pulilogo Welcome to Puli 6.1.0, released April 2017

Puli 6.1.0 is a member of the Puppy Linux family: a high security, "kiosk" flavor of 666philb's tahrpup 6.0.5, intended to boot from a USB pendrive and run safely even if the boot device is unplugged.

The 32-bit, non-PAE Puli has kernel version 3.14.79.
This is a static Help file. If you need more details, feel free to browse the Puli forum at http://murga-linux.com/puppy/viewtopic.php?t=96964
Earlier barks of Puli are also discussed at http://murga-linux.com/puppy/viewtopic.php?t=88691

The Puppy Linux Project was established by Barry Kauler in 2003. See legal notice at the bottom of this page.

Special thanks to 666philb, smokey01, pemasu, S-kami, Kros54, Sylvander, members of Puppy Linux forums, and to my colleagues, including ethical hackers who helped me with their feedback about Puli.

Have fun!



I. How to install Puli on a USB pendrive:

If you are an experienced Linux user, consider installing Puli by following the steps written in Appendix A.

However, as many users (still) have Windows XP/7/8/10 only, here I describe a "one-finger-one-minute" method to create a working Puli pendrive in Windows:

1. Download Puli and LiLi

  a. Puli and its updates are available at smokey01.com/gjuhasz in form of compressed files in Puli-(latestversion_issuedate) folders. Download the Puli_install.zip file (this description references to Puli 6.0.5 and later versions).

  b. Download the latest version of LinuxLive USB Creator from http://www.linuxliveusb.com. Alternatively, you can find its Sep 2015 version next to Puli folders, at smokey01.com/gjuhasz/LiLi

2. Create the Puli pendrive.

Plug in the pendrive (recommended capacity: 4 GB or bigger) and Run LiLi. Complete the install steps from top to down as follows:

  Step 1: Choose your pendrive in the selection box (be careful - do not select another drive accidentally)

  Step 2: Choose a source - click on the ISO/IMG/ZIP icon and select the Puli_install.zip file

  Step 3: Select Live Mode in the Persistence pane

  Step 4: Tick only the second (FAT32) box

  Step 5: Click the lightning icon. The installation takes about 25-30 seconds. In the below picture, you see the LiLi interface before the installation starts and after it has finished.

Install Puli 

  Step 6: You can download some useful packages, e.g., browser(s), Adobe Flash plugin, Java runtime (jre) environment, Office packages, wine, etc. See the proposed packages at smokey01.com/gjuhasz/packages. Put them into the /packages folder of your boot pendrive. I uploaded validation files, too (sha and/or md5), so you may check the downloaded stuff if you want. Note that you may find newer versions at the download page of their distributor. See the Useful links section below.

3. Unmount the pendrive. You are ready, Puli is installed.

4. Before rebooting your machine from the Puli pendrive

   a. I recommend to read the following sections, too.
   b. If you know what to do, you may configure some startup parameters in syslinux.cfg and puli.cfg right now.
   c. Ensure that the BIOS is configured to boot from pendrive.

5. Give Puli a go!


II. Puli in a nutshell:

1. Boot-up the PC from the USB pendrive pre-installed with Puli.

   a. When asked, log in as root.
   b. At the first login, type root as password. (Later you can change it and save it for next logins).

2. The Session Setup dialog pops up.

   a. Check whether timezone, numlock, timesync, hwclock, firewall, locale, and keyboard, etc., are suitable for this session and change them if needed. Your changes in this dialog affect the current session but you can preserve them for the future sessions, too.
   b. You may right-click the Volume tray icon, select Full window and check/adjust Capture, Mic boost, etc.

3. The USB pendrive gets unmounted. Consider pulling it out when the popup message reminds you.

4. Before you finish, be sure that you left no data on the PC.

5. There are different methods to save your work on the (replugged) USB pendrive:

   a. You can preserve the main settings (including passwords, too) by clicking the Save: smart button on the Shutdown dialog or, within the session, in the dialog of the backup desktop icon.. See the next sections for details of this Smart save feature.
   b. Clicking the backup icon on the right of the Desktop immediately creates a compressed Puli_backup_YYYY_MM_DD_HH_MM.tar.gz backup file in the /backup folder of the USB pendrive. Backups include Backup description
   c. You can decide to create backup at the end of the session, too, by selecting Save: backup on the Shutdown dialog.

 * Note that the password files, the smartloaded packages (installed into /initrd/pup_rw) and the on-the-fly added .sfs files (arrived into the /initr/pup_ro4... ro8 folders) are excluded from the backups.

6. You can restore a previous status from a backup if you open the /backups folder on the pendrive then drag-and-drop a backup file onto the Restore icon next to it. Of course, the selection of the smartloaded packages should be the same as it was previously. You will receive notification about the packages omitted during backup.

7. Puli provides you with a secure environment. It helps you fight against malicious attackers.

  * Be wary of hardware keyloggers. From the tray, open the virtual keyboard and use it any time to enter passwords or other sensitive text. This way your data will not be disclosed.

  * Some features, such as Office programs, evince, etc., may start in offline mode for your security.

  * See more details about the available security profiles in the next sections.

  * It is recommended to change your session password as follows:
     a. Open console
     b. Issue the passwd command and follow the instructions.
     c. At shutdown time, save your environment with smart save. The new password shall be used for future logins. See the next sections for details.

  * If you right-click on a folder, you can encrypt / decrypt its content. See more details in the next section.


III. For advanced users:


1. To have additional packages, browse the content of smokey01.com/gjuhasz/packages and download the selected ones into the /packages folder of your USB pendrive. Among those packages, you can find advanced Office programs, the latest Java runtime module and other useful software - each of them tested in Puli. 

2. You probably don't use all downloaded packages in a given session. Puli offers easy selection among them in boot time, with the help of the smartload feature:

  * Together with the built-in Puli packages, you can boot any number of extra .sfs, .pet, .tar.7z, .deb and/or .rpm files simply by referencing their file name in separate lines of the /profiles/Common/smartload file of the USB boot device. See the default smartload file included in the release. Puli seeks those referenced packages in the /packages folder of the boot device and loads them during bootup. Note that the .tar.7z packages can be encrypted - Puli asks for password at boot time.

  * For example, to smartload SoftMaker FreeOffice, put a SoftMaker line in smartload file on your USB boot device. (This is a kind of free but licensed software thus you need to register and obtain your personal license at Softmaker Software GmbH. See the related legal restrictions at  /opt/freeoffice/license.txt. Alternatively, you can use LibreOffice (without registration) by putting a LibreOffice line in smartload file. See the Useful links section below.

  * You may have more smartload type files prepared, i.e., smartload, smartloada, smartloadb, etc. Then, you may select one from them during bootup by hitting a character (e.g., a, or b, or c) when asked. If you don't act, the default smartload file will be used. If your selection refers to a non-existing file or you hit space, then the smartload feature is omitted.

3. Other settings:

* You may add boot parameters, e.g., pkeys=hu plang=hu_HU.UTF-8, to syslinux.cfg on the pendrive (see among the install files).

* Further configuration options for timezone, numlock, timesync, hwclock, firewall are available in the files of the machine specific environment folders in (the root of the) pendrive. For example, take a look into the /usr/share/zoneinfo folder for correct timezone strings such as Australia/Perth It is recommended to put the plang and pkeys settings also in the puli.cfg file of the environment folder. You can find the default env folder as env-0. See more details later. 

* Just after boot-up, the advert-blocker feature updates the /etc/hosts file to block annoying commercials.

* By clicking on different Office files, the appropriate program opens based on MIME type, i.e., abiword gets the .docx files while textmaker handles the .doc; clicking an .xls opens planmaker while .xlsx invokes gnumeric, etc.

* In the Puli package, you can find tricky security profile examples realized by different file structures. They can be selected/activated by clicking their fantasy-named security profile selector icon (the profile name will be copied into the /patch folder on the pendrive) .

 mild-tempered Mild-tempered
   a. This is the default security profile, the only profile in which multiple browser windows or even multiple browsers can run simultaneously.
   b. Iron, Slimjet, and Vivaldi browsers open here in Incognito mode. I propose to not change this setting.
   c. The network_tray icon becomes red while suspicious connections are active. They are logged in /var/log/suspicious_connections file.

 rigorous Rigorous
   a. In this profile, you cannot run multiple browsers/browser windows simultaneously. Iron, Slimjet, and Vivaldi browsers open in Incognito mode. I propose to not change this setting.
   b. Puli barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.
   c. Puli does not release the suspicious host but occupies its available ports in SYN_SENT or similar mode. For details, see profile-specific scripts such as /usr/local/bin/defaultbrowser and /usr/bin/netchecker.
   d. If you accidentally get false alarm(s), move those friendly IP addresses from /etc/suspicious_hosts to /etc/friends file (and update your patch structure accordingly).

 crazy Crazy
   a. According to the profile name, Puli makes hackers crazy. It disables the network periodically to prevent their session become effective. See the details in /usr/bin/netkiller.
   b. Iron, Slimjet, and Vivaldi browsers open here in Incognito mode, and you cannot run multiple browsers/browser windows simultaneously. I propose to not change this setting.
   c. Opera browser may fail in this profile if the communication with the selected server is wery slow.

 lazy Lazy
   a. Similar to the mild profile with one tricky exception. While browsing in this unique profile, your lovely Puli becomes lazy and goes asleep. More precisely, the Linux utilities (those in the /bin folder) become inexecutable, preventing a hacker or even a trojan malware to initiate shell scripts or issue commands. In the script behind the lazy profile selector icon on your USB boot device, you can define the full path where you want to run the "disappeared" Linux utilities in lazy mode. You may leave the default /ban/ setting as is, or write a path like lazybin="/usr/share/foo/" (with slash at the end). Of course, you need to re-activate the lazy profile by clicking its profile selector icon, then reboot. Be careful! If you put an existing folder name above, its original content may be overwritten! Warning! Do NOT select a folder from those in the search path!
   b. Iron, Slimjet, and Vivaldi browsers open here in Incognito mode, and you cannot run multiple browsers/browser windows simultaneously. I propose to leave this setting "as is".
   c. Some features behind icons file, info, edit, write, calc, phone remain active only for you.
   d. During browsing, clicking on the leftmost dog icon toggles between the lazy and the mild profiles. While you see a "glowing" mild icon, you can click on the rest of desktop icons, and the menu items.
   e. The drive icons are replaced by an inactive drives icon during browsing in lazy mode. While toggled to mild mode, clicking on the drives icon invokes Pmount.
   f. Warning! Do not unplug any mounted drive while browsing in lazy mode!
   g. If you close the browser, all features are restored in a few seconds (i.e., the dog icon initiates backup and the drive icon(s) appear again).

* It is preferred to browse with the latest version of a properly sandboxed Chromium flavor, or use a modern Mozilla based version.

* Puli supports the following 32-bit browsers (in order of preference, which is NOT the order of quality): Iron; SlimJet; Vivaldi; Firefox; Mozilla Light; Opera; Links and runs them by spot user. It is recommended to use the smartload feature for booting them by selecting one of them in the smartload file. (Note that you if you install more than one browsers, they may interact or even block each other).

* Due to licensing issues, some Chromium based browsers cannot play mpeg4 videos. In those cases, installing or smartloading extra ffmpeg codecs can be a cure. A couple of extra ffmpeg packages are available in the Puli codec repository.The Opera version is probably compatible with Slimjet and Vivaldi browsers, too.

* In all profiles, clicking the info icon invokes the preferenced browser (in case of the Chromium-based browsers, in non-accelerated, Normal mode). If nothing selected, the Links browser appears. It is configured for smart media recognition capabilities.

* Puli supports the fully localized ESR channel of Firefox. You can download a relatively new version from my packages or the latest one from here. (In Feb 2017, it is ESR version 45.7.0, you may need to change the language code which appears at the end of the link.)  Auto-update to the latest version is configured in Puli. However, you can update my pet package by replacing its /opt/Firefox folder with the latest version.

* You can download the latest Flash player plugin from this link. Its filename is like "adobe-flashplugin_<latest date>.1-0ubuntu0.14.04.1_i386.deb". Put this smartloadable .deb file in the /packages folder on your boot device. Be sure that only one adobe-flashplugin*.deb file appears among the packages. It installs to /usr/lib/adobe-flashplugin folder.

* Parental control: Append IP addresses or even domain names (e.g., and/or somename.com) as separate lines to the /etc/suspicious_hosts file (of course, copy it into your favorite patch structure on the UBS pendrive, together with /etc/friends). Puli interprets them and feeds the blacklist automatically.

* If you right-click on a folder, you can encrypt / decrypt its content with the menu items. I propose storing your sensitive files in /root/my-documents/Secret/ folder which is encrypted (with AES 256 and password "root") by default. Of course, it is strongly recommended to change the default password to your one at your earliest convenience. The encryption-related options can be found in the dialogs behind the right-click menu items. Note that the Secret folder will be automatically unmounted (i.e., its content toggled to encrypted status) if you create a backup or select smartsave.

* If you connected an MTP (Media Transfer Protocol)-capable device (e.g. a mobile phone) via USB cable but the device is not recognized automatically, open a terminal window and issue mtp+. Now, you can access the device thru the /root/MTP folder. If you finished, issue mtp- before disconnecting the USB cable.


IV. For enthusiasts:

You may need to customize Puli if you want to run it on the same computer. Puli supports this in many ways as follows. But keep in mind that different computers' settings can be incompatible with each other thus their settings should be stored separately, i.e., in different environment folders on the boot device.

* The naming convention for the environment folders is: env-<macaddress> where macaddress is a 12-position hexadecimal number, for example, env-0123456789ab. Puli recognizes whether the name of one environment folder matches with the given machine at boot time. If no matching folder found, it will be created in /root/tmp using the content of the env-0 folder and your actual settings (and will be saved at shutdown time if you select Save:smart)

* During bootup, as mentioned above, the .sfs, .pet, .tar.7z, .deb and/or .rpm files listed in the (dynamically selectable) smartload file on the USB boot device, either as /patch/smartload or preferably in /profiles/Common/smartload, (don't mix - the former overrides the latter, other locations are ignored) will also be loaded if they exist in /packages folder of the USB boot device. You can reference there as many files as you want - even a truncated but unique basename, e.g., "wine", or (if you are unsure about capitals in the filename) "?ine" is enough to locate "wine-19.21_v2.1.pet". Note that while, on the one hand, only the memory limits the number of the auto-loaded packages; on the other hand, they cannot be uninstalled.

* The auto-loaded files are merged into the /initrd/pup_rw folder: first, the content of the Common folder, then the content of the environment folder, then the content of the smartloaded files (in the order of their appearence), then the content of the patch folder, then the content of the security profile. That is, you can overwrite a just loaded file with another one, e.g., files loaded from /Common folder with files loaded from /patch folder, etc.

* Note that although Puli can accept .rpm files, they mostly need additional libraries to run properly.

* The firewall can either be set as strong or lite. If you need to create a different firewall, you may set up the firewall rules manually in /usr/sbin/firewall_install.sh-lite AND ACCORDINGLY in /etc/rc.d/rc.firewall-lite files, then put them in your patch structure. Later, you can easily recognize the active one based on the color of the tray icon (green = strong, yellow = lite, blue = user-configured).

* Notice that the strong firewall cannot be overwritten by the Firewall Wizard but by the Firewall Genie. The Auto menu item of the Firewall Wizard restores the preset strong or lite firewall, however.

* In the Session Setup dialog, you can decide whether the current session settings are valid for the future sessions, too.

* After you accept the session environment by clicking OK in the Session Setup dialog, the files in the /root/Startup folder will be executed in alphabetical order. The last one among them is zsupp. It does worth looking into it for the tricks it does. Of course, even zsupp (which comes from /initrd/pup_ro2/root/Startup) could be updated from /patch before it (zsupp) would run.

* As in other Puppies, you may install five additional .sfs files on-the-fly later (into /initrd/pup_ro4 ... /initrd/pup_ro8). However, Puli offers a workaround if you need to load more than five .sfs files on-the-fly. Menu item Setup > Merge SFS files gets (based on their alphabetical order) the *.sfs files found in /root folder, then merges them into /root/puli.sfs. Move it to the pendrive and reference it as a single item to load/unload it using the Settings > SFS-Load menu item from the desktop.

* In contrast to other puppies, you cannot save your session as puli.2fs on the USB pendrive or elsewhere. Instead, use the backup desktop icon or the Save: backup option at the Shutdown dialog. Note that the auto-loaded extra packages are not included in the backup file thus you may need to use the same smartload file next time to restore the same environment.

* As already mentioned, you can save some session settings to auto-load them next time by clicking the Save: smart button either in the Shutdown dialog or, within the session, in the dialog of the backup desktop icon. If clicked, then the control files within the /smartsave folder will be executed. Note that some Puli-specific .pet or .sfs packages may add their own control files to the /smartsave folder on the boot device as /profiles/Common/smartsave.

* If you are experienced enough, you may activate the restore_latest.pet package by the appropriate row in your smartload file (as an example, see the /smarloadr file in the install kit). With these settings the latest backup will be auto-restored at boot time. Note that cumulative backups are possible, i.e., you may restore more backup files after each other, even those created in different security setups on different machines. Puli tries to manage this, and sends warning messages if needed. You may see unforeseen behavior in extreme cases, however.

* Beyond the above mentioned dynamically changing "latest" backup, you can auto-restore another "fixed" backup, too. For this, activate the restore_fixed.pet package in your smartload file. With these settings, Puli will seek a backup file placed in the /backups/fixed folder of the boot device to auto-restore it at boot time. Note that this is independent from the restore_latest feature, so you can apply them even together if needed. Restoring backups begin after the security profile is in place. Note that no security profile will be restored from backups.

* In your smartload file, you can reference a specific package (force_mild.pet, or force_rigorous.pet, etc.,) to replace the preset security profile with another one. With this feature, the single-key boot-time setup can include a smart security profile selection.

* You may refresh the puppy_puli_6.1.0.sfs file, e.g., to update it with the content of the actual patch structure:

   a. Ensure that the pendrive is plugged in (either mounted or unmounted).
   b. Open a terminal and issue refresh
   c. The temporary files are in the /root/squashfs-root folder. When the script asks for this, you can manually edit the content of /root/squashfs-root, update it with patch files, etc. Be careful with adding new links: relative links should not point out of the /root/squashfs-root folder.
   d. Wait until all operations are finished.

* The shrink script does the same as refresh except that it calls the Remove Builtin Files utility before writing back to the USB pendrive. The temporary files are in the /root/squashfs-root folder. You can manually edit the content there when the script asks for this.

* The paint desktop icon has this preference order to open: Gimp, Mypaint, LazPaint, nomacs, mtpaint - depending on which one is installed.

* The draw desktop icon has this preference order to open: Inkscape, AzDrawing, Inklite - depending on which one is installed.

* The record desktop icon has this preference order to open: SimpleScreenRecorder, XvidCap - the latter is the default.

* The phone desktop icon has this preference order to open: Skype, https://appear.in, xchat - depending on which one is installed. Note that usage of https://appear.in is limited in some browser versions because they do not allow camera/mic in WebRTC API.

* Skype installed from Skype- runs as spot.

* The zip desktop icon opens PackIt. Xarchive remains available via the menus.

* Notice that some common Puppy utilities, e.g., default applications chooser, have been removed in favor of the patch-based features.

* Notice also that the .DirIcon of the selected profile folder appears on the Desktop as backup icon.

* Warning! Puli detaches the pendrive at the end of the shutdown process to prevent the dirty bit set. Some machines remember this detached status until they are physically removed. In this case, unplug the pendrive after Shutdown. Never fix the dirty bit in Windows! Puli resets it next time during the bootup process.

* To accelerate its boot process, Windows 10 doesn’t fully shut down by default. Instead, it actually hibernates. Thus, the NTFS filesystem of Windows 10 appears as read-only in Puli (as in all Linux flavors). If you need to write to this partition from Puli, either permanently change the default power options of your Windows 10 or keep the Shift button while selecting Shutdown in your Windows 10. 

* Some USB install tools, other than LiLi, do not accept .zip files. In this case, simply rename the Puli_install.zip file to Puli_install.iso. This renamed file will be accepted for installation.

* To update the common CA certificates included in Puli, see the Useful links section below.


V. Useful links


Appendix A. How to install Puli in Linux environment

In the first section above, I described an easy method for installing Puli in Windows XP/7/8/10 environment. For an experienced Linux user, the below alternative is also easy and straightforward:

If you have a Puppy Linux distro/puplet such as Puli 6.x.x or Puli 3.8.3 bark 6 or pemasu's Upup Precise

1. Create a bootable USB pendrive

   a. Click the Install icon on the desktop. Then in the Install dialog, click the BootFlash USB installer button and follow the instructions there. (If you don't have Install icon, try to select menu item Setup / BootFlash install Puppy to USB.)
    * Bootflash may not be on your Puppy's desktop menu. It may, however, be builtin. Try opening a terminal and typing bootflash
    * Worst case, download and use my bootflash utility
   c. When finished, delete all files from the pendrive except ldlinux.sys.

2. Copy Puli to the pendrive.

   a. Puli and its updates are available at smokey01.com/gjuhasz in form of compressed files. Download then unpack the Puli_install.zip file that contains the Puli runtime structure.
   b. Open the unpacked structure and copy its content into the (root of the) USB pendrive.

3. Unmount the pendrive.

If you have another Linux

   a. Download the latest Puli_install.zip from smokey01.com/gjuhasz/Puli-(latestversion_issuedate) folder
   b. Simply rename the just downloaded Puli_install.zip file to Puli_install.iso
   c. Download one from the Linux based USB install tools.
   d. Start the Linux based USB install tool, and follow the steps there. In the appropriate selection box, choose the "fake" Puli_install.iso file as source.

Before rebooting your machine from the pendrive

   a. You can download some useful packages, e.g., browser(s), Adobe Flash plugin, Java runtime (jre) environment, Office packages, wine, etc. See the proposed packages at smokey01.com/gjuhasz/packages. Put them into the /packages folder of your boot pendrive. I uploaded validation files, too (sha and/or md5), so you may check the downloaded stuff if you want. Note that you may find newer versions at the download page of their distributor. See the Useful links section above.
   b. I recommend to read the above sections, too.
   c. If you know what to do, you may configure some startup parameters in syslinux.cfg and in puli.cfg right now.
   d. Ensure that the BIOS is configured to boot from pendrive.

You are ready. Puli is installed. Give it a go!


Appendix B. Declarations

Note that although Upup Precise has Busybox, which is a very small toolkit of utility applications, in some cases they do not have the required functionality and are replaced by the full versions. These replacements include: modprobe, cat, cp, df, gzip, gunzip, losetup, ls, mkdir, mv, rm, sed, sort, tar, wget, date, find, grep, fgrep and egrep.

It is hard to even list the trademarks and licenses owned by Microsoft (R), (TM) - related to their Windows (R), (TM) releases and to other software - please read their legal sections carefully and use only licensed instances.

Note that Puppy Linux applications are open source and under various GPL licences, however there are a few exceptions.

SoftMaker FreeOffice: The licence description is available at /opt/freeoffice/license.txt. Free Edition is just that, free, no embedded adverts, with restrictions decsribed in the license description. I would like to do the right thing by the developer, Softmaker Software GmbH, though, and recommend that you consider the full edition of SoftMaker FreeOffice.

Some releases of Puppy have the Opera web browser, which is closed source but free.

Some releases of Puppy include the Adobe (formerly Macromedia) Flash plugin for the web browser. This is closed source but free. The distribution licence requires that I include the logo and a link to the Adobe site.

Legal notice:
I, Barry Kauler, established the 'Puppy Linux Project' in January 2003, first website and product release 18-June-2003, and I have trademark claim to the name and typed drawing of 'Puppy Linux', 'PuppyOS' and 'Puppy' as it relates to "computer operating system software to facilitate computer use and operation", under Federal and International Common Law and Trademark Laws as appropriate.
Programs in Puppy are open source (except where noted above), and licences of individual products are duly acknowledged. The name Puppy Linux", also known as "Puppy" and "PuppyOS", and all artistic creations thereof, are copyright (c) 2003,2004,2005,2006,2007,2008,2009 Barry Kauler -- further details in the online FAQ.

Very simple, use entirely at your own risk. Barry Kauler accepts no liability or responsibility whatsoever, and you use Puppy with this understanding.