Precise-light - 17March2019 - for older hardware

For talk and support relating specifically to Puppy derivatives
Message
Author
User avatar
jrb
Posts: 1536
Joined: Tue 11 Dec 2007, 19:56
Location: Smithers, BC, Canada

#441 Post by jrb »

Moose On The Loose wrote:This morning, I had to reset my PC because Precise-light appeared to not be able to come back from "screen saver" mode.

I had left a terminal open and a compile happening.

This morning I have a great many xxx.o files so I assume the compile stopped at some point, perhaps when done.
You might want to try Menu->Desktop->pupX set properties of X and disable screen saver. Just turn off your monitor for the night.
User avatar
nic007
Posts: 3408
Joined: Sun 13 Nov 2011, 12:31
Location: Cradle of Humankind

#442 Post by nic007 »

Code: Select all

xset s off dpms 0 0 0 -dpms
works for me.
User avatar
jrb
Posts: 1536
Joined: Tue 11 Dec 2007, 19:56
Location: Smithers, BC, Canada

#443 Post by jrb »

jrb wrote:/usr/share/ca-certificates/mozilla has 42 certificates all dated 08 Feb 2016
Sometimes it takes a while for things to sink in. :roll: I just realized these certificates are all outdated, Will look further into this.

Cheers, J
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#444 Post by s243a »

jrb wrote:
jrb wrote:/usr/share/ca-certificates/mozilla has 42 certificates all dated 08 Feb 2016
Sometimes it takes a while for things to sink in. :roll: I just realized these certificates are all outdated, Will look further into this.

Cheers, J
They still might work though if they haven't expired. Also newer certificates might use ciphers that weren't available in previous versions of open SSL.

I think that when a CA (certificate authority) creates a new certificate they create an intermediate certificate that is cross signed by both the old and new root CA. They use this intermediate certificate to sign the ssl keys of the certificates that they use for third parties. Since the intermediate CA is cross signed you can validate the third party ssl certificate with either the old or new root CA. However if you are only use the old root CA once the old root CA expires you'll probably get a warning saying that the certificate is out of date. The command wget gives you the option to validate using expired certs if you want.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#445 Post by s243a »

s243a wrote:It looks like the root certificate for Let's Encrypt is missing.

Code: Select all

sandbox# wget https://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages.gz -O /tmp/pkg/root/ppa_Packages.gz
--2020-02-05 17:54:11--  https://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages.gz
Resolving deb.torproject.org (deb.torproject.org)... 82.195.75.101, 116.202.120.165, 95.216.163.36, ...
Connecting to deb.torproject.org (deb.torproject.org)|82.195.75.101|:443... connected.
ERROR: cannot verify deb.torproject.org's certificate, issued by `/C=US/O=Let\'s Encrypt/CN=Let\'s Encrypt Authority X3':
  Unable to locally verify the issuer's authority.
To connect to deb.torproject.org insecurely, use `--no-check-certificate'.
I was running precise light in a sandbox (above). I was seeing if I could add the jessie tor repo (using sc0ttman's pkg. I'll add the certificate tomorrow and try again.

As a side note the zdrv seems to be required in a chroot for dns resolution. My guess is that libnss must talk to the kernal.
I got this working by installing the Xenial-updates version of
https://packages.ubuntu.com/xenial-upda ... rtificates

I installed it using pkg in my psandbox:

Code: Select all

pkg -i ./ca-certificates_20170717_16.04.2_all.deb
**One could alternatively probably do this using petget or deb2pet.

The branch of pkg I'm using is:
https://gitlab.com/s243a/Pkg/-/tree/add ... ssue_74&81

which has a merge request (i.e. Merge Request #22) to be merged into the official version of package. The official version should also work.

P.S. I recommend prior to installing ca-certificates_20170717_16.04.2_all.deb that one should first delete the contents of:

Code: Select all

/usr/share/ca-certificates
to remove old certificates. Then update /etc/ca-certificates.conf by doing the following:

Code: Select all

cd /usr/share/ca-certificates
find . -name '*' | sed 's#^./##' > /etc/ca-certificates.conf
**Note that I didn't test the above code. What I did instead was copy the output of the above command from the terminal into "/etc/ca-certificates.conf". This way you can look at the output before updating the file.

Final Note The above Xenial-updates package had everything I needed to verify the "Let's encrypt ssl certificate". I didn't have to download the root CA for either Let's Encrypt or IdentTrust separately.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#446 Post by s243a »

jrb wrote:
s243a wrote:
jrb wrote:The "17March2019" in the thread title refers to the WoofCE that I started with for Precise-light MK2. I have used that throughout. I know there were some major changes after that.

Cheers, J
Cool. I'll consider your version the official legacy fork. May I have a link to your fork?
Here's a link to my slightly modified version. Precise is one of the build options. You can click on the build scripts and they will open in terminal window. It will pause and open an xmessage window just before building the puppy.sfs, this lets you check and modify within rootfs-complete. Click OK to continue.

Enjoy, J
Have, you considered publishing your fork to gitlab or github? I mentioned your fork in another thread. Perhaps I'm getting ahead of myself.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
User avatar
jrb
Posts: 1536
Joined: Tue 11 Dec 2007, 19:56
Location: Smithers, BC, Canada

#447 Post by jrb »

s243a wrote:It looks like the root certificate for Let's Encrypt is missing.
...
To connect to deb.torproject.org insecurely, use `--no-check-certificate'
I'm afraid this problem is requiring more knowledge and time than I have right now. :oops: Keep me posted on what you come up with.

I use '--no-check-certificate' quite a lot, so much that I have a small script in my download directory just for that. Extract, place in the directory you download to, click on the script and paste in your URL.
Attachments
00_wget-nocheck.tar.gz
(275 Bytes) Downloaded 136 times
User avatar
jrb
Posts: 1536
Joined: Tue 11 Dec 2007, 19:56
Location: Smithers, BC, Canada

#448 Post by jrb »

s243a wrote:Have, you considered publishing your fork to gitlab or github? I mentioned your fork in another thread. Perhaps I'm getting ahead of myself.
I hardly consider it a "fork". A few added lines of code for my own convenience. Feel free to use and/or modify but here again I'm afraid I don't have the time (or skill) to take it much further.

Sorry, J
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#449 Post by s243a »

jrb wrote:
s243a wrote:It looks like the root certificate for Let's Encrypt is missing.
...
To connect to deb.torproject.org insecurely, use `--no-check-certificate'
I'm afraid this problem is requiring more knowledge and time than I have right now. :oops: Keep me posted on what you come up with.

I use '--no-check-certificate' quite a lot, so much that I have a small script in my download directory just for that. Extract, place in the directory you download to, click on the script and paste in your URL.
I got this working. See my previous post:
s243a wrote: I got this working by installing the Xenial-updates version of
https://packages.ubuntu.com/xenial-upda ... rtificates
...
P.S. I recommend prior to installing ca-certificates_20170717_16.04.2_all.deb that one should first delete the contents of:

Code: Select all

/usr/share/ca-certificates
...
to remove old certificates. Then update /etc/ca-certificates.conf by doing the following:

Code: Select all

cd /usr/share/ca-certificates
find . -name '*' | sed 's#^./##' > /etc/ca-certificates.conf
What I forgot to mention is that after doing the above, then run the following command:

Code: Select all

update-ca-certificates
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
User avatar
jrb
Posts: 1536
Joined: Tue 11 Dec 2007, 19:56
Location: Smithers, BC, Canada

#450 Post by jrb »

s243a wrote:
jrb wrote:
s243a wrote:It looks like the root certificate for Let's Encrypt is missing.
...
To connect to deb.torproject.org insecurely, use `--no-check-certificate'
I'm afraid this problem is requiring more knowledge and time than I have right now. :oops: Keep me posted on what you come up with.

I use '--no-check-certificate' quite a lot, so much that I have a small script in my download directory just for that. Extract, place in the directory you download to, click on the script and paste in your URL.
I got this working. See my previous post:
s243a wrote: I got this working by installing the Xenial-updates version of
https://packages.ubuntu.com/xenial-upda ... rtificates
...
P.S. I recommend prior to installing ca-certificates_20170717_16.04.2_all.deb that one should first delete the contents of:

Code: Select all

/usr/share/ca-certificates
...
to remove old certificates. Then update /etc/ca-certificates.conf by doing the following:

Code: Select all

cd /usr/share/ca-certificates
find . -name '*' | sed 's#^./##' > /etc/ca-certificates.conf
What I forgot to mention is that after doing the above, then run the following command:

Code: Select all

update-ca-certificates
Sorry to be negative above. I'm a bit busy with other things right now, but I will get back to this. What puzzled me was the different action that update-ca-certificates performed when /etc/ca-certificates.conf and /usr/share/ca-certificates/mozilla/*.crt's were updated. Have you got some links for small files on websites that need '--no-check-certificate'? It would be nice to test without having to download big files.
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#451 Post by s243a »

jrb wrote:
s243a wrote:
jrb wrote:I'm afraid this problem is requiring more knowledge and time than I have right now. :oops: Keep me posted on what you come up with.

I use '--no-check-certificate' quite a lot, so much that I have a small script in my download directory just for that. Extract, place in the directory you download to, click on the script and paste in your URL.
I got this working. See my previous post:
s243a wrote: I got this working by installing the Xenial-updates version of
https://packages.ubuntu.com/xenial-upda ... rtificates
...
P.S. I recommend prior to installing ca-certificates_20170717_16.04.2_all.deb that one should first delete the contents of:

Code: Select all

/usr/share/ca-certificates
...
to remove old certificates. Then update /etc/ca-certificates.conf by doing the following:

Code: Select all

cd /usr/share/ca-certificates
find . -name '*' | sed 's#^./##' > /etc/ca-certificates.conf
What I forgot to mention is that after doing the above, then run the following command:

Code: Select all

update-ca-certificates
Sorry to be negative above. I'm a bit busy with other things right now, but I will get back to this. What puzzled me was the different action that update-ca-certificates performed when /etc/ca-certificates.conf and /usr/share/ca-certificates/mozilla/*.crt's were updated. Have you got some links for small files on websites that need '--no-check-certificate'? It would be nice to test without having to download big files.
As I mentioned above, prior to updating the certificates the following wouldn't work without the --no-check-certificate option:

Code: Select all

wget https://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages.gz -O /tmp/pkg/root/ppa_Packages.gz
After updating the certificate, the --no-check-certificate option isn't required.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#452 Post by s243a »

Posting from the netsurf browser now, installed via the package manager. I also tried installing firefox from the package manager. I got the error

libc.so.6 version `GLIBC_2.18 not found (required by /usr/lib/libsdc++.so.6)

So, I'll try the portable version of a browser next.

P.S. why isn't the portable browser install script included?

P.S #2 Here is some helpful info. Looks like we have to block some packages related to libc. I'm using precise 5.7.2

Code: Select all

ages] $ ls -1 -a | grep .files
ca-certificates_20170717_16.04.2_all.files
firefox-16.0.1-i686-up.files
gcc-4.6-base_4.6.3-1ubuntu5.files
libc6_2.15-0ubuntu10.18.files
libc6_2.15-0ubuntu10.files
libc-bin_2.15-0ubuntu10.18.files
libc-bin_2.15-0ubuntu10.files
libgcc1_4.6.3-1ubuntu5.files
multiarch-support_2.15-0ubuntu10.18.files
multiarch-support_2.15-0ubuntu10.files
netsurf_2.8-2.files
netsurf-gtk_2.8-2.files
pkg-1.9.23-noarch.files
PortaBrowseInstall-i386-0.4.files
tzdata_2012b-1.files
tzdata_2016j-0ubuntu0.12.04.files
yad-0.40.3-i686_common32.files
I'll write a script to move the offending files out of my save folder.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#453 Post by s243a »

Looking at the ISO, I notice that "world" and "group" can write to the /var folder. That sounds overly permissive to me but I'm not an expert in these things.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#454 Post by s243a »

I wrote a script to move and/or delete the bad packages:

Pastebin: mv_bad_pkgs.sh

This script was run to clear the bad files in precise 5.7.2 light. I'm not sure if it will work on older versions of precise because in older puppies the file lists might be slightly different. The script doesn't clean the metadata in user-installed-packages. I could add this feature but it would make the script slightly longer and hence more complicated.

I haven't tried rebooting yet to see if this fixed my issues. I also need to update /var/packages/PACKAGE_MANAGMENT to blacklist these packages.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
User avatar
jrb
Posts: 1536
Joined: Tue 11 Dec 2007, 19:56
Location: Smithers, BC, Canada

#455 Post by jrb »

s243a wrote:
jrb wrote:
s243a wrote: I got this working. See my previous post:
What I forgot to mention is that after doing the above, then run the following command:

Code: Select all

update-ca-certificates
Sorry to be negative above. I'm a bit busy with other things right now, but I will get back to this. What puzzled me was the different action that update-ca-certificates performed when /etc/ca-certificates.conf and /usr/share/ca-certificates/mozilla/*.crt's were updated. Have you got some links for small files on websites that need '--no-check-certificate'? It would be nice to test without having to download big files.
As I mentioned above, prior to updating the certificates the following wouldn't work without the --no-check-certificate option:

Code: Select all

wget https://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages.gz -O /tmp/pkg/root/ppa_Packages.gz
After updating the certificate, the --no-check-certificate option isn't required.
Excellent work s243a! I ran through your procedure and it worked perfectly and I started to make a .pet using Debian Sid's ca-certificates figuring they would be the most up to date. Then I found this ca-certificates-2019-03-08.pet lurking in my Downloads. Can't remember downloading it and searches haven't found it. It's more up to date than Sid and it downloaded your test package with no argument.

I would like to give credit to the creator, maybe they will see this and step forward.

Will install this .pet in the next update.
User avatar
jrb
Posts: 1536
Joined: Tue 11 Dec 2007, 19:56
Location: Smithers, BC, Canada

#456 Post by jrb »

s243a wrote:Posting from the netsurf browser now, installed via the package manager. I also tried installing firefox from the package manager. I got the error

libc.so.6 version `GLIBC_2.18 not found (required by /usr/lib/libsdc++.so.6)

So, I'll try the portable version of a browser next.

P.S. why isn't the portable browser install script included?

P.S #2 Here is some helpful info. Looks like we have to block some packages related to libc. I'm using precise 5.7.2

Code: Select all

ages] $ ls -1 -a | grep .files
ca-certificates_20170717_16.04.2_all.files
firefox-16.0.1-i686-up.files
gcc-4.6-base_4.6.3-1ubuntu5.files
libc6_2.15-0ubuntu10.18.files
libc6_2.15-0ubuntu10.files
libc-bin_2.15-0ubuntu10.18.files
libc-bin_2.15-0ubuntu10.files
libgcc1_4.6.3-1ubuntu5.files
multiarch-support_2.15-0ubuntu10.18.files
multiarch-support_2.15-0ubuntu10.files
netsurf_2.8-2.files
netsurf-gtk_2.8-2.files
pkg-1.9.23-noarch.files
PortaBrowseInstall-i386-0.4.files
tzdata_2012b-1.files
tzdata_2016j-0ubuntu0.12.04.files
yad-0.40.3-i686_common32.files
I'll write a script to move the offending files out of my save folder.
Precise-light comes with glibc-2.20. I know it says 2.10 in woof-installed-packages, sloppy work on my part. I suspect firefox-16 is too old to accomodate that.

I thought I had taken care of the libc6_2.15 install problem but obviously not. Have you tried uninstalling the offending programs using PPM? It should remove all the installed files.

Just a suggestion, but if you're going to use a Save file/folder you should make a backup copy regularly, especially before installing new software, ask me how I know. :oops:

You're right about the portable browser install script. It will be in the next update.

Cheers, J
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#457 Post by s243a »

jrb wrote:
After updating the certificate, the --no-check-certificate option isn't required.
Excellent work s243a! I ran through your procedure and it worked perfectly and I started to make a .pet using Debian Sid's ca-certificates figuring they would be the most up to date. Then I found this ca-certificates-2019-03-08.pet lurking in my Downloads. Can't remember downloading it and searches haven't found it. It's more up to date than Sid and it downloaded your test package with no argument.

I would like to give credit to the creator, maybe they will see this and step forward.

Will install this .pet in the next update.
Thankyou, I'm glad it's working for you. I was surprised that you were able to get such new certificates to work :)

jrb wrote:
I'll write a script to move the offending files out of my save folder.
Precise-light comes with glibc-2.20. I know it says 2.10 in woof-installed-packages, sloppy work on my part. I suspect firefox-16 is too old to accomodate that.
I'm not sure, whether firefox-16 can use this version of glibc or not. I created an adrv yesterday, by using my remaster sandbox script. The link is as follows:

adrv_precise_light-5.7.2.sfs

This "a drive" (aka adrv) has updated certificates, but not as new as the ones that you are using. It also has Sc0ttman's package manager (pkg) installed on it [1]. I went a little crazy with the repos, and added all of the precise repos.

Here is my ~/.pkg/pkgrc file:

Code: Select all

WORKDIR=/root/pkg
REPONAME=precise-main
EX=deb
REPOFILE=Packages-ubuntu-precise-main
REPOURL1=http://archive.ubuntu.com/ubuntu/
REPOURL2=http://ftp.filearena.net/pub/ubuntu/
REPOURL3=
REPOURL4=
PKGSEARCH="list_pkg_names"
PKGSEARCHEXACT="pkg -ne"
DEPSEARCH="list_all_pkg_names"
DEPSEARCHEXACT="pkg -nea"
REPOFALLBACKS="noarch jessie-tor-main precise-multiverse precise-universe precise-restricted precise-security-main precise-security-multiverse precise-security-universe precise-security-restricted precise-updates-main precise-updates-universe precise-updates-multiverse precise-updates-restricted precise-backports-main precise-backports-universe precise-backports-multiverse precise-proposed-universe "
PKGSCOPE="one"
DEPSCOPE="all"
BLEDGE="no"
RDCHECK="yes"
AUTOCLEAN="no"
BUILDTOOL=petbuild
Notice the long list of fallback repos. I'm not sure what issues using so many repos might present. Something interesting though is the following:

Code: Select all

sandbox# /usr/sbin/pkg --names-all firefox_
firefox_11.0+build1-0ubuntu4
firefox_52.0.2+build1-0ubuntu0.12.04.1
also

Code: Select all

cd /var/packages
grep -rn . -e 'firefox_52' | cut -d '|' -f1
./Packages-ubuntu-precise-security-main:245:firefox_52.0.2+build1-0ubuntu0.12.04.1
./Packages-ubuntu-precise-updates-main:386:firefox_52.0.2+build1-0ubuntu0.12.04.1
So it looks like version 52 of firefox is available in the repos precise-security-main and also in precise-updates-main. I might give installing this a try. Note that I did the above commands in a sandbox. I tested booting with my adrv yesterday. pkg wasn't working even though it was on the adrv. Tonight I realized the problem is that the following files from my adrv:

Code: Select all

/root/.pkg/sources
/root/.pkg/sources-all
/root/.pkg/pkgrc
appear to be different than what is on my adrv after the first run of pkg. I'm guessing pkg thinks that I'm doing a new install and overwrites these files. The solution is to replace these files with those found on my adrv. Note that the last file can be generated from the previous two by doing the command:

Code: Select all

pkg --repo precise-main
I have "precise-main" set as the default repo because I suspect that it will likely have the greatest compatibility. PKG has an environmental variable called "BLEDGE" (for bleeding-edge) that will install the newest version of the pkg from all installed repos (verify?). I haven't tested this feature.

Anyway, I'll test pkg more on precise light and also see if I can figure out why these config files are overwritten on first run.

Another oddity, with my adrv is when I boot it the prompt says "sandbox"

Notes
-----------------------
1 - the version of pkg I installed on the adrv is a fork that is part of Merge Request #72.

Edit: I created a new version of my adrv
adrv_precise_light-5.7.2.sfs(not tested yet). I was installing the portable browser in a sandbox and it complained about the architecture being 64bits. This is because the sandbox was being run in a 64bit system. I think the solution to this is to create a wrapper function for uname.
, with libc6 blacklisted and possibly the portable browser installer included.

Edit 2: I figured out why the prompt says sandbox. See post.
Last edited by s243a on Fri 14 Feb 2020, 04:07, edited 3 times in total.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
User avatar
Fossil
Posts: 1157
Joined: Tue 13 Dec 2005, 21:36
Location: Gloucestershire, UK.

#458 Post by Fossil »

jrb
" ...Then I found this ca-certificates-2019-03-08.pet lurking in my Downloads. Can't remember downloading it and searches haven't found it. It's more up to date than Sid and it downloaded your test package with no argument.
I would like to give credit to the creator, maybe they will see this and step forward...."
ca-certificates-2019-03-08.pet can be found here:-
http://www.smokey01.com/OscarTalks/
:D
User avatar
jrb
Posts: 1536
Joined: Tue 11 Dec 2007, 19:56
Location: Smithers, BC, Canada

#459 Post by jrb »

Fossil wrote:jrb
" ...Then I found this ca-certificates-2019-03-08.pet lurking in my Downloads. Can't remember downloading it and searches haven't found it. It's more up to date than Sid and it downloaded your test package with no argument.
I would like to give credit to the creator, maybe they will see this and step forward...."
ca-certificates-2019-03-08.pet can be found here:-
http://www.smokey01.com/OscarTalks/
:D
Thanks very much Fossil and thanks to OscarTalks as well for another valuable Puppy asset. 8)

Cheers, J
User avatar
Moose On The Loose
Posts: 965
Joined: Thu 24 Feb 2011, 14:54

New GCC Not ready for Prime time

#460 Post by Moose On The Loose »

I noticed that there appears to be others making stuff so perhaps someone can do some of the testing for me.
I got the latest GCC-10-20200202 to compile with a few manual edits.
It isn't pretty but I think it is good enough to start to use.
I have made a SFS that you can load instead of the usual "dev" SFS.
It has compiled a few things at this point and they work.
I have it uploading to my google drive as I type this.
[... waiting 12 minutes for it to finish ...]

https://drive.google.com/open?id=1sKTs ... TBe6LSLa-
Post Reply