About Fedora Linux distro.

Tuesday, August 6, 2019

Fedora 30 : The gpg tool.

GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. see the official webpage.
Today I test it with Fedora 30 distro and works well.
You can find this tool in many Linux distros.
Let's install it with dnf tool.

[root@desk mythcat]# dnf install gnupg
Last metadata expiration check: 0:18:30 ago on Tue 06 Aug 2019 11:07:20 AM EEST.
Package gnupg2-2.2.17-1.fc30.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@desk mythcat]# exit
exit

This tool can be run with the gpg command and arguments: Let's see some example:

[mythcat@desk ~]$ gpg --list-secret-keys
[mythcat@desk ~]$ gpg --list-keys
[mythcat@desk ~]$ gpg --full-generate-key
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Catalin George Festila
Email address: catafest@yahoo.com
Comment: test gpg key 
You selected this USER-ID:
...
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

Enter password for protection

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
...

This command is normally only used interactive to generate a new key pair.

[mythcat@desk ~]$ gpg --gen-key
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: 
...

Let's see the list with the keys:

[mythcat@desk ~]$ gpg --list-keys
/home/mythcat/.gnupg/pubring.kbx
--------------------------------

The key can be exported in a binary format with this command:

[mythcat@desk ~]$ gpg --output mythcat --export catafest@yahoo.com

When the key is to be sent through email or published on a web page will can use a command-line option --armor.

[mythcat@desk ~]$ gpg --armor --export catafest@yahoo.com > catafest.key

Let's see this key:

[mythcat@desk ~]$ cat catafest.key 
...

Now If you can see the new key:

[mythcat@desk ~]$ gpg --list-keys
/home/mythcat/.gnupg/pubring.kbx
--------------------------------

I can edit this key:

[mythcat@desk ~]$ gpg --edit-key catafest@yahoo.com
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.
...
gpg> ?
quit        quit this menu
save        save and quit
help        show this help
fpr         show key fingerprint
grip        show the keygrip
...
enable      enable key
disable     disable key
showphoto   show selected photo IDs
clean       compact unusable user IDs and remove unusable signatures from key
minimize    compact unusable user IDs and remove all signatures from key
...

The key can be import and export it:

[mythcat@desk ~]$ gpg --export -a catafest >  catafest_public.key
[mythcat@desk ~]$ gpg --import -a catafest_public.key 
...
gpg: Total number processed: 1
gpg:              unchanged: 1

Let's see one example with encrypt and decrypt feature:

[mythcat@desk ~]$ echo "test gpg encrypt" >> gpgtest.txt
[mythcat@desk ~]$ gpg -e -r "catafest" gpgtest.txt 
[mythcat@desk ~]$ gpg -d  gpgtest.txt.gpg 
...
test gpg encrypt

Another example is encrypt and decrypt using aditional arguments like --batch and --passphrase-file:

[mythcat@desk ~]$ gpg --export --armor --output catafest.asc catafest@yahoo.com
[mythcat@desk ~]$ gpg --import catafest.asc 
...
gpg: Total number processed: 1
gpg:              unchanged: 1
[mythcat@desk ~]$ echo "this text will be encrypt and decrypt" | gpg --passphrase-file catafest.asc 
--batch --symmetric --cipher-algo AES256 > testgpg_001.txt
[mythcat@desk ~]$ gpg --batch --passphrase-file catafest.asc -d testgpg_001.txt
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
this text will be encrypt and decrypt

Monday, July 8, 2019

Fedora 30 : Using the python-wikitcms.

This python module named python-wikitcms can be used for interacting with the Fedora wiki.
The Fedora wiki used Fedora's Wikitcms.
Today I test it and works great with Fedora distro version 30.
First, the install of the fedora package with DNF tool:

[root@desk mythcat]# dnf install python3-wikitcms.noarch
...
Downloading Packages:
(1/8): python3-mwclient-0.9.3-3.fc30.noarch.rpm 186 kB/s |  61 kB     00:00    
(2/8): python3-fedfind-4.2.5-1.fc30.noarch.rpm  314 kB/s | 105 kB     00:00    
(3/8): python3-cached_property-1.5.1-3.fc30.noa  41 kB/s |  20 kB     00:00    
(4/8): python3-requests-oauthlib-1.0.0-1.fc29.n 313 kB/s |  40 kB     00:00    
(5/8): python3-jwt-1.7.1-2.fc30.noarch.rpm      112 kB/s |  42 kB     00:00    
(6/8): python3-oauthlib-2.1.0-1.fc29.noarch.rpm 293 kB/s | 153 kB     00:00    
(7/8): python3-simplejson-3.16.0-2.fc30.x86_64. 641 kB/s | 278 kB     00:00    
(8/8): python3-wikitcms-2.4.2-2.fc30.noarch.rpm 264 kB/s |  84 kB     00:00

I used this simple example to get information about the Fedora wiki:

[mythcat@desk ~]$ python3
Python 3.7.3 (default, May 11 2019, 00:38:04) 
[GCC 9.1.1 20190503 (Red Hat 9.1.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from wikitcms.wiki import Wiki
>>> my_site = Wiki()
>>> event = my_site.current_event
>>> print(event.version)
31 Rawhide 20190704.n.1
>>> page = my_site.get_validation_page('Installation','23','Final','RC10')
>>> for row in page.get_resultrows():
...     print(row.testcase)
... 
QA:Testcase_Mediakit_Checksums
QA:Testcase_Mediakit_ISO_Size
QA:Testcase_Mediakit_Repoclosure
QA:Testcase_Mediakit_FileConflicts
QA:Testcase_Boot_default_install
...
>>> dir(my_site)

I used this source code to login with my account.

>>> my_site.login()

A webpage is open to get access to the account and show this info:
The OpenID Connect client Wiki Test Control Management System is asking to authorize access for mythcat. this allow you to access it
After I agree with this the page tells me to close it:
You can close this window and return to the CLI
The next examples show you how to get and show information from the wiki:

>>> print(my_site.username)
Mythcat
>>> result = my_site.api('query', titles='Mythcat')
>>> for page in result['query']['pages'].values():
...             print(page['title'])
... 
Mythcat
>>> for my_contributions in my_site.usercontributions('Mythcat'):
...     print(my_contributions)
...

This python module comes with low documentation.

Sunday, June 30, 2019

Fedora 30 : The Pythonic tool.

The tutorial for today is about Pythonic tool.
Named Pythonic is a graphical programming tool that makes it easy for users to create Python applications using ready-made function modules.
This tool providing the consistent features and characteristics of a trading bot with just a few clicks.
The Pythonic tool is currently available in four languages: English, German, Spanish, and Chinese.
The tool comes with basic functions such as a scheduler, if-branches, connectivity, and logging functions are available out of the box and can be parameterized using a corresponding GUI.
Each graphical element is functionally processed individually.
The base idea is: A unique graphical input mask to carry out the parameterization necessary for processing, then after a process completes successfully, the returned result can be transferred to a subsequent process for further use.
You can use server processes can be placed in parallel in the background as listener applications that wait for external events and initiate the creation of a process when the event arrives.
Pythonic's data type list makes it easy to utilize different access techniques (push, pop, insert, append).
The install of this tool is easy on Fedora 30 distro:

[mythcat@desk ~]$ python3.7 -m pip install Pythonic --user
Collecting Pythonic
...
Successfully installed PyQt5-5.8.2 Pythonic-0.12 pandas-0.24.2 pythonic-binance-0.7.2

This is a screenshot with this tool.

Tuesday, June 4, 2019

Fedora 30 : About HTTPie.

From the official website we can get this info about this tool.
HTTPie consists of a single http command designed for painless debugging and interaction with

HTTP servers, RESTful APIs, and web services:
Sensible defaults;
Expressive and intuitive command syntax;
Colorized and formatted terminal output;
Built-in JSON support;
Persistent sessions;
Forms and file uploads;
HTTPS, proxies, and authentication support;
Support for arbitrary request data and headers;
Wget-like downloads;
Extensions;
Linux, macOS, and Windows support;
And more…

Let's install this tool:

[root@desk mythcat]# dnf install httpie
...
Installed:
  httpie-0.9.4-13.fc30.noarch       python3-pygments-2.2.0-16.fc30.noarch

Let's try a simple example:

[mythcat@desk ~]$ http httpie.org
HTTP/1.1 301 Moved Permanently
CF-RAY: 4e18f3613c36acf4-OTP
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 04 Jun 2019 09:41:22 GMT
Expires: Tue, 04 Jun 2019 10:41:22 GMT
Location: https://httpie.org/
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

The tool can also be tested online here.

Tuesday, May 28, 2019

Fedora 30 : Commands and tools that handle assembly files - part 002.

Another good approach to this topic is this Fedora tool.
The development team tells us: GNUSim8085 is a graphical simulator, assembler and debugger for the Intel 8085 microprocessor in Linux and Windows.

A simple editor component with syntax highlighting.

A keypad to input assembly language instructions with appropriate arguments.

Easy view of register contents.

Easy view of flag contents.

Hexadecimal - Decimal converter.

View of stack, memory and I/O contents.

Support for breakpoints for program debugging.

Stepwise program execution.

One click conversion of assembly program to opcode listing.

Printing support.

UI translated in various languages.

Let's install this fedora package:

[root@desk mythcat]# dnf install gnusim8085.x86_64
...
Installed:
  gnusim8085-1.3.7-19.fc30.x86_64         electronics-menu-1.0-21.fc30.noarch   
  gtksourceview2-2.11.2-27.fc29.x86_64   

Complete!

Now you can run it with this command:

[mythcat@desk ~]$ gnusim8085

The GUI interface is simple to understand and easy to use for a developer.
The Intel 8085 has seven internal general-purpose 8-bit registers A, B, C, D, E, H, L, and 5 flags — S (sign), Z (zero), AC (Aux Carry), P (Parity) and CY (Carry).
The processor has a total of 246 instructions with which we can manipulate data in the processor registers and memory.
The assembler Intel 8085 mnemonics with the instruction strings, labels define with a named point in the code, the target for JMP or CALL instructions, comments start line with a semicolon ‘;’ is ignored by the assembler and pseudo codes to the assembler that provides some features to the coding process.
For another development assembly tools for hardware, you can find more info on this wiki page.

Fedora 30 : Application packages with snap tool.

Snaps are application packages for desktop, cloud, and IoT that are easy to install, secure, cross-platform and dependency-free, see here.
The install of this tool with the dnf install tool is simple:

[root@desk snap]# dnf install snap
...
Installed:
  snap-0.6-13.fc29.noarch          python2-crypto-2.6.1-25.fc30.x86_64         
Complete!

Let's make the settings for this tool:

[mythcat@desk snap]$ sudo ln -s /var/lib/snapd/snap /snap
[mythcat@desk snap]$ snap install snapcraft --classic
snapcraft 3.5 from Canonical✓ installed

[mythcat@desk ~]$ snap help
The snap command lets you install, configure, refresh and remove snaps.
Snaps are packages that work across many different Linux distributions,
enabling secure delivery and operation of the latest apps and utilities.

Usage: snap  [...]

Commands can be classified as follows:

         Basics: find, info, install, list, remove
        ...more: refresh, revert, switch, disable, enable
        History: changes, tasks, abort, watch
        Daemons: services, start, stop, restart, logs
       Commands: alias, aliases, unalias, prefer
  Configuration: get, set, wait
        Account: login, logout, whoami
    Permissions: connections, interfaces, interface, connect, disconnect
      Snapshots: saved, save, check-snapshot, restore, forget
          Other: version, warnings, okay, ack, known
    Development: run, pack, try, download, prepare-image

For more information about a command, run 'snap help '.
For a short summary of all commands, run 'snap help --all'.
[mythcat@desk ~]$ snap refresh
All snaps up to date.

Now we can install an application and run it.
Let's try with the vlc application:

[mythcat@desk ~]$ snap install vlc
vlc 3.0.6 from VideoLAN✓ installed
[mythcat@desk ~]$ snap run  vlc
VLC media player 3.0.6 Vetinari (revision 3.0.6-0-g5803e85)
[00000000019ca3d0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
Qt: Session management error: None of the authentication protocols specified are supported
[0000000001a5fae0] main playlist: playlist is empty
QObject::~QObject: Timers cannot be stopped from another thread

Not all application will run on Fedora 30.
For example, I try with the qalculate application and not work:

[mythcat@desk ~]$ sudo snap install qalculate
[sudo] password for mythcat: 
snap "qalculate" is already installed, see 'snap help refresh'

When I try to run it the error was the qalculate application cannot be found.

Monday, May 6, 2019

Fedora 30 : Kite now works with Linux.

The development team comes with these new features for this Linux tool named Kite:
Code Faster in Python with Line-of-Code Completions Kite integrates with your IDE and uses machine learning to give you useful code completions for Python. Start coding faster today.
This tool integrates with all the top Python IDEs - Atom, Pycharm, Sublime, VS Code and Vim.
The install process is simple:

[mythcat@desk ~]$ bash -c "$(wget -q -O - https://linux.kite.com/dls/linux/current)"

This script will install Kite!

We hope you enjoy! If you run into any issues, please reach out at support@kite.com or feedback@kite.com

- The Kite Team

Press enter to continue...
Downloading kite-installer binary using wget...
Checking to see if all dependencies are installed....

Kite watches your workspace to be notified when python files change on disk. This allows us to
provide the latest information & completions from your coding environment. However, for larger
workspaces, Kite can exceed the default limits on inotify watches, which can result in a degraded experience. 

We can fix this by placing a file in /etc/sysctl.d/ to increase this limit.
Configure inotify now? (you might be asked for your sudo password) [Y/n] Y
Creating /etc/sysctl.d/30-kite.conf...
[sudo] password for mythcat: 
Running ./kite-installer install
[installer] no previous kite installation found
[installer] latest version is 2.20190503.3, downloading now...
[installer] verifying checksum
[installer] validating signature
[installer] installing version 2.20190503.3
[installer] installed ~/.config/autostart/kite-autostart.desktop
[installer] installed ~/.config/systemd/user/kite-updater.service
[installer] installed ~/.config/systemd/user/kite-updater.timer
[installer] installed ~/.local/share/applications/kite-copilot.desktop
[installer] installed ~/.local/share/applications/kite.desktop
[installer] installed ~/.local/share/icons/hicolor/128x128/apps/kite.png
[installer] installed ~/.local/share/kite/kited
[installer] installed ~/.local/share/kite/uninstall
[installer] installed ~/.local/share/kite/update
[installer] activating kite-updater systemd service
[installer] registering kite:// protocol handler
[installer] kite is installed! launching now! happy coding! :)
Removing kite-installer

After install you need to use your email to login into Kite account.
The last step is the integrations, and Kite will install this plugin for you. If you use the vim editor, then is a good idea to take a look here.

Thursday, May 2, 2019

Fedora 30 : First test.

Fedora 30 is available now. Use these commands to see how can be updated to Fedora 30.

[root@desk mythcat]# dnf upgrade --refresh 
Waiting for process with pid 2427 to finish.
Adobe Systems Incorporated                      2.4 kB/s | 2.9 kB     00:01    
Fedora Modular 29 - x86_64                       45 kB/s |  25 kB     00:00    
Fedora Modular 29 - x86_64 - Updates             29 kB/s |  24 kB     00:00    
Fedora 29 - x86_64 - Updates                     25 kB/s |  23 kB     00:00    
Fedora 29 - x86_64                               25 kB/s |  25 kB     00:01    
packages-microsoft-com-prod                     6.4 kB/s | 2.9 kB     00:00    
RPM Fusion for Fedora 29 - Free - Updates        13 kB/s |  10 kB     00:00    
RPM Fusion for Fedora 29 - Free                  22 kB/s |  10 kB     00:00    
Visual Studio Code                              8.7 kB/s | 2.9 kB     00:00    
Dependencies resolved.
...
Upgraded:
  selinux-policy-3.14.2-57.fc29.noarch                                          
  selinux-policy-devel-3.14.2-57.fc29.noarch                                    
  selinux-policy-sandbox-3.14.2-57.fc29.noarch                                  
  selinux-policy-targeted-3.14.2-57.fc29.noarch                                 
  x264-libs-0.155-3.20180806git0a84d98.fc29.x86_64                              

Complete!

[root@desk mythcat]# dnf install dnf-plugin-system-upgrade

[root@desk mythcat]# dnf system-upgrade download --releasever=30
Before you continue ensure that your system is fully upgraded by running "dnf --refresh upgrade". 
Do you want to continue [y/N]: y
...
  - problem with installed package python2-libdnf-0.31.0-2.fc29.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' 
to skip uninstallable packages)

[root@desk mythcat]# dnf system-upgrade download --releasever=30 --allowerasing
Before you continue ensure that your system is fully upgraded by running "dnf --refresh upgrade". 
Do you want to continue [y/N]: y
...
Transaction Summary
================================================================================
Install      92 Packages
Upgrade    2716 Packages
Remove        8 Packages
Downgrade    22 Packages

Total download size: 2.9 G
DNF will only download packages, install gpg keys, and check the transaction.
Is this ok [y/N]: y
...
Importing GPG key
...
Key imported successfully
Running transaction check
Running transaction test
...
Download complete! Use 'dnf system-upgrade reboot' to start the upgrade.
To remove cached metadata and transaction use 'dnf system-upgrade clean'
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.

Monday, April 29, 2019

Fedora 29 : About poedit tool.

In this tutorial I will briefly introduce the linux poedit tool.
Let's start installing it in Fedora 29.

[root@desk mythcat]# dnf search poedit 
Last metadata expiration check: 0:01:09 ago on Mon 29 Apr 2019 01:23:39 PM EEST.
========================= Name Exactly Matched: poedit =========================
poedit.x86_64 : GUI editor for GNU gettext .po files
[root@desk mythcat]# dnf install poedit 
Last metadata expiration check: 0:02:40 ago on Mon 29 Apr 2019 01:23:39 PM EEST.
Dependencies resolved.
...
Complete!

About this software named Poedit (formerly poEdit) shareware and cross-platform gettext catalog editor to aid in the process of language localization.
Poedit is a powerful and intuitive editor for translating interfaces that use gettext.
Available for Windows, macOS, and Linux.
What is a PO file?
The .PO file is a portable object file, which is text-based. These types of files are used in common in software development. The .PO file may be referenced by Java programs, GNU gettext, or other software programs as a properties file.
What is MO file?
The .MO files or Machine Object is a binary data file that contains object data referenced by a program.
It is typically used to translate program code and may be loaded or imported into the GNU gettext program.

These files can be provided by developer source code or you can sign in into the Crowdin.
This provides powerful tools to manage localization for projects of any type and any size.
Open the application and put all info on from File-> Preferences.
The Poedit asks some of the essential information such as your name, email address, translation memory settings, and more to change your preferences.
Set the path (absolute path) settings in your Catalog otherwise, the Poedit isn't able to use gettext from source files.
Before starting your translate issue be advice with the rules are set by GNU gettext utilities

Sunday, April 14, 2019

Fedora 29 : Install Inkscape with Flatpak Linux tool.

Today I used the Flatpak Linux tool to install the last version of Inkscape 0.92.4 5da689c313 released at 2019-01-14.
Flatpak (formerly xdg-app) is a software utility for software deployment, package management, and application virtualization for Linux desktop computers. It provides a sandbox environment in which users can run applications in isolation from the rest of the system. see Wikipedia Flatpak.
The Flatpak tool is installed by default on Fedora Workstation. To install and runt the last version of Inkscape you need to use these commands:

[mythcat@desk Downloads]$ flatpak install org.inkscape.Inkscape.flatpakref

org.inkscape.Inkscape permissions:
    ipc     x11    file access [1]

    [1] host


        ID                                    Arch   Branch Remote  Download
 1. [✓] org.gnome.Platform.Locale             x86_64 3.30   flathub 17.4 kB / 320.2 MB
 2. [✓] org.freedesktop.Platform.VAAPI.Intel  x86_64 18.08  flathub  1.8 MB / 1.8 MB
 3. [✓] org.freedesktop.Platform.html5-codecs x86_64 18.08  flathub  4.8 MB / 4.9 MB
 4. [✓] org.inkscape.Inkscape                 x86_64 stable flathub 86.1 MB / 88.6 MB
 5. [✓] org.inkscape.Inkscape.Locale          x86_64 stable flathub  8.5 kB / 18.6 MB

Installation complete.

[mythcat@desk Downloads]$ flatpak run org.inkscape.Inkscape
Gtk-Message: 22:58:01.259: Failed to load module "pk-gtk-module"
Gtk-Message: 22:58:01.259: Failed to load module "canberra-gtk-module"

The Inkscape drawing tool works well.

Tuesday, April 9, 2019

Fedora 29 : Thonny editor for python.

This Python IDE for beginners named Thonny is a simple editor with Python 3.7 built in.
The official webpage can be found here and the GitHub project page is this.
The development team is from the University of Tartu, Estonia with the help from the open-source community. Thonny grew up in University of Tartu (https://www.ut.ee), Institute of Computer Science (https://www.cs.ut.ee).
I test it today with Fedora 29 and works well.
Let's start with the first step:

[mythcat@desk ~]$ pip3 install thonny --user
Collecting thonny
...
Successfully installed astroid-2.2.5 asttokens-1.1.13 docutils-0.14 isort-4.3.17 jedi-0.13.3 lazy-object-proxy-1.3.1 
mccabe-0.6.1 mypy-0.700 mypy-extensions-0.4.1 parso-0.4.0 pylint-2.3.1 pyperclip-1.7.0 pyserial-3.4 thonny-3.1.2 
typed-ast-1.3.1
...
[root@desk mythcat]# dnf install python3-tkinter.x86_64
Last metadata expiration check: 0:21:20 ago on Tue 09 Apr 2019 09:57:24 PM EEST.

Installed:
  python3-tkinter-3.7.2-5.fc29.x86_64          tk-1:8.6.8-1.fc29.x86_64         

Complete!

This editor can be found on Fedora repo, but I used the last released version software.

[root@desk mythcat]# dnf search thonny
Last metadata expiration check: 0:36:55 ago on Tue 09 Apr 2019 09:57:24 PM EEST.
========================= Name Exactly Matched: thonny =========================
thonny.noarch : Python IDE for beginners

Thursday, March 21, 2019

Fedora 29 : Testing the dnf python module.

Today we tested with Fedora 29 a python module called DNF.
All users have used this tool.
This python module is not very documented on the internet.
A more complex example can be found on DNF tool documentation.
I tried to see what I can get from this module.
Let's start installing it with the pip tool:

$ pip install dnf --user

Here are some tests that I managed to run in the python shell.

[mythcat@desk ~]$ python
Python 2.7.15 (default, Oct 15 2018, 15:26:09) 
[GCC 8.2.1 20180801 (Red Hat 8.2.1-2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> import dnf
>>> dir(dnf)
['Base', 'Plugin', 'VERSION', '__builtins__', '__doc__', '__file__', '__name__', '__package__', 
'__path__', '__version__', 'base', 'callback', 'cli', 'comps', 'conf', 'const', 'crypto', 'db', 
'dnf', 'dnssec', 'drpm', 'exceptions', 'goal', 'history', 'i18n', 'lock', 'logging', 'match_counter',
 'module', 'package', 'persistor', 'plugin', 'pycomp', 'query', 'repo', 'repodict', 'rpm', 'sack',
 'selector', 'subject', 'transaction', 'unicode_literals', 'util', 'warnings', 'yum']
>>> import dnf.conf
>>> print(dnf.conf.Conf())
[main]
assumeno: 0
assumeyes: 0
autocheck_running_kernel: 1
bandwidth: 0
best: 0
...
>>> import dnf.module
>>> import dnf.rpm
>>> import dnf.cli
>>> base = dnf.Base()
>>> base.update_cache()
True

This read all repositories:


>>> base.read_all_repos()

You need to read the sack for querying:


>>> base.fill_sack()

>>> base.sack_activation = True

Create a query to matches all packages in sack:


>>> qr=base.sack.query()

Get only available packages:


>>> qa=qr.available()

Get only installed packages:


>>> qi=qr.installed()
>>> q_a=qa.run()
>>> for pkg in qi.run():
...     if pkg not in q_a:
...             print('%s.%s' % (pkg.name, pkg.arch))
... 
NetworkManager-openvpn.x86_64
NetworkManager-openvpn-gnome.x86_64
coolkey.x86_64
glibc-debuginfo.x86_64
glibc-debuginfo-common.x86_64
kernel.x86_64
kernel.x86_64
kernel-core.x86_64
kernel-core.x86_64

Get all packages installed on Linux:


>>> q_i=qi.run()
>>> for pkg in qi.run():
...     print('%s.%s' % (pkg.name, pkg.arch))

You can see more about the Python programming language on my blog.

Wednesday, March 13, 2019

Fedora 29 : Use Selinux with Firefox.

Today I tested Selinux with the Firefox browser. The main purpose was to create a policy for this browser. You can use this example to create your own policies. Using Fedora 29 this problem can be resolved easily. Let's start with installing an important packet using the dnf tool.

[root@desk selinux_001]# dnf install policycoreutils-devel

Let's see the other commands used to create policies named firefox.te:

[mythcat@desk ~]$ mkdir selinux_001
[mythcat@desk ~]$ cd selinux_001/
[mythcat@desk selinux_001]$ whereis firefox
firefox: /usr/bin/firefox /usr/lib64/firefox /etc/firefox /usr/share/man/man1/firefox.1.gz
[mythcat@desk selinux_001]$ sepolicy generate --init -n firefox /usr/bin/firefox 
nm: /usr/bin/firefox: file format not recognized
Failed to retrieve rpm info for selinux-policy
Created the following files:
/home/mythcat/selinux_001/firefox.te # Type Enforcement file
/home/mythcat/selinux_001/firefox.if # Interface file
/home/mythcat/selinux_001/firefox.fc # File Contexts file
/home/mythcat/selinux_001/firefox_selinux.spec # Spec file
/home/mythcat/selinux_001/firefox.sh # Setup Script
[mythcat@desk selinux_001]$ cat firefox.te


policy_module(firefox, 1.0.0)

########################################
#
# Declarations
#

type firefox_t;
type firefox_exec_t;
init_daemon_domain(firefox_t, firefox_exec_t)

permissive firefox_t;

########################################
#
# firefox local policy
#
allow firefox_t self:fifo_file rw_fifo_file_perms;
allow firefox_t self:unix_stream_socket create_stream_socket_perms;

domain_use_interactive_fds(firefox_t)

files_read_etc_files(firefox_t)

miscfiles_read_localization(firefox_t)
[mythcat@desk selinux_001]$ cat firefox.fc 
/usr/bin/firefox        --    gen_context(system_u:object_r:firefox_exec_t,s0)

I have modified this policy generated by sepolicy by adding my own rules:

[mythcat@desk selinux_001]$ cat firefox.te
policy_module(firefox, 1.0.0)

########################################
#
# Declarations
#

type firefox_t;
type firefox_exec_t;
init_daemon_domain(firefox_t, firefox_exec_t)

permissive firefox_t;
# my rules
require {
    type unreserved_port_t;
    type http_port_t;
    class tcp_socket { accept listen name_bind name_connect };
}

########################################
#
# firefox local policy
#
allow firefox_t self:fifo_file rw_fifo_file_perms;
allow firefox_t self:unix_stream_socket create_stream_socket_perms;

# my rules
allow firefox_t http_port_t:tcp_socket { name_bind name_connect };
allow firefox_t unreserved_port_t:tcp_socket { name_bind name_connect };
allow firefox_t self:tcp_socket { listen accept };

domain_use_interactive_fds(firefox_t)

files_read_etc_files(firefox_t)

miscfiles_read_localization(firefox_t)

I used the following commands to get my own policy:

[mythcat@desk selinux_001]$ make -f /usr/share/selinux/devel/Makefile
Compiling targeted firefox module
/usr/bin/checkmodule:  loading policy configuration from tmp/firefox.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 19) to tmp/firefox.mod
Creating targeted firefox.pp policy package
rm tmp/firefox.mod tmp/firefox.mod.fc
[mythcat@desk selinux_001]$ sudo semodule -i firefox.pp
[sudo] password for mythcat:

The semodule is the tool used to manage SELinux policy modules, including installing, upgrading, listing and removing modules. Let's see the result:

[root@desk selinux_001]# semodule -l | grep firefox
firefox

Pages