Wednesday, September 30, 2020

Fedora 32 : Can be better? part 014.

The GTK documentation for C # is not very up to date, I tried to use a button to change a label and I failed first time. The Fedora team could improve this to develop the development side. Here's what I've managed to do so far with GTK.

I fixed the source code with this, but I would have preferred a better method:

my_Button.Clicked += delegate {
my_Label.Text = "Use delegate!";
};

Mono is a free and open source implementation of the .NET Framework.

The most popular build tool for Mono is NAnt.

NUnit is very useful for test driven development.

[root@desk mythcat]# dnf install mono-devel
Last metadata expiration check: 0:15:26 ago on Wed 30 Sep 2020 09:04:30 PM EEST.
Package mono-devel-6.6.0-8.fc32.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@desk mythcat]# dnf install nant
...
Installed:
  log4net-2.0.8-10.fc32.x86_64            nant-1:0.92-25.fc32.x86_64           
  nunit2-2.6.4-24.fc32.x86_64            

Complete!
[root@desk mythcat]# dnf install nunit nunit-gui
Last metadata expiration check: 0:02:09 ago on Wed 30 Sep 2020 09:27:18 PM EEST.
No match for argument: nunit-gui
Error: Unable to find a match: nunit-gui

Installing MonoDevelop:

[root@desk mythcat]# dnf install monodevelop
...
Installed:
  ORBit2-2.14.19-23.fc32.x86_64                                                 
  gamin-0.1.10-36.fc32.x86_64                                                   
  gnome-desktop-sharp-2.26.0-36.fc31.x86_64                                     
  gnome-sharp-2.24.2-25.fc32.x86_64                                             
  gnome-vfs2-2.24.4-30.fc32.x86_64                                              
  gnome-vfs2-common-2.24.4-30.fc32.noarch                                       
  gtk-sharp2-2.12.45-11.fc32.x86_64                                             
  gtk-sharp2-devel-2.12.45-11.fc32.x86_64                                       
  gtksourceview2-2.11.2-31.fc32.x86_64                                          
  libIDL-0.8.14-21.fc32.x86_64                                                  
  libbonobo-2.32.1-18.fc32.x86_64                                               
  libbonoboui-2.24.5-18.fc32.x86_64                                             
  libgnome-2.32.1-20.fc32.x86_64                                                
  libgnome-keyring-3.12.0-19.fc32.x86_64                                        
  libgnomecanvas-2.30.3-19.fc32.x86_64                                          
  libgnomeui-2.24.5-21.fc32.x86_64                                              
  mono-addins-1.1-13.fc32.x86_64                                                
  monodevelop-5.10.0-17.fc32.x86_64                                             
  vte-0.28.2-31.fc32.x86_64                                                     

Complete!

Install the .NET Core. This is a general-purpose, modular, cross-platform and open-source development Platform.

[root@desk mythcat]# dnf copr enable @dotnet-sig/dotnet
Enabling a Copr repository. Please note that this repository is not part
of the main distribution, and quality may vary.
...
Do you really want to enable copr.fedorainfracloud.org/@dotnet-sig/dotnet? [y/N]: y
Repository successfully enabled.
[root@desk mythcat]# dnf install dotnet
Copr repo for dotnet owned by @dotnet-sig             5.4 kB/s | 3.3 kB     00:00    
Package dotnet-3.1.108-1.fc32.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete! 

Let's start with a GTK project using the MonoDevelop I.D.E.

[mythcat@desk ProjectsCSharp]$ monodevelop 
I use a new solution from .NET with GTK# 2.0 Project template. The default source code is this:
using System;
using Gtk;

namespace MonoDevelopGTK_001
{
	class MainClass
	{
		public static void Main (string[] args)
		{
			Application.Init ();
			MainWindow win = new MainWindow ();
			win.Show ();
			Application.Run ();
		}
	}
}
The result is an simple window form. For a complex form with entry ,label and one button, you can see the next example:
using System;
using Gtk;

namespace MonoDevelopGTK_001
{
	
	class MainClass
	{
		public static void Main (string[] args)
		{
			// define here Entry and Button 
			Entry name;
			Button my_Button;

			Application.Init ();
			MainWindow win = new MainWindow ();
			// change the size of window
			win.SetDefaultSize (640, 480);
			// this will close application
			win.DeleteEvent += new DeleteEventHandler (Window_Delete);

			// use of VBox or HBox
			VBox global_vbox = new VBox();
			win.Add(global_vbox);
			name = new Entry();
			global_vbox.PackStart(name, false, false, 0);
			win.Add(name);

			VBox label_vbox = new VBox();
			global_vbox.Add (label_vbox);
			//Define here a label and put some text in it.
			Label my_Label = new Label();
			my_Label.Text = "Hello World!";
			label_vbox.PackStart(my_Label, false, false, 0);
			//Add the label to the form
			win.Add(my_Label);

			VBox button_vbox = new VBox();
			global_vbox.Add (button_vbox);
			my_Button = new Button("Ok!");
			my_Button.Clicked += OnButtonClicked;
			button_vbox.PackStart(my_Button, false, false, 0);
			win.Add(my_Button);
			// ShowAll is used to see all labels, buttons
			win.ShowAll();
			//win.Show ();
			Application.Run ();

		}

		public static void OnButtonClicked (object obj, EventArgs args)
		{
			//Label my_Label = obj as Gtk.Label;
			Console.WriteLine ("Button Clicked !");

		}

		static void Window_Delete (object obj, DeleteEventArgs args)
		{
			Application.Quit ();
			args.RetVal = true;
		}
	}
}

Tuesday, September 29, 2020

Fedora 32 : Can be better? part 013.

I would say that I always have a problem with accessing the knowledge base related to errors, errors and configurations in Linux and Fedora distro.

I think it would be very necessary to have as up-to-date documentation as possible in the Fedora distribution system and possibly a database based on questions and answers.

That makes me think of the pilots' manuals ... where all the possible problems are listed.

It would be useful for anyone and especially saves users' memory.

In the age of artificial intelligence, a flow chart for each possible problem generated by Xorg, Network, services that indicate the areas of interaction and possibly the basic checks that a user should make, possible settings depending on the problem or the desired change would be a fantastic map for both a beginner and an advanced user.

After doing some SELinux configurations, my browser did not want to access the internet.

Until the deactivation, the number of SELinux alerts increased dramatically.

The written SELinux policies were not exactly correct.

Obviously I tried to fix the problem by disabling SELinux.

The ping utility sent and received packets to the internet, my browser does not connect to it.

Sometimes a symbolic link or incorrect setting can block your internet access.

I think the problem was generated when disabling SELinux by restarting and shutting down a useful service.

ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
Although attention was paid to the possibility of incorrect SELinux settings, a simple check and a restart of the systemd-resolved.service service solved the problem.
[root@desk mythcat]# systemctl status systemd-resolved.service 
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; disabled
     Active: inactive (dead)
       Docs: man:systemd-resolved.service(8)
[root@desk mythcat]# systemctl start systemd-resolved.service 
[root@desk mythcat]# systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; disabled
     Active: active (running) since Tue 2020-09-29 22:25:32 EEST; 8s ago

Now I've fixed it.

Sunday, September 27, 2020

Fedora 32 : Can be better? part 012.

Pidgin is a chat program which lets you log into accounts on multiple chat networks simultaneously. Pidgin can be install on multiple operating systems and platforms. Pidgin is compatible with the following chat networks out of the box: I.R.C., Jabber/XMPP, Bonjour, Gadu-Gadu, IRC, Novell GroupWise Messenger, Lotus Sametime, SILC, SIMPLE, and Zephyr. Can it be better? The only problems a user in need of help may have are in the command line environment. Obviously, in this case, this application cannot be used. I would suggest building a terminal application like WeeChat dedicated to Fedora users and including I.R.C channels. Now, let's install this application.
[root@desk mythcat]# dnf install pidgin.x86_64
Last metadata expiration check: 0:45:32 ago on Sun 27 Sep 2020 04:21:51 PM EEST.
Dependencies resolved.
==============================================================================================
 Package                     Architecture    Version                   Repository        Size
==============================================================================================
Installing:
 pidgin                      x86_64          2.13.0-18.fc32            updates          1.4 M
Installing dependencies:
 cyrus-sasl-md5              x86_64          2.1.27-4.fc32             fedora            41 k
 cyrus-sasl-scram            x86_64          2.1.27-4.fc32             fedora            27 k
 farstream02                 x86_64          0.2.9-1.fc32              fedora           239 k
 gtkspell                    x86_64          2.0.16-20.fc32            fedora            43 k
 libgadu                     x86_64          1.12.2-10.fc32            fedora           110 k
 libnice-gstreamer1          x86_64          0.1.17-2.fc32             updates           20 k
 libpurple                   x86_64          2.13.0-18.fc32            updates          5.2 M
 meanwhile                   x86_64          1.1.0-28.fc32             fedora           106 k

Transaction Summary
==============================================================================================
Install  9 Packages

Total download size: 7.2 M
Installed size: 31 M
Is this ok [y/N]: y
Downloading Packages:
...
Complete!

Tuesday, September 22, 2020

Fedora 32 : Testing the Bookworm software.

The current version of Bookworm (v1.1.2) supports eBooks in the following file formats: EPUB, PDF, MOBI, FB2, CBR, CBZ.

First, I install this software with dnf tool:

[root@desk mythcat]# dnf install bookworm.x86_64 
...
Installed:
  bookworm-1.1.3-0.1.20200414git.c7c3643.fc32.x86_64                                          

Complete!

I tested with some old EPUB and PDF files and I'm not very happy with formatting text on the page.

HI tested with some old EPUB and PDF files and I'm not very happy with the formatting for certain texts on the page, like source code in programming.

Bookworm does one thing and does it well for this simple reader.

You can help this project on GitHub.

Monday, September 21, 2020

Fedora 32 : Can be better? part 011.

Four days ago, the well-known Gnome environment came with a new release.

I guess it will be implemented in Fedora distro soon. 

Sunday, September 20, 2020

Fedora 32 : Can be better? part 010.

In this tutorial I will show you how can easy learn with a simple example to have a better Fedora distro with SELinux. 

SELinux uses a policy store to keep track of its loaded policy modules and related settings. 

You can see my active policy store name is MLS.

[root@desk mythcat]# sestatus | grep Loaded
Loaded policy name:             mls

I want to create policy in the most easy way to denny memory. 

I can use many way to do that or find it on SELinux. 

If you want to deny user domains applications to map a memory region as both executable and writable you can use deny_execmem

This is dangerous and the executable should be reported in bugzilla and is is enabled by default. 

You must turn on the deny_execmem boolean.

setsebool -P deny_execmem 1
Let's use it:
[root@desk mythcat]# setsebool -P deny_execmem 1
[root@desk mythcat]# ausearch -c 'Web Content' --raw | audit2allow -M my-WebContent
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i my-WebContent.pp

[root@desk mythcat]# semodule -X 300 -i my-WebContent.pp
Let's see if this SELinux is currently loaded:
[root@desk mythcat]# semodule -l | grep Web
my-WebContent

Tuesday, September 15, 2020

Fedora 32 : Can be better? part 008.

The Fedora development is not very active in the last programming language.
The main reason is the build new packages and put on the repository.
I think this can be improved with a good tool to solve all dependencies and link all into a good package.
Today I tested the new Python version 3.5.10 released on September 5th, 2020.
I download an unzip the archive and I use these commands to build this python version
[mythcat@desk ~]$ cd Python-3.5.10/
[mythcat@desk Python-3.5.10]$ ./configure
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for python3.5... no
checking for python3... python3
checking for --enable-universalsdk... no
...
The next command is make:
[mythcat@desk Python-3.5.10]$ make
gcc -pthread -c -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes
   -Werror=declaration-after-statement   -I. -I./Include    -DPy_BUILD_CORE -o Programs/python.o 
./Programs/python.c
...
# On Darwin, always use the python version of the script, the shell
# version doesn't use the compiler customizations that are provided
# in python (_osx_support.py).
if test `uname -s` = Darwin; then \
 cp python-config.py python-config; \
fi
Then I used make test.
[mythcat@desk Python-3.5.10]$ make test
running build
running build_ext
INFO: Can't locate Tcl/Tk libs and/or headers

Python build finished successfully!
...
For the last part I used this command:
[mythcat@desk Python-3.5.10]$ sudo make install
...
The result of this is ...
[mythcat@desk Python-3.5.10]$ ls
aclocal.m4     config.sub    Include          Mac              Modules  platform        python            README
build          configure     install-sh       Makefile         Objects  Programs        Python            setup.py
config.guess   configure.ac  Lib              Makefile.pre     Parser   pybuilddir.txt  python-config     Tools
config.log     Doc           libpython3.5m.a  Makefile.pre.in  PC       pyconfig.h      python-config.py
config.status  Grammar       LICENSE          Misc             PCbuild  pyconfig.h.in   python-gdb.py
[mythcat@desk Python-3.5.10]$ ./python 
Python 3.5.10 (default, Sep  6 2020, 22:32:07) 
[GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
...

Fedora 32 : Can be better? part 009.

The Fedora distro will be better if the development team will come with useful, accurate, and up-to-date information. A very simple example is C and C ++ programming and more precisely how to build programs and packages. Let's take a simple example of creating interfaces with GTK. Let's take a simple example of creating interfaces with GTK that require knowledge of the GCC compiler. First I install gtk3-devel package:
dnf install gtk3-devel 
The Fedora team come with a group install with many feature.
#dnf -y groupinstall "Development Tools"
I test with these examples:
#include 

int main(int   argc,
     char *argv[])
{
  GtkWidget *window;
    
  gtk_init (&argc, &argv);
    
  window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
  gtk_window_set_title (GTK_WINDOW (window), "Hello World");
  gtk_widget_show  (window);
    
  gtk_main ();
    
  return 0;
}
This create a simple window with Hello World title.
#include 

static void on_window_closed(GtkWidget * widget, gpointer data)
{
    gtk_main_quit();
}

int main(int argc, char * argv[])
{
    GtkWidget * window, * label;

    gtk_init(&argc, &argv);

    window = gtk_window_new(GTK_WINDOW_TOPLEVEL);

    g_signal_connect( window, "destroy", G_CALLBACK(on_window_closed), NULL);

    label = gtk_label_new("Hello, World!");

    gtk_container_add(GTK_CONTAINER(window), label);

    gtk_widget_show(label);
    gtk_widget_show(window);

    gtk_main();

    return 0;
}
This is the same example but you will see a label with te text Hello, World!.
The last example is more complex and involves the use of signals attached to the close button and the OK button.
The main window contains three labels with my name and an editbox in which you have to enter my nickname mythcat or something else.
#include 

const char *password = "mythcat";

// close the window application 
void closeApp(GtkWidget *widget, gpointer data)
{
    gtk_main_quit();
}

// show text when you click on button 
void button_clicked(GtkWidget *button, gpointer data)
{
    const char *password_text = gtk_entry_get_text(GTK_ENTRY((GtkWidget *)data));

    if(strcmp(password_text, password) == 0)
        printf("Access granted for user: \"%s\"\n",password);
    else
        printf("Access denied!\n");
 
}

int main( int argc, char *argv[])
{
    GtkWidget *window;
    GtkWidget *label1, *label2, *label3;
    GtkWidget *hbox;
    GtkWidget *vbox;
    GtkWidget *ok_button;
    GtkWidget *password_entry;

    gtk_init(&argc, &argv);

    window = gtk_window_new(GTK_WINDOW_TOPLEVEL);

    gtk_window_set_title(GTK_WINDOW(window), "Labels, password with one button and layout");
    gtk_window_set_position(GTK_WINDOW(window), GTK_WIN_POS_CENTER);
    gtk_window_set_default_size(GTK_WINDOW(window), 300, 200);

    g_signal_connect(G_OBJECT(window), "destroy", G_CALLBACK(closeApp), NULL);

    label1 = gtk_label_new("Catalin");
    label2 = gtk_label_new("George");
    label3 = gtk_label_new("Festila");

    password_entry = gtk_entry_new();
    gtk_entry_set_visibility(GTK_ENTRY(password_entry), FALSE);
    ok_button = gtk_button_new_with_label("OK");
    g_signal_connect(G_OBJECT(ok_button), "clicked", G_CALLBACK(button_clicked),password_entry);

    hbox = gtk_box_new(FALSE, 1);
    vbox = gtk_box_new(TRUE, 2);

    gtk_box_pack_start(GTK_BOX(vbox), label1, TRUE, FALSE, 5);
    gtk_box_pack_start(GTK_BOX(vbox), label2, TRUE, FALSE, 5);
    gtk_box_pack_start(GTK_BOX(hbox), vbox, FALSE, TRUE, 5);
    gtk_box_pack_start(GTK_BOX(hbox), label3, FALSE, FALSE, 5);
    gtk_box_pack_start(GTK_BOX(vbox), ok_button, FALSE, FALSE, 5);
    gtk_box_pack_start(GTK_BOX(hbox), password_entry, TRUE, FALSE, 5);
    gtk_container_add(GTK_CONTAINER(window), hbox);

    gtk_widget_show_all(window);

    gtk_main();

    return 0;
} 
The result can be seen in the following image:

I put the source code for the last example in a test.c file and compiled it like this:
[mythcat@desk ~]$ gcc test.c $(pkg-config --cflags --libs gtk+-3.0) -o test
[mythcat@desk ~]$ ./test

Saturday, September 5, 2020

Fedora 32 : Can be better? part 007.

Another article in the Can be better? series that deals with a very popular feature called SELinux. Here that in this seventh part I will introduce you to the world of SELinux in my own style of simply explaining some SElinux configurations.
Let's recap some basic elements specific to SELinux.
Multi Category Security or MCS is a discretionary implementation of the mandatory Multi Level Security
MCS basically tries to use the MLS attributes: Security Levels and Security Compartments.
MCS implemented have one or more extra fields in their Security Context tuple: user_u:role_r:type_t:s0:c0.
You can see this with id -Z.
The MLS Range contains two components, the low (classification and compartments) and high (clearance).
sensitivity label build from the low component: s2 with c1, c2 ...
MCS does have 1024 categories that can be assigned to processes and files.
On an MLS system are two special labels, SystemLow(s0) and SystemHigh (s15:c0.c255).
The upper end of the MCS range is in an MCS environment s0:c0.c1023 is SystemHigh.
By default, everything in an MCS environment has access to SystemLow or s0.
You will able to access files with s0:c122 and s0:c123 categories.
The MLS translation mechanism to give a more literal meaning to the machine-like policy used in the MLS sensitivity and category declaration.
The MLS rule says: "no read up and no write down".
The MLS model is used to enforce confidentiality.
All processes that are forced to operate with Security Level.
The s0 Security Level or SystemLow level is the lower end of the Security Level Range in an MLS environment.
If you do not have the correct configurations then the SELinux setting operation for Enforcing could generate errors in the linux operation after reboot or during Linux operation.
You will need to have the root password and return for new SELinux settings.
Let's solve this issue: put SELinux into Enforce mode but give my user possibility to use command sudo su.
First, you need to see this table:
SELinux user Description Used for
unconfined_u SELinux user meant for unrestricted users. Unconfined users have hardly any restrictions in a SELinux context and are meant for systems where only Internet-facing services should run confined (i.e. the targeted SELinux policy store). All users on a targeted system
root The SELinux user meant for the root account The Linux root account
sysadm_u SELinux user with direct system administrative role assigned Linux accounts that only perform administrative tasks
staff_u SELinux user for operators that need to run both non-administrative commands (through the staff_r role) and administrative commands (through the sysadm_r role). Linux accounts used for both end user usage as well as administrative tasks
user_u SELinux user for non-privileged accounts Unprivileged Linux accounts
system_u Special SELinux user meant for system services Not used directly
Is need to change my user mythcat to staff_u with a good MLS Range.
[root@desk mythcat]# semanage login --modify --seuser staff_u --range s2:c100 mythcat
[root@desk mythcat]# semanage login --modify --seuser staff_u --range s0-s15:c0.c1023 mythcat
[root@desk mythcat]# semanage login -l 
[root@desk mythcat]# setenforce enforcing
[root@desk mythcat]# getenforce
Enforcing
[root@desk mythcat]# semanage login -l 
ValueError: Cannot read policy store.
After reboot need some time to load the new changes, first is the last configuration.
[mythcat@desk ~]$ semanage login -l
ValueError: SELinux policy is not managed or store cannot be accessed.
[mythcat@desk ~]$ id -Z
staff_u:staff_r:staff_t:s0-s15:c0.c1023
[mythcat@desk ~]$ sestatus 
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: denied
Memory protection checking: actual (secure)
Max kernel policy version: 33
Few seconds later all is good:
[mythcat@desk ~]$ sudo su 
[sudo] password for mythcat: 
bash: /root/.bashrc: Permission denied
bash-5.0# ls
bash-5.0# sestatus 
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode: enforcing
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: denied
Memory protection checking: actual (secure)
Max kernel policy version: 33
bash-5.0# id -Z
staff_u:staff_r:staff_t:s0-s15:c0.c1023
bash-5.0# exit 
exit
[mythcat@desk ~]$ sestatus 
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode: enforcing
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: denied
Memory protection checking: actual (secure)
Max kernel policy version: 33
Everything is fine for now, this delay is the reason for using the selinux kernel settings. More information about Multi-Level Security and Multi-Category Security can be found on this webpage.