Vanilla Dpup 11.0.x Development Builds

[dimkr]

I started working on encryption. I'm adding support for encrypted save folders using the fscrypt API and my plan is to reimplement encrypted save files using the same technique (instead of using LUKS). Currently, save folders don't support encryption, fscrypt can be more efficient than LUKS, and fscrypt allows encryption of specific directories rather than the entire file system.

The fscrypt userspace tool is big (several MBs) because it's written in Go (and I love Go, I use it professionally all the time), so I wrote a tiny replacement in 136 lines of C. It's not equivalent, only locks a list of directories using a key derived from a given password or unlocks all directories locked with the same key, but it's adequate and tiny.

My plan is to enhance Bootflash even further. Its yad-based reimplementation in my woof-CE fork already offers the user choice between PUMODE 5, 12 and 13, and uses an improved partition layout with less wasted space, among other improvements and simplifications. I want to move save file/folder choice from first shutdown to Bootflash (if the user selects PUPMODE 12 or 13), and give the user 6 options:
1. Save folder
2. Encrypted save folder
3. Save folder with encrypted home directory (default?)
4. Save file
5. Encrypted save file
6. Save file with encrypted home directory

Encrypting only the home directory (/root and /home/spot) sounds to me like good balance between privacy and performance, especially with PUMODE 13, because decryption happens only something reads an encrypted file or when a file is "copied up" to the RAM layer, and encryption happens only during saving.

[wiak]

The fscrypt userspace tool is big (several MBs)

Which seems pretty small in the nowadays scheme of things. I presume Puppy (and Vanilla) do not use PAM and that would be another reason the GO fscrypt wouldn't be usable since a dependency is libpam.so? Hence the small C simpler but still useful workaround that issue?

Whole partition encryption (or via loopback fs) using dm-crypt/LUKS is overkill and not so efficient I feel.

Will be interesting to try Vanilla using this C variant - an advantage of simplicity (and Puppy in general) really, which is the main advantage of Puppy style IMO.

[dimkr]

I presume Puppy (and Vanilla) do not use PAM

11.0.x has some basic PAM integration. But problem is not PAM but lack of proper user sessions, because there's no systemd+logind here. I wouldn't be able to use pam_fscrypt, but it's a bad idea in first place (security-wise) and it's irrelevant because I need to do the save folder unlocking very early during the boot process, long before the user is logged in and has a session.

and that would be another reason the GO fscrypt wouldn't be usable since a dependency is libpam.so?

Not really, fscrypt itself doesn't depend on PAM. It ships with a PAM module that automatically does the fscrypt lock/unlock on session start/end, but using a user password or anything tied to a user session as an encryption key (or deriving the key from it) is a bad idea anyway.

Which seems pretty small in the nowadays scheme of things.

Hence the small C simpler but still useful workaround that issue?

I don't mind using the "upstream" solution most of the time, but this is a special case. fscrypt is several MBs, it can increase initrd size by a lot. A big initrd that is slow to read from disk and slow to decompress can have significant impact on boot time.

[wiak]

Ah, right enough, it is needed in the initrd

[dimkr]

11.0.131 will add save folder encryption, and the prebuilt images are configured with home directory encryption (not the entire save folder) and passphrase "woofwoof".

This prompt is shown on boot:

It verifies that the passphrase is correct and all encrypted directories are "unlocked" using a key derived from the passphrase.

If you enter the correct passphrase, everything looks normal and you can see the contents of your save folder (as you can see, I changed the labwc theme and the wallpaper, and these settings persist on reboot):

If someone steals your 11.0.x flash drive, they see this (file names and file content in /root and /home/spot are encrypted, unlike the rest of the save folder):

The encryption/no encryption choice is made during installation using Bootflash. First, you choose whether or not you want persistency:

Then, Bootflash shows this prompt:

[d-pupp]

I have discovered 2 more minor issues with 11.0.130
Sometimes the Num lock on at boot works and sometimes it doesn't. If it doesn't you have to press Num lock twice. Off and back On
Lxterminal options columns seems to be ignored. Rows works ok. I have checked the config file and my setting are in there.
The issue seems to be the scaling. If I set it so 1 it works as expected.

[dimkr]

10.0.132 will add support for creation of save files through Bootflash. Save files support encryption, encryption of the home directory or no encryption at all (like save folders) and if possible, they're created as sparse files. Size on the save partition is not 'reserved' for the save file, its size can exceed the size of the partition (it can grow until the partition runs out of space) and it's fast to backup and restore because it's small.

I want to replace the "first shutdown" dialog with a simple tool that creates a save file or folder, so users that don't want to save don't need to close this prompt: instead, users that want to save ask to save during installation or later.

Once I'm done with that, I want to play with waybar to see if I can replace sfwbar with it and reduce the number of Puppy-specific panel "widgets".

[dimkr]

11.0.133 will add pupsave, a tool for creation of save files and folders that replaces the "first shutdown" prompt.

Users that want to use 11.0.x non-persistently no longer have to find some hack to disable the "first shutdown" prompt, and users that want to create another saved session no longer have to boot with pfix=ram to reach this prompt again, then drop pfix=ram.

pupsave is very similar to Bootflash minus the partitioning and installation part. It supports the psubdir= boot code, hides the partition selection dialog if psave= is specified (initrd looks for the save file only on one partition) and it handles file name conflicts (allowing the user to create multiple save files and choose between them on boot).

[darksun]

marvelous

[dimkr]

11.0.134 improves multi-monitor support: when settings are saved, they're matched to connected monitors through the vendor, model and serial number (if possible) rather than connection name (e.g. eDP-1). This should make things more intuitive, because the settings that get applied when monitors A,B,C are connected won't get applied when connected monitors are A, B and D (when D is connected to the same port previously used by C). It makes more sense when you try it

There are other small changes, see https://github.com/vanilla-dpup/woof-CE ... up-11.0.x/

11.0.135 will simplify the shutdown procedure and reduce shutdown times.

[rockedge]

This should make things more intuitive, because the settings that get applied when monitors A,B,C are connected won't get applied when connected monitors are A, B and D (when D is connected to the same port previously used by C). It makes more sense when you try it

Awesome! I run into this once in awhile and overall the more powerful pupsave is looking like a good idea

[dimkr]

Playing with 11.0.x on a variety of laptops, so far so good except two cases: the GMA3150 on an Atom N450 netbook and a Thinkpad X60 with Intel 945GM. I think wlroots requires OpenGL ES and these two "mobile" GPUs are just too old. The Intel HD Graphics 3000 on a Thinkpad X220 from 2011 is "new" enough, so the minimum hardware requirements should be somewhere in-between (maybe >2008 Intel laptops, minus some Atom?).

With all new features, resource usage is still low and it still feels much faster than 10.0.x. Unlocking of an encrypted save folder can take several seconds on the N450 (Argon2 is computationally intensive), but it's a super slow single core CPU. Saving doesn't feel super slow although the saved files need to be encrypted first and that is great. I'm very happy with the results so far.

[Duprate]

Updating to VanillaDpup 11.0.135 and really liking this version. At first (seven days ago), I was a little surprised, without Xorg, without jwm, without rox......
Well, if I have to, I can live without it. It is a system that boots very quickly and also shuts down quickly. It was possible to easily use LibreOffice, Gimp and Clamav Antivirus, which are installed in another partition on the HD. The only change I made to the system (vanilladpup.sfs) was the removal of Firefox-esr.
I use the updated Firefox, full version, installed in the adrv.sfs file and which runs entirely within the "spot" folder. I modified the pwifgets application to work on Vanilla Dpup 11, just as it works on "vanilladpup-x86_64-9.0.47" and "vanilladpup-10.0.54-xwayland". pwidgets is installed in the bdrv.sfs file. My personal settings are installed in the ydrv.sfs file.
For this to work correctly, I had to modify the DISTRO_ESPECS file, contained in initrd.zst, simplifying the naming of all files that are loaded at startup.
So, with each release of a new version, I only need to worry about the main file "vanilladpup.sfs".
In the future, depending on new releases, if necessary I will modify my "ydrv.sfs" file, which is not based on a "savefile". I don't use "savefiles".
It's also working perfectly on an Intel NUC, with very poor hardware, connected to my TV in the living room, where I watch NETFLIX, open TV channels and surf the internet.
My customization installed in:
/etc/rc.d/rc.local
/etc/ *hostname,keymap, localtime, DISTRO_ESPECS
/root/.config/sfwbar
/root/.pwidgets
/root/.icons
/home/spot/AppStarter
/home/spot/.icons
/home/spot/.mozilla
/home/spot/firefox
/usr/local/pwidgets
/usr/local/bin/
/usr/share/backgrounds
/usr/share/pixmaps/neon/icons
/usr/share/themes

I installed VanillaDpup 11.0.135 directly on the HD and "grub.cfg"
it looked like this:

insmod png
background_image/.grass.jpg
set timeout=5
menuentry "Vanilla Dpuppy11 Kernel 6.6.32-901 OVERLAYFS" {
linux /Dpuppy11/vmlinuz pfix=fsck pmedia=atahd punionfs=overlay psubdir=Dpuppy11 ipv6.disable=1 net.ifnames=0
initrd /Dpuppy11/ucode.cpio /Dpuppy11/initrd.zst
}

These are my impressions as a user, I take this opportunity to congratulate "dimkr" for carrying out this work.

[Duprate]

I also could not find an easy way to change the background of spacefm only. So I changed the system wide theme to dark
also easy to do just create a ~/.config/gtk-3.0/settings.ini file with this in it.

[Settings]
gtk-application-prefer-dark-theme=1

Thank you very much, "d-pupp"! Saved my eyes.

[dimkr]

@Duprate Wow, I'm really surprised you've been able to reach this degree of customization quickly, without any of the old JWM-specific tools.

Why did you also replace the kernel? Is there anything missing?

[wiak]

Updating to VanillaDpup 11.0.135 and really liking this version. At first (seven days ago), I was a little surprised, without Xorg, without jwm, without rox......
Well, if I have to, I can live without it. It is a system that boots very quickly and also shuts down quickly. It was possible to easily use LibreOffice, Gimp and Clamav Antivirus, which are installed in another partition on the HD. The only change I made to the system (vanilladpup.sfs) was the removal of Firefox-esr.
I use the updated Firefox, full version, installed in the adrv.sfs file and which runs entirely within the "spot" folder. I modified the pwifgets application to work on Vanilla Dpup 11, just as it works on "vanilladpup-x86_64-9.0.47" and "vanilladpup-10.0.54-xwayland". pwidgets is installed in the bdrv.sfs file.

Sounds like a remastered version many would like to use. Can't you therefore release it as a Community Edition? Maybe a CE edition like this could be adopted/forked as official Puppy release (since we clearly know that almost all official Pup released were only partly built vis woof-CE prior to some remastering)? You clearly have the skills required to maintain that, and why just build for your own use? Many hands make light work and there are not enough hands contributing overall.

[dimkr]

Can't you therefore release it as a Community Edition?

I would strongly advise against this, 11.0.x is still in early development and can easily lead to data loss even if it seems to work well in a quick test. Once a stable release is out (not before Debian 13) - sure, why not.

[d-pupp]

Updating to VanillaDpup 11.0.135 and really liking this version.

Yep I agree. I am still on 11.0.130 but it's the same here very fast boot up and shutdown, used very little resources and getting use to labwc sfwbar and spacefm is really not that hard.
I do miss rox sometimes.
I agree with dimkr on waiting for a bit before a full release. Also think it is a good idea to look at other bars there are some issues with sfwbar.

Over all it very impressive.

[Duprate]

Hello! I actually made these "cosmetic" changes quite quickly!
My secret is: I used Fredx181's Debian Dog for a long time and also vanilladpup-x86_64-9.0.47, since its first version and also vanilladpup-10.0.X-xwayland the "cosmetic" settings are quite similar. To make quick changes, I need: "editSFS" to open the .sfs files; I need to open the system's "initrd" to edit the "DISTRO_SPECS" file; I like to compile the most up-to-date LTS kernel. For all of this I use FatDog64, which for me is a "Swiss army knife".
The essential "editSFS" in this work needs gtkdialog to work, so I can't use it in vanilladpup11. To "manually" delete Firefox-esr from the system base, I also need "Pfind". The new features I had to learn to deal with were "sfwbar" and "spacefm", in /root/.config. Fortunately, the modifications made were all through "Leafpad". To configure the keyboard, location and time, I used the same files I used in vanilladpup-10.0.X-xwayland in /etc/(keymap, localtime). I never adapted to Gimp, so the backgrounds are made in PhotoShop, which I use through Wine and once again I need FatDog64.

The Vanilla Dpup64-AppStarter program, is an adaptation of an application that I first found in pupmartin's "Browserlinux", before joining Puppy 5.1.1 and that I use on every operating system I've ever used.

But vanilladpup11 surprised me with its speed and low memory usage. I also installed it on a mini-PC (connected to the TV) with a weak configuration (celeron, 2Gb of memory, 32Gb "HD" (emmc card), all soldered to the motherboard). It was better than all the others previously installed. Firefox is fast, without any crashes, videos, online TV channels and Netflix with great image and music playback with great sound.
Dima Krasner (dimkr) is at the forefront! I like the fight at the forefront, where the air is cleaner and there are fewer crowds!

[dimkr]

save2flash in 11.0.137 should be much faster - if possible, it copies changed portions of the file instead of writing the entire file all over again. It compares the file with the one in RAM in chunks, taking advantage of the fact that most persistent storage is faster to read from and slower to write to (if file is identical - nothing to copy), and frequently changing files such as browser history are binary files like sqlite databases: they grow over time but mostly change around the beginning (metadata/headers) or end of the file (appended data) but don't change randomly and don't change all the time. In some extreme cases, this optimization can reduce writing to a flash drive from whole MBs to one or two 4K blocks.

Without this optimization, PUPMODE 13 can increase writing to a flash drive, especially if frequently changed files (like browser history or cache) are big and you're saving often. If your browser cache is 30 MB, changes often but only a small portion is changed, every save2flash writes 30 MB to the flash drive (truncates the file, then writes everything again), possibly shortening the flash drive's lifespan. With this new optimization, PUPMODE 13 can actually reduce writing without the anxiety of wondering if you're saving too often.

(Don't forget these are development builds, don't be too surprised if a bug causes data loss)

[dimkr]

10.0.138 will replace sfwbar with waybar and wofi. It's not perfect, there are issues, but they should be easier to fix and IMO waybar is easier to customize.

If you prefer sfwbar, I can revert this change

[Duprate]

Hello dimkr! I liked sfwbar. But you are the developer and you will know what is best for Dpup11. What I found missing is a sound volume slider (as with other puppies). But I understand that it is in an early stage of development and that, over time, good things will happen! Good luck!

[Duprate]

Sounds like a remastered version many would like to use. Can't you therefore release it as a Community Edition? Maybe a CE edition like this could be adopted/forked as official Puppy release (since we clearly know that almost all official Pup released were only partly built vis woof-CE prior to some remastering)? You clearly have the skills required to maintain that, and why just build for your own use? Many hands make light work and there are not enough hands contributing overall.

Hi Wiak! I have great appreciation for you, because of that "magic initrd" that you made available to the community and that I use a lot! As for Dpup11, what I made was not a remastered version. I usually make my modifications by "brute force".
Using pfind, I located firefox-esr and "manually" removed it in each directory where it was found. I haven't modified anything in the Dpup11 base file other than that. Then, I created a file "ydrv.sfs" where I added the keyboard and location settings (the same as Vanilla Dpup 10.0.54 that I have installed) and other aesthetic modifications such as backgrounds, taskbar, modified pwidget, neon icons that I use in other systems, etc... If you remove ydrv.sfs, the system will start the way Dimkr delivered it, but without the browser. My customized browser in my language can be found in the adrv.sfs file. To update the browser, I do it through Dpup 10.0.54 which accepts edit.sfs. I also tested a 32bit compatibility package, Wine 3.3, PhotoShop7 and everything at the moment, it worked well. We will have to wait for the end of the development cycle, even so as not to interfere with Dimkr's work. Then each of us can test the things that are particularly important to ourselves, knowing in advance that this procedure is "not covered by warranty" and see what will still work....

[d-pupp]

10.0.138 will replace sfwbar with waybar and wofi. It's not perfect, there are issues, but they should be easier to fix and IMO waybar is easier to customize.

Thanks dimkr I'll give it a test drive.

[Duprate]

Hello dimkr! Testing version 10.0.139... Regarding the waybar, I liked the sfwbar much more! I'm only saying this because you stated: "If you prefer sfwbar, I can revert this change". Well, you are the "father of the child" and it is your responsibility to raise the child. We can wait for him to reach "adult age".

[dimkr]

11.0.139 breaks some things so I'm re-triggering the build (3rd or 4th time? don't remember)

https://github.com/vanilla-dpup/woof-CE ... ff0999062f made Firefox use Xwayland instead of running natively because it's 115 ESR here so MOZ_ENABLE_WAYLAND=1 is still needed and an autostart file for waybar was missing before https://github.com/vanilla-dpup/woof-CE ... 3c2e82deb7.

I also added https://github.com/vanilla-dpup/woof-CE ... 12412f6a64, a fun little optimization that kills all the su processes spawned by run-as-spot, so now the process tree is clean and tidy:

I'm daily driving 11.0.137 in a flash drive (very old and slow USB 2 flash drive I found in the attic, probably from 2008-2010) for several days and saving (with encryption!) is indeed super fast: I can shut down with saving in <5s. I moved the saving notification to the bottom right corner in https://github.com/vanilla-dpup/woof-CE ... 4e67604fa3 because sometimes it's annoying to have this notification on top of the browser's address bar, even if it disappears quickly. https://github.com/vanilla-dpup/woof-CE ... fc95c97a48 changed the salt used to derive the save encryption key so I need to copy everything aside and re-encrypt before I can move on to 11.0.139

[d-pupp]

@dimkr I downloaded 139 yesterday and did a frugal install.
I can't get firefox to start. it hangs.
labwc and xwayland both show about 30% cup usage for a total of 60%
process viewer ant top show 1 zombie process
I have to kill xwayland to get my system back.

My first impression of waybar is it's looks interesting. The icons being emojis limits the options so some of them are confusing.
The start menu being a launcher and not a menu takes a bit of getting use to. I like the idea of a launcher just maybe done differently.

Some of the conformation pop up are so close in color to the main dialog box they are hard to see in normal mode and in dark mode invisible. Can they be made to not pop up on top of the main dialog box?

[dimkr]

@dimkr I downloaded 139 yesterday and did a frugal install.
I can't get firefox to start. it hangs.
labwc and xwayland both show about 30% cup usage for a total of 60%
process viewer ant top show 1 zombie process
I have to kill xwayland to get my system back.

11.0.140 fixes this.

The icons being emojis limits the options so some of them are confusing.

You can use icon fonts. To make icons more neutral and allow recoloring (by changing the text color), 11.0.141 will switch from color emoji to FontAwesome:

I like the idea of a launcher just maybe done differently.

Do you have a preferred, Wayland-native launcher?

Some of the conformation pop up are so close in color to the main dialog box they are hard to see in normal mode and in dark mode invisible. Can they be made to not pop up on top of the main dialog box?

Which popups? Can you provide a screenshot to demonstrate?

[d-pupp]

https://www.forum.puppylinux.com/downlo ... a46f770b32
Here are the print screens
As you can see they are difficult to see and if you don't expect a conformation box and click anything they pop behind and become invisible. This is especially true in dark mode as the text on the start bar is now white on light grey.

For the launcher I was thinking about adding text so people know it is a launcher and changing the tool tip to let them know the menu is available by right clicking the desktop. Or just thinking out loud a way bar menu and labwc right click launcher
I'm no programmer but would be willing to play with it a bit and see what I can do.

fiy how do I get way bar to re read it's config file?

[dimkr]

As you can see they are difficult to see and if you don't expect a conformation box and click anything they pop behind and become invisible.

AFAIK this happens because of differences between how GNOME positions popup windows, compared to other compositors. I'll need to check more thoroughly.

Regarding dark mode - waybar doesn't follow the GTK+ theme, so this is not a bug. You'll need to change colors in ~/.config/waybar/style.css.

fiy how do I get way bar to re read it's config file?

Code: Select all

killall waybar
waybar