site  contact  subhomenews

Progress heading toward Buster 2.1

August 20, 2019 — BarryK

In Easy Buster 2.0, the Easy-desktop-in-container has corrupted wallpaper and other corrupted graphics. I fixed that, well, it is a workaround for now. In Pyro, /mnt/wkg/containers/easy/configuration file has "EC_NS_UNSHARE_IPC='true'", however, in Buster it has to be 'false'. Hmmm, anyway, it fixed the graphics, will go with that for now.

However, another problem, video-related again. I built Buster 2.1 German edition, and booted it from USB-stick. For non-English builds, the initrd runs Xorg and full GUI apps to ask for keyboard layout and password. It achieves this by setting up a temporary aufs layered filesystem with easy.sfs as the bottom layer, then chroot into it.

Works great in Pyro, can run gtkdialog-based GUIs, and use translation with gettext. However, in Buster, Xorg fails. It loads the 'fbdev' driver OK, and 'libfbdehw.so' module, but reports "No devices detected" and aborts. But, /dev/fb0 is there, and works.

Very odd. Probably something to do with how Debian have configured Xorg when it was compiled. There is no hint in Xorg.0.log as to why it cannot find /dev/fb0. I am using a custom 'xorg.conf'.

Stumped for now, but will keep at it. Buster 2.1 will be a little bit delayed. 

Tags: easy

Fixes when SFS layers change

August 19, 2019 — BarryK

After releasing Easy Buster 2.0, I upgraded my frugal installation of Easy on my tower PC, from version 1.1. This is achieved by simply copying the three new files, as explained here:

https://easyos.org/user/easy-version-upgrade-and-downgrade.html

I was running from the frugal installation at the time, but that is OK. Rebooted, and the upgrade happened, no problem.

Except that the GTK theme was broken. The reason was that the GTK theme in easy.sfs 1.1 was not in easy.sfs 2.0.

The 'init' script in the initrd detects if SFS layers have changed, including a version change, and runs a script named 'fixlayers'. I have done some more work on this script to ensure theming is sane after a version change, plus some other checks.

SFS layers can introduce all kinds of problems, and 'fixlayers' does a lot of checking to make sure that what is seen "on top" is appropriate.   

Tags: easy

Run totally in RAM isolated from PC

August 18, 2019 — BarryK

I posted about this new feature yesterday:

http://bkhome.org/news/201908/easyos-booting-up-totally-in-ram.html

Now for some snapshots...

There is a new entry in the boot menu, "Copy session to RAM & disable drives":

img1

At first bootup, choose the top entry, for normal bootup. Then setup networking, firewall, video resolution, and whatever else. At the next bootup, choose "Copy session to RAM & disable drives". This will copy 'easy.sfs' and the previous session into RAM, and switch_root onto a desktop running totally in RAM.

At the switch_root, Linux Capabilities are dropped, to disable accessing of drives. This also disables containers. So, we see a very clean desktop:

img2

With everything in RAM, EasyOS runs super fast. The isolation from the PC drives means that there is no risk of intruder contamination -- when you poweroff, it is all gone, it never happened.

However, you might want to save something. For example, I took a snapshot of the desktop. The current configuration of dropped Linux Capabilities allows saving to a USB-drive or any removable drive, by plugging it in, or replugging it. I replugged the USB-stick that had booted off, and was then able to mount a partition and save the snapshot.

I can see this as being my everyday bootup choice when I just want to surf the web and not risk any contamination of my PC. A nice feature of the REFind boot manager is that it remembers the last menu choice, and sets that as the default -- very convenient.

The above snapshot shows a new theme. I would like to acknowledge forum member Argolance, who sent me a theme that he had developed. I have used that as the base for a new theme for Easy Buster. Argolance provided the icons, wallpaper, and window-manager themes, that I modified slightly to suit my taste.

Argolance, thanks for that! I didn't really like the theme for Easy Buster 2.0, thought it was too bright.  Expect 2.1 very soon, probably tomorrow. 

Tags: easy

EasyOS booting up totally in RAM

August 17, 2019 — BarryK

This is a very exciting development. It has been hanging around in the background of my mind for sometime, finally seeing fruition.

On the forum there has been some discussion why some users prefer to boot from optical media. Apart from "old habits die hard", there is a perceived security advantage. Quirky had the ability to boot from CD/DVD and copy the last session from file to RAM, then we are running totally in RAM. Even 'easy.sfs' is copied to RAM, so no drive partitions are mounted, and the CD can be removed if wanted.

I have used the word "perceived" above, as a determined intruder will not have much difficulty getting into the rest of the computer. Quirky had a "save" button on the desktop, which wrote the session to a file on the hard drive. Well, an intruder could also mount any partition and read and write anything.

The container implementation in Easy is a help, as an intruder would have to break out of it, which is possible but very difficult.

I know that some users of Easy are not keen on using the containers. They would prefer to do everything on the main desktop. One reason is that there is a speed penalty in a container, and some things do not work, or may be troublesome -- Internet access for example.

This preamble is leading up to what I have implemented today...

There is a new entry in the boot menu, "Copy session to RAM & disable drives".

This does exactly what it says. The last session, when you did a normal bootup, is copied to RAM, compressed zram actually, as is 'easy.sfs', and when the switch_root occurs, the Linux Capability to mount and unmount partitions is dropped.

You are then on a desktop that is "contained", without containers. In fact, all container functionality is removed, as it requires mount capability. Everything works as normal, except that you cannot access any partitions.

One thing that I immediately observed, it is very fast. My PC has 16GB RAM, and you would probably need 4GB for this to work well. There is no latency as when accessing a drive. Really nice.

So what is the downside? Well, you can't save anything. This of course is a security feature: if you can't save anything, then so too can't an intruder.

The way you would use this "Copy session to RAM & disable drives" option is to do a normal bootup first, to setup Internet connection, etc. Then when you reboot and choose this option, all of the previous session will be copied to RAM and you are good-to-go.

I see this as great when I just want to surf the web, and not risk any contamination of my PC. However, there may be times when I would like to download a file and save it. There are various ways to do this, one of which is to pre-mount a partition in the initrd -- this would be a partition that serves no other purpose than a transfer place for files. The next step is I will consider how to implement saving of files.

This new feature kills off the last justification for booting from an ISO file.  Well, almost... so far, have only dropped the Linux Capability to mount and unmount partitions, but partitions can still be accessed by 'dd' -- I plan to look at dropping some more Capabilities to take care of this too. 

EDIT 2019-08-18:
The latest iteration, only dropping 'cap_mknod' when switch_root, and delete all drive nodes in /dev. As far as I can determine, the only way to get drive nodes back is to physically plug in a drive. For example, unplug then replug the USB-stick that booted off. Then new device nodes will appear -- if the USB-stick had been 'sdb' at bootup, that would be unavailable, but after replugging, new nodes, say 'sdc', 'sdc1, 'sdc2' would be created, and the partitions can be mounted.

So far, haven't found any security weakness in this. It has a great advantage, as have kept mounting rights, can simply replug the USB-stick and then mount it, if want to save something. We could even save the session, however, might leave that out for now, let the "dust settle". Might just release Easy Buster 2.1, then play with this new feature, get feedback on what other features would be useful.  

Tags: easy

Now using NetworkManager DEB

August 15, 2019 — BarryK

I posted recently about compiling NetworkManager, so as to have less dependencies than the DEB package:

http://bkhome.org/news/201908/modemmanager-and-networkmanager-compiled-in-buster.html

However, I have changed to using the DEB. It does require extra systemd, policykit and pam dependency packages, however, I am still able to run NetworkManager without those actually doing anything.

I setup /etc/NetworkManager/NetworkManager.conf:

[main]
plugins=keyfile
auth-polkit=false
dhcp=internal
rc-manager=file
systemd-resolved=false

[device]
#wifi.backend=iwd
wifi.backend=wpa_supplicant

Still using 'network-manager-applet' that I compiled. Took out 'ModemManager' for now, as not really sure what it "brings to the table".

Blueman

Have added 'Blueman', which is graphical configuration for bluetooth. Up until now, have 'Bluepup', which is a GUI configuration tool that I developed some years ago, then neglected it. Don't have the time to work on it, Blueman works great. 

Tags: easy

PETget update databases fixes

August 13, 2019 — BarryK

PETget, shown as "petget" on the desktop, also known as PPM (Puppy Package Manager) from the Puppy days, has a button to update the package database files. Running Easy Buster 2.0, forum member 'blgs' reported updating to be broken.

Yes, it was doing some strange things. Now fixed.

Note, there is no need to do an update. The Debian repositories have updates URLs, for example:

http://http.us.debian.org/debian/dists/buster-updates/main/binary-amd64/

...where you will see 'Packages.gz', however it is empty. At the time of writing this anyway. These empty updates upset the PETget db updating. 

Also, this site does not have a separate "updates" path:

http://deb-multimedia.org/dists/ 

Tags: easy

Audacious and mhWaveEdit fixed in Buster

August 13, 2019 — BarryK

Forum member Keef reported that Audacious music player and mhWaveEdit sound editor do not work in Easy Buster 2.0.

In the case of Audacious, the 'audacious-plugins' package was missing.

In the case of mhWaveEdit, there is a mysterious apulse error message and startup aborts. I need to checkout apulse, however just grabbed the mhWaveEdit PET from Easy Thud, which uses alsa not apulse.

Good, two more bugs bite the dust! 

Tags: easy