Fedora

From StrelaWiki
Jump to navigation Jump to search

Fedora 25 Workstation (x86_64)

Packages

/etc/dnf/dnf.conf

deltarpm=false
$ dnf remove ibus xdg-user-dir\* PackageKit\* abrt\* libreport libvirt\* qemu\* \*java\* selinux\* setroubleshoot\* spice\*       # remove ~960 M (~ 290 packages)      (F27 java\*)
$ dnf remove evolution orca cheese shotwell rhythmbox totem yelp\* hunspell-en hunspell-en-GB                                     # remove ~150 M (~ 50 packages)
$ dnf remove gnome-shell-extension\* gnome-backgrounds gnome-getting-started-docs gnome-user-docs gnome-initial-setup gnome-online-miners gnome-user-docs gnome-getting-started-docs
$ dnf remove baobab gnome-weather gnome-clocks gnome-contacts gnome-clocks gnome-maps gnome-calendar gnome-characters gnome-todo     # (experimental F27,  gnome-autoar (with nautilus and tracker)
$ dnf remove ModemManager lrzsz pptp rp-pppoe wvdial NetworkManager-openconnect NetworkManager-openvpn NetworkManager-pptp NetworkManager-vpnc # -x libnm-gtk  ( !!! libnm-gtk !!! must stay in Fedora)
$ dnf remove \*firmware\* \*b43\* \*pcsc\* usb_modeswitch \*pcmcia\* \*sane\* -x linux-firmware    (F27 pcmcia\*)
$ dnf remove adobe-source-han-sans\* jomolhari\* khmeros\* lklug\* lohit\* naver-nanum\* paktype\* paratype\* sil\* smc\* tabish\* thai\* vlgothic\*
$ dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
$ dnf install http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
$ dnf update
$ dnf install dconf-editor gnome-tweak-tool gnome-menus
$ dnf install gcc-c++ binutils git rpm-build diffutils patch cmake cppcheck astyle indent xmlindent
$ dnf install libX11-devel libXpm-devel libXft-devel libXext-devel openssl-devel mesa-libGL-devel glew-devel ftgl-devel mariadb-devel pcre-devel libxml2-devel
$ dnf install sqlite-devel mod_fcgid fcgi-devel readline-devel fuse-devel
$ dnf install gtk3-devel python-devel pygtk2 gl2ps-devel libAfterImage-devel gsl-devel perl-Tk perl-Digest-MD5 perl-Pod-Usage
$ dnf install php php-mysqlnd php-mbstring php-xml php-mcrypt php-gd php-pgsql php-intl php-pear-Net-Curl
$ dnf install freetype-freeworld ntfs-3g p7zip p7zip-plugins unrar man-pages-cs ImageMagick pdf2svg antiword catdoc odt2txt
$ dnf install audacious audacious-plugins-freeworld-mp3 audacious-plugins-freeworld-aac vlc
$ dnf install gstreamer1-libav gstreamer1-vaapi gstreamer1-plugins-{good,good-extras,ugly} gstreamer1-plugins-bad-free gstreamer1-plugins-bad-freeworld
$ dnf install compat-libstdc++-33 compat-libstdc++-33.i686
$ dnf install denyhosts fail2ban
fonts

minimum (optimal) needed fonts; lgc fonts family with Unicode coverage restricted to Latin, Greek and Cyrillic

$ dnf install dejavu\* liberation\*

fonts needed only for legacy applications (xmms, xpdf, xdvi) xorg-x11-fonts-75dpi; ISO8859-1 (Latin-1 — Western European), ISO8859-2 (Latin-2 — Eastern European), ISO8859-5 (Cyrillic)

$ dnf install xorg-x11-fonts-ISO8859-1-75dpi     # needed for ROOT CERN
Adobe Flash Player
$ wget http://fpdownload.macromedia.com/get/flashplayer/pdc/27.0.0.130/flash_player_npapi_linux.x86_64.tar.gz
$ tar -xzf flash_player_npapi_linux.x86_64.tar.gz -C /usr/lib64/mozilla/plugins/ libflashplayer.so
$ chmod 755 /usr/lib64/mozilla/plugins/libflashplayer.so
Skype
$ dnf install https://repo.skype.com/latest/skypeforlinux-64.rpm   # install all needed depend packages

Configure Skype to use port 50123 in CERN

Java
OpenJDK
$ dnf install java-1.8.0-openjdk icedtea-web
Oracle Java
$ tar -xzf jre-8u*-linux-x64.tar.gz -C /opt/
$ chown -R root:root /opt/jre1.8*
$ ln -s /opt/jre1.8* /opt/jre
$ alternatives --install /usr/bin/java java /opt/jre/bin/java 9999 --slave /usr/share/man/man1/java.1 java.1 /opt/jre/man/man1/java.1
$ alternatives --install /usr/bin/javaws javaws /opt/jre/bin/javaws 9999 --slave /usr/share/man/man1/javaws.1 javaws.1 /opt/jre/man/man1/javaws.1
$ alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /opt/jre/lib/amd64/libnpjp2.so 9999
$ alternatives --config java
$ alternatives --config javaws
$ alternatives --config libjavaplugin.so.x86_64

$ alternatives --display java

Hardware

!!! http://negativo17.org/nvidia-driver/ !!! !!! https://www.easycoding.org/2017/01/11/pravilnaya-ustanovka-drajverov-nvidia-v-fedora.html !!!


nVidia on RPM Fusion
  • akmod (preferovany sposob, pre kazdy novy kernel sa pre-build-uje novy modul)
$ dnf install akmod-nvidia kernel-devel xorg-x11-drv-nvidia-devel
$ dnf install akmod-nvidia-304xx kernel-devel xorg-x11-drv-nvidia-304xx-devel
  • kmod (instaluje menej blastu, ale modul nemusi byt stale pre aktualny kernel)
$ dnf install kmod-nvidia xorg-x11-drv-nvidia-devel

Do suboru /etc/default/grub pridat riadok GRUB_CMDLINE_LINUX_DEFAULT="nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off vga=normal" a vygenerovat novy /boot/grub2/grub.cfg subor (pomocou grub2-mkconfig -o /boot/grub2/grub.cfg). Samotny instalator sice pridava tieto parametre priamo do /boot/grub2/grub.cfg, tie sa vsak potom (pri volani prikazu grub2-mkconfig) prepisu.

Vypnut nouveau cez grub (resp. blacklist.conf) uz nie je mozne, je priamo integrovany v jadre. Mazeme nouveau v initramfs (bez odinstalovania nouveau driver) a robime rezervnu kopiu. Nepotrebne od Fedory 20.

$ mv /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r)-nouveau.img
$ dracut /boot/initramfs-$(uname -r).img $(uname -r)
Intel Centrino Advanced-N 6230 or 6235, AC 7265
$ dnf install iwl6000g2b-firmware
$ dnf install iwl7260-firmware firmware-addon-dell
Broadcom Corporation BCM43228
$ dnf install broadcom-wl kmod-wl
Brother DCP-7070DW
$ dnf install glibc.i686 http://www.brother.com/pub/bsc/linux/dlf/dcp7070dwlpr-2.1.0-1.i386.rpm http://www.brother.com/pub/bsc/linux/dlf/cupswrapperDCP7070DW-2.0.4-2.i386.rpm
Brother DCP-1512R
$ dnf install xsane sane-backends
$ wget download.brother.com/welcome/dlf006893/linux-brprinter-installer-2.1.1-1.gz
$ gunzip linux-brprinter-installer-2.1.1-1.gz
$ sh linux-brprinter-installer-2.1.1-1
Input model name ->DCP-1512R
# install all needed depend packages, but need install manually
$ dnf install libusb
Bluetooth mouse

System config

kvm: disabled by bios

/etc/modprobe.d/kvm-blacklist.conf

blacklist kvm
blacklist kvm_intel
blacklist kvm_amd

$ lsmod | grep kvm
kvm                   585728  0
$ modprobe -r kvm

SELinux

/etc/selinux/config

SELINUX=disabled   # after remove selinux-policy package is automatically set to disabled

Desktop Application Autostart

/etc/xdg/autostart/

  • disable GNOME Tracker
rm /etc/xdg/autostart/tracker*
  • disable Caribou
rm /etc/xdg/autostart/caribou-autostart.desktop
  • disable GConf to GSettings data migration
rm /etc/xdg/autostart/gsettings-data-convert.desktop

GRUB 2

$ grub2-mkconfig -o /boot/grub2/grub.cfg
$ grub2-set-default 2     # 0 - Fedora, 1 - Fedora recovery, 2 - Windows
$ grub2-editenv list

/etc/default/grub

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rhgb quiet ipv6.disable=1"
GRUB_DISABLE_RECOVERY="true"
GRUB_CMDLINE_LINUX_DEFAULT="nouveau.modeset=0 rdblacklist=nouveau"   # nVidia driver
GRUB_CMDLINE_LINUX_DEFAULT="nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off vga=normal"

GRUB_THEME="/boot/grub2/themes/system/theme.txt"

GRUB_GFXMODE=1280x1024
GRUB_FONT=/boot/grub2/DejaVuSansMono18.pf2
GRUB_GFXPAYLOAD_LINUX=keep
GRUB_BACKGROUND=/usr/share/backgrounds/path/image.png
  • Neodporuca sa menit parameter GRUB_DEFAULT=saved, namiesto toho spustit prikaz grub2-set-default, ktory vygeneruje, modifikuje subor /boot/grub2/grubenv
  • Pouzivanie parametra vga=788 sa povazuje za zastarale a neodporuca sa, namiesto neho sa preferuje pouzitie paramametra GRUB_GFXMODE=1280x1024
  • Ake GRUB_GFXMODE podporuje graficka karta mozno zistit po vchode do console z GRUB2 menu
  1. stlacit "c" pre vchod do GRUB2 console
  2. spustit nasledujuce prikazy v console
grub> set pager=1
grub> insmod vbe
grub> vbeinfo
  • GRUB_FONT mozno vygenerovat pomocou grub2-mkfont
    $ grub2-mkfont --size=18 --output=/boot/grub2/DejaVuSansMono18.pf2 /usr/share/fonts/dejavu/DejaVuSansMono.ttf
  • install the bootloader (grub2 to hard drive) without chroot
$ fdisk -l
Device     Boot     Start       End  Sectors  Size Id Type
/dev/sda1  *         2048  81922047 81920000 39.1G 83 Linux => root directory (with /boot dir)
/dev/sda2        81922048 143362047 61440000 29.3G 83 Linux
/dev/sda3       143362048 234440703 91078656 43.4G 83 Linux

/dev/sdb1            2048  524290047  524288000   250G 83 Linux
/dev/sdb2       524290048 1953525167 1429235120 681.5G 83 Linux
$ mount /dev/sda1 /mnt      (with /mnt/boot dir)
$ mount /dev/sdaX /mnt/boot (only if root directory without /boot dir)
$ grub2-install --boot-directory=/mnt/boot /dev/sda (or try with option --recheck)
$ grub2-mkconfig -o /boot/grub2/grub.cfg (only if needed)

Disk partitions

$ fdisk -S 32 -H 32 /dev/sda      # partition alignment for SSD
$ fdisk -lu /dev/sda              # first sector should be divisible by 512
$ blockdev --getalignoff /dev/sda # '0' if the partition is aligned

$ fstrim --all
$ systemctl enable fstrim.timer
$ blkid                           # locate/print block device attributes
$ findmnt --target /tmp
TARGET SOURCE FSTYPE OPTIONS
/tmp   tmpfs  tmpfs  rw,nosuid,nodev
$ less /usr/lib/systemd/system/tmp.mount
Options=mode=1777,strictatime,nosuid,nodev

/etc/fstab

# HDD
/dev/sda1                                 /             ext4    defaults         1 1
UUID=a2f7bb52-0212-41c9-83c8-77cea001bb71 /home         ext4    defaults         1 2

# SSD
/dev/sda1        /             ext4       defaults,noatime,nodiratime,discard    1 1

# tmpfs (size=more than 50 % of total RAM)
tmpfs            /scratch      tmpfs      nodev,nosuid,size=7G                   0 0

tmpfs            /tmp          tmpfs      defaults                               0 0
tmpfs            /var/tmp      tmpfs      mode=1777,strictatime,nosuid,nodev     0 0

# ntfs-3g
/dev/sda1        /mnt/win_c    ntfs       defaults,ro                            0 0
/dev/sda2        /mnt/win_d    ntfs       defaults                               0 0

UUID=93ea881d-5390-4b16-8372-b1036cb0c471 /mnt/free1    ext4    defaults         1 2
UUID=DCC88D4BC88D24BC                     /mnt/win_c    ntfs-3g ro               0 0

# nfs
strela-stor.jinr.ru:/vol/vol1/strela      /strela-stor  nfs     defaults,noatime 0 0
  • There is no need for the discard flag if you run fstrim periodically.
  • http://askubuntu.com/questions/205930/automatic-trim-vs-manual-trim
  • The difference between automatic and manual trim is that automatic trim (using the discard mount option) trims freed blocks on sync after any file is deleted, whereas manual trim (using fstrim) trims all the free space at once.

Fonts

$ dnf install freetype-freeworld     # is compiled with the patented subpixel rendering enabled
$ wget https://raw.githubusercontent.com/musinsky/config/master/fontconfig/19-mucha-font.conf -P /usr/share/fontconfig/conf.avail/
$ ln -s /usr/share/fontconfig/conf.avail/19-mucha-font.conf /etc/fonts/conf.d/19-mucha-font.conf

/etc/fonts/conf.d/19-mucha-font.conf

  • Po zmene niektoreho parametra v config file staci napr. vo Firefoxe len refresh(nut) stranku, zmena je okamzita (bez potreby restartu X)
  • Zmysel ma asi len vyskusat prepinat medzi autohint a hinting, ktora kombinacia parametrov je najvhodnejsia zavisi od rozlisenia a velkosti monitora, fontov, atd.
  • Uzivatel moze pouzivat vlastnu konfiguraciu pomocou suboru ~/.config/fontconfig/fonts.conf (using ~/.fonts.conf file is obsolete)
  • V russianfedora-fixes repository je balik fontconfig s roznymi upravenymi config files (yumdownloader --enablerepo=russianfedora-fixes fontconfig)
  • Niektore aplikacie (napr. LibreOffice) mozu ignorovat fontconfig nastavenia, riesenie pomocou upravy ~/.Xresources file, resp. /etc/X11/Xresources

Network

/etc/hosts

127.0.0.1        localhost localhost.localdomain localhost4 localhost4.localdomain4
147.213.X.X      alice alice.saske.sk
::1              alice alice.saske.sk localhost localhost.localdomain localhost6 localhost6.localdomain6

/etc/resolv.conf

nameserver 147.213.192.3
nameserver 147.213.196.3
search saske.sk
  • Ake pouzit nameserver(s) mozeme zistit pomocou dig - DNS lookup utility
$ dig -t ns saske.sk
;; ADDITIONAL SECTION:
ns1.saske.sk.		86400	IN	A	147.213.192.3
ns2.saske.sk.		86400	IN	A	147.213.196.3
ns3.saske.sk.		86400	IN	A	147.213.192.31
$ dig -t ns jinr.ru
;; ADDITIONAL SECTION:
ns1.jinr.ru.		44546	IN	A	159.93.17.7
ns2.jinr.ru.		44546	IN	A	159.93.14.7

/etc/sysconfig/network

NETWORKING=yes
HOSTNAME=alice     # alice.saske.sk

/etc/sysconfig/network-scripts/ifcfg-em1

DEVICE=em1
NM_CONTROLLED=yes    # if 'no', NetworkManager will ignore this connection/device (default 'yes')
HWADDR=AA:BB:CC:DD:EE:FF
ONBOOT=yes
IPADDR=147.213.X.X
NETMASK=255.255.255.0
GATEWAY=147.213.X.1
DNS1=147.213.192.3
DNS2=147.213.196.3
# PEERDNS=no          # don't modify /etc/resolv.conf file

/etc/NetworkManager/NetworkManager.conf

[main]
plugins=ifcfg-rh     # read and write configuration from the standard /etc/sysconfig/network-scripts/ifcfg-em1 file
  • Prepojenie medzi starym network (disabled) a novym NetworkManager (enabled) service pomocou plugins=ifcfg-rh a paremetra NM_CONTROLLED=yes
  • NetworkManager prichadza aj s command-line utility nmcli a nastrojom nm-tool
  • The /etc/sysconfig/networking/ directory is used by the Network Administration Tool (system-config-network) and its contents should not be edited manually

Services and Daemons

$ systemctl stop NetworkManager.service
$ systemctl disable NetworkManager.service
$ chkconfig --levels 35 network on            # obsolete (not prefer) way
$ service network start                       # obsolete (not prefer) way
  • systemctl control the systemd system and service manager, that uses services files located in /usr/lib/systemd/system/ for services, and /etc/systemd/system/ for configuration
$ systemctl
$ systemctl action service_name.service       # action = enable, disable, start, stop, restart,   is-enabled, is-active, status
$ systemctl list-units --type=service
$ systemctl status chronyd.service

$ systemctl enable mariadb.service
$ systemctl start mariadb.service     # /var/log/mariadb/mariadb.log (chown mysql:mysql, chmod 640)
$ systemctl enable httpd.service
$ systemctl start httpd.service       # /var/log/httpd/ (chown root:root, chmod 700)
  • TRIM Support (SSD disks)
$ systemctl enable fstrim.timer

enabled services (Fedora 14)

avahi-daemon, crond, cups, gpm, haldaemon, httpd, iptables, messagebus, mysqld, network/NetworkManager, ntpd, nvidia, portreserve, rsyslog, sendmail, sshd, udev-post, vsftpd, wine

sshd
  • /etc/ssh/sshd_config
PermitRootLogin no     # disable root access
PermitRootLogin without-password
  • /etc/motd

message of the day with ASCII Text Signature Generator (standard font + kerning) or with FIGlet program figlet -k alice

vsftpd

/etc/vsftpd/vsftpd.conf

anonymous_enable=NO

listen=YES
# listen_ipv6=YES

FirewallD

default settings (for all zones) in directory /usr/lib/firewalld/zones/

$ firewall-cmd --get-default-zone
FedoraWorkstation
$ firewall-cmd --set-default-zone=FedoraServer
$ dnf install cockpit # must be installed
$ firewall-cmd --permanent --zone=FedoraServer --add-service=http     # modify (or create) file /etc/firewalld/zones/FedoraServer.xml
$ firewall-cmd --permanent --zone=FedoraServer --add-service=ftp

$ firewall-cmd --permanent --zone=FedoraServer --add-port=5555/tcp
$ firewall-cmd --permanent --zone=FedoraServer --add-port=5556/tcp

$ firewall-cmd --reload
$ firewall-cmd --get-services     # list of all supported services
$ firewall-cmd --list-all-zones
$ firewall-cmd --get-zones
FedoraServer FedoraWorkstation block dmz drop external home internal public trusted work
$ firewall-cmd --get-active-zones
FedoraServer
  interfaces: eno1
$ firewall-cmd --zone=external --change-interface=em1
external: em1
$ firewall-cmd --zone=external --list-all
$ firewall-cmd --zone=external --add-port=1234/tcp
$ firewall-cmd --zone=external --remove-port=1234/tcp
# allow IP address
$ firewall-cmd --permanent --zone=FedoraServer --add-rich-rule="rule family="ipv4" source address="159.93.0.0/16" port protocol="tcp" port="7503" accept"

$ firewall-cmd --zone=external --add-rich-rule="rule family="ipv4" source address="147.213.192.75" accept"
# port forwarding
$ firewall-cmd --permanent --zone=FedoraServer --add-forward-port=port=443:proto=tcp:toport=7503
$ firewall-cmd --permanent --zone=FedoraServer --add-port=443/tcp

$ firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=4321:toaddr=10.0.0.1