Greetings.
Apologies in advance for this wall of text.
I’m working on a 100% online enviroment (blame covid) and similar to user Neo_78, it seems that no matter how many firejails and layers of security we place, some bad actor allways finds a way to break into our computers. And because we are in work-from-home, it is allways our personal computers and personal data who suffer the consequences.
This made me think, why even have any “rest of the OS” at all? All my work is done via webapps, so I literally only use the browser. Everything else on the OS is “dead weight” at best, and extra attack surface at worse.
I considered Chromium OS, but it has the ability to be installed, create persistance, and mount disks; wich kinda defeats the point of what I’m trying to achieve. Yes, the odds of malware escaping all the sandboxes and remotely mounting a disk to install crap or steal data are slim, but it’s still there. Again, why allow that possibility at all?
That’s when I learned that Puppy linux has a thing called Woof, wich allows you to build your own customized Puppy-like ISO (pupplets?). And from what I gather, it does this by having you manually select and include/exclude packages, wich in turn define what your custom OS can or can’t do.
Is this correct?
This is my first time attempting to assemble any kind of customized Linux system(ish) thing, so please take my ignorance/inexperience.
So I set out to create a even more striped-down bare bones Puppy, one containing only the browser and a notepad.
Unfortunately, even with the straightforward app that is Woof, this proved more than I could figure out how to do.
I can strip-out all the apps that come bundled with Puppy, but I want to also strip-out unecessary system features; like the ability to mount disks, download files, or share files (ex: no samba).
And this is where I keep failing, as I have no idea how to strip-down the system features. I either end up with a non-bootable mess, or some leftover things that I didn’t mean to keep and allow the OS to still perform “unwanted” things (ex: mount my SSD).
I’m essentially trying to build a browser-on-RAM.
No persistance, no apps, no storage space, no ability to mount disks, no downloading, no file sharing. Nothing.
Literaly just the browser. A mere “window into the internet”, so to speak.
I know I could achieve half of this very easily by simply removing the hard drive, but someone had the great idea to make that as hard as possible by designing laptops that require you to dissasseble pretty much every single part and half the motherboard to perform anything physical on the device.
Boy, how I miss the good old Lenovo "suitcase bricks"; now even cleaning the dust is like performing a stunt.
Point is, unpluging the hard drive is not a option.
So what is the bare minimum packages that are mandatory to build a “browser-only Puppy”? Besides Arch wiki, is there a list I can consult?
All I need is:
- a chromium based browser (ideally Google Chrome itself), with 2-3 extensions. If this is truly impossible, Firefox (or other gecko-based) will still do .
- a notepad app (just to copy paste text faster).
- must have the graphic desktop enviroment (my eyes were younger in the DOS days, now I have trouble keeping up with a terminal based interface without getting lost).
- RAM-only, read-only, no persistance; nor the option to create a persistance.
- cannot download/install new software or packages (basicly no /wget).
- cannot mount storage devices (other than the live usb itself).
- a basic firewall (the router already has one, but still...)
- whatever libraries and stuff necessary to make these function.
Is this even possible? Or practical?
I presume this means I will have to manually re-build this ISO to update the browser, everytime a new version is released; but that’s a inconvenience I’m ok to deal with.
Currently, I’ve been attempting this on the latest Fossapup64.
------------------------------------------------------------------------
PS: I do CAN afford to just go buy a Chromebook for this, and later “revive” it as a Linux netbook once it reaches its EOL.
While I do have some genuine necessity for this to work, half of the reason I’m embarking on this project is for fun and sport. The necessity provides me with a strong motivation>goal>reward to actually dedicate time and work into learning new things and practicing more; something wich I hadn’t felt since my young nerd days back in the 90’s.
So even if I end up getting a Chromebook for a quick/easy and corporate-friendly solution to my mission-critical troubles, I want to learn this anyway.
