Error to install Kinto in Fedora 35

[Fedex159]

Hello, I'm having problems installing kinto.

Install type: Quick Install Method
Distro: Fedora 35
DE: Gnome
Branch: Master

Logs and status if relevant

# xkeysnail
sudo systemctl status xkeysnail

=> Unit xkeysnail.service could not be found.

xkb

systemctl --user status keyswap
=> Unit keyswap.service could not be found.

Log:

Kinto  build 
Type in Linux like it's a Mac.

Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: pillow in /usr/lib64/python3.10/site-packages (8.3.2)
Using systemd...
localuser:root being added to access control list
fatal: la ruta de destino 'xkeysnail' ya existe y no es un directorio vacío.
Processing /home/federico/Downloads/kinto-master/xkeysnail
  DEPRECATION: A future pip version will change local packages to be built in-place without first copying to a temporary directory. We recommend you use --use-feature=in-tree-build to test your packages with this new behavior before it becomes the default.
   pip 21.3 will remove support for this functionality. You can find discussion regarding this at https://github.com/pypa/pip/issues/7555.
Collecting evdev
  Using cached evdev-1.5.0.tar.gz (26 kB)
Requirement already satisfied: python-xlib in /usr/local/lib/python3.10/site-packages (from xkeysnail==0.3.0) (0.31)
Requirement already satisfied: inotify_simple in /usr/local/lib/python3.10/site-packages (from xkeysnail==0.3.0) (1.3.5)
Requirement already satisfied: six>=1.10.0 in /usr/lib/python3.10/site-packages (from python-xlib->xkeysnail==0.3.0) (1.16.0)
Using legacy 'setup.py install' for xkeysnail, since package 'wheel' is not installed.
Using legacy 'setup.py install' for evdev, since package 'wheel' is not installed.
Installing collected packages: evdev, xkeysnail
    Running setup.py install for evdev ... error
    ERROR: Command errored out with exit status 1:
     command: /usr/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-epuxxsx3/evdev_ffdd11d179bc4e7bba5c678ce2842b31/setup.py'"'"'; __file__='"'"'/tmp/pip-install-epuxxsx3/evdev_ffdd11d179bc4e7bba5c678ce2842b31/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-124s2v11/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.10/evdev
         cwd: /tmp/pip-install-epuxxsx3/evdev_ffdd11d179bc4e7bba5c678ce2842b31/
    Complete output (29 lines):
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.10
    creating build/lib.linux-x86_64-3.10/evdev
    copying evdev/util.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/uinput.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/genecodes.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/ff.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/evtest.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/events.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/eventio_async.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/eventio.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/ecodes.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/device.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/__init__.py -> build/lib.linux-x86_64-3.10/evdev
    running build_ext
    running build_ecodes
    writing ecodes.c (using /usr/include/linux/input.h /usr/include/linux/input-event-codes.h /usr/include/linux/uinput.h)
    building 'evdev._input' extension
    creating build/temp.linux-x86_64-3.10
    creating build/temp.linux-x86_64-3.10/evdev
    gcc -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python3.10 -c evdev/input.c -o build/temp.linux-x86_64-3.10/evdev/input.o -std=c99 -Wno-error=declaration-after-statement
    evdev/input.c:10:10: error fatal: Python.h: No existe el fichero o el directorio
       10 | #include <Python.h>
          |          ^~~~~~~~~~
    compilación terminada.
    error: command '/usr/bin/gcc' failed with exit code 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /usr/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-epuxxsx3/evdev_ffdd11d179bc4e7bba5c678ce2842b31/setup.py'"'"'; __file__='"'"'/tmp/pip-install-epuxxsx3/evdev_ffdd11d179bc4e7bba5c678ce2842b31/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-124s2v11/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.10/evdev Check the logs for full command output.
which: no xkeysnail in (/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/home/federico/bin)

Kinto install has failed.

cd into ./xkeysnail
Run 'sudo pip3 install --upgrade .' to debug issue

~/Descargas ❯ sudo pip3 install xkeysnail
Collecting xkeysnail
  Using cached xkeysnail-0.4.0.tar.gz (15 kB)
Collecting evdev
  Using cached evdev-1.5.0.tar.gz (26 kB)
Requirement already satisfied: python-xlib in /usr/local/lib/python3.10/site-packages (from xkeysnail) (0.31)
Requirement already satisfied: inotify_simple in /usr/local/lib/python3.10/site-packages (from xkeysnail) (1.3.5)
Collecting appdirs
  Using cached appdirs-1.4.4-py2.py3-none-any.whl (9.6 kB)
Requirement already satisfied: six>=1.10.0 in /usr/lib/python3.10/site-packages (from python-xlib->xkeysnail) (1.16.0)
Using legacy 'setup.py install' for xkeysnail, since package 'wheel' is not installed.
Using legacy 'setup.py install' for evdev, since package 'wheel' is not installed.
Installing collected packages: evdev, appdirs, xkeysnail
    Running setup.py install for evdev ... error
    ERROR: Command errored out with exit status 1:
     command: /usr/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-3pi68h81/evdev_275345bf0bce4c67abf4a6e5e5627e21/setup.py'"'"'; __file__='"'"'/tmp/pip-install-3pi68h81/evdev_275345bf0bce4c67abf4a6e5e5627e21/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-5vkib6_r/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.10/evdev
         cwd: /tmp/pip-install-3pi68h81/evdev_275345bf0bce4c67abf4a6e5e5627e21/
    Complete output (29 lines):
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.10
    creating build/lib.linux-x86_64-3.10/evdev
    copying evdev/util.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/uinput.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/genecodes.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/ff.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/evtest.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/events.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/eventio_async.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/eventio.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/ecodes.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/device.py -> build/lib.linux-x86_64-3.10/evdev
    copying evdev/__init__.py -> build/lib.linux-x86_64-3.10/evdev
    running build_ext
    running build_ecodes
    writing ecodes.c (using /usr/include/linux/input.h /usr/include/linux/input-event-codes.h /usr/include/linux/uinput.h)
    building 'evdev._input' extension
    creating build/temp.linux-x86_64-3.10
    creating build/temp.linux-x86_64-3.10/evdev
    gcc -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python3.10 -c evdev/input.c -o build/temp.linux-x86_64-3.10/evdev/input.o -std=c99 -Wno-error=declaration-after-statement
    evdev/input.c:10:10: error fatal: Python.h: No existe el fichero o el directorio
       10 | #include <Python.h>
          |          ^~~~~~~~~~
    compilación terminada.
    error: command '/usr/bin/gcc' failed with exit code 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /usr/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-3pi68h81/evdev_275345bf0bce4c67abf4a6e5e5627e21/setup.py'"'"'; __file__='"'"'/tmp/pip-install-3pi68h81/evdev_275345bf0bce4c67abf4a6e5e5627e21/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-5vkib6_r/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.10/evdev Check the logs for full command output.

[rbreaves]

Looks like you are missing dependencies such as gcc to properly compile xkeysnail (a component needed for kinto). Resolve the gcc & related dependencies by using your distros package manager to get those installed. The kinto installer typically should install all dependencies needed though, so not sure why it wouldn't be resolving that for you already.

[RedBearAK]

@Fedex159 @rbreaves

Fedora 35 (and 36, I think) needs a couple of packages like python3-evdev and possibly python3-wheel manually installed first in order to successfully get through the Kinto installer. And you may need libappindicator-gtk3 for the tray icon to work. But things seem to keep changing with every new major release of Fedora.

At the moment I can't recall if the service will run successfully on F35/F36, or I just gave up fixing the permission error and converted Kinto to run as non-sudo user by following Lenbok's instructions from this thread:

mooz/xkeysnail#64 (comment)

[RedBearAK]

@Fedex159 @rbreaves

In a VM with Fedora 36 beta, I get the "Unit xkeysnail.service could not be found." error in the terminal when checking the service status, and the Kinto GUI log window just shows "Permission denied" over and over again.

I've just been in the habit of running Kinto as user on Fedora recently. It's the simplest way to bypass the SELinux issues.

[Fedex159]

Hi @RedBearAK , thanks for answering, I have followed the following steps:

~ ❯ gcc --version                                            
gcc (GCC) 11.3.1 20220421 (Red Hat 11.3.1-2)
Copyright (C) 2021 Free Software Foundation, Inc.
Esto es software libre; vea el código para las condiciones de copia.  NO hay
garantía; ni siquiera para MERCANTIBILIDAD o IDONEIDAD PARA UN PROPÓSITO EN
PARTICULAR


~ ❯ sudo dnf install libappindicator-gtk3 python3-evdev python3-wheel
Última comprobación de caducidad de metadatos hecha hace 0:01:42, el jue 05 may 2022 19:05:29.
El paquete libappindicator-gtk3-12.10.0-31.fc35.x86_64 ya está instalado.
El paquete python3-evdev-1.5.0-1.fc35.x86_64 ya está instalado.
El paquete python3-wheel-1:0.36.2-5.fc35.noarch ya está instalado.
Dependencias resueltas.
Nada por hacer.
¡Listo!

~ ❯ 

After installing the packages, the terminal opened with the following error:

xkeysnail.service: Failed to open /usr/lib/systemd/system/xkeysnail.service: Permission denied

I did these steps to add the user

sudo groupadd -f uinput
sudo gpasswd -a $USER uinput


cat <<EOF | sudo tee /etc/udev/rules.d/70-xkeysnail.rules
KERNEL=="uinput", GROUP="uinput", MODE="0660", OPTIONS+="static_node=uinput"
KERNEL=="event[0-9]*", GROUP="uinput", MODE="0660"
EOF

Reboot

After restarting, the program runs, the icon is seen correctly, but the error that you tell me continues, permission denied, for that there is no solution in fedora?. Thank you

[Fedex159]

Disable SELinux by following this tutorial: https://tecadmin.net/how-to-disable-selinux-on-fedora/

Everything seems to be working fine now, thanks for the help.

[RedBearAK]

@Fedex159

Disable SELinux by following this tutorial

Yes, setting SELinux to permissive mode was the original solution to running the Kinto service on Fedora, which ordinarily needs to run as root. But that was never the best solution, because it reduces the intended security level of your Fedora install.

By following the instructions to put the user in the uinput group you now have the option of running Kinto as your user, rather than as root from the systemd service. But, you lose the ability to use the Kinto GUI and tray icon, and you have to make your own simple startup/stop scripts and a desktop entry file to autorun Kinto when you log in.

Your method of making SELinux permissive will work fine without going to all the additional trouble to run Kinto as user.

[RedBearAK]

@rbreaves

After dnf install setroubleshoot-server on Fedora 36 (beta), I got this report from sealert on one of the errors that persists after running restorecon on /usr/lib/systemd/system/* and chcon -u system_u /usr/lib/systemd/system/xkeysnail.service to try to get the service file to have the "correct" SELinux context. This at least makes the service available to systemctl. But it still won't start.

It's not letting sudo access the limitedadmins file, I guess.

It is at this point that I have had quite enough SELinux nonsense for one day. But maybe the "suggests" from this will be helpful later.

SELinux is preventing sudo from map access on the file /usr/bin/sudo.

*****  Plugin catchall_boolean (89.3 confidence) suggests   ******************

If you want to allow domain to can mmap files
Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean.

Do
setsebool -P domain_can_mmap_files 1

*****  Plugin catchall (11.6 confidence) suggests   **************************

If you believe that sudo should be allowed map access on the sudo file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'sudo' --raw | audit2allow -M my-sudo
# semodule -X 300 -i my-sudo.pp


Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                system_u:object_r:sudo_exec_t:s0
Target Objects                /usr/bin/sudo [ file ]
Source                        sudo
Source Path                   sudo
Port                          <Unknown>
Host                          fedora
Source RPM Packages           
Target RPM Packages           sudo-1.9.8-5.p2.fc36.x86_64
SELinux Policy RPM            selinux-policy-targeted-36.8-1.fc36.noarch
Local Policy RPM              selinux-policy-targeted-36.8-1.fc36.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     fedora
Platform                      Linux fedora 5.17.5-300.fc36.x86_64 #1 SMP PREEMPT
                              Thu Apr 28 15:51:30 UTC 2022 x86_64 x86_64
Alert Count                   4
First Seen                    2022-05-05 16:07:42 AKDT
Last Seen                     2022-05-05 16:08:18 AKDT
Local ID                      b1abe5a4-fddd-4c8a-b3f0-6125065416ed

Raw Audit Messages
type=AVC msg=audit(1651795698.319:4747): avc:  denied  { map } for  pid=15645 comm="sudo" path="/usr/bin/sudo" dev="dm-0" ino=4454 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sudo_exec_t:s0 tclass=file permissive=1


Hash: sudo,init_t,sudo_exec_t,file,map

[rbreaves]

Issue is now resolved and via the normal selinux resolution that was already worked out. The issue was that Fedora in version 35 & 36 uses a different distro name from the one I had previously established. Previously it was literally "fedora", but now it is "fedoralinux" for some odd reason and that broke a lot of what was worked out already for its successful install. @Fedex159

awk -F= '$1=="NAME" { gsub("[\",!,_, ]","",$2);print $2 ;}' /etc/os-release

[RedBearAK]

@rbreaves

Oh, wow. Figures it would be something so simple. That's excellent news.

Initial testing on an F36 beta VM (well, with updates should be full F36 by now) shows the new version works not just the first time but also survives a reboot and keeps working. Looks good to me. I should be able to close at least one other issue about Fedora now.

Thanks!