Error when trying to remove cups

[Governor]

The screenshot is from the synaptic package manager.
I tried again using Remove builtin packages from the menu, and received no error message, but something got messed up because the screenshot program no longer worked. Re-booted w/o save.

How can I fix the packages?
Thanks.

PUPMODE=13
• PDEV1='nvme0n1p2'
• DEV1FS='ext3'
• PUPSFS='nvme0n1p2,ext3,/Bookworm64_10.0.6/puppy_dpupbw64_10.0.6.sfs'
• PUPSAVE='nvme0n1p2,ext3,/Bookworm64_10.0.6/dpupbw64save-2024-06-25-basic-03'
• PMEDIA='usbflash'

[geo_c]

The screenshot is from the synaptic package manager.
I tried again using Remove builtin packages from the menu, and received no error message, but something got messed up because the screenshot program no longer worked. Re-booted w/o save.

How can I fix the packages?
Thanks.

PUPMODE=13
• PDEV1='nvme0n1p2'
• DEV1FS='ext3'
• PUPSFS='nvme0n1p2,ext3,/Bookworm64_10.0.6/puppy_dpupbw64_10.0.6.sfs'
• PUPSAVE='nvme0n1p2,ext3,/Bookworm64_10.0.6/dpupbw64save-2024-06-25-basic-03'
• PMEDIA='usbflash'

I don't have the knowledge or the inclination to try and "fix" a broken package management chain, and it happens sometimes when trying to remove builtin frameworks, or install packages more current than the release actually supports.

Even though Bookworm uses an updateable package manager, from my observations it won't allow updating of everything, because it's based on a release that requires certain versions of key packages, and updating or removing those will break things.

So whenever I decide I'm going to try some major surgery or installation of something dicey, I always make a backup of the pupsave so I can break the current one and roll back if necessary. This goes for all pups and KL's. However, rolling release management like you find in a KLV using a rolling Xbps management system is less prone to major breakage, which is one of the reasons I prefer it for keeping current on all installed software packages. It's also very good about uninstallations.

I still use my Bookworms and F96s, but I don't push them too far, and if I want to try something, I back that pupsave up First so I can experiment.

[bigpup]

The files and programs that are provided in the different puppy version sfs files are not able to be removed.
The sfs's is read only.

All you can do is whitelist them so the active file system no longer can see them.

That is what the Remove Builtin Packages program does.
After a save update and reboot, the whitelist stuff is no longer seen by the operating file system.
But the stuff is still in the sfs.

You have to be real careful you fully understand what you are trying to do when using the Remove Builtin Packages program.
It lists a lot of stuff as each individual file that makes up parts of a overall specific program.

The Synaptic package manager is only going to work for packages it installed.
It is not designed for stuff installed in the different puppy version sfs files.
So do not try to use it to do anything with the stuff that is provided already in the Puppy version.

This is how to recover stuff that is whitelisted:
https://forum.puppylinux.com/viewtopic.php?t=1636

[Governor]

The files and programs that are provided in the different puppy version sfs files are not able to be removed.
The sfs's is read only.

All you can do is whitelist them so the active file system no longer can see them.

That is what the Remove Builtin Packages program does.
After a save update and reboot, the whitelist stuff is no longer seen by the operating file system.
But the stuff is still in the sfs.

You have to be real careful you fully understand what you are trying to do when using the Remove Builtin Packages program.
It lists a lot of stuff as each individual file that makes up parts of a overall specific program.

The Synaptic package manager is only going to work for packages it installed.
It is not designed for stuff installed in the different puppy version sfs files.
So do not try to use it to do anything with the stuff that is provided already in the Puppy version.

Do you mean it is I that must keep track of which apps and programs are handled by the Legacy package manage and which are handled by the Synaptics package manager?

This is how to recover stuff that is whitelisted:
https://forum.puppylinux.com/viewtopic.php?t=1636

These 'Puppy' operating systems are far too complex and too fragile for normal computer users. I did my computer-geek thing 30 years ago with MS-DOS when I spent 2-3 hours a day on it, and I don't want to do it all over again! The thrill is gone; I am at the stage now where either a program works, or it doesn't, and that's it. No experimenting, no fiddling, no investigating, no first do this, then try that, no spending hours studying technical manuals. I spent nearly 1½ years of my precious free time on Linux trying to get things to work properly. I don't want to do any more of that! I just want an OS, as bulletproof as possible, and programs that work correctly and as intended straight out of the box. Recently, I wanted to do some video file converting. I tried handbrake, ffmeg, vlc, ffconvert, and they all failed. MystiQ worked, so I use it. I don't need to spend time investigating why the others failed. Still using Bookworm.

[bigpup]

Welcome to Linux software

The software provided in a Puppy version is there to use for what it is able to do.

It is there because it will work.

Linux software has one big problem.

Too many different versions of a Linux operating systems.

software has to be compiled to work in each one and that does not allow it to work in all.

Snap packages and appimage packaging is suppose to solve this, key word is suppose to solve it.

If compiled and packaged correctly they will work in any Linux OS.

So, far I have not seen it work 100% that way.

Do you mean it is I that must keep track of which apps and programs are handled by the Legacy package manage and which are handled by the Synaptics package manager?

Yes.

In BookwormPup64.
There are two different package managers designed for different types of software packaging.
They are both for stuff you add to Puppy Linux. Not for stuff already in the Puppy version.

Apt and synaptic (GUI for apt) package manager is deb packaging. Installing and uninstalling.

Suggest you read the menu ->Help ->HOWTO use the APT Package Manager and HOWTO use the Synapse Application Launcher

To still use pet packages and have a way to uninstall them. That is a Puppy Linux way to package a program for installing.
Apt package manager has no idea how to handle pet packages.
But Legacy package manage was specifically designed for pet packages. It has ability to uninstall them. Apt does not know how to uninstall pet packages.

Installing a pet package is simply click on the downloaded pet package file.

To uninstall a pet package. Use the Legacy package manager ->uninstall.

Legacy package manage has very little in the repositories it can install stuff from.
It's main purpose is to provide a way to uninstall a pet package.

bookwormPup64 is trying to use apt and synaptic package manager as the main way to install additional software.

[mikewalsh]

These 'Puppy' operating systems are far too complex and too fragile for normal computer users. I did my computer-geek thing 30 years ago with MS-DOS when I spent 2-3 hours a day on it, and I don't want to do it all over again! The thrill is gone; I am at the stage now where either a program works, or it doesn't, and that's it. No experimenting, no fiddling, no investigating, no first do this, then try that, no spending hours studying technical manuals. I spent nearly 1½ years of my precious free time on Linux trying to get things to work properly. I don't want to do any more of that! I just want an OS, as bulletproof as possible, and programs that work correctly and as intended straight out of the box. Recently, I wanted to do some video file converting. I tried handbrake, ffmeg, vlc, ffconvert, and they all failed. MystiQ worked, so I use it. I don't need to spend time investigating why the others failed. Still using Bookworm.

In that case, you want one of these "immutable"distros.....something like Fedora 'Silverblue'. You download it; you install it. When upgrades are available, it's not individual packages that are updated.......it's literally the entire OS that is updated in one go. Everything is 'read-only', everything is checked, double-checked & treble-checked by the developers before that ISO is released. Any package you add yourself is automatically upgraded along with the OS, all at the same time.

Everything is just GUARANTEED to always 'work'; no muss, no fuss.

Puppy doesn't seem as if it's suitable for someone like you. It's a 'hobbyist' distro, made for those who LIKE tinkering. Shall I drop 'em a line at the Fedora forums, let 'em know you're on your way?

Mike.

[dimkr]

apt remove cups should work just fine.

If you want to remove CUPS because of the recently disclosed vulnerability, there are better alternatives:
1. Prevent CUPS from starting - if it's not running, the vulnerability cannot be exploited
2. Turn on the firewall and configure it to block 631/UDP and mDNS - if the traffic that triggers the vulnerability is blocked, the vulnerability cannot be expoited
3. Wait for the next BookwormPup64, ensure that the fix for this vulnerability is in, and update to it
4. apt upgrade cups (you might need some apt-mark unhold first)

[Governor]

apt remove cups should work just fine.

If you want to remove CUPS because of the recently disclosed vulnerability, there are better alternatives:
1. Prevent CUPS from starting - if it's not running, the vulnerability cannot be exploited
2. Turn on the firewall and configure it to block 631/UDP and mDNS - if the traffic that triggers the vulnerability is blocked, the vulnerability cannot be expoited
3. Wait for the next BookwormPup64, ensure that the fix for this vulnerability is in, and update to it
4. apt upgrade cups (you might need some apt-mark unhold first)

I followed your instructions. I got a lot of error messages, but after a few repetitions, the error messages dwindled down and stopped. So I believe it worked finally since it says "not installed".

Code: Select all

# apt autoremove cups
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package 'cups' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 34 not upgraded.
# 

My firewall is always on, but I was unable to figure out how to configure it to block 631/UDP and mDNS. I do not have a printer at present, but plan to get one, so I will address that problem when I get to it,
Thanks.

[Governor]

In that case, you want one of these "immutable"distros.....something like Fedora 'Silverblue'. You download it; you install it. When upgrades are available, it's not individual packages that are updated.......it's literally the entire OS that is updated in one go. Everything is 'read-only', everything is checked, double-checked & treble-checked by the developers before that ISO is released. Any package you add yourself is automatically upgraded along with the OS, all at the same time.

8<---------

Everything is just GUARANTEED to always 'work'; no muss, no fuss.

Puppy doesn't seem as if it's suitable for someone like you. It's a 'hobbyist' distro, made for those who LIKE tinkering. Shall I drop 'em a line at the Fedora forums, let 'em know you're on your way?

Mike.

I don't want systemd, and that is one of the reasons I am here in the first place.
https://www.howtogeek.com/i-tried-switc ... nt-for-me/

Another reason I came here is I tried several other distros before Puppy, and to Puppy's credit, it was the only distro that worked.

[stevie pup]

I am at the stage now where either a program works, or it doesn't, and that's it. No experimenting, no fiddling, no investigating, no first do this, then try that, no spending hours studying technical manuals.

I can fully understand that line of thinking, because I have a similar viewpoint. I have 3 Puppies that work perfectly and do whatever I need, and did so more or less straight out of the box. I use these on a regular basis. There have been other Puppies that I've tried out over the last 4 or 5 years that have been nothing like, and I've had one or two that wouldn't even boot in the first place.

Guess how much time I spent on the troublesome ones? About as long as it took to click on "delete". It's not that I don't have the time because I've got all day if necessary. I just don't have the inclination these days. I take a similar approach to mainline Linux distros, they either work fine or they don't. Those that don't are very quickly forgotten about.

[rcrsn51]

@Governor If you are worried about CUPS because of the so-called "doomsday" bug, you don't. It would only be an issue if you enabled a particular optional CUPS feature (which you probably won't) and there was some malicious user on your LAN who knew how to build the exploit.

This really only affects large enterprise networks with many printers controlled by central print server machines.

[dimkr]

who knew how to build the exploit.

This really only affects large enterprise networks with many printers controlled by central print server machines.

I disagree with this, for two reasons:
1. Ready-made exploits for public remote vulnerabilities are usually easy to find online (so you don't need to write them)
2. An attacker connected to the same airport or train WiFi network as your computer can trigger the vulnerability without you having to connect to an 'enterprise network', if your CUPS performs printer discovery, if you don't have a firewall, etc'. If you use Puppy and care about security, you need some basic security hardening because today it's CUPS and tomorrow it's something else with a remote vulnerability.

[rcrsn51]

2. An attacker connected to the same airport or train WiFi network as your computer can trigger the vulnerability without you having to connect to an 'enterprise network', if your CUPS performs printer discovery, if you don't have a firewall, etc'.

With all due respect, this is FUD.

For this exploit to work, the Puppy user must explicitly enable legacy CUPS printer sharing. Anyone who has followed CUPS development understands how awkward this has become. Non-expert Puppy users now access remote shared printers directly.

In a public environment, the Puppy user, assuming that they had enabled auto-remote-printer-detection, would need to select the phantom malicious printer created by the exploit and send a print job to it.

This is a problem on an enterprise LAN because the phantom printer might spoof a known printer to which a user might automatically send a print job, which would trigger the attack.

[Governor]

2. An attacker connected to the same airport or train WiFi network as your computer can trigger the vulnerability without you having to connect to an 'enterprise network', if your CUPS performs printer discovery, if you don't have a firewall, etc'.

With all due respect, this is FUD.

For this exploit to work, the Puppy user must explicitly enable legacy CUPS printer sharing. Anyone who has followed CUPS development understands how awkward this has become. Non-expert Puppy users now access remote shared printers directly.

In a public environment, the Puppy user, assuming that they had enabled auto-remote-printer-detection, would need to select the phantom malicious printer created by the exploit and send a print job to it.

This is a problem on an enterprise LAN because the phantom printer might spoof a known printer to which a user might automatically send a print job, which would trigger the attack.

I am a little nervous about security because:
When I began with Puppy I asked about the safety and was told that Puppy is "considered safe" even though the user has root privileges by default. I never felt comfortable with this view, especially since other distros always recommend not to run as root.

However, I recently found our that not everyone agrees with the "safe" assessment:
viewtopic.php?p=129893#p129893

You guys are the experts, and I count on getting solid advice here in the forum, so what's the deal?
Thanks.

[d-pupp]

I'm sorry but nothing is 100% safe. It all depends on how you use it. Running as root is safe enough if your Internet facing application are running as spot and if you are careful what you do and what you download. If you download everything from everywhere and install it you are putting yourself at danger of malicious code.
Anything and everything can and will be dangerous if you are not careful with it.
If you are very concerned about security you really should be using one of the main stream distro's
Running as root is really just a convenience so you don't have to type admin passwords all the time.
My 2 cents.

[rcrsn51]

You guys are the experts, and I count on getting solid advice here in the forum, so what's the deal?

Here is my only point on the Puppy security issue. If you are concerned about security, removing CUPS is the least of your worries.

But if you switch to a mainline Linux, you should check on whether they have enabled legacy CUPS printer sharing OOTB, since they target the enterprise market.

[dimkr]

Different people define software security differently and some deny the existence of security issues as if they were some kind of conspiracy.

Your biggest risk is probably running software that doesn't come from reputable sources. For example, apt verifies the authenticity of packages you install, but the same cannot be said about packages you download from this forum. Some of these were built by Puppy users on the same computer they use daily, so who knows - maybe this computer is infected with malware that infects the packages they build and share.

[rcrsn51]

I guess this depends on how you define "reputable". Why should I trust the packages that come through apt? Who vetted the code from their original developers? Why should I trust the volunteers who packaged that code for Debian? How do I know that their computers are secure?

Why should I trust the stuff that comes out of woof? It seems to me that much of that code never got tested by anyone! Why should I trust all the woof recipes and hand-made kernels posted on the forum? Including Vanilla Dpup.

In fact, the things I would trust MOST are the PET packages made by community members. They are mostly scripts that can be easily vetted. Any serious problems would be quicky detected in public by community testers. I consider them just as reputable as all those anonymous developers out in the Linux world.

[dimkr]

I guess this depends on how you define "reputable". Why should I trust the packages that come through apt? Who vetted the code from their original developers? Why should I trust the volunteers who packaged that code for Debian?

Source code is public, packages are built from this source code in a build server (not developer's computer) and apt verifies GPG signatures. Stuff you download from the forum doesn't have any of these basic security measures.

woof-CE doesn't do GPG and TLS verification, but my fork uses debootstrap and apt, so it does. In addition, my builds are all built on non-persistent VMs, not on my computer, and the build process doesn't involve any prebuilt binaries that didn't come from apt. Fully automated, fully reproducible, auditable source code.

[rcrsn51]

Fair enough.

But what are you implying? That nothing else on this forum, other than your own work, can be trusted?

[Jasper]

Isn't this more applicable to commercial/enterprise editions of Linux?

A hobbyist build is simply that.

[dimkr]

Fair enough.

But what are you implying? That nothing else on this forum, other than your own work, can be trusted?

Nothing can be trusted, even xz had a backdoor and nobody noticed.

But if you want security, you want a distro with a secure build process, auditable build system, preconfigured firewall, sensitive processes that don't run as root, and so on.

Disabling CUPS won't do much if you have processes running as root that listen on 0.0.0.0, no firewall, applications built by random people on random computers that run as root and can see all if your data, ...

Isn't this more applicable to commercial/enterprise editions of Linux?

A hobbyist build is simply that.

A 'hobbyist build' doesn't have to be insecure. Puppy can adhere to most security best practices out of the box without 'feeling' too different.

[Jasper]

@dimkr

I do applaud you and appreciate your thoroughness in your approach to your work

[stevie pup]

I once read an interview with a man at a company that was involved in data retrieval and forensic examination of computers, often in collaboration with the police in order to find evidence for prosecutions. He recited a few tales about how they had managed to successfully retrieve data from computers that people had set fire to, thrown in rivers, etc.

They then asked him "So what is a genuinely 100% safe and secure computer"? To which he replied "One that is sealed in a lead case and has never, ever been switched on".

Then right at the end of the interview they asked him "And what is a genuinely fast computer"? His reply was "One with no software on it". But that's another story.