivers) it has did not have among them any which recognized either my keyboard or mouse. I'll try again substituting those which work with Bionicpup64 on my Laptop. But my first thought was to try again with puli7.2 and downloaded it. While waiting I decided to examine the 'boot-menu' which enable reaching desktop.

It used grub2 and repeated that which was contained in Puli7.2's package:

menuentry "Smartload proprietary (nvidia, etc) driver tested on this machine" {
linux /vmlinuz pfix=ram nouveau.modeset=0 pmedia=usb acpi_backlight=vendor
initrd /initrd.gz
}
menuentry "Use builtin video driver" {
linux /vmlinuz pfix=ram pmedia=usb acpi_backlight=vendor
initrd /initrd.gz
}
,,,

Except that following the Title line, LiLi had added a UUID designation.

As I was also watching a TV show at that time, rather than return to the desktop (with its Windows 7 and LinuxLiveUSB-Creator) I decided to see if I could get puli7.2 to boot with grub4dos and a hand-crafted menu.lst. Figured as long as I was exploring, I might as well see if I could set it up with a small fat32 boot partition and the balance of the USB-Key formatted as Linux Ext3.
Unpacked the zip, and copied its contents into a folder named puli on what my laptop saw as sdb2. A terminal output of the command blkid gave me sdb2's UUID.. I ran grub4dos, had it install to sdb1 but not write a menu.lst.

My hand written menu.lst again failed to reach desktop again complaining about being unable to find (albeit, this time) puli7.2.sfs. However, I noticed that the only partitions grub4dos was looking at were sda --which is the computer's hard-drive. On a hunch, I added psubdir=puli to the menu.listings so that they now read:


title Linux puli Use builtin video driver (sdb2/puli)
uuid YOURS WILL DIFFER--USE blikid to obtain it
kernel /puli/vmlinuz pfix=ram pmedia=usb psubdir=puli acpi_backlight=vendor
initrd /puli/initrd.gz

title Linux puli Smartload proprietary (nvidia, etc) driver tested on this machine
uuid YOURS WILL DIFFER--USE blikid to obtain it
kernel /puli/vmlinuz pfix=ram nouveau.modeset=0 psubdir=puli pmedia=usb acpi_backlight=vendor
initrd /puli/initrd.gz

Success.
I'm posting from it now via palemoon portable. [By the way, gjuhasz, although its initial GUI was in English, its menu was in Hungarian. I changed that to en-GB, then back to en-US to obtain a menu in English (American?)].

I am reasonably certain the above procedure will work with puli7.3. However, grub4dos can not be used with UEFI computers. Now that I know how to obtain a viable menu, I'll have to see if one of frugalpup-installer's modules can be use.

P.S. (1) Yes, it did work with puli7.3. Works fine on my desktop. But, as yet, I haven't found a kernel which will work with my laptop.
I2) I've gotten this far with frugalpup-installer. The boot option will work to install a bootloader but only after copying puli7.3.sfs and renaming it puppy_puli7.3.sfs. In other words, the frugalpup-installer's complaint that it could not find a "puppy" was to be read literally: it only looks for a puppy-version.sfs beginning with the name "puppy". Likely its other modules can be similarly tricked. After the "boot" module writes grub to the USB-Key, the file named puppy_puli7.3.sfs can be deleted. Still, neither the menu-entry written by the boot module, nor my efforts at a hand-written version have been successful.

Since I've figured out how to boot puli7.3 from the desktop, and the problem with the laptop isn't boot-related, I think I'll leave figuring out to create a UEFI version to someone who has a UEFI computer.

[oui]

I did download it (but miss some devx system) and did try to try it out a usual frugal install !

without success as login and password where on the way...

above literature were to much for me for that evening (as it is already 22:40 h).

and it is to much to prepare a stick out a running Puppy (Dpup buster with xfce4 32 bit). why no frugal install?

I did test again if a password continues to be required.

Sorry, yes...

Is that an error from me?

[gjuhasz]

Dear mikeslr,

By the way, gjuhasz, although its initial GUI was in English, its menu was in Hungarian. I changed that to en-GB, then back to en-US to obtain a menu in English (American?)

Thanks for the notification. I uploaded a new Puli_install.zip that fixes this issue. I changed the Hungarian references within the puli.cfg file in the <env-0> folder to:

pkeys=us
plang=en-US.UTF-8

Feel free to do the same in your<env-xxxxxx> folders on your pendrive.

I didn't have LinuxLIve USB-Creator installed. I tried rufus.

I tried to collect all alternative boot flavors for Puli (and added them to Puli_install.zip) to support the old BIOS based computers and the newest UEFI ones including those with the HP Sure Start feature.
I am wondering if you could help me in making the boot process smarter by telling me the type of your laptop. Please advise. Thanks in advance.

For successfully booting Puli, the main conditions are that the pendrive is bootable and the ldlinux.sys file exists. The rest of the files are included in the Puli_install.zip.
I will read thru the frugalpup boot method anyway.

Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear oui,

First of all, thanks for the german translation. I added its reference to my second post .

why no frugal install?

I intentionally removed the frugal install feature from Puli. This way the hard disk (e.g., with an installed Windows system) can remain intact. If needed, Puli can eject the hard disk drives (depending on the user and/or the machine) during the boot process.

...without success as login and password where on the way...

Puli supports configuring the same pendrive for multiple root users that log in using their unique passwords on their machine(s). This is the default item among the data privacy protection features in Puli.
Also, the users can smartload their own password protected .tar.7z files.
Moreover, the Puli users who share this pendrive can create folders then populate and encrypt them using the right-click menu.

Have fun!

Regards,

gjuhasz

[gjuhasz]

I booted into Windows and installed puli7.3 to a USB-Key using LinuxLive USBCreator. That worked as puli booted to desktop on my Laptop. Unfortunately, the kernel (and drivers) it has did not have among them any which recognized either my keyboard or mouse.

Dear mikeslr,

I bumped into the same problem with one of my laptops. It seems that there is a bug in the 3.0 version of xorg-autoconf (see the post at http://oldforum.puppylinux.com/puppy/vi ... aca47ab69d).
So I reverted xorg-autoconf 3.0 to an earlier version (in which I fixed another issue a couple of months ago). This change is already included in the current Puli install zip(s) that I uploaded to https://sourceforge.net/projects/puppys ... uli-64bit/ folder on Sep 13.
You don't need to fully reinstall your Puli pendrive but replace the old Puli_7.3.sfs with the current one. Sorry for the inconvenience.
I am wondering if this solves your problem with the keyboard and mouse.

Have fun!

Regards,

gjuhasz

[mikeslr]

Hi gjuhasz,

Yes, solved the problem. Thanks.

[mikeslr]

Hi, gjuhasz,

This is just a suggestion based on my previous posts. As often is the case with my posts, they were data-packed. Consequently, it is easy to overlook what may be the most important point. I don't know how complicated it would be to implement.
My thought was that those most likely to discover, use and recommend Puli were those already familiar with other Puppies and debiandogs. Consequently, my explorations were mostly directed toward finding ways to boot into Puli without having to first boot into Windows in order to deploy Puli to a USB-Stick; and especially to be able to deploy Puli from a running Puppy.

So I think that the most important discovery I made was

I2) I've gotten this far with frugalpup-installer. The boot option will work to install a bootloader but only after copying puli7.3.sfs and renaming it puppy_puli7.3.sfs. In other words, the frugalpup-installer's complaint that it could not find a "puppy" was to be read literally: it only looks for a puppy-version.sfs beginning with the name "puppy". Likely its other modules can be similarly tricked. After the "boot" module writes grub to the USB-Key, the file named puppy_puli7.3.sfs can be deleted.

. Emphasis supplied.

[Actually, it's easier --after deployment-- to just rename puppy_puli7.3.sfs back to puli7.3.sfs. And adding the psubdir=puli boot argument may still be necessary].

I suspect that boot-installers other than frugal-installer may have the same difficulty generating a menu.lst/grub.cfg as a result of how the main SFS is named. Rather than having potential Puli users engaged in manually perform the above procedures, I wondered how difficult it might be if in the future Puli's main SFS was named puppy_puliX.X.sfs?

[gjuhasz]

Hi, gjuhasz,

This is just a suggestion based on my previous posts. (...) I don't know how complicated it would be to implement.
My thought was that those most likely to discover, use and recommend Puli were those already familiar with other Puppies and debiandogs.
(...)
I suspect that boot-installers other than frugal-installer may have the same difficulty generating a menu.lst/grub.cfg as a result of how the main SFS is named. Rather than having potential Puli users engaged in manually perform the above procedures, I wondered how difficult it might be if in the future Puli's main SFS was named puppy_puliX.X.sfs?

Dear mikeslr,

Thanks for the detailed comment.
As I see, selecting the best install method/tool is a challenge in our Puppy Linux world - both for newcomers being brave enough to take a look at the landscape behind their Windows and for old motorists having a great experience in testing different Linux flavors.

My goal with Puli is fulfilling the requirements of each potential users and supporting as many machine types (with the same USB stick) as possible.

For Windows users, LiLi is the best and convenient tool for installing Puli on their USB stick. Then, they can play (or, in this COVID era, the students can work) with Puli without jeopardizing the integrity of their (or their parents') traditional, even corporate standard and monitored environment.

Old motorists (that prefer "/" to "\" but accept Wine and wine) don't really need X based install tools as they are happy either to create one (or more) for their loved Linux versions or to play with other's products. Me too.

I spent days with the available tools including your preference, the frugalpup installer. As you highlighted, the unortodox naming convention of Puli is incompatible with the frugalpup installer, so I downloaded bionicpup64-8.0-uefi.iso and gave it a try. Better saying, I made multiple attempts with its Stickpup feature, using a selection of ancient and relatively new hardware.
Unfortunately, the Stickpup-installed Bionic pendrive failed to boot on some of my test machines, e.g., on my HP Compaq dc7700 desktop or my HP EliteBook 850 G6 laptop. Then, I gave up with frugalpup installer, at least temporarily. However, as I am also

directed toward finding ways to boot into Puli without having to first boot into Windows in order to deploy Puli to a USB-Stick

let me recommend a simple, three-steps solution as follows:

• 1. Get a 4 ... 32 GB pendrive then use GParted to wipe it and create a new bootable FAT32 partition on it.
  The result is an empty device being registered, let's say, as /dev/sdb1
  2. Open a terminal and enter syslinux -i /dev/sdb1 to put ldlinux.sys over the current bootsector of the pendrive.
  (You may need the mtools package - it is available in the PPM)
  3. Download Puli_install.zip and extract its content to the pendrive.

The Puli_install.zip includes the folders and files to ensure that the same stick boots Puli on multiple machine types. I admit that only one subset of those coexisiting bootloaders is enough for a given type of hardware while other subset(s) are utilized elsewhere but I think the multiple grub.cfg etc files (which should not be edited) do not represent a huge overhead if there are several machine types in scope.

Edit: I amended the first post and the Puli help file with the above three points. See the updated Puli_install.zip and Puli7_iskola.zip files in their SourceForge folder:

https://sourceforge.net/projects/puppys ... _Apr2020/

Have fun!

Regards,

gjuhasz

[gjuhasz]

I installed Fossapup64 9.5 to a clean 4 GB USB stick using frugal-installer. Boots and runs fine on most of my old machines but fails on my HP EliteBook 850 G6 laptop displaying "Did not authenticate" error message.
I did not give up yet...

...and especially to be able to deploy Puli from a running Puppy

I think that the three-steps method I proposed in the above post fulfills this requirement.

Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

I noticed claims that some Linux users have issues with playing DRM protected videos.
Armed with Chrome, Iron, Slimjet, and Firefox smartloaded in Puli 7.3, I visited Netflix and sadly recognized that only Chrome played those videos without any problem.

Finally, I found a workaround and created a small Widevine64p.pet package. Successfully tested with the above listed browsers.
Downloadable from my https://sourceforge.net/projects/puppys ... /packages/ folder.

Please note that this is a Puli specific package. However, it can be easily tailored for other puplets.

Have fun!

Regards,

gjuhasz

[mikewalsh]

@gjuhasz :-

Hallo, mate.

Yeah, that doesn't surprise me one little bit, TBH! Chrome is, by default, the only one that comes with Widevine pre-installed. It's always been one of their selling-points.

Iron, Slimjet, Opera, Vivaldi, Yandex.....even the new Linux build of M$ Edge, all need to "poach" WideVine from somewhere else. They can all make use of it if it's there, but they don't come with it as standard.

NetFlix is something of a pre-requisite for me, so that's why all the portable-browser 'clones' I produce come with it OOTB, as it were. For 64-bit versions, you can simply 'borrow' the Chrome WidevineCDM directory. For 32-bit versions, it's a bit more fiddly.....

What I do is this:-

You download the 32-bit Vivaldi .deb package. Vivaldi is the only one that comes with built-in 'updater' scripts for both WideVine and ffmpeg. I copy the scripts from the /opt/vivaldi directory, and put them in a 'safe' location. Now; if you run them from inside the /vivaldi directory, they update 'in-situ', as it were. But we don't want that; we want to create the items externally, so they can then be copied for other browsers.

I stick these 2 scripts in their own directory in /root. When you click to run them from here, they'll create a /vivaldi directory within /var/opt, and then the updated items will be created within that. Then, you can simply copy them to the required browser's /opt/directory.....or in MY case, the portable-browser directory.

The 'zilla-based browsers, of course, download and automatically install WideVine from their own repo, as & when required, simply by ticking the DRM check-box in Preferences.

Hope that's of some use to you.

Mike.

[s243a]

I thought that I'd try running Puli in a container (see thread). Starting jwm produces the following error:

Code: Select all

"iptables v1.6.0: can't initialize iptables table `filter`: table does not exist (do you need to insmod>)
Perhaps iptables or your kernal needs to be upgraded. 

I see two likely possibilities for this error:
1. I need to add the kernal modules to one of the layers of my sandbox or
2. the capability droping is preventing this.

An easy fix would be to either remove the autostart section from .jwmrc or alternatively find out which .desktop item int he autostart folder is trying to call iptables. I'll troubleshot this and report back.

[gjuhasz]

I thought that I'd try running Puli in a container (see thread). Starting jwm produces the following error:

Code: Select all

"iptables v1.6.0: can't initialize iptables table `filter`: table does not exist (do you need to insmod>)
Perhaps iptables or your kernal needs to be upgraded. 

I see two likely possibilities for this error:
1. I need to add the kernal modules to one of the layers of my sandbox or
2. the capability droping is preventing this.

An easy fix would be to either remove the autostart section from .jwmrc or alternatively find out which .desktop item int he autostart folder is trying to call iptables. I'll troubleshot this and report back.

Dear s243a,

Thanks for your post and sorry for the late response.

I played with Xephyr on Puli 7.3 as follows:

A) Without rox and jwm

• First, started Xephyr and opened gnumeric inside - both by root. Passed.

• Then opened two Xephyr instances by root with gnumeric (as root) and Firefox (using "run-as-spot"). Gnumeric passed. Firefox: The Shields UP! tool confirms that the Xephyr sandbox works effectively. Good sound in Youtube. Problems with the drop-down bookmark menu. WebGL Water Speedtest is very slow.

• Then issued "su spot" and opened abiword in Xephyr. Passed.

See the below screenshot as an example for the first series of tests:

Xephyr_2windows_test_on_Puli.jpg (112.5 KiB) Viewed 7735 times

So, there are no critical issues in this mode yet.

B) With rox and jwm

From a termiinal window, I issued the following commands one by one:

Code: Select all

Xephyr -br -ac -noreset -screen 1024x768 :1 &

export DISPLAY=:1

rox -p /root/Choices/ROX-Filer/PuppyPin

jwm & 

sleep 2

echo ready

Please notice that I started rox before jwm. I did not receive error message regarding iptables. However,

• some environmental settings that are based on the common layers, such as hostname, firewall, network, brightness, the installed applications, etc., are the same for the outer and sandboxed inner systems. I think this is normal.

• Some packages (defaultbrowser, mpv etc) cannot run in the outer and inner environment simultaneously as I intentionally configured so in Puli.

• One thing is weird that the sandboxed instance does not inherit the keyboard/language parameters automatically. For me, the outer Puli has been set to hu_HU while the sandboxed one started as en_US. I corrected manually using the (inner) menu.

• A few Xephyr instances can be nested in each other. They work as I described above.

However, I did not dig more deeply into Xephyr, i.e., I played with those instances opened from within X.
Of course, Xephyr does not establish "Puli sandboxed within Puli" but provides a bit more secure environment for some applications.

See the below screenshot that represents the second series of my tests.

Puli-sandboxed.jpg (162.57 KiB) Viewed 7735 times

See the Xephyr package uploaded to my https://sourceforge.net/projects/puppys ... /packages/ folder.

Have fun!

Regards,

gjuhasz

[bullpup]

Hello community Haven't been around too much lately because of a career change. Still using Puppy daily both @Home and work. Just so you know.

I FINALLY got Puli to work (7.2) after SO many attempts. Posting from it right now, 64bit version.

Everything seems to be fine and working almost as flawlessly as my all time favorite Bionic. Only thing that doesn't work is the scroll wheel of my mouse (both keyboard and mouse on the same usb adapter which might be the culprit) and I cannot adjust the volume from the tray icon. I'm sure there will be something somewhere that will resolve this as I haven't figured out all the settings, profiles and what have you yet.

Great distro, awesome job. Happy camper here.

Regards, bullpup.

[bullpup]

In Puli 32/64 bit first time, what is login and password ?

Login: root
Passwd: root

You can easily change it after the login.

[gjuhasz]

After boot from USB profile crazy Firefox and other browser no start, why ?

Dear puppytrue,

Thanks for your posts and the interesting requests.
Unfortunately, I have very limited time due to a huge post-COVID workload nowadays. Thanks for your understanding.
I try to answer you here and in one or more follow-up posts.

First, I will try to reproduce the Firefox issue (you reported it on Sun Jun 27).
You can install Firefox in the Mild profile (simply click the latest Firefox-xx.x.tar.bz2 file or smartload it from the boot device). Then, from the menu, select Settings > Switch to Crazy and check if it works.
FYI: Firefox or Chrome, Iron, Slimjet, etc., won't boot automatically with Puli unless you smartload one or more of them.

Have fun!

Regards,

gjuhasz

[mikeslr]

“Safely” – well, everything is relative. And I still have my doubts.
This exploration was motivated by the request by puppytrue who inquired about the possibility of running metatrader4 under Puli, viewtopic.php?f=40&t=484&p=30178&hilit=puli#p30178 or EasyPup. [EasyPup and –for the sake of completeness-- EasyOS are discussed here: viewtopic.php?f=33&t=1534&start=10.

The first challenge Web-Facing Windows programs presents is that from Linux they have to be run under Wine and Wine constructions, themselves, do not provide any anti-malware or intrusion detection or prevention facilities. WineHQ cautions about that and notes that it is left up to the various Linux distros to handle those problems. So the best advice remains (a) don’t run Windows programs under Wine; and (b) if you have to make use of Windows Programs run them while not connected to the internet. Obviously, that advice can’t be followed if you need to run a Windows program whose purpose is to access and obtain information from the Internet.

Puppys standard method of protecting its system is isolation. For example, EasyOS can run a subordinate operating system in a container. Additional measures can be taken to protect that subordinate operating system. But even if they fail, malware and hacker’s can’t get beyond the subordinate system to the primary operating system.

Puli can operate from a USB-Key which, after boot-up, can be unplugged. Indeed, it’s designed that way, with the USB-Key only re-plugged when you need to preserve something; and then even such otherwise routine tasks as copying require confirmation. Properly maintained, Puli will be as pristine as the moment you deployed it. Additionally –unique among Puppys-- Puli includes modules which can detect attempted intrusions together with several user selected choices for automatically responding to such attempts.
Puli operates differently than other Puppys, in one way more conveniently, in another far less. The one way is its smartload feature. Puppys can be extended by a User beyond its built in application by installing applications, loading SFSes, starting –even creating links to-- portable-applications and AppImages. If desired making such extensions persistent by writing them –or links to them--to a SaveFile or SaveFolder that will be put to use on boot-up.
Although Puli can SFS-load an Application.SFS, can install a pet or other package and immediately use it, and can start an AppImage or portable-application, it’s smartload feature enables another way to make use of applications. The User can maintain one or more smartload files in the /profiles/common folder on the partition adjacent to Puli’s system files. These are just lists of possible applications. You can edit these lists in a text-editor. See Configuring Puli Screenshot.

Configuring Puli.png (203.13 KiB) Viewed 7973 times

On boot-up, the User selects a list by its ending number (otherwise smartload without any number is selected by default) and Puli reads the list and executes routines making the applications noted available. An application NOT beginning with a minus sign will be ‘installed’. Using the displayed smartload as an example, Puli would make the 32bit compatibility sfs files available.

But Puli does not make use of SaveFiles/Folders for preserving system changes. Instead, the User can chose to create smartsaves. Note the plural: several smartsaves –each different-- can b created and the User can choose which to apply. However, unlike a Puppy’s SaveFile/Folder, Puli doesn’t make use of smartsaves immediately on boot-up. Rather, the smartsaves have been written to a backup folder on Puli’s partition. Moments after Puli has completed booting it dismounts that folder. To make use of a smartsave-backup, the User must remount the partition, file-browse into the backup folder and drag a backup onto the ‘restore’ script. See Puli-backup Screenshot.

Puli-Backup.png (22.29 KiB) Viewed 7973 times

Puli then writes the contents of the backup into RAM, reconfiguring RAM’s content to include that which was preserved in the backup. All of which (a) requires the User’s manual intervention and (b) takes time.
Could Puli’s mechanisms even be used to make Windows programs available under Puli? Spoiler Alert: Yes, it can and I’ll provide the recipe below. But appreciating the problem and why the recipe takes its form, will help to explain why I think/hope there is a better way.
Puli 7.3 (and 7.2) are 64-bit Linux operating systems. Most ‘useful’ Windows programs --and in particular the one desired by puppytrue-- are 32-bit. Until recently, the ‘recipe’ for running a 32-bit Windows program under 64 bit Puppies was:
1. SFS-Load a 32-bit compatibility SFS (or install a pet)
2. Open a terminal and type the command ‘ldconfig’.
3. Triggered by that command, the 64 system establishes communicating links with the 32-bit a libraries of the application in Step 1. [On recent Puppys, SFS-loading, itself, will trigger that command]. This takes some time. Wait.
4. Install a 32-bit Wine pet (or SFS-load a 32-bit Wine.SFS).
5. Open a terminal and type ‘wine winecfg’. Triggered by that command, communication links are created between the Linux operating system and Wine application layer; and a ‘prefix’/folder is created, to wit: /root/.wine/drive_c/, and other folders --such as .../drive_c/program files/-- which wine will use. Until that happens, Windows programs won’t run nor is there any location into which programs which have to be installed can be installed.
6. Frequently triggered in Step 5, Linux operating system must be configured to recognize that the ‘mime-type’ exe is associated with Wine so that Wine will open a file/program ending with ‘exe’. But that relationship isn’t always established automatically. When it isn’t, the User must manually establish it.
7. Only after the above can the User run a Windows program (portable) or the setup file of an ‘installable’.
Puli’s repo has a 32-bit compatibilty SFS and a Wine.SFS. [But that Wine.SFS is designated ‘64’ and I had doubts that it would be able to run all 32-bit programs. So I opted to use the 32-bit compatibiity SFS and Version2013’s wine 5.22 v.3.1.pet, discussed and linked to in my post on the EasyPup thread.]. Nothing suggests that an exe can be smartloaded. And while both the 32-bit compatibility SFS and some form of Wine can be smartloaded, nothing suggested that the 32-bit compatibility links (Steps 2 & 3) will be created before attempting to smartload Wine; nor that Wine would be configured (Step 5).

[This seems a good place to digress to discuss Wine.AppImages which solves some problems and create others. Recent Wine.AppImages contain both 64-and-32 bit systems and so do not require a previously configured 32-bit system. Puli can smartload a Wine.AppImage [must have some variation of ‘appimage’ in its name]. But doing so does not trigger ‘wine winecfg’ nor associate Wine with the exe mime-type. See this thread, for things you’ll want to do before creating a smartbackup. viewtopic.php?f=142&t=1754. To associate exe under it, after setting up the link per that thread, Right-Click any exe file, Select “Set run action”, check the ‘default for all…’ button, type wine32 in front of "$@”, then click the “Use Command” button.
FWIW, portable-wine can also be use with Puli. However, that would defeat the reason to run Puli as portable-wine can only be run from a mounted partition.].

The ‘orthodox way’ -- Using only Puli’s tools:
1. Download Puli’s 32-bit compatibility SFS and place it in the packages folder. [That folder was missing from some Puli ISOs. If it is, Right-Click an empty space adjacent to Puli’s system files and folder, Select New>Directory, and give it the name packages. Spelling matters].
2. Make certain that “32bit” is on the default smarload file and is not preceded by a dash.
3. Boot into Puli.
4. Download one of Version2013’s Wine pets. Also download his wine_extras-v2.1.pet from https://version2013.yolasite.com/page1.php#wine_menu. [This creates menu entries for ‘Builtin’ Wine programs such as WineFile (+/- Explorer).].
5. Left-Click the Wine pet to install it.
6. Make certain that your internet connection is again working. Open a terminal and type “wine winecfg” without the quotes. Among other things, that command will trigger an attempt to download and install mono and gecko.
7. Left-Click the wine_extras-v2.1.pet to install it. You can use Menu>Setup>Menu Manager to turn off the menu-display of any unwanted program.
8. Optional—Recommended: File-browse into /usr/share/applications; then drag the WineFile.desktop to your desktop. That creates a desktop icon. You can edit-out the “.desktop” by Right-Clicking it and Selecting Edit. Having quick access to WineFiles make life easier. Selecting an ‘exe’ file using it will run that program even if you haven’t otherwise configured Puli to recognize the exe mime-type.
9. Download and install any Windows programs you’ll always want to have available. Recommended Atlantis-lite, and SumatraPDF. (See amethyst’s posts about these posts on the Wine thread). For Windows portable programs (those which don’t/won’t install) select /opt as the location from which they are to be run; bookmark the /opt folder.
10. Create any symbolic-links, book marks, and menu-entries you’ll always want to have available. At the end of this post you’ll find an attached template for creating menu-entries.
11. When you’re finished, click Puli’s desktop “backup” icon or shut-down, selecting ‘backup’. Wait. It takes some time to write the backup (especially a large one) to the USB-Stick.

The Unorthodox Way – noting differences and caveats.

1. Download the 32-bit compatibility SFS as above. But also download nicOS-Utility-Suite, from here, viewtopic.php?p=12983#p12983 and extract it. Place both the 32-bit compatibility sfs and the nicOS-Utility-Suite.sfs in the packages folder.
2. Edit /profiles/common/smartload to include a nicOS line –note, that’s a Capital O, not a 0/zero. Just the word nicOS should suffice. Make sure that these listings are not preceded by a ‘-’. Watch the terminal during bootup to see that nicOS is being smartloaded. After bootup there should be a nicOS listing on Menu>Utilities. If absent, reboot, make changes and try again.
3. Follow the rest of the ‘Orthodox’ recipe except for Step 11. Instead, run Menu>Utilities>NicOS-Utilities Suite. When its GUI appears, Select “4: nicOS-Save2SFS”. Then Select ydrv. If you have a lot of RAM –my guesstimate at least 4 Gbs-- choose the option to create in RAM eliminating the time needed to write to storage media. And perhaps the need to mount a partition. I did it in RAM so am not sure about that.
4. When nicOS-Save2SFS has finished a ydrv_puli7.3.sfs will have been created. Drag/move/relocate that adjacent to the other Puli system files, e.g. zdrv_puli7.3.sfs.
5. Warning: In Steps 1 and 2, Do Not smartload anything you don’t want as a permanent part of your system. Under Puppys, nicOS-Save2sfs excludes ‘additional SFSes --e.g. itself and a 32-bit compatibility sfs-- from what gets written to a ydrv.sfs. But Puli’s smartload feature locates files --even those from an SFS-- in a location where nicOS will write them to the ydrv.sfs.
6. On next bootup, Puli will automatically use ydrv_7.3.sfs. There is no need to smarload anything you preserved in it. It is now as much a part of your operating system as if it had been included in the ISO. [Of course, you can move/delete it]. You should remove the 32-bit compatibility sfs from the /packages folder, and edit the smartload file accordingly.
[I’ve referred above to a ydrv. nicOS-Save2sfs can also create an adrv.sfs. Read the nicOS-Utilities thread for pointers as to their respective uses].
7. Warning: One of the major reasons for choosing Puli rather than a different ‘Puppy’ is Puli’s inclusion of modules to detect attempted hackers and twart their attempts. I don’t think this Unorthodox method will adversely affect that. But, frankly, I don’t know enough about either that module or how nicOS-Save2sfs works to be certain.
My understanding is that gjuhasz based Puli 7.3 (and 7.2) on Bionicpup64. Consequently, it is likely that any application which functions under Bionicpup64 will also function under Puli 7.3. I can confirm that OscarTalks’ vpn-onoff for Bionicpup64 does. You can download it from here: http://smokey01.com/OscarTalks/. Included in your ydrv or smarloaded, you can now enjoy an encrypted network from an operating system which only exists for the moment in your computer’s RAM. The free VPN providers included in vpn-onoff are OK. But, protovpn is more highly regarded, even its free version. Look for the posts about setting it up. And, of course, well-thought-of paid VPNs provide even more security and choices.
Puli can also use tor, LibreWolf, Ungoogled-Chromium, a ‘hardened’ firefox-esr’ or any of the other security-and/or-privacy oriented web-browsers discussed and available on the Forum. Any ‘portable’ published by fredx181 or Mike Walsh can be used by physically locating them in /opt and setting up links and menu entries accordingly. Note again my recommendation to read the posts concerning the use of nicOS-Save2sfs.
Templates

Template4menus.zip

Unzip --UExtract will do it

(151.38 KiB) Downloaded 156 times

@ puppytrue: metratrader and its two companion programs install into wine's false drive_c...'Program Files'. Included are templates for creating menu entries for them. By the way, while metatrader 5 installed when I used EasyOS, it didn't when I used Puli. So download the metatrader 4 setup file.
@ all. The Templates do not include the actual programs. You'll have to download and install those yourselves. As you'll see when you've unzipped them, there are two Top folders: root and usr. Drilling into usr, you'll eventually come to 'desktop' files in /usr/share/applications which you can copy to the actual /usr/share/applications if you've installed the actual applications. Or use them as Templates for creating desktop files for programs you actually have.
The arguments in all desktop files call both executables (Exec=) and icons (Icon=) from /root/my-applications/bin. Placing icons there just makes it easier (fewer scribner errors, just cut & paste) to write desktop files. Consequently, when you drill down into the 'root' folder you'll find both icons and bash-scripts in /root/my-applications/bin.
On my system, sumatrapdf was unpacked to /opt. All other programs had to be installed to wine's 'Program Files' folder. So the Templates provide examples of both situations. After a program is installed you can check to see if the script will open it by clicking the script or running it in a terminal. If there's a problem, make certain that every file and folder name is properly spelled and capitalized; that there are spaces where spaces belong and none where they don't.
Obviously, you'll want to have functional menus before creating a smartsave or ydrv.sfs.

[mikeslr]

Metatrader-Puli.png (456.32 KiB) Viewed 8072 times

[mikeslr]

@ puppytrue, I've only scanned thru your last post and have no intention of attempting to respond to it beyond the following:
Puppys and their variants such as Puli are fan-driven operating systems. Everyone is welcome to use them and any of their components "As-Is". Everyone is entitled to contribute if they want to. Those of us who contribute do so because we enjoy the challenge; enjoy working on puzzles. We are all volunteers. Nothing can compel us to undertake a challenge which doesn't interest us. Certainly not posting the same questions several times. If someone wants to go beyond what has been provided they are expected to first work their way through what has already been provided: to know the system, its tools and available applications so that their next question presents a technical road-block, not just a demonstration of an unwillingness to do the work.

I'd don't know how the Mac or other operating systems attempt to achieve security or privacy. And I'm not inspired to wade through posts about them to find out. Which is the best VPN? That may depend on whose voicing an opinion and how much you're willing to spend. My best guess is that few will be better than the paid version of ProtonVPN which operates out of and provides servers in Switzerland: long known for its protection of private transactions and not subject to either the US's, the EU's, Russia or China's Laws or demands for access as a matter of routine.

If you take up the challenge presented by my recent posts you can boot Puli, unplug the USB-Key it booted from --thus assured of a pristine operating system on next boot-up-- and still run privacy oriented web-browsers such as Ungoogled-Chromium, dissenter-browser, LibreWolf, tor and hardened firefox, and otherwise conduct your current session of web-work via a fully encrypted VPN, and (hopefully ) still having Puli's hacker-tworting systems doing their job.

If you know of any operating system which can achieve more I'd be interested in the details of how they accomplish that. But if you're not sufficiently interested to undertake the work of finding out how they do it and reporting that in detail I'll assume they can't.

[mikeslr]

Metatrader-Puli.png

Thanks.
How to do it step by step ?

Possible with ctrader.exe ?
https://ctrader.com/download/

Step by step for Metatrader, open your web-browser to, viewtopic.php?p=32145#p32145. Read the entire post so that you'll know what and why.
For example, you've now mentioned cTrader. You'll want to see if the Windows 7 ctrader-spotware-setup.exe from here, https://ctrader.com/download/ will install under Wine, and works before creating a smartbackup or a ydrv.sfs. If it doesn't, cTrader also offers a link you can bookmark supposedly in any web-browser.

After you've read the entire post, backup to the paragraph with the Heading "The ‘orthodox way’ -- Using only Puli’s tools". It provides a recipe using, as the Heading says, Using only Puli's tools.
Below that is the recipe for creating a ydrv.sfs instead of smartloading. That starts with the Heading "The Unorthodox Way – noting differences and caveats". Basically, it says to follow the previous recipe's instructions until you reach Step 11 and having, in Steps 1 & 2 placed nicOS-Utility-Suite in the packages folder and edited smartload to list it. Then, having completed Step 10 --rather than running smart-backup-- you run nicOS-Utility-Suite, select Save2SFS and create a ydrv. But read the recipe again for details.

I'm not going to try to get cTrader working. That's something only you are interested in doing. As far as I know, cTrader's exe won't run under Wine: https://www.winehq.org/search?q=cTrader. But the results reported are old. If you want to try, than I would suggest after Step 8 of the 'Orthodox' recipe --before installing metatrader-- see if you can install and run cTrader and whether it is fully functional. If it isn't shut-down without saving anything in any manner and start from scratch. You don't want to permanently preserve files which don't work and may interfere with those which otherwise would. And, as aforesaid, cTrader supposedly can be run from any web-browser. Using Palemoon and a Hardened-firefox, its login page displays.
Recommended browsers to try: ungoogled-chromium, librewolf, a hardened-firefox-esr. You'll find threads about them on the Forum.

[mikeslr]

@ Puppytrue,

This is your project and it is up to you to put in the work to find out whether it is possible to use WireGuard with Puli in their current manifestations. A little research about WireGuard revealed it to offer improved security, and has generally received praise including from LInus Thorvald. But, OOTB it has 'privacy' flaws which nordvpn and some other reputable vpn providers have 'worked around'. https://restoreprivacy.com/vpn/wireguard/

The following are some hints of the possible problems and possible solutions.
allendiggity provided a package and instructions for fossapup64 here, viewtopic.php?p=6974#p6974. I've asked for clarification about kernel-modules on that thread and it is probably wise to wait for aliendiggity's reply.
The problem lies in that both Puli's security profiles and the wireguard package write to /etc. I know little about what happens in /etc.
Like Puppys, it is both possible and easy to swap kernels under Puli. But as I don't know how Puli establishes its Security Profiles, I don't know if swapping kernels will break them. Before posting the question I assumed that fossapup64's zdrv.sfs (renamed zdrv_puli7.3.sfs) was needed. So I swapped aliendiggity's vmlinuz for Puli's, and swapped fossapup64's zdrv.sfs for puli's.
As puli doesn't make use of a SaveFile like Puppys, I had remasterd puli7.3.sfs to include the /lib/modules aliendiggity provided. During boot-up the terminal gave notice that the security profile was broken. But Puli booted to desktop and all other systems appeared operable. I was able to configure wifi. However, both EasyOS and Fossapup64 can already use wireguard, there's really little reason to use it under a broken Puli. I can't be sure that the 'break' might have been a consequence of the remaster.
If I were to explore this problem again, here's how I'd do it:
Earlier in this thread I explained how to create a ydrv_puli7.3.sfs using the Save2SFS module of nicOS's utility Suite. When part of your system that module can also create an adrv or create a new ydrv that will include both its initial contents plus the new ones you have in RAM. Under Puli, once used, it is an application available from your Menu as it has been included in the a/ydrv. So, either boot into puli already using such a/ydrv, or include nicOS-Utility-Suite in /packages with a notation to use in on smartloads.
With aliendiggity's vmlinuz having been swapped in (and such instructions aliendiggity provides about zdrv) having booted into Puli you can follow the rest of the instructions he has already provided. However, one of them requires the installation of resolvconf via Puppy Package Manager. Bionicpup64 PPM didn't have it and probably neither will Pul's PPM. But you can download it from here, http://archive.ubuntu.com/ubuntu/pool/u ... 10_all.deb. Left-Click to install. Then use Menu>Filesystems>Pfind to see if it is where WireGuard expects it to be. If not create a symlink per aliendiggity's instructions
When you're finished create either an adrv or a ydrv using the Save2SFS module.
Will it work? I don't know? Will Puli's Security profiles continue to work? I don't know. But this is your project and I (and perhaps others) concerned about security would be interested to find out (a) exactly what you did; and (b) and whether or not it worked.

When you've posted that information perhaps someone more familiar with the workings of /etc and/or Puli's security profiles may take a sufficient interest to pursue this further.

[gjuhasz]

(Sorry for the long silence.)

Dear Mike,

I really appreciate your efforts in digging into the deep details of Puli. I see that you are the best expert in this area and thanks for all of your posts.
To tell the truth, I cannot advertise such abilities because I have to keep in mind that Puli is (hopefully widely) used in schools and if the students play/operate with the full feature set of Puli (e.g using tor browser or specific protocols, or by challenging hackers, etc) then the headmaster can rule out Puli from the school.

Dear puppytrue,

It seems that you want to use third party .pet .deb .sfs packages in Puli under different security profiles (Rigorous, Crazy).
Please note that the published versions of Puli contain simplified security profiles, which, however, can even be considered as unusual examples of cyber security. They become active only during the use of some supported modules (browsers, etc) that invoke the netchecker or the netkiller scripts, or implement special tricks to hide the environment (in the Lazy profile). Consequently, the rest of the Puli modules, including the Puli-compatible third party packages run under the (still secure) Mild profile by default.
Of course, Puli offers increased defense for them as well: they can run segregated in a secure firejail sandbox, or in a nested x server (xephyr).
I tested then added qTox, a secure peer-to-peer chat module to the supported packages.
I recommend that the advanced Puli users, like you, extend the list of the fortified modules or even create new security features for yourselves. Thanks in advance.

Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear puppytrue,

For Puli 7.3, please use the qTox-v1.17.3.x86_64.AppImage package.

You can download it from my 64-bit repository:

https://sourceforge.net/projects/puppys ... /packages/

If you smartload it during bootup, then you can start it by clicking the Phone desktop icon.
If you decide to load it later, then please put this AppImage to the /opt/AppImages/ folder (a new "..." desktop icon appears).

Which version of Firefox are you using? I suggest you try the latest from the link above.

Have fun!

Regards,

gjuhasz

[fredx181]

@puppytrue Questions, questions... and more questions....,can't you do better ?
Have you thought about why almost nobody is replying ? (and if someone replies, you don't answer, see above)
I think because you never, ever, write about what exactly you tried, to accomplish what you want (let alone how with details).
That way you will never get any help, and be... lonely .
Or maybe you want to be lonely? Stop bothering us then, please! Useless!

P.S. and stop cross posting.

EDIT: Sorry, above is a bit too rough, on second thought.