[sfs_only]: Attack Pup, Pristine and with Updated Core/CLI libs/utilities

[s243a]

This is in a way, "crazy preliminary"

AttackPup2Headed_0.0001.sfs

but I'm kind of amazed to see what worked so far. My question was, "Can you upgrade a derivative of Puppy 4 with much newer libs and would the older GUI components still work with the newer libs?".

To my surprise it seems that you can do this at least in a chroot system (tested in FATDOG64-811) but my testing was rather limited. So far I've tested.
1. Rox filer apears to work
2. The desktop/tray apears to work
3. Seamonkey appears to work at least to navigate to google.

I haven't upgraded any of the gui programs (e.g. seamonkey) and I haven't upgraded any of the hacking tools (I know little about them). What I did was upgrade the CLI components and core libs by replacing the older versions of these with Kali-Rolling. I also added some additional CLI components from Kali-Rolling such as midnight commander.

The actual components added are roughly specified here:

and the upgraded portion of the system was generated with my version of woof-next. I don't recommend others try generating it though because I have some issues to work out related to how I use chroot in woof next.

To run this mutant version of AttackPup in a chroot, first extract via uextract, and then place the following script in the folder where you extracted this file:

Make sure that line #2 of this folder matches the name of the extracted folder. Later, I will package this so it doesn't have to be extracted (AUFS mount instead). Note the folder kali is a subfolder of the extracted sfs. This subfolder contains the updated system, and the parent folder contains the original AttackPup. The files are hardlinked to save space.

In the updated system, apt/dpkg is included but not tested so I don't know yet if it works but will likely test this soon. Also I haven't updated any of the repo links in the package manager.

My intent here was to create interesting chroot systems to test sandboxing scripts and not to build a stand-alone puppy. That said if there is enough interest in it, I can see if a stand along version is possible. I'm not sure though how much interest there will be in this mutant system because it might appear to be a strange mix of old and new packages and truthfully that was the intent. The intent was to test what is possible rather than to produce what would likely be wanted.

[s243a]

Some futher note:

1. I had to get the original AttackPup from the internet archive. The person who uploaded it to the internet archive has the same username on the internet archive as did the auther of attack pup on the old puppy forum.

2. Attack pup is based on Lighthouse the lighthouse website no longer exists.

3. Some motivation for upgrading a version four puppy can be found in the following thread, "Updating Puppy 4, for learning and nostalgia".

4. Some further info on how this upgraded system was produced can be found in the thread, "Puppy4: How to Remove Built-In Packages from an Extracted SFS".

[s243a]

Just some more limited testing.

Part 1 - Fixing Urxvt after the fact

Urxvt was working but lxterminal wasn't. For lxterminal to work, I needed to install libncurses5 and libtinfo5.

The actuall packages I installed were:

Code: Select all

libtinfo5_6.2+20201114-2_i386.deb
libncurses5_6.2+20201114-2_i386.deb
libtinfo6_6.2+20201114-2_i386.deb
libncurses6_6.2+20201114-2_i386.deb

available here:
https://http.kali.org/kali/pool/main/n/ncurses/

I'll add these packages to my woof-next build later. I installed these packages by downloading the debs and copying them into the "kali" subfolder of the extracted sfs. Then in my chrooted system I ran the following commands:

Code: Select all

dpkg -i libtinfo5*
dpkg -i libncurses5*
dpkg -i libtinfo6*
dpkg -i libncurses6*

later I will test apt. After installing these packages I tested the copy and paste functionality between geany and lxtermianl. It worked. I'm using an old versions of geany and lxterminal but newer packages for ncurses.

A related package I could consider installing is ncurses-bin.

Edit:
Part 2 - Fixing Apt-Cache Search after the fact

I couldn't resist testing "apt-cache search". It told me the following libs were missing:
libapt-pkg6, libudev1, libxxhash0, libzstd1.

Note that for most of my woof-next script I had dependency tracking turned off. I did this so I could think about each package that was being added. I tried to create a dummy package for libudev because, I I wanted to include it in a different grouping (maybe the boot system..although maybe it is more device related), rather than the cli system.

Anyway, the above missing libs are available at the following locations:
libapt-dpkg: /main/a/apt/libapt-pkg6.0_2.1.20_i386.deb
libxxhash0: main/x/xxhash/libxxhash0_0.8.0-2_i386.deb
libzstd1: /main/libz/libzstd/libzstd1_1.4.8+dfsg-2_i386.deb
libudev1: /main/s/systemd/libudev1_247.3-1_i386.deb

I'm going to try to foce the install without installing libudev1.
libudev1 seems to be needed, so I'll include it. It's not really a systemd component so no need to panic!

Edit #2

After further trials, I found I was missing the following packages to get apt to work properly:

libseccomp2: /libs/libseccomp/libseccomp2_2.5.1-1_i386.deb
libgnutls30: /g/gnutls28/libgnutls30_3.7.0-5_i386.deb
libp11-kit0: /main/p/p11-kit/libp11-kit0_0.23.22-1_i386.deb
libunistring2: /pool/main/libu/libunistring/libunistring2_0.9.10-4_i386.deb
libtasn1-6: /main/libt/libtasn1-6/libtasn1-6_4.16.0-2_i386.deb
libnettle8: /main/n/nettle/libnettle8_3.6-2_i386.deb
libhogweed6: /main/n/libtasn1-6/libhogweed6_3.6-2_i386.deb
ca-certificates: /main/c/ca-certificates/ca-certificates_20210119_all.deb

Also /usr/lib/gpg-error.so.0 needs to be removed. This is an old version of the lib from the original. In future builds I will remove it. For now I'm doing manual tweaks noted above.

Edit #3

I added (or re-install) a few more packages to get apt/dpkg working (some of which which were previousoly exising but reinstalled, include: apt, ca-certificates, kali-archive-keyring):

libapt-pkg6.0: libapt-pkg6.0_2.1.20_i386.deb
libxxhash0: libxxhash0_0.8.0-2_i386.deb
libzstd1: libzstd1_1.4.8+dfsg-2_i386.deb
libudev1: libudev1_247.3-1_i386.deb
libseccomp2: libseccomp2_2.5.1-1_i386.deb
libgnutls30: libgnutls30_3.7.0-5_i386.deb
libp11-kit0: libp11-kit0_0.23.22-1_i386.deb
libunistring2: libunistring2_0.9.10-4_i386.deb
libtasn1-6: libtasn1-6_4.16.0-2_i386.deb
libnettle8: libnettle8_3.6-2_i386.deb
libhogweed6: libhogweed6_3.6-2_i386.deb
ca-certificates: ca-certificates_20210119_all.deb
kali-archive-keyring: kali-archive-keyring_2020.2_all.deb
dirmngr: dirmngr_2.2.20-1_i386.deb
libksba8: libksba8_1.5.0-3_i386.deb
libldap-2.4-2: libldap-2.4-2_2.4.57+dfsg-1_i386.deb
libnpth0: libnpth0_1.6-3_i386.deb
locales: locales_2.31-9_all.deb
libc-l10n: libc-l10n_2.31-9_all.deb
libsasl2-2: libsasl2-2_2.1.27+dfsg-2.1_i386.deb
libsasl2-modules-db: libsasl2-modules-db_2.1.27+dfsg-2.1_i386.deb
gpg-agent: gpg-agent_2.2.20-1_i386.deb
apt: apt_2.1.20_i386.deb
gnupg2: gnupg2_2.2.20-1_all.deb

Some pancakes were also previously installed but needed to reconfigured such as: libgnutls30.

Edit #4 - Further Notes

apt has a a dependincy one of the following alernatives; gpgv, gpgv2, gpgv1. Rather than installing one of these I installed the full version (i.e. gnupg2), which has it's own additional dependencies. If you install the full version instead of one of listed dependencies then you have to use the "--force-depends" option when installing apt.

the gpg key in the kali linux repos (i.e. kali-archive-keyring) is likely outdated, at the very least

I missed removing some old stuff such as: libgpg-error, libssl, mktemp. The reason that we have to remove the old version of mktemp is because it can't take standard input as an input argume (i.e. -) and apt-key requires this functionality of mktemp. The libssl issues are due to the say dirmngr looks for libssl. It looks for the .so.0 version which isn't necesiarily the newest version and it will stop looking even if it finds a broken symlink. dirmngr apears to be required if you want to download a gpg key from a keyserver. One might want to do this if they are say downloading the repo key for kalilinux.

I needed to symlink awk to gawk or install an alternative version of awk.

dpkg-reconfigure doesn't work without the terminalinfo stuff. I had removed old terminal info stuff but needed to copy this stuff back because I don't see where it was moved to in newer linux releases. The issue is that dpkg-reconfigure can't open xterm properly without it even though xterm can be opened without this stuff.

locals need to be be properly set up prior to configuring libgnutls30. This can be done with the debian commands:

Code: Select all

localedef -i en_US -f UTF-8 en_US.UTF-8
dpkg-reconfigure locales

https://www.thomas-krenn.com/en/wiki/Pe ... _in_Debian

Alternatively, this can be done via puppies tools. To install devians version of locals via dpkg, not of the file lists of other packages must overlap what is in the debian package (e.g. locale-gen). One can resolve this by editing the file lists contained in /var/lib/dpkg/info.

Prior to downloading a key from a gpg keyserver run the following command:

Code: Select all

dirmngr --daemon

Here are two examples of downloading the keys for the kali repos:

Code: Select all

gpg --keyserver ipv4.pool.sks-keyservers.net --recv-key ED444FF07D8D0B
gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6

Note that the first key here is expired and I think the second key is deprecated. After downloading via the above command you can add the second key to apt as follows:

Code: Select all

gpg -a --export 7D8D0BF6 | apt-key add -

However, doing this doesn't let "apt-get update work". Neither does the following:

Code: Select all

apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6

https://www.logcg.com/en/archives/851.html

Here is the error message:

Code: Select all

sh-4.1# apt-get update                                                   
Get:1 https://archive.kali.org/kali kali-rolling InRelease [30.5 kB]
Err:1 https://archive.kali.org/kali kali-rolling InRelease
  Couldn't create temporary file /tmp/apt.conf.jCMcRQ for passing config to apt-key
Reading package lists... Done
W: GPG error: https://archive.kali.org/kali kali-rolling InRelease: Couldn't create temporary file /tmp/apt.conf.jCMcRQ for passing config to apt-key
E: The repository 'https://archive.kali.org/kali kali-rolling InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

[s243a]

Some more progress. I added the gpg to apt key as follows:

wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add
**Not sure if this was necessary

It turns out that I do need, gpgv_2.2.20-1_i386.deb for gpg features of apt to work. This is avilable at:
https://http.kali.org/kali/pool/main/g/gnupg2/

Having gnupgp2 installed will not work as a replacement for this...at least not without some hack that I don't know about. Now "apt update" works, and after doing that I can do commands like "apt cache search bash | grep bash" I'll post an updated sfs file shortly. I do like having the gnupg2 stuff included but it isn't strictly necessary.

P.S. I created a new spec for my CLI system. The sfs file has old gui compoents from attack-pup with upgraded cli/core libs. Here is my new CLI spec (, which could be much shorter if I used dependency tracking):

[s243a]

Here is an updated sfs, see orginal post for instructions on how to use it:

AttackPup2Headed_0.0002.sfs

It was tested prior to creating the sfs and not after. As noted above "apt update" and "apt-cache search" now works. Much to do and test. This is very very very preliminary!

Edit:
Here is a CPIO archive bundled with some scripts to run the above sfs file in either a chroot or a container:
AttackPup2Headed_0.0002.cpio.gz

Extract via "uextract" and then run the script "run_psandbox2.sh" that is located in the container. I will post again after I've done more testing.

[s243a]

Here is a CPIO archive bundled with some scripts to run the sfs file in either a chroot or a container:
AttackPup2Headed_0.0002.cpio.gz

Extract via "uextract" and then run the script "run_psandbox2.sh" that is located in the container.

Here is an example:

Code: Select all

./run_psandbox2.sh
Select a new chroot:
     1. "/kali": Puppy4.AttackPup with Kali-rolling upgraded for non-gui components
     2. "/": Prestine Puppy4/AttackPup
1
Select display:
1. Use host display (Typicaly :0)
2. Use default Xephyr Display (Typically :2)
3. Specify the display :# where '#' is an positive inter
1
select chroot command:
1. /init_basic  (Requires Xephyr)
2. /usr/local/bin/defaultbrowser
3. /usr/local/bin/rox  
4. /bin/sh (Won't work with Xephyr)
5. /bin/bash  (Won't work with Xephyr)
6. Specify
Notes: Option #4 & #5 won't work with Xephry. Options #1, #2 and #3 in some cases won't work over ssh without Xephry
3
+ bash -x /initrd/mnt/dev_save/kali/AttackPup2Headed_0.0002.cpio.gz.extracted/browser_scripts/simplechroot --source-subdir=/kali --chroot-command=/usr/local/bin/rox

Here is the output:

rox_attackpup.png (150.04 KiB) Viewed 3005 times

For best results use as the Fatdog64-811 as the host OS. On dpupbuser 32bit there seem to be some limitations. Which are
1. Need to install coreutils via "HIDE_BUILTINS=false pkg --get coreutils -f" for chroot to work properly for the /init_basic command.
2. Empty is not installed. Available at: https://packages.debian.org/stretch/empty-expect
3. pflask is not installed. Download source, and then install as follows:

Code: Select all

$ mkdir build && cd build
$ cmake ..
$ make
$ [sudo] make install

4. There doesn't seem to be much point in installing pflask with the kernal that comes with dpup buster32. Maybe need a newer kernal. I get the following error:

Code: Select all

[root@Dpupbuster ~] $ DISPLAY=:2 pflask --chroot=/initrd/mnt/dev_save/kali/AttackPup2Headed_0.0002.cpio.gz.extracted/browser_scripts/container/top -- /init_basic
[✘] write(gid_map): Operation not permitted
[✘] Child failed with code '1'
[1]+  Done                    rox

** I removed a bunch of options to try to simplify the command for testing. Run the script for the full set of options.

Anyway, in conclusion these chroot scripts will fully work for the above linked archive in Fatdog-811 but on dpupbuster32 for some chroot commands coreutils seems to be required and for the container to work a newer kernal is likely required as well as installing any missing dependency. I'm not sure why I was able to execute the /usr/local/bin/rox command but not my /init_basic command without installing coreutils.

[s243a]

For best results use as the Fatdog64-811 as the host OS. On dpupbuser 32bit there seem to be some limitations. Which are
1. Need to install coreutils via "HIDE_BUILTINS=false pkg --get coreutils -f" for chroot to work properly for the /init_basic command.
2. Empty is not installed. Available at: https://packages.debian.org/stretch/empty-expect
3. pflask is not installed. Download source, and then install as follows:

Code: Select all

$ mkdir build && cd build
$ cmake ..
$ make
$ [sudo] make install

4. There doesn't seem to be much point in installing pflask with the kernal that comes with dpup buster32. Maybe need a newer kernal. I get the following error:

Code: Select all

[root@Dpupbuster ~] $ DISPLAY=:2 pflask --chroot=/initrd/mnt/dev_save/kali/AttackPup2Headed_0.0002.cpio.gz.extracted/browser_scripts/container/top -- /init_basic
[✘] write(gid_map): Operation not permitted
[✘] Child failed with code '1'
[1]+  Done                    rox

** I removed a bunch of options to try to simplify the command for testing. Run the script for the full set of options.

Anyway, in conclusion these chroot scripts will fully work for the above linked archive in Fatdog-811 but on dpupbuster32 for some chroot commands coreutils seems to be required and for the container to work a newer kernal is likely required as well as installing any missing dependency. I'm not sure why I was able to execute the /usr/local/bin/rox command but not my /init_basic command without installing coreutils.

The following might help me address the above error:

1. The writing process must have the CAP_SETUID (CAP_SETGID)
capability in the user namespace of the process pid.

2. The writing process must either be in the user namespace of
the process pid or be in the parent user namespace of the
process pid.

3. The mapped user IDs (group IDs) must in turn have a mapping in
the parent user namespace.

https://man7.org/linux/man-pages/man7/u ... ces.7.html

Edit: The following package seems to adress the above gid error:
https://packages.debian.org/buster/uidmap

[s243a]

Running this hybird puppy in a container currently requires pflask, although perhaps one could do much of what pflask does by using unshare alone. For instance with unshare alone you can get a separate process namespace and this is helpful to make sure you don't accidentally kill the window manager in the host system.

Later I will modify these scripts to have an option where unshare can be used without pflask. That said, I have successfully compiled pflask, with the ability to modify capabilities see posts:

I successfully compiled pflask for GroovyPup32, with capabilities and with this I was able to run an updated version of attackpup (puppy4 based) in a container. Here is the my compiled version of pflask:

pflask (download)

For notes on compiling see:
viewtopic.php?p=19071#p19071

*Note that I'm using python3.9 which is consistent with the only PYthon3 libraries in GroovyPup32.

viewtopic.php?p=19074#p19074

I did this by using the pflask code in fatdog64 (see post) but @BarryK has also provided the pflask code used for easyOS which should also work (see post).

So to run this in a container, the host option now are EasyOS, Fatdog64 or GroovyPup32, provided one doesn't want to try compiling pflask. Otherwise one has much more options. Note that for GroovyPup32 empty is sort of required but I will modify my scripts so it is optional. I also compiled empty for GroovyPup32.

empty (download)

To compile empty I did the following:

"Try moving '-lutil' after 'empty.c' on the gcc command line"
https://ubuntuforums.org/showthread.php?t=2131632

viewtopic.php?p=18679#p18679

For GroovyPup32 some dependencies may be missing for either pflask or empty. If these aren't working one can look at my above mentioned posts about compiling pflask and compiling empty for information about dependencies. One dependency is xserver-xephyr and currently for my script to work on GrovyPup32 one must symlink Xephyr2 to Xephyr.

As a final note, the ruf-puppy4-flask.sh script must be modified to remove the /dev/mixer mount point in order for it to work on GroovyPup32. Fatdog64 has this device but GroovyPup32 does not. The mount command generated by my modified ruf-puppy4-flask.sh script is as follows:

Code: Select all

pflask --keepenv --no-ipcns --no-netns --mount=bind:/dev/snd:/dev/snd --caps=all,-sys_admin,-sys_boot,-sys_chroot,-sys_ptrace,-sys_time,-sys_tty_config,-chown,-kill,-dac_override,-dac_read_search,-fowner,-setfcap,-setpcap,-net_admin,-mknod,-sys_module,-sys_nice,-sys_resource --chroot=/initrd/mnt/dev_save/kalipup/versions/0.0002/AttackPup2Headed_0.0002.cpio.gz.extracted/browser_scripts/container/top -- /init_basic