Fedora

From Segfault
Jump to: navigation, search

Postinstall

Network

$ cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=foo.example.com
IPV6_AUTOCONF=yes
NETWORKING_IPV6=yes

$ cat /etc/sysconfig/network-scripts/ifcfg-p2p1
DEVICE=p2p1
ONBOOT=yes
BOOTPROTO=dhcp
# BOOTPROTO=none
# IPADDR=10.0.0.3
# NETMASK=255.255.255.0
GATEWAY=10.0.0.1
TYPE=Ethernet
 
$ cat /etc/resolv.conf 
search example.com
nameserver 10.0.0.1
 
$ chkconfig network on
$ service network restart

Beginning with Fedora 15, systemd should be used:

systemctl disable NetworkManager.service
systemctl enable network.service
systemctl restart network.service

Wirless connections can be configured too:

$ cat /etc/sysconfig/network-scripts/ifcfg-wlan0
DEVICE=wlan0
ONBOOT=no
BOOTPROTO=dhcp
# IPADDR=10.0.1.3
# NETMASK=255.255.255.0
USERCTL=yes
TYPE=Wireless
MODE=Managed
ESSID=MySSID
$ cat /etc/sysconfig/wpa_supplicant
INTERFACES="-i wlan0"
DRIVERS="-D wext"
OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid"

And wpa_supplicant.conf needs to be configured too:

$ cat /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
       disabled=0
           ssid="MySSID"
            psk="s3cr3t"
          proto=WPA2
       key_mgmt=WPA-PSK
       pairwise=CCMP
          group=CCMP
}

Enable & start wpa_supplicant:

systemctl enable wpa_supplicant
systemctl start wpa_supplicant

Configure the IP stack as well:

ifup wlan0

SSH

The openssh-server should be already installed but may have to be enabled:

systemctl enable sshd.service
systemctl start sshd.service

The firewall has to be configured too. Either by adding the following to /etc/sysconfig/iptables:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Or by using system-config-firewall. Afterwards, the new rule has to be activated:

systemctl restart iptables.service

Firewall

Newer Fedora versions ship with firewalld, a dynamic firewall. However, firewalld and the legacy iptables service cannot be active at the same time. In lieu of documentation, let's just return to the legacy firewall for now:

systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl enable iptables.service
systemctl start iptables.service

Packages & Services

Remove unused packages:

dnf remove PackageKit-command-not-found bluez cups cyrus-sasl claws-mail transmission*

Install missing packages:[1]

dnf install  bash-completion cachefilesd checksec checkpolicy dkms ecryptfs-utils git iftop iotop iperf ksh less lm_sensors lsof man-db mlocate moreutils mpg321 ncurses-devel openssh-clients powertop pv rdesktop screen sharutils strace sysstat yum-changelog

For desktop systems:

b43-fwcutter firefox flash-plugin gedit gnome-keyring libreoffice-writer mozilla-https-everywhere mozilla-noscript openssh-askpass pidgin-otr thunderbird thunderbird-enigmail vlc xfce4-datetime-plugin xfce4-eyes xfce4-netload-plugin xfce4-sensors-plugin xfce4-systemload-plugin xfce4-volumed xfce4-weather-plugin xfce4-xfswitch-plugin


Disable unused services:

for s in iscsi iscsid livesys livesys-late netconsole openvpn wpa_supplicant; do
   chkconfig $s off
done
for s in bluetooth.service cups.path cups.socket avahi-daemon.service \
         avahi-daemon.socket proc-sys-fs-binfmt_misc.automount; do 
   systemctl disable $s; systemctl stop $s
done

Set default runlevel to 3 ("multi-user") instead of 5 ("graphical"):

ln -fs /lib/systemd/system/runlevel3.target /etc/systemd/system/default.target

SELinux

SELinux prevented gdm-session-wor from reading and writing files stored on an NFS filesytem.
Fix Command:

$ setsebool -P use_nfs_home_dirs=1
SELinux is preventing /usr/sbin/prelink "setattr" access .
[prelink has a permissive type (prelink_t). This access was not denied.]

Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(https://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report.
SELinux is preventing /sbin/cachefilesd "create_files_as" access .

$ grep ^dir /etc/cachefilesd.conf
dir /var/cache/fscache
mkdir -m0700 /var/cache/fscache
mount -o remount,user_xattr /

Note: user_xattr is now the default for ext4 filesystems.[2]

  • Samba
$ cat /etc/samba/smb.conf
[global]
  security = share
[public]
  path = /mnt/foo
  writable = yes
  guest ok = yes
 
$ mkdir /mnt/foo
$ chcon -t samba_share_t /mnt/foo
$ setsebool -P samba_export_all_ro on
$ /etc/init.d/smb restart

For debugging purposes, we can disable SELinux too:

  • Boot with selinux=0
  • Boot with enforcing=0 (permissive)
  • Set SELINUX=disabled (resp. permissive) in /etc/selinux/config and reboot.

Allow the Adobe Flash plugin:[3]

sudo setsebool -P unconfined_mozilla_plugin_transition 0

/etc/rc.local

The old /etc/rc.local is now called /etc/rc.d/rc.local. Oh, and Raider is now called Twix :-)

GRUB 2

$ grep GRUB_DEFAULT /etc/default/grub
GRUB_DEFAULT=saved

Generate grub.cfg:

grub2-mkconfig -o /boot/grub2/grub.cfg

List all the grub.cfg entries:

grep ^menuentry /boot/grub2/grub.cfg | cut -d "'" -f2

Set and verify the default entry:

grub2-set-default <menu entry title>
grub2-editenv list

Sendmail smarthost

Edit the /etc/mail/sendmail.mc file and remove the "dnl" markings around the following statement:

define(`SMART_HOST', `mailhub.example.org')

Now we have to regenerate the sendmail.cf file:

$ cd /etc/mail
$ make
WARNING: 'sendmail.mc' is modified. Please install package sendmail-cf to update your configuration.

Huh? Let's install sendmail-cf and try again:

$ dnf install sendmail-cf
$ make
$ echo $?
0

...and restart Sendmail:

$ systemctl restart sendmail.service

Netconsole

We want to enable Netconsole. First, raise the loglevel from "7" to "8":

echo 'kernel.printk = 8 4 1 7' >> /etc/sysctl.d/10-local.conf

Configure & load the netconsole module:

echo 'options netconsole netconsole=@10.0.0.3/eth0,6666@10.0.0.10/00:11:22:33:44:55' >> /etc/modprobe.d/local.conf
echo netconsole >> /etc/modules-load.d/local.conf

Keyboard Backlight

On this MacBook Pro, the keyboard backlight[4] can be switched[5] on/off like this:

echo 255 > /sys/class/leds/smc::kbd_backlight/brightness          # On
echo   0 > /sys/class/leds/smc::kbd_backlight/brightness          # Off

Initramfs

Adding modules to an /boot/initramfs... image:

sudo dracut --force --add-drivers "lz4 floppy"

Updating

dnf clean all
dnf upgrade                              # short for dnf update --obsoletes

Upgrading

DNF system upgrade

With Fedora 23, upgrading changed again and now DNF system upgrade is the way to go. In short:

Update the current system:

dnf update

Install DNF system upgrade and download the packages from the release we want to upgrade to:

dnf install dnf-plugin-system-upgrade
dnf system-upgrade download --releasever=23

Start the actual upgrade process:

dnf system-upgrade reboot

After the reboot, the system should have been upgraded to the next version.

FedUp

With Fedora 18, upgrading changed again and now FedUp is the way to go. In short:

yum update
yum --enablerepo=updates-testing install fedup
fedup-cli --debuglog fedupdebug.log --network 18

The upgrade process will require a reboot and a longer downtime, as new packages get installed while the system is in upgrade mode. When all goes well, the system should be upgraded after the process finishes.

PreUpgrade

Note: Preupgrade has been deprecated for Fedora 18 and can only be used to upgrade from Fedora 10 up until Fedora 17!

yum install preupgrade
preupgrade-cli "Fedora 17 (Beefy Miracle)"
reboot

The release-name can be found in releases.txt.

After booting, we might have to do some housecleaning:

find / -xdev | egrep "rpm(new|save)$"

Confirm the current list of (active) repositories:

yum repolist 

Sync the packages with the versions in the repository. Basically like "yum upgrade", but handles major version jumps:

yum distro-sync

fedora-release

I don't know if this was ever supported:

$ yum info fedora-release | grep Version
Version    : 11
 
$ rpm -e --nodeps fedora-release-11-1.noarch
$ rpm -hiv http://.../fedora/linux/releases/14/Fedora/x86_64/os/Packages/fedora-release-14-1.noarch.rpm
$ yum clean all
$ yum upgrade

Links

References