Pages

Sunday, April 14, 2019

Fedora 29 : Install Inkscape with Flatpak Linux tool.

Today I used the Flatpak Linux tool to install the last version of Inkscape 0.92.4 5da689c313 released at 2019-01-14.
Flatpak (formerly xdg-app) is a software utility for software deployment, package management, and application virtualization for Linux desktop computers. It provides a sandbox environment in which users can run applications in isolation from the rest of the system. see Wikipedia Flatpak.
The Flatpak tool is installed by default on Fedora Workstation. To install and runt the last version of Inkscape you need to use these commands:
[mythcat@desk Downloads]$ flatpak install org.inkscape.Inkscape.flatpakref

org.inkscape.Inkscape permissions:
    ipc     x11    file access [1]

    [1] host


        ID                                    Arch   Branch Remote  Download
 1. [✓] org.gnome.Platform.Locale             x86_64 3.30   flathub 17.4 kB / 320.2 MB
 2. [✓] org.freedesktop.Platform.VAAPI.Intel  x86_64 18.08  flathub  1.8 MB / 1.8 MB
 3. [✓] org.freedesktop.Platform.html5-codecs x86_64 18.08  flathub  4.8 MB / 4.9 MB
 4. [✓] org.inkscape.Inkscape                 x86_64 stable flathub 86.1 MB / 88.6 MB
 5. [✓] org.inkscape.Inkscape.Locale          x86_64 stable flathub  8.5 kB / 18.6 MB

Installation complete.

[mythcat@desk Downloads]$ flatpak run org.inkscape.Inkscape
Gtk-Message: 22:58:01.259: Failed to load module "pk-gtk-module"
Gtk-Message: 22:58:01.259: Failed to load module "canberra-gtk-module"
The Inkscape drawing tool works well.

Tuesday, April 9, 2019

Fedora 29 : Thonny editor for python.

This Python IDE for beginners named Thonny is a simple editor with Python 3.7 built in.
The official webpage can be found here and the GitHub project page is this.
The development team is from the University of Tartu, Estonia with the help from the open-source community. Thonny grew up in University of Tartu (https://www.ut.ee), Institute of Computer Science (https://www.cs.ut.ee).
I test it today with Fedora 29 and works well.
Let's start with the first step:
[mythcat@desk ~]$ pip3 install thonny --user
Collecting thonny
...
Successfully installed astroid-2.2.5 asttokens-1.1.13 docutils-0.14 isort-4.3.17 jedi-0.13.3 lazy-object-proxy-1.3.1 
mccabe-0.6.1 mypy-0.700 mypy-extensions-0.4.1 parso-0.4.0 pylint-2.3.1 pyperclip-1.7.0 pyserial-3.4 thonny-3.1.2 
typed-ast-1.3.1
...
[root@desk mythcat]# dnf install python3-tkinter.x86_64
Last metadata expiration check: 0:21:20 ago on Tue 09 Apr 2019 09:57:24 PM EEST.

Installed:
  python3-tkinter-3.7.2-5.fc29.x86_64          tk-1:8.6.8-1.fc29.x86_64         

Complete!
This editor can be found on Fedora repo, but I used the last released version software.
[root@desk mythcat]# dnf search thonny
Last metadata expiration check: 0:36:55 ago on Tue 09 Apr 2019 09:57:24 PM EEST.
========================= Name Exactly Matched: thonny =========================
thonny.noarch : Python IDE for beginners

Thursday, March 21, 2019

Fedora 29 : Testing the dnf python module.

Today we tested with Fedora 29 a python module called DNF.
All users have used this tool.
This python module is not very documented on the internet.
A more complex example can be found on DNF tool documentation.
I tried to see what I can get from this module.
Let's start installing it with the pip tool:
$ pip install dnf --user
Here are some tests that I managed to run in the python shell.
[mythcat@desk ~]$ python
Python 2.7.15 (default, Oct 15 2018, 15:26:09) 
[GCC 8.2.1 20180801 (Red Hat 8.2.1-2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> import dnf
>>> dir(dnf)
['Base', 'Plugin', 'VERSION', '__builtins__', '__doc__', '__file__', '__name__', '__package__', 
'__path__', '__version__', 'base', 'callback', 'cli', 'comps', 'conf', 'const', 'crypto', 'db', 
'dnf', 'dnssec', 'drpm', 'exceptions', 'goal', 'history', 'i18n', 'lock', 'logging', 'match_counter',
 'module', 'package', 'persistor', 'plugin', 'pycomp', 'query', 'repo', 'repodict', 'rpm', 'sack',
 'selector', 'subject', 'transaction', 'unicode_literals', 'util', 'warnings', 'yum']
>>> import dnf.conf
>>> print(dnf.conf.Conf())
[main]
assumeno: 0
assumeyes: 0
autocheck_running_kernel: 1
bandwidth: 0
best: 0
...
>>> import dnf.module
>>> import dnf.rpm
>>> import dnf.cli
>>> base = dnf.Base()
>>> base.update_cache()
True
This read all repositories:

>>> base.read_all_repos()
You need to read the sack for querying:

>>> base.fill_sack()

>>> base.sack_activation = True
Create a query to matches all packages in sack:

>>> qr=base.sack.query() 
Get only available packages:

>>> qa=qr.available() 
Get only installed packages:

>>> qi=qr.installed()
>>> q_a=qa.run()
>>> for pkg in qi.run():
...     if pkg not in q_a:
...             print('%s.%s' % (pkg.name, pkg.arch))
... 
NetworkManager-openvpn.x86_64
NetworkManager-openvpn-gnome.x86_64
coolkey.x86_64
glibc-debuginfo.x86_64
glibc-debuginfo-common.x86_64
kernel.x86_64
kernel.x86_64
kernel-core.x86_64
kernel-core.x86_64
Get all packages installed on Linux:

>>> q_i=qi.run()
>>> for pkg in qi.run():
...     print('%s.%s' % (pkg.name, pkg.arch))
You can see more about the Python programming language on my blog.

Wednesday, March 13, 2019

Fedora 29 : Use Selinux with Firefox.

Today I tested Selinux with the Firefox browser. The main purpose was to create a policy for this browser. You can use this example to create your own policies. Using Fedora 29 this problem can be resolved easily. Let's start with installing an important packet using the dnf tool.
[root@desk selinux_001]# dnf install policycoreutils-devel
Let's see the other commands used to create policies named firefox.te:
[mythcat@desk ~]$ mkdir selinux_001
[mythcat@desk ~]$ cd selinux_001/
[mythcat@desk selinux_001]$ whereis firefox
firefox: /usr/bin/firefox /usr/lib64/firefox /etc/firefox /usr/share/man/man1/firefox.1.gz
[mythcat@desk selinux_001]$ sepolicy generate --init -n firefox /usr/bin/firefox 
nm: /usr/bin/firefox: file format not recognized
Failed to retrieve rpm info for selinux-policy
Created the following files:
/home/mythcat/selinux_001/firefox.te # Type Enforcement file
/home/mythcat/selinux_001/firefox.if # Interface file
/home/mythcat/selinux_001/firefox.fc # File Contexts file
/home/mythcat/selinux_001/firefox_selinux.spec # Spec file
/home/mythcat/selinux_001/firefox.sh # Setup Script
[mythcat@desk selinux_001]$ cat firefox.te


policy_module(firefox, 1.0.0)

########################################
#
# Declarations
#

type firefox_t;
type firefox_exec_t;
init_daemon_domain(firefox_t, firefox_exec_t)

permissive firefox_t;

########################################
#
# firefox local policy
#
allow firefox_t self:fifo_file rw_fifo_file_perms;
allow firefox_t self:unix_stream_socket create_stream_socket_perms;

domain_use_interactive_fds(firefox_t)

files_read_etc_files(firefox_t)

miscfiles_read_localization(firefox_t)
[mythcat@desk selinux_001]$ cat firefox.fc 
/usr/bin/firefox        --    gen_context(system_u:object_r:firefox_exec_t,s0)
I have modified this policy generated by sepolicy by adding my own rules:
[mythcat@desk selinux_001]$ cat firefox.te
policy_module(firefox, 1.0.0)

########################################
#
# Declarations
#

type firefox_t;
type firefox_exec_t;
init_daemon_domain(firefox_t, firefox_exec_t)

permissive firefox_t;
# my rules
require {
    type unreserved_port_t;
    type http_port_t;
    class tcp_socket { accept listen name_bind name_connect };
}

########################################
#
# firefox local policy
#
allow firefox_t self:fifo_file rw_fifo_file_perms;
allow firefox_t self:unix_stream_socket create_stream_socket_perms;

# my rules
allow firefox_t http_port_t:tcp_socket { name_bind name_connect };
allow firefox_t unreserved_port_t:tcp_socket { name_bind name_connect };
allow firefox_t self:tcp_socket { listen accept };

domain_use_interactive_fds(firefox_t)

files_read_etc_files(firefox_t)

miscfiles_read_localization(firefox_t)
I used the following commands to get my own policy:
[mythcat@desk selinux_001]$ make -f /usr/share/selinux/devel/Makefile
Compiling targeted firefox module
/usr/bin/checkmodule:  loading policy configuration from tmp/firefox.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 19) to tmp/firefox.mod
Creating targeted firefox.pp policy package
rm tmp/firefox.mod tmp/firefox.mod.fc
[mythcat@desk selinux_001]$ sudo semodule -i firefox.pp
[sudo] password for mythcat: 
The semodule is the tool used to manage SELinux policy modules, including installing, upgrading, listing and removing modules. Let's see the result:
[root@desk selinux_001]# semodule -l | grep firefox
firefox

Friday, February 1, 2019

Fedora 29 : The Piskel application.

This application is a tool for drawing and create sprites.
You can test online or use it locally by download it into your operating system.
The development team comes with this intro:
Create animations in your browser. Try an example, use Google sign in to access your gallery or simply create a new sprite.
I download it to Fedora 29 distro and working well.
This is result:

Thursday, January 24, 2019

Fedora 29 : Selinux and python.

Today I tested the selinux python module with Fedora 29.
The wikipedia page comes with this intro about SELinux: Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). ... A Linux kernel integrating SELinux enforces mandatory access control policies that confine user programs and system services, as well as access to files and network resources.

This kernel module can help you with security the network and running application on your Linux.
This very complex kernel module can be used with your policy configuration files designed to fix your security issues.
First, the install is easy to do with the dnf tool:
[root@desk mythcat]# dnf install python2-libselinux.x86_64 
Last metadata expiration check: 1:31:46 ago on Thu 24 Jan 2019 07:04:16 AM EET.
Dependencies resolved.
...
Installed:
  python2-libselinux-2.8-6.fc29.x86_64                                          

Complete!
I tested this python module with a few simple examples:
[mythcat@desk ~]$ python 
Python 2.7.15 (default, Oct 15 2018, 15:26:09) 
[GCC 8.2.1 20180801 (Red Hat 8.2.1-2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import selinux
>>> selinux.is_selinux_enabled()
1
>>> selinux.lgetfilecon_raw(".bashrc")
[37, 'unconfined_u:object_r:user_home_t:s0']
>>> selinux.lgetfilecon_raw(".bashrc")
[37, 'unconfined_u:object_r:user_home_t:s0']
>>> selinux.selinux_getpolicytype()[1]
'targeted'
>>> selinux.selinux_getpolicytype()
[0, 'targeted']

Sunday, January 13, 2019

Fedora 29 : The AppImage tool and Krita Next.

The AppImage is a universal software package format.
The process of packaging the software in AppImage is a storage file provide by the developer.
This file is a compressed image with all the dependencies and libraries needed to run the desired software. The AppImage doesn’t really install the software just execute it without no extraction and no installation.
The most common features:
  • Can run on various different Linux distributions;
  • No need of installing and compiling software;
  • No need of root permission and the system files are not touched;
  • Can be run anywhere including live disks;
  • Applications are in read only mode;
  • Software are removed just by just deleting the AppImage file;
  • Applications packaged in AppImage are not sandboxed by default.
More about this can be read at official webpage.
I tested the Krita Next with this tool.
The appimage file of Krita Next can be found here.
About the Krita Next this is a daily builds that contain new features, but could be unstable.
After I download the file I change it to executable with:
[mythcat@desk Downloads]$ chmod +x krita-4.2.0-pre-alpha-95773b5-x86_64.appimage 
[mythcat@desk Downloads]$ ./krita-4.2.0-pre-alpha-95773b5-x86_64.appimage