You might want to try Menu->Desktop->pupX set properties of X and disable screen saver. Just turn off your monitor for the night.Moose On The Loose wrote:This morning, I had to reset my PC because Precise-light appeared to not be able to come back from "screen saver" mode.
I had left a terminal open and a compile happening.
This morning I have a great many xxx.o files so I assume the compile stopped at some point, perhaps when done.
Precise-light - 17March2019 - for older hardware
They still might work though if they haven't expired. Also newer certificates might use ciphers that weren't available in previous versions of open SSL.jrb wrote:Sometimes it takes a while for things to sink in. I just realized these certificates are all outdated, Will look further into this.jrb wrote:/usr/share/ca-certificates/mozilla has 42 certificates all dated 08 Feb 2016
Cheers, J
I think that when a CA (certificate authority) creates a new certificate they create an intermediate certificate that is cross signed by both the old and new root CA. They use this intermediate certificate to sign the ssl keys of the certificates that they use for third parties. Since the intermediate CA is cross signed you can validate the third party ssl certificate with either the old or new root CA. However if you are only use the old root CA once the old root CA expires you'll probably get a warning saying that the certificate is out of date. The command wget gives you the option to validate using expired certs if you want.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
I got this working by installing the Xenial-updates version ofs243a wrote:It looks like the root certificate for Let's Encrypt is missing.I was running precise light in a sandbox (above). I was seeing if I could add the jessie tor repo (using sc0ttman's pkg. I'll add the certificate tomorrow and try again.Code: Select all
sandbox# wget https://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages.gz -O /tmp/pkg/root/ppa_Packages.gz --2020-02-05 17:54:11-- https://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages.gz Resolving deb.torproject.org (deb.torproject.org)... 82.195.75.101, 116.202.120.165, 95.216.163.36, ... Connecting to deb.torproject.org (deb.torproject.org)|82.195.75.101|:443... connected. ERROR: cannot verify deb.torproject.org's certificate, issued by `/C=US/O=Let\'s Encrypt/CN=Let\'s Encrypt Authority X3': Unable to locally verify the issuer's authority. To connect to deb.torproject.org insecurely, use `--no-check-certificate'.
As a side note the zdrv seems to be required in a chroot for dns resolution. My guess is that libnss must talk to the kernal.
https://packages.ubuntu.com/xenial-upda ... rtificates
I installed it using pkg in my psandbox:
Code: Select all
pkg -i ./ca-certificates_20170717_16.04.2_all.deb
The branch of pkg I'm using is:
https://gitlab.com/s243a/Pkg/-/tree/add ... ssue_74&81
which has a merge request (i.e. Merge Request #22) to be merged into the official version of package. The official version should also work.
P.S. I recommend prior to installing ca-certificates_20170717_16.04.2_all.deb that one should first delete the contents of:
Code: Select all
/usr/share/ca-certificates
Code: Select all
cd /usr/share/ca-certificates
find . -name '*' | sed 's#^./##' > /etc/ca-certificates.conf
Final Note The above Xenial-updates package had everything I needed to verify the "Let's encrypt ssl certificate". I didn't have to download the root CA for either Let's Encrypt or IdentTrust separately.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
Have, you considered publishing your fork to gitlab or github? I mentioned your fork in another thread. Perhaps I'm getting ahead of myself.jrb wrote:Here's a link to my slightly modified version. Precise is one of the build options. You can click on the build scripts and they will open in terminal window. It will pause and open an xmessage window just before building the puppy.sfs, this lets you check and modify within rootfs-complete. Click OK to continue.s243a wrote:Cool. I'll consider your version the official legacy fork. May I have a link to your fork?jrb wrote:The "17March2019" in the thread title refers to the WoofCE that I started with for Precise-light MK2. I have used that throughout. I know there were some major changes after that.
Cheers, J
Enjoy, J
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
I'm afraid this problem is requiring more knowledge and time than I have right now. Keep me posted on what you come up with.s243a wrote:It looks like the root certificate for Let's Encrypt is missing.
...
To connect to deb.torproject.org insecurely, use `--no-check-certificate'
I use '--no-check-certificate' quite a lot, so much that I have a small script in my download directory just for that. Extract, place in the directory you download to, click on the script and paste in your URL.
- Attachments
-
- 00_wget-nocheck.tar.gz
- (275 Bytes) Downloaded 136 times
I hardly consider it a "fork". A few added lines of code for my own convenience. Feel free to use and/or modify but here again I'm afraid I don't have the time (or skill) to take it much further.s243a wrote:Have, you considered publishing your fork to gitlab or github? I mentioned your fork in another thread. Perhaps I'm getting ahead of myself.
Sorry, J
I got this working. See my previous post:jrb wrote:I'm afraid this problem is requiring more knowledge and time than I have right now. Keep me posted on what you come up with.s243a wrote:It looks like the root certificate for Let's Encrypt is missing.
...
To connect to deb.torproject.org insecurely, use `--no-check-certificate'
I use '--no-check-certificate' quite a lot, so much that I have a small script in my download directory just for that. Extract, place in the directory you download to, click on the script and paste in your URL.
What I forgot to mention is that after doing the above, then run the following command:s243a wrote: I got this working by installing the Xenial-updates version of
https://packages.ubuntu.com/xenial-upda ... rtificates
...
P.S. I recommend prior to installing ca-certificates_20170717_16.04.2_all.deb that one should first delete the contents of:...Code: Select all
/usr/share/ca-certificates
to remove old certificates. Then update /etc/ca-certificates.conf by doing the following:Code: Select all
cd /usr/share/ca-certificates find . -name '*' | sed 's#^./##' > /etc/ca-certificates.conf
Code: Select all
update-ca-certificates
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
Sorry to be negative above. I'm a bit busy with other things right now, but I will get back to this. What puzzled me was the different action that update-ca-certificates performed when /etc/ca-certificates.conf and /usr/share/ca-certificates/mozilla/*.crt's were updated. Have you got some links for small files on websites that need '--no-check-certificate'? It would be nice to test without having to download big files.s243a wrote:I got this working. See my previous post:jrb wrote:I'm afraid this problem is requiring more knowledge and time than I have right now. Keep me posted on what you come up with.s243a wrote:It looks like the root certificate for Let's Encrypt is missing.
...
To connect to deb.torproject.org insecurely, use `--no-check-certificate'
I use '--no-check-certificate' quite a lot, so much that I have a small script in my download directory just for that. Extract, place in the directory you download to, click on the script and paste in your URL.
What I forgot to mention is that after doing the above, then run the following command:s243a wrote: I got this working by installing the Xenial-updates version of
https://packages.ubuntu.com/xenial-upda ... rtificates
...
P.S. I recommend prior to installing ca-certificates_20170717_16.04.2_all.deb that one should first delete the contents of:...Code: Select all
/usr/share/ca-certificates
to remove old certificates. Then update /etc/ca-certificates.conf by doing the following:Code: Select all
cd /usr/share/ca-certificates find . -name '*' | sed 's#^./##' > /etc/ca-certificates.conf
Code: Select all
update-ca-certificates
As I mentioned above, prior to updating the certificates the following wouldn't work without the --no-check-certificate option:jrb wrote:Sorry to be negative above. I'm a bit busy with other things right now, but I will get back to this. What puzzled me was the different action that update-ca-certificates performed when /etc/ca-certificates.conf and /usr/share/ca-certificates/mozilla/*.crt's were updated. Have you got some links for small files on websites that need '--no-check-certificate'? It would be nice to test without having to download big files.s243a wrote:I got this working. See my previous post:jrb wrote:I'm afraid this problem is requiring more knowledge and time than I have right now. Keep me posted on what you come up with.
I use '--no-check-certificate' quite a lot, so much that I have a small script in my download directory just for that. Extract, place in the directory you download to, click on the script and paste in your URL.
What I forgot to mention is that after doing the above, then run the following command:s243a wrote: I got this working by installing the Xenial-updates version of
https://packages.ubuntu.com/xenial-upda ... rtificates
...
P.S. I recommend prior to installing ca-certificates_20170717_16.04.2_all.deb that one should first delete the contents of:...Code: Select all
/usr/share/ca-certificates
to remove old certificates. Then update /etc/ca-certificates.conf by doing the following:Code: Select all
cd /usr/share/ca-certificates find . -name '*' | sed 's#^./##' > /etc/ca-certificates.conf
Code: Select all
update-ca-certificates
Code: Select all
wget https://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages.gz -O /tmp/pkg/root/ppa_Packages.gz
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
Posting from the netsurf browser now, installed via the package manager. I also tried installing firefox from the package manager. I got the error
libc.so.6 version `GLIBC_2.18 not found (required by /usr/lib/libsdc++.so.6)
So, I'll try the portable version of a browser next.
P.S. why isn't the portable browser install script included?
P.S #2 Here is some helpful info. Looks like we have to block some packages related to libc. I'm using precise 5.7.2
I'll write a script to move the offending files out of my save folder.
libc.so.6 version `GLIBC_2.18 not found (required by /usr/lib/libsdc++.so.6)
So, I'll try the portable version of a browser next.
P.S. why isn't the portable browser install script included?
P.S #2 Here is some helpful info. Looks like we have to block some packages related to libc. I'm using precise 5.7.2
Code: Select all
ages] $ ls -1 -a | grep .files
ca-certificates_20170717_16.04.2_all.files
firefox-16.0.1-i686-up.files
gcc-4.6-base_4.6.3-1ubuntu5.files
libc6_2.15-0ubuntu10.18.files
libc6_2.15-0ubuntu10.files
libc-bin_2.15-0ubuntu10.18.files
libc-bin_2.15-0ubuntu10.files
libgcc1_4.6.3-1ubuntu5.files
multiarch-support_2.15-0ubuntu10.18.files
multiarch-support_2.15-0ubuntu10.files
netsurf_2.8-2.files
netsurf-gtk_2.8-2.files
pkg-1.9.23-noarch.files
PortaBrowseInstall-i386-0.4.files
tzdata_2012b-1.files
tzdata_2016j-0ubuntu0.12.04.files
yad-0.40.3-i686_common32.files
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
Looking at the ISO, I notice that "world" and "group" can write to the /var folder. That sounds overly permissive to me but I'm not an expert in these things.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
I wrote a script to move and/or delete the bad packages:
Pastebin: mv_bad_pkgs.sh
This script was run to clear the bad files in precise 5.7.2 light. I'm not sure if it will work on older versions of precise because in older puppies the file lists might be slightly different. The script doesn't clean the metadata in user-installed-packages. I could add this feature but it would make the script slightly longer and hence more complicated.
I haven't tried rebooting yet to see if this fixed my issues. I also need to update /var/packages/PACKAGE_MANAGMENT to blacklist these packages.
Pastebin: mv_bad_pkgs.sh
This script was run to clear the bad files in precise 5.7.2 light. I'm not sure if it will work on older versions of precise because in older puppies the file lists might be slightly different. The script doesn't clean the metadata in user-installed-packages. I could add this feature but it would make the script slightly longer and hence more complicated.
I haven't tried rebooting yet to see if this fixed my issues. I also need to update /var/packages/PACKAGE_MANAGMENT to blacklist these packages.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
Excellent work s243a! I ran through your procedure and it worked perfectly and I started to make a .pet using Debian Sid's ca-certificates figuring they would be the most up to date. Then I found this ca-certificates-2019-03-08.pet lurking in my Downloads. Can't remember downloading it and searches haven't found it. It's more up to date than Sid and it downloaded your test package with no argument.s243a wrote:As I mentioned above, prior to updating the certificates the following wouldn't work without the --no-check-certificate option:jrb wrote:Sorry to be negative above. I'm a bit busy with other things right now, but I will get back to this. What puzzled me was the different action that update-ca-certificates performed when /etc/ca-certificates.conf and /usr/share/ca-certificates/mozilla/*.crt's were updated. Have you got some links for small files on websites that need '--no-check-certificate'? It would be nice to test without having to download big files.s243a wrote: I got this working. See my previous post:
What I forgot to mention is that after doing the above, then run the following command:Code: Select all
update-ca-certificates
After updating the certificate, the --no-check-certificate option isn't required.Code: Select all
wget https://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages.gz -O /tmp/pkg/root/ppa_Packages.gz
I would like to give credit to the creator, maybe they will see this and step forward.
Will install this .pet in the next update.
Precise-light comes with glibc-2.20. I know it says 2.10 in woof-installed-packages, sloppy work on my part. I suspect firefox-16 is too old to accomodate that.s243a wrote:Posting from the netsurf browser now, installed via the package manager. I also tried installing firefox from the package manager. I got the error
libc.so.6 version `GLIBC_2.18 not found (required by /usr/lib/libsdc++.so.6)
So, I'll try the portable version of a browser next.
P.S. why isn't the portable browser install script included?
P.S #2 Here is some helpful info. Looks like we have to block some packages related to libc. I'm using precise 5.7.2
I'll write a script to move the offending files out of my save folder.Code: Select all
ages] $ ls -1 -a | grep .files ca-certificates_20170717_16.04.2_all.files firefox-16.0.1-i686-up.files gcc-4.6-base_4.6.3-1ubuntu5.files libc6_2.15-0ubuntu10.18.files libc6_2.15-0ubuntu10.files libc-bin_2.15-0ubuntu10.18.files libc-bin_2.15-0ubuntu10.files libgcc1_4.6.3-1ubuntu5.files multiarch-support_2.15-0ubuntu10.18.files multiarch-support_2.15-0ubuntu10.files netsurf_2.8-2.files netsurf-gtk_2.8-2.files pkg-1.9.23-noarch.files PortaBrowseInstall-i386-0.4.files tzdata_2012b-1.files tzdata_2016j-0ubuntu0.12.04.files yad-0.40.3-i686_common32.files
I thought I had taken care of the libc6_2.15 install problem but obviously not. Have you tried uninstalling the offending programs using PPM? It should remove all the installed files.
Just a suggestion, but if you're going to use a Save file/folder you should make a backup copy regularly, especially before installing new software, ask me how I know.
You're right about the portable browser install script. It will be in the next update.
Cheers, J
Thankyou, I'm glad it's working for you. I was surprised that you were able to get such new certificates to workjrb wrote:Excellent work s243a! I ran through your procedure and it worked perfectly and I started to make a .pet using Debian Sid's ca-certificates figuring they would be the most up to date. Then I found this ca-certificates-2019-03-08.pet lurking in my Downloads. Can't remember downloading it and searches haven't found it. It's more up to date than Sid and it downloaded your test package with no argument.After updating the certificate, the --no-check-certificate option isn't required.
I would like to give credit to the creator, maybe they will see this and step forward.
Will install this .pet in the next update.
I'm not sure, whether firefox-16 can use this version of glibc or not. I created an adrv yesterday, by using my remaster sandbox script. The link is as follows:jrb wrote:Precise-light comes with glibc-2.20. I know it says 2.10 in woof-installed-packages, sloppy work on my part. I suspect firefox-16 is too old to accomodate that.I'll write a script to move the offending files out of my save folder.
adrv_precise_light-5.7.2.sfs
This "a drive" (aka adrv) has updated certificates, but not as new as the ones that you are using. It also has Sc0ttman's package manager (pkg) installed on it [1]. I went a little crazy with the repos, and added all of the precise repos.
Here is my ~/.pkg/pkgrc file:
Code: Select all
WORKDIR=/root/pkg
REPONAME=precise-main
EX=deb
REPOFILE=Packages-ubuntu-precise-main
REPOURL1=http://archive.ubuntu.com/ubuntu/
REPOURL2=http://ftp.filearena.net/pub/ubuntu/
REPOURL3=
REPOURL4=
PKGSEARCH="list_pkg_names"
PKGSEARCHEXACT="pkg -ne"
DEPSEARCH="list_all_pkg_names"
DEPSEARCHEXACT="pkg -nea"
REPOFALLBACKS="noarch jessie-tor-main precise-multiverse precise-universe precise-restricted precise-security-main precise-security-multiverse precise-security-universe precise-security-restricted precise-updates-main precise-updates-universe precise-updates-multiverse precise-updates-restricted precise-backports-main precise-backports-universe precise-backports-multiverse precise-proposed-universe "
PKGSCOPE="one"
DEPSCOPE="all"
BLEDGE="no"
RDCHECK="yes"
AUTOCLEAN="no"
BUILDTOOL=petbuild
Code: Select all
sandbox# /usr/sbin/pkg --names-all firefox_
firefox_11.0+build1-0ubuntu4
firefox_52.0.2+build1-0ubuntu0.12.04.1
Code: Select all
cd /var/packages
grep -rn . -e 'firefox_52' | cut -d '|' -f1
./Packages-ubuntu-precise-security-main:245:firefox_52.0.2+build1-0ubuntu0.12.04.1
./Packages-ubuntu-precise-updates-main:386:firefox_52.0.2+build1-0ubuntu0.12.04.1
Code: Select all
/root/.pkg/sources
/root/.pkg/sources-all
/root/.pkg/pkgrc
Code: Select all
pkg --repo precise-main
Anyway, I'll test pkg more on precise light and also see if I can figure out why these config files are overwritten on first run.
Another oddity, with my adrv is when I boot it the prompt says "sandbox"
Notes
-----------------------
1 - the version of pkg I installed on the adrv is a fork that is part of Merge Request #72.
Edit: I created a new version of my adrv
adrv_precise_light-5.7.2.sfs(not tested yet). I was installing the portable browser in a sandbox and it complained about the architecture being 64bits. This is because the sandbox was being run in a 64bit system. I think the solution to this is to create a wrapper function for uname.
, with libc6 blacklisted and possibly the portable browser installer included.
Edit 2: I figured out why the prompt says sandbox. See post.
Last edited by s243a on Fri 14 Feb 2020, 04:07, edited 3 times in total.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
jrb
http://www.smokey01.com/OscarTalks/
ca-certificates-2019-03-08.pet can be found here:-" ...Then I found this ca-certificates-2019-03-08.pet lurking in my Downloads. Can't remember downloading it and searches haven't found it. It's more up to date than Sid and it downloaded your test package with no argument.
I would like to give credit to the creator, maybe they will see this and step forward...."
http://www.smokey01.com/OscarTalks/
Thanks very much Fossil and thanks to OscarTalks as well for another valuable Puppy asset.Fossil wrote:jrbca-certificates-2019-03-08.pet can be found here:-" ...Then I found this ca-certificates-2019-03-08.pet lurking in my Downloads. Can't remember downloading it and searches haven't found it. It's more up to date than Sid and it downloaded your test package with no argument.
I would like to give credit to the creator, maybe they will see this and step forward...."
http://www.smokey01.com/OscarTalks/
Cheers, J
- Moose On The Loose
- Posts: 965
- Joined: Thu 24 Feb 2011, 14:54
New GCC Not ready for Prime time
I noticed that there appears to be others making stuff so perhaps someone can do some of the testing for me.
I got the latest GCC-10-20200202 to compile with a few manual edits.
It isn't pretty but I think it is good enough to start to use.
I have made a SFS that you can load instead of the usual "dev" SFS.
It has compiled a few things at this point and they work.
I have it uploading to my google drive as I type this.
[... waiting 12 minutes for it to finish ...]
https://drive.google.com/open?id=1sKTs ... TBe6LSLa-
I got the latest GCC-10-20200202 to compile with a few manual edits.
It isn't pretty but I think it is good enough to start to use.
I have made a SFS that you can load instead of the usual "dev" SFS.
It has compiled a few things at this point and they work.
I have it uploading to my google drive as I type this.
[... waiting 12 minutes for it to finish ...]
https://drive.google.com/open?id=1sKTs ... TBe6LSLa-