Note: This document has become partially obsolete due to the migration to Fedora 14.
This page contains a description of the installation and customisation of Fedora 11 ("F11") on my Dell Inspiron 530 desktop computer. It is a kind of follow-up to my Fedora 8 page and a part of this text is a simple copy of said page. - Again, this document has been "anonymised" in a few places; in particular public IP addresses have been replaced by XXX or YYY.
My Dell Inspiron 530 is equipped with an Intel E4500 Core Duo 2.20 GHz processor with 800 MHz FSB, 3 GB RAM, 320 GB Seagate ST3320620AS harddisk (SATA 3.0 Gb/s, cache 16 MBytes, 7200 rpm), a DVD burner HL-DT-ST Model DVD+-RW GSA-H73N (HLDS Inc.), a Teac 19-in-1 media card reader, Intel 3100 onboard graphics and a Dell E228WFP 22" widescreen display.
Since it is a server and router for my home network, it is equipped with a second network card. The machine has performed flawlessly under Linux since its acquisition in early 2008. Initially I used it with Fedora 8 for about 1.5 years, then upgraded to Fedora 11 (and later on to Fedora 14).
The actual installation was performed as described below.
Starting with F11, the Fedora live CDs now use the ext4 filesystem. A slight bug of these CDs is that you cannot use them to install a system based on ext3, so I had indeed to prepare a DVD for the installation.
Once the system is up, I went for the installation, using a custom disk layout. Essentially, I preserved all the existing partitions, only the new root partition for F11 was formatted (still using ext3).
| Partition | Type | Filesystem | Label | mount point | Comment |
|---|---|---|---|---|---|
| /dev/sda1 | primary | vfat | DellUtility | /mnt/dell | Dell Utilities from factory install, left unchanged |
| /dev/sda2 | primary | 20 GB ext3 | F8 | /mnt/F8 | This is (was) the root filesystem of F8. Will be used when updating the system in the future. |
| /dev/sda3 | primary | 20 GB ext3 | F11 | / | This is the root filesystem of Fedora 11. |
| /dev/sda4 | extended | This holds the following partitions. | |||
| /dev/sda5 | logical | 100 GB ext3 | home | /home | This is huge, but I frequently work on huge data files |
| /dev/sda6 | logical | 100 GB ext3 | share | /mnt/share | Local NFS export. Music, images, downloaded stuff, etc |
| /dev/sda7 | logical | 5 GB swap | swap | swap | Swap space |
| /dev/sda8 | logical | 60 GB ext3 | vbox | /mnt/vbox | VirtualBox files |
Once the base system is installed, I modify the package selections to suit my needs. While I am very much in favour of Fedora's policy of using only Open Source Software, the real world still needs some workarounds: I cannot watch videos on DVD, or listen to music files in the car without using some proprietary or otherwise "sensitive" code. Most of this material is available from rpmfusion.org, a few specific rpm (such as libdvdcss) from livna:
rpm -ivh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm rpm -ivh http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm rpm -ivh http://rpm.livna.org/livna-release.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-livna
yum now supports incremental (differential) updates:
yum install yum-presto
In the next step, clean up and removed un-used stuff:
yum remove koffice* kaffeine-libs kaffeine kdeaccessibility kdegames xmms xmms-mp3 xmms-faad2 totem
... then install more packages and update the complete system:
yum install vim wget unison gftp bluefish firefox tidy gimp xfig perl-Image-ExifTool xsane-gimp \ gthumb lyx tetex-tex4ht xpdf pdftk glabels gnuplot mc easytag jpilot sitecopy yum-utils \ perl-CPAN perl-XML-DOM gutenprint-cups gutenprint-foomatic gutenprint-plugin bogofilter kdirstat \ aspell-de aspell-fr subversion openoffice.org-writer openoffice.org-calc openoffice.org-impress \ openoffice.org-graphicfilter openoffice.org-math openoffice.org-langpack-fr openoffice.org-langpack-de \ gpsbabel sharutils java-1.6.0-openjdk java-1.6.0-openjdk-plugin kdesdk djview4 hugin autopano-sift-C \ avidemux mathomatic yum update yum-complete-transaction yum clean all
Backup is done to tape (using my backup2tape script), so:
yum install star mt-st
Now for the multimedia stuff:
yum remove mplayer mplayer-gui mplayerplug-in mencoder yum install amarok amarok-extras-nonfree gstreamer-plugins-ugly gstreamer-ffmpeg vorbis-tools \ xine-lib-extras-nonfree lame totem-xine totem-xine-plparser mozilla-totem-xine libdvdcss \ libdvdnav xvidcore transcode madplay k3b-extras-nonfree mozilla-vlc
Codecs are from the mplayer repositories, identical to F8:
wget http://www.mplayerhq.hu/MPlayer/releases/codecs/all-20071007.tar.bz2 mkdir -p /usr/lib/codecs tar -jxvf all-20071007.tar.bz2 --strip-components 1 -C /usr/lib/codecs/
Using Fedora's "Install Packages" software, I deselect Games and install Development Tools. Here, you want to make sure that the kernel devel package matches your existing kernel: the "PAE" kernel headers are different from the standard kernel and may lead to errors e.g. when setting up VirtualBox.
yum install binutils dkms gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-PAE-devel
While the system is updating (or afterwards), I edit some of the system files. In many cases I could simply copy the existing configuration files from the F8 installation (such as /etc/cups/cupsd.conf, /etc/hosts, /etc/exports), but in some cases the location of the file changed.
In the bootloader configuration file /boot/grub/grub.conf, I remove the splash screen and rhgb stuff.
In /etc/rsyslog.conf, the most important events shall be logged to console 9 and 10:
*.info;mail.none;cron.none /dev/tty9 kern.warn,*.err;authpriv.none /dev/tty10
Besides using the firewall, I use the /etc/hosts.allow and /etc/hosts.deny pair to restrict access to the system. Access will be granted when a (daemon,client) pair matches an entry in the /etc/hosts.allow file. The file allows login on all services via the local network and ssh from my workplace. Astonishingly, the "127.0.0.1" entry is now required to get NFS export working, otherwise you will get a message like "RPC: server localhost requires stronger authentication":
ALL: 127.0.0.1 LOCAL 192.168.XXX. sshd: YYY.YYY.
Furthermore, access will be denied when a (daemon,client) pair matches an entry in the /etc/hosts.deny file.
Since I do not allow any access to the machine except for the entries in the /etc/hosts.allow file, it is
enough to state ALL: ALL (to be on the safe side and prevent logging myself out, I use ALL: ALL EXCEPT LOCAL
here ;-). A special treatment is reserved for those who try ssh connects:
sshd: ALL EXCEPT LOCAL : rfc931 : spawn (/usr/sbin/safe_finger -l @%h | mail -s %d-%h root) & \
: twist /bin/echo "Access prohibited by system administration. Go away."
ALL: ALL EXCEPT LOCAL
Of course, sshd is set up rather restrictive (see also fedorasolved.org); some key entries in /etc/ssh/sshd_config are:
Protocol 2 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes
If you run sshd on a non-standard port, you will obviously want to adjust the firewall (iptables) settings, too;-)
By default, Fedora activates a number of services that I do not need or want.
For a stationary machine, I always enable the service network (so that I can use a remote login via ssh), but disable NetworkManager and NetworkManagerDispatcher since they only activate the network connection once the user is logged in. Exactly the opposite is applied on a laptop; here I usually do not need remote login but I want the network to come up only when I log in.
Here is the list of running services:
# /sbin/chkconfig --list|grep ":on" acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off dhcpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off dkms_autoinstaller 0:off 1:off 2:on 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off network 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:off 3:on 4:on 5:on 6:off stinit 0:off 1:off 2:on 3:on 4:on 5:on 6:off udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off vboxdrv 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
If you want a list of all services that are available but disabled, use the following command:
/sbin/chkconfig --list|grep ':off' | grep -v ":on"
F11 no longer supports the /etc/modprobe.conf file. All modules should be called from individual files in /etc/modprobe.d/.
For the Adaptec 2940 SCSI card, I created a /etc/modprobe.d/scsi.conf with the following content:
alias scsi_hostadapter aic7xxx
In F11, synchronising with my Palm Z22 and T2 works - finally! - out of the box. Simply use usb: as the communication port.
Having figured out the router and firewall setup in F8, I basically copied the configuration files from F8 to F11. This includes the two files /etc/sysconfig/network-scripts/ifcfg-eth0 and /etc/sysconfig/network-scripts/ifcfg-eth1, and verification of the following:
In /etc/modprobe.d/network.conf, the modules for both network cards are loaded:
alias eth0 e1000e alias eth1 pcnet32
In /etc/sysconfig/network, verify:
NETWORKING=yes HOSTNAME=XXX.localnet NETWORKING_IPV6=no # I do not need nor use this
In /etc/sysctl.conf:
net.ipv4.ip_forward = 1 # this is a router! net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 1 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1
... and here is /etc/sysconfig/iptables:
*mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -i eth0 -j MARK --set-mark 0x9 COMMIT *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -m mark --mark 0x9 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT # This is key for name resolution -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
Caveat: I have seen it happen that Fedora updates would overwrite this file without asking! Thus, if your internal network starts to behave strangely (e.g. name resolution no longer works), you may want to check if this file is still the same.
Since the system is used as primary server in our home network, I provide a DHCP server and a local news server:
yum install dhcp leafnode
Make sure the dhcpd service is running in runlevel 3, 4 and 5.
In /etc/sysconfig/dhcpd, bind the DHCP server to the internal network card:
DHCPDARGS=eth0
The content of the DHCP server configuration file is identical to the previous version, but the file is now at /etc/dhcp/dhcpd.conf. The actual numbers have been hidden:
authoritative;
ddns-update-style none;
log-facility local7;
default-lease-time 60000;
max-lease-time 604800;
option domain-name-servers XX.XX.XX.XX, YY.YY.YY.YY; # my ISP's DNS
option routers 192.168.XXX.XXX;
option broadcast-address 192.168.XXX.255;
subnet 192.168.XXX.0 netmask 255.255.255.0 {
ddns-updates on;
range 192.168.XXX.205 192.168.XXX.229;
range dynamic-bootp 192.168.XXX.230 192.168.XXX.250;
option nis-domain "localnet";
option domain-name "localnet";
use-host-decl-names on;
}
The configuration files for leafnode can be copied from the F8 system, but file ownership needs to be adjusted
(chown root:news /etc/leafnode/*) since the ID of user news has changed.
The cronjob for fetchnews can be copied from /etc/crontab as is.
Several users of the KDE desktop environment have recently (mid-2010) reported trouble with the akonadi server. Since I have experienced the same problems, here is a workaround that I found - it simply means removing the old akonadi directory, since it is not needed anyway:
cd ~/.local/share/ && mv akonadi/ akonadi-old/
If you already started kmail before, chances are that some akonadi services are still running, so kill these first:
for i in `ps -A|grep akonadi| awk '{print $1}'`; do kill $i; done
A number of applications that I use are not available in the Fedora repositories, for various reasons. Generally, I download all such "non-packaged" software into /usr/local/src, follow the instructions in the README and INSTALL files and install into the /usr/local/ tree. - Compiling and installation of a number of packages may require the installation of development headers and tools. I recommend to install the full set of development packages.
A very useful script to create PDF documents from LyX and LaTeX files. Instructions on configuring Lyx to use tex2pdf are given in the accompanying README file.
wget http://download.berlios.de/tex2pdf/tex2pdf-3.2a.tar.gz tar xvzf tex2pdf-3.2a.tar.gz chmod +rx tex2pdf-3.2a/tex2pdf cp tex2pdf-3.2a/tex2pdf /usr/local/bin/
Acrobat Reader is "the" PDF reader and the Flash plugin is needed to display animations on many websites. Download and install from the Adobe website are straightforward:
rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux yum install AdobeReader_enu flash-plugin
Download from the Google Earth website, then run the installer, then adjust SElinux:
sh ./GoogleEarthLinux-5.0.bin semanage fcontext -a -t textrel_shlib_t /opt/google-earth/ restorecon -R /opt/google-earth/
The default fonts look ugly on my KDE-based system, due to some duplicate libraries. To fix this (according to a posting on fedoraforum.org), rename the libraries:
cd /opt/google-earth/ for i in libQt*.so.4; do mv $i `echo $i| sed s/4/4.orig/`; done
Initially I had quite some trouble with the slooow display speed (Intel 3100 onboard graphics); with Google Earth 5.1.3533.1731 this problem disappeared :-)
Please refer to the instructions in the Unofficial Fedora FAQ.
A PCB layout editor.
wget ftp://ftp.cadsoft.de/eagle/program/4.16r2/eagle-lin-eng-4.16r2-1.i586.rpm yum --nogpgcheck localinstall eagle-lin-eng-4.16r2-1.i586.rpm
After installation, you have to launch eagle once as root to activate the license. Just select "run as freeware"; you do not need to create the directories.
I use VirtualBox to run an instance of Microsoft Windows as "guest" inside the Fedora 11 system. For details, please refer to my GPS software page.