Tuesday, February 18, 2020

The Fyne UI toolkit for Go programming language.

Today I will show you how to use a UI toolkit with the Go programming. language. The development team comes with this toolkit at the GitHub official webpage.
Fyne is an easy to use UI toolkit and app API written in Go. It is designed to build applications that run on desktop and mobile devices with a single codebase...
[mythcat@desk ~]$ sudo dnf install golang
[sudo] password for mythcat:
...
Installed:
  golang-1.13.6-1.fc31.x86_64            golang-bin-1.13.6-1.fc31.x86_64       
  golang-src-1.13.6-1.fc31.noarch        mercurial-4.9-2.fc31.x86_64           

Complete! 
First is need to install these packages with DNF tool:
[root@desk mythcat]# dnf install libX11-devel libXcursor-devel libXrandr-devel libXinerama-devel 
mesa-libGL-devel libXi-devel
Last metadata expiration check: 0:04:28 ago on Sun 16 Feb 2020 12:25:04 PM EET.
Package libX11-devel-1.6.9-2.fc31.x86_64 is already installed.
Package mesa-libGL-devel-19.2.8-1.fc31.x86_64 is already installed.
Package libXi-devel-1.7.10-2.fc31.x86_64 is already installed.
Dependencies resolved.
...

Installed:
  libXcursor-devel-1.1.15-6.fc31.x86_64           libXinerama-devel-1.1.4-4.fc31.x86_64           
  libXrandr-devel-1.5.2-2.fc31.x86_64             libXrender-devel-0.9.10-10.fc31.x86_64          

Complete! 
Let's install the fyne toolkit and the demo application:
[mythcat@desk ~]$ go get fyne.io/fyne
[mythcat@desk ~]$ go get fyne.io/fyne/cmd/fyne_demo/
I run the demo with this command and works very well:
[mythcat@desk ~]$ go run /home/mythcat/go/src/fyne.io/fyne/cmd/fyne_demo/main.go  

Sunday, February 16, 2020

Fedora 31 : Can be better? part 006.

I try to use the Selinux MLS with Fedora 31 and I wrote on my last article about Fedora 31 : Can be better? part 005. After relabeling the files and start the environment I get multiple errors and I ask an answer at fedoraproject lists: This is an example of the problem of implementing MLS in Fedora and can be remedied because MLS Selinux is old in implementing Selinux.

SELinux is preventing su from open access on the file /var/log/lastlog.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that su should be allowed open access on the lastlog file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'su' --raw | audit2allow -M my-su
# semodule -X 300 -i my-su.pp 
I try to fix it but I got this error:
[root@desk mythcat]# ausearch -c 'su' --raw | audit2allow -M my-su
compilation failed:
my-su.te:36:ERROR 'syntax error' at token 'mlsconstrain' on line 36:
mlsconstrain file { write create setattr relabelfrom append unlink link rename mounton } ((l1 eq l2 -Fail-)  
or (t1 == mlsfilewritetoclr -Fail-)  and (h1 dom l2 -Fail-)  and (l1 domby l2)  or (t2 == 
mlsfilewriteinrange -Fail-)  
and (l1 dom l2 -Fail-)  an
# mlsconstrain file { read getattr execute } ((l1 dom l2 -Fail-)  or (t1 == 
mlsfilereadtoclr -Fail-)  
and (h1 dom l2 -Fail-)  or (t1 == mlsfileread -Fail-)  or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
[root@desk mythcat]# ausearch -c 'su' --raw | audit2allow -M my-su
compilation failed:
my-su.te:36:ERROR 'syntax error' at token 'mlsconstrain' on line 36:
mlsconstrain file { write create setattr relabelfrom append unlink link rename mounton } ((l1 eq l2 -Fail-)  
or (t1 == mlsfilewritetoclr -Fail-)  and (h1 dom l2 -Fail-)  and (l1 domby l2)  or (t2 == 
mlsfilewriteinrange -Fail-)  
and (l1 dom l2 -Fail-)  an
# mlsconstrain file { read getattr execute } ((l1 dom l2 -Fail-)  or (t1 == 
mlsfilereadtoclr -Fail-)  
and (h1 dom l2 -Fail-)  or (t1 == mlsfileread -Fail-)  or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
/usr/bin/checkmodule:  error(s) encountered while parsing configuration...

Tuesday, February 11, 2020

Fedora 31 : Install the drawing GNOME with DNF and flatpak.

You can use the DNF tool:
[root@desk mythcat]# dnf search gnome | grep drawing 
Last metadata expiration check: 1:53:53 ago on Tue 11 Feb 2020 05:28:15 PM EET.
drawing.noarch : Drawing application for the GNOME desktop
[root@desk mythcat]# dnf install drawing.noarch 
Last metadata expiration check: 1:54:28 ago on Tue 11 Feb 2020 05:28:15 PM EET.
Dependencies resolved.
================================================================================
 Package          Architecture    Version                Repository        Size
================================================================================
Installing:
 drawing          noarch          0.4.9-1.fc31           updates          1.0 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 1.0 M
Installed size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
drawing-0.4.9-1.fc31.noarch.rpm                 1.4 MB/s | 1.0 MB     00:00    
--------------------------------------------------------------------------------
Total                                           601 kB/s | 1.0 MB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : drawing-0.4.9-1.fc31.noarch                            1/1 
  Running scriptlet: drawing-0.4.9-1.fc31.noarch                            1/1 
  Verifying        : drawing-0.4.9-1.fc31.noarch                            1/1 

Installed:
  drawing-0.4.9-1.fc31.noarch                                                   

Complete!
This install use the flatpak tool:
[root@desk mythcat]# dnf install flatpak
Last metadata expiration check: 1:47:49 ago on Tue 11 Feb 2020 05:28:15 PM EET.
Dependencies resolved.
================================================================================
 Package                     Arch        Version             Repository    Size
================================================================================
Installing:
 flatpak                     x86_64      1.4.3-3.fc31        updates      1.1 M
Installing dependencies:
 flatpak-selinux             noarch      1.4.3-3.fc31        updates       24 k
 flatpak-session-helper      x86_64      1.4.3-3.fc31        updates       72 k
Installing weak dependencies:
 p11-kit-server              x86_64      0.23.20-1.fc31      updates      186 k
 xdg-desktop-portal          x86_64      1.4.2-3.fc31        fedora       386 k
 xdg-desktop-portal-gtk      x86_64      1.4.0-1.fc31        fedora       212 k

Transaction Summary
================================================================================
Install  6 Packages

Total download size: 1.9 M
Installed size: 7.7 M
Is this ok [y/N]: y
...
Installed:
  flatpak-1.4.3-3.fc31.x86_64                                                   
  flatpak-selinux-1.4.3-3.fc31.noarch                                           
  flatpak-session-helper-1.4.3-3.fc31.x86_64                                    
  p11-kit-server-0.23.20-1.fc31.x86_64                                          
  xdg-desktop-portal-1.4.2-3.fc31.x86_64                                        
  xdg-desktop-portal-gtk-1.4.0-1.fc31.x86_64                                    

Complete! 
Let's install the flatpakrepo:
[mythcat@desk ~]$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Note that the directories 

'/var/lib/flatpak/exports/share'
'/home/mythcat/.local/share/flatpak/exports/share'

are not in the search path set by the XDG_DATA_DIRS environment variable, so
applications installed by Flatpak may not appear on your desktop until the
session is restarted.
[mythcat@desk ~]$ flatpak install flathub com.github.maoschanz.drawing

Note that the directories 

'/var/lib/flatpak/exports/share'
'/home/mythcat/.local/share/flatpak/exports/share'

are not in the search path set by the XDG_DATA_DIRS environment variable, so
applications installed by Flatpak may not appear on your desktop until the
session is restarted.

Looking for matches…
Required runtime for com.github.maoschanz.drawing/x86_64/stable (runtime/org.gnome.Platform/x86_64/3.34)
 found in remote flathub
Do you want to install it? [Y/n]: Y

com.github.maoschanz.drawing permissions:
    ipc   wayland   x11



        ID                                   Arch   Branch Remote  Download
 1. [✓] org.gnome.Platform                   x86_64 3.34   flathub 304.2 MB / 318.5 MB
 2. [✓] org.gnome.Platform.Locale            x86_64 3.34   flathub  16.8 kB / 322.0 MB
 3. [✓] org.freedesktop.Platform.GL.default  x86_64 19.08  flathub  92.6 MB / 92.6 MB
 4. [✓] org.freedesktop.Platform.VAAPI.Intel x86_64 19.08  flathub   8.7 MB / 8.7 MB
 5. [✗] org.freedesktop.Platform.openh264    x86_64 19.08  flathub 594.2 kB / 593.4 kB
 6. [✓] com.github.maoschanz.drawing         x86_64 stable flathub   1.0 MB / 1.1 MB
 7. [✓] com.github.maoschanz.drawing.Locale  x86_64 stable flathub   1.7 kB / 86.2 kB

Warning: org.freedesktop.Platform.openh264 not installed
Installation complete.
[mythcat@desk ~]$ flatpak install org.freedesktop.Platform/x86_64/19.08

Note that the directories 

'/var/lib/flatpak/exports/share'
'/home/mythcat/.local/share/flatpak/exports/share'

are not in the search path set by the XDG_DATA_DIRS environment variable, so
applications installed by Flatpak may not appear on your desktop until the
session is restarted.

Looking for matches…
Found similar ref(s) for ‘org.freedesktop.Platform/x86_64/19.08’ in remote ‘flathub’ (system).
Use this remote? [Y/n]: Y


        ID                                Arch   Branch Remote  Download
 1. [✓] org.freedesktop.Platform          x86_64 19.08  flathub  11.5 MB / 238.1 MB
 2. [✓] org.freedesktop.Platform.Locale   x86_64 19.08  flathub  16.7 kB / 318.2 MB
 3. [✓] org.freedesktop.Platform.openh264 x86_64 19.08  flathub 593.6 kB / 593.4 kB

Installation complete. 
Restart the session and run it with this command:
[mythcat@desk ~]$ flatpak run com.github.maoschanz.drawing

Sunday, February 2, 2020

Fedora 31 : Can be better? part 005.

Today we have once again dealt with this topic on the possibilities of improving the Fedora distro.
This time the adventure turned to the Selinux system switching to SELinux MLS.
Let's test the SELinux Fedora 31 from default targeted to mls.
First let's see the users:
[root@desk mythcat]# semanage user -l

                Labeling   MLS/       MLS/                          
SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles

guest_u         user       s0         s0                             guest_r
root            user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
staff_u         user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
sysadm_u        user       s0         s0-s0:c0.c1023                 sysadm_r
system_u        user       s0         s0-s0:c0.c1023                 system_r unconfined_r
unconfined_u    user       s0         s0-s0:c0.c1023                 system_r unconfined_r
user_u          user       s0         s0                             user_r
xguest_u        user       s0         s0                             xguest_r
To use the MLS you need to change this file:
[root@desk mythcat]# vim /etc/selinux/config


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
The changes are:

#SELINUX=enforcing
SELINUX=permissive
...
#SELINUXTYPE=targeted
SELINUXTYPE=mls
Is need to install these packages:
[root@desk mythcat]# dnf search mls | grep selinux
Last metadata expiration check: 2:45:09 ago on Sun 02 Feb 2020 01:28:54 PM EET.
selinux-policy-mls.noarch : SELinux mls base policy
[root@desk mythcat]# dnf install selinux-policy-mls.noarch
...
Installed:
  mcstrans-2.9-2.fc31.x86_64                                                    
  policycoreutils-newrole-2.9-5.fc31.x86_64                                     
  selinux-policy-mls-3.14.4-45.fc31.noarch                                      

Complete!
These commands will relabel and start the MLS.
[mythcat@desk ~]$ setenforce 0
[mythcat@desk ~]$ getenforce
Permissive
...
[root@desk mythcat]# touch /.autorelabel
[root@desk mythcat]# reboot
If you have problems on boot the add selinux=0 on boot kernel.
After I boot and relabel all files I got errors about Gtk-Messages.
I remove my old Cinnamon with this command:
[root@desk mythcat]# dnf groupremove -y "Cinnnamon"
I list all my group with dnf tool:
[root@desk mythcat]# dnf grouplist -v 
I install the MATE environment:
dnf groupinstall -y "MATE Desktop" --allowerasing
After that the only way to start the environement is this command:
[mythcat@desk ~]$ sudo systemctl restart lightdm.service
Another issue comes from SELinux Alert Browser, where I get multiple alerts and these need to fix manually.
First, these alerts are more than 250.
After I fix some of these now I see only 50.
I think this problem with changing the SELinux type can be improved.

Fedora 31 : Using the dmesg command on Linux operating system.

The dmesg command is used to display the kernel-related messages on Unix like systems. Today I will show you how to use this command on the Linux operating system. Simply use the command:
[mythcat@desk ~]$ dmesg 
[    0.000000] microcode: microcode updated early to revision 0x21, date = 2019-02-13
...
Show the latest message that fits on screen:
[mythcat@desk ~]$ dmesg | less
... 
Use it to see infoermation about motherboard:
[mythcat@desk ~]$ dmesg | grep -i memory
...
[mythcat@desk ~]$ dmesg | grep -i dma
...
[mythcat@desk ~]$ dmesg | grep -i usb
...
[mythcat@desk ~]$ dmesg | grep -i tty
...
Same reult with a single command using multiple grep option:
[mythcat@desk ~]$ dmesg | grep -E "memory|dma|usb|tty"
This display logs related to error and warning:
[root@desk mythcat]# dmesg --level=err,warn
The dmesg comes with supported log facilities:
  • kern - kernel messages;
  • user - random user-level messages;
  • mail - mail system;
  • daemon - system daemons;
  • auth - security/authorization messages;
  • syslog - messages generated internally by syslogd;
  • lpr - line printer subsystem;
  • news - network news subsystem;
See output facility only for one:
[mythcat@desk ~]$ dmesg --facility=daemon
Use root user to clear dmesg logs after the reading them:
[root@desk mythcat]# dmesg -C
If you want then you can show the outpout into the colored messages:
# dmesg -L

Tuesday, January 28, 2020

Fedora 31 : Can be better? part 004.

Another issue on Fedora can be linked to the management of transactions to avoid transaction lock. Let's see how can be fixed:
[root@desk mythcat]# rpm --rebuilddb
warning: waiting for transaction lock on /var/lib/rpm/.rpm.lock
^C
[root@desk mythcat]# rm /var/lib/rpm/.rpm.lock
rm: remove regular empty file '/var/lib/rpm/.rpm.lock'? y
[root@desk mythcat]# rpm --rebuilddb
...
[root@desk mythcat]# dnf clean all
...
Waiting for process with pid 2128 to finish.
^CKeyboardInterrupt: Terminated.
[root@desk mythcat]# kill  -9 2128
[root@desk mythcat]# dnf clean all
95 files removed

Friday, January 24, 2020

Fedora 31 : The twa web auditor tool.

This tool comes with a good intro: A tiny web auditor with strong opinions.
The tool named twa takes one domain at a time and use these dependencies: bash 4, curl, dig, jq, and nc, along with the POSIX system.
The project can be found at GitHub repository but I can be install easy on Fedora 31 distro:
[root@desk mythcat]# dnf install twa.noarch 
Last metadata expiration check: 0:06:08 ago on Fri 24 Jan 2020 01:57:53 PM EET.
Dependencies resolved.
================================================================================
 Package       Architecture     Version                  Repository        Size
================================================================================
Installing:
 twa           noarch           1.8.0-3.fc31             fedora            18 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 18 k
Installed size: 30 k
Is this ok [y/N]: y
Downloading Packages:
twa-1.8.0-3.fc31.noarch.rpm                      10 kB/s |  18 kB     00:01    
--------------------------------------------------------------------------------
Total                                           6.7 kB/s |  18 kB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : twa-1.8.0-3.fc31.noarch                                1/1 
  Running scriptlet: twa-1.8.0-3.fc31.noarch                                1/1 
  Verifying        : twa-1.8.0-3.fc31.noarch                                1/1 

Installed:
  twa-1.8.0-3.fc31.noarch                                                       

Complete!
Let's see some examples with google website responses and this tool:
[mythcat@desk ~]$ twa google.com
FAIL(google.com): TWA-0102: HTTP redirects to HTTP (not secure)
FAIL(google.com): TWA-0205: Strict-Transport-Security missing
MEH(google.com): TWA-0206: X-Frame-Options is 'sameorigin', consider 'deny'
FAIL(google.com): TWA-0209: X-Content-Type-Options missing
FAIL(google.com): TWA-0210: X-XSS-Protection is '0'; XSS filtering disabled
FAIL(google.com): TWA-0214: Referrer-Policy missing
FAIL(google.com): TWA-0219: Content-Security-Policy missing
FAIL(google.com): TWA-0220: Feature-Policy missing
PASS(google.com): Site sends 'Server', but probably only a vendor ID: gws
PASS(google.com): Site doesn't send 'X-Powered-By'
PASS(google.com): Site doesn't send 'Via'
PASS(google.com): Site doesn't send 'X-AspNet-Version'
PASS(google.com): Site doesn't send 'X-AspNetMvc-Version'
PASS(google.com): No SCM repository at: http://google.com/.git/HEAD
PASS(google.com): No SCM repository at: http://google.com/.hg/store/00manifest.i
PASS(google.com): No SCM repository at: http://google.com/.svn/entries
PASS(google.com): No environment file at: http://google.com/.env
PASS(google.com): No environment file at: http://google.com/.dockerenv
PASS(google.com): No config file at: http://google.com/config.xml
PASS(google.com): No config file at: http://google.com/config.json
PASS(google.com): No config file at: http://google.com/config.yaml
PASS(google.com): No config file at: http://google.com/config.yml
PASS(google.com): No config file at: http://google.com/config.ini
^C
The output result line looks like this:
TYPE(domain): explanation where TYPE is one of PASS, MEH, FAIL, UNK, SKIP, and FATAL., see the output example:
PASS: The test passed with flying color.
MEH: The test passed, but with one or more things that could be improved.
FAIL: The test failed and should be fixed.
UNK: The server gave us something we didn't understand.
SKIP: The server gave us something we understood, but that we don't handle yet.
FATAL: A really important test failed, and should be fixed immediately.
Another feature is scoring.
The score format is this: npasses nmehs nfailures nunknowns nskips totally_screwed.
Let's see one example:
[mythcat@desk ~]$ twa google.com | tscore
20 37 2 7 0 0 0
The tool can be used with Alpine Docker container.