Linux: Fedora 14 on a Dell Inspiron 530

Contents

Introduction

Note: This document has become partially obsolete due to the migration of this machine to Debian.

This page contains a description of the installation and customisation of Fedora 14 ("F14") on my Dell Inspiron 530 desktop computer which is used as server, router and production machine. It is a kind of follow-up to my Fedora 11 page and a part of this text is a simple copy of said page. - As usual, this document has been "anonymised" in a few places; in particular public IP addresses have been replaced by XXX or YYY.

Hardware

My Dell Inspiron 530 is still the same: Intel E4500 Core Duo 2.20 GHz processor with 800 MHz FSB, 3 GB RAM, 320 GB Seagate ST3320620AS harddisk (SATA 3.0 Gb/s, cache 16 MBytes, 7200 rpm), a DVD burner HL-DT-ST Model DVD+-RW GSA-H73N (HLDS Inc.), a Teac 19-in-1 media card reader, Intel 3100 onboard graphics and a Dell E228WFP 22" widescreen display.

Since it is a server and router for my home network, it is equipped with a second network card. The machine has performed flawlessly under Linux since its acquisition in early 2008. Initially I used it with Fedora 8 for about 1.5 years, then upgraded to Fedora 11 and in 2010-11 to the then-brandnew Fedora 14.

Linux Installation and Setup

Preparation

If you have another Linux system running that uses the same partitions (e.g. /home), be aware that the installer will re-format some partitions (at least the new system's root, usually also the swap partition). This may lead to changed signatures, impeding an eventual reboot of the "other" OS:

Installing Fedora 14

Installing Linux has never been easier!

The initial installation was performed from the Fedora 14 KDE live CD. Just boot from the CD, wait until you are in the live system, then select the "Install to Harddisk" option.

Using a custom disk layout, I simply installed F14 over the "old" Fedora 8 partition that was available on this system. Only the new root partition for F14 was formatted (requiring ext4).

Partition Type Filesystem Label mount point Comment
/dev/sda1 primary vfat DellUtility /mnt/dell Dell Utilities from factory install, left unchanged
/dev/sda2 primary 20 GB ext4 F14 / This is the root filesystem of Fedora 14.
/dev/sda3 primary 20 GB ext3 F11 /mnt/f11 This is (was) the root filesystem of F11. Will be used when updating the system in the future.
/dev/sda4 extended       This holds the following partitions.
/dev/sda5 logical 100 GB ext3 home /home This is huge. Resized to 60 GB in 2013.
/dev/sda6 logical 100 GB ext3 share /mnt/share Local NFS export. Music, images, etc. Resized and to 120 GB in 2013.
/dev/sda7 logical 5 GB swap swap swap Swap space
/dev/sda8 logical 60 GB ext3 vbox /mnt/vbox VirtualBox files. Resized to 80 GB in 2013.

Note: The partitions for /home, /mnt/share and /mnt/vbox were later converted to ext4.

Once the base system is installed, I modify the package selections to suit my needs. While I am very much in favour of Fedora's policy of using only Open Source Software, the real world still needs some workarounds: I cannot watch videos on DVD, or listen to music files in the car without using some proprietary or otherwise "sensitive" code. Most of this material is available from rpmfusion.org, a few specific rpm (such as libdvdcss) from livna. Since both were down when I tried to install, I went for a mirror:

rpm -ivh http://mirror.switch.ch/ftp/mirror/rpmfusion/free/fedora/rpmfusion-free-release-stable.noarch.rpm\
         http://mirror.switch.ch/ftp/mirror/rpmfusion/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
rpm -ivh http://ftp-stud.fht-esslingen.de/pub/Mirrors/rpm.livna.org/livna-release.rpm

Now, before upgrading anything else, I install some yum options, wget and vim ... this allows me to customize the system while downloads are running in the background:

yum -y install yum-plugin-fastestmirror vim wget

Clean up and removed un-used stuff:

yum -y remove koffice* kdegames*

At this point I run a first update of the system. This may last a while but it will bring e.g. the kernel up to the latest version:

yum -y update

Afterwards comes the main selection and installation of packages. Make sure this is all on one line:

yum install unison gftp firefox mc yum-utils sharutils memtest86+ jpilot lsb gcc make patch binutils nmap \   
pgp-tools gnuplot subversion tidy bluefish sitecopy gimp perl-Image-ExifTool xsane-gimp kipi-plugins xfig \ 
glabels lyx tetex-tex4ht xpdf pdftk pdfchain aspell-de aspell-fr perl-CPAN perl-XML-DOM bogofilter kdirstat \
openoffice.org-writer openoffice.org-calc openoffice.org-impress openoffice.org-graphicfilter openoffice.org-math \
openoffice.org-langpack-fr openoffice.org-langpack-de system-config-printer hplip amarok xine-lib-extras-freeworld \
libdvdcss vlc k3b k3b-extras-freeworld easytag vorbis-tools ktorrent gpsbabel djview4 digikam hugin autopano-sift-C \
dkms klamav libgomp glibc-headers glibc-devel kdesdk qdevelop gcc-c++ automake autoconf java-1.6.0-openjdk-plugin 

yum install dhcp star mt-st    # only on the server

yum-complete-transaction                                                                                                 
yum clean all

Multimedia codecs are from the mplayer repositories, almost identical to F11:

cd /tmp
wget http://www.mplayerhq.hu/MPlayer/releases/codecs/all-20110131.tar.bz2
mkdir -p /usr/lib/codecs
tar -jxvf all-20110131.tar.bz2 --strip-components 1 -C /usr/lib/codecs/

Fine-tuning Fedora

While the system is updating (or afterwards), I adjust some of the system files, with the "old" F11 partition mounted at /mnt/f11. First, recover the mount points from the old /etc/fstab:

mkdir /mnt/f11 /mnt/dell /mnt/share /mnt/vbox                           # create mount points
mount -t auto /dev/sda3 /mnt/f11                                        # mount Fedora 11 root  
grep vbox /mnt/f11/etc/fstab  >> /etc/fstab                             # VirtualBox partition
grep share /mnt/f11/etc/fstab  >> /etc/fstab                            # shared partition
grep dell /mnt/f11/etc/fstab  >> /etc/fstab                             # Dell utility partition                                                      

Having figured out the router and firewall setup in F8 and F11, I could copy most configuration files from the old installation. With the "old" F11 partition still mounted at /mnt/f11:

cp /mnt/f11/etc/sysconfig/network-scripts/ifcfg-eth* /etc/sysconfig/network-scripts/   # both network cards   
cp /mnt/f11/etc/modprobe.d/network.conf /etc/modprobe.d/network.conf    # assigns which network card is eth[0|1]  
cp /mnt/f11/etc/hosts.allow /etc/hosts.allow                            # access control
cp /mnt/f11/etc/hosts.deny /etc/hosts.deny                              # access control
cp /mnt/f11/etc/sysconfig/iptables /etc/sysconfig/iptables              # firewall specific for a router
cp /mnt/f11/etc/rsyslog.conf /etc/rsyslog.conf                          # logging
cp /mnt/f11/etc/exports /etc/exports                                    # local NFS exports 
cp /mnt/f11/etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf	                # DHCP server for my internal network
cp /mnt/f11/etc/sysconfig/dhcpd /etc/sysconfig/dhcpd                    # binds dhcpd to network card eth0
cp /mnt/f11/etc/cups/cupsd.conf /etc/cups/cupsd.conf                    # print server configuration
cp /mnt/f11/etc/cups/printers.conf /etc/cups/printers.conf              # printer configuration
cp /mnt/f11/etc/printcap /etc/printcap                                  # printer list

In addition, verify that IP forwarding is enabled in /etc/sysctl.conf:

net.ipv4.ip_forward = 1     # this is a router!
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 1
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1

Of course, sshd is set up rather restrictive; some key entries in /etc/ssh/sshd_config are:

Protocol 2
PermitRootLogin no
PermitEmptyPasswords no
PasswordAuthentication yes

If you cannot ssh into a freshly set up machine (ssh: connect to host 192.168.xx.yy port 22: No route to host) the reason is most probably that the firewall has not yet been configured correctly. What worked for me was to run the graphical firewall administration tool, de-select ssh, save the configuration and then re-select ssh again and re-save the configuration.

As a side note: There are three sets of network configuration files related to the ifcfg-ethN devices, which often creates confusion. You can edit any of these - they are hardlinked since they share the same inode: use ls -il /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/networking/devices/ifcfg-eth0 /etc/sysconfig/networking/profiles/default/ifcfg-eth0 to verify ... or, shorter: find /etc/sysconfig/ -type f -name "ifcfg-eth*" -exec ls -li {} \;

Services

By default, Fedora activates a number of services that I do not need or want. As a quick start, I run the following line (after the system has booted twice, i.e. the first run is complete and the live-system is no longer needed):

/sbin/chkconfig atd off
/sbin/chkconfig bluetooth off
/sbin/chkconfig ip6tables off
/sbin/chkconfig iscsi off
/sbin/chkconfig iscsid off
/sbin/chkconfig livesys off
/sbin/chkconfig livesys-late off
/sbin/chkconfig openct off
/sbin/chkconfig pcscd off
/sbin/chkconfig lvm2-monitor off    # keep this on a RAID1 system
/sbin/chkconfig mdmonitor off        # keep this on a RAID1 system
/sbin/chkconfig sshd on             # to enable remote login

After some cleanup, here is the list of running services: :

#  /sbin/chkconfig --list|grep ":on"
abrtd           0:off   1:off   2:off   3:on    4:off   5:on    6:off
acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
avahi-daemon    0:off   1:off   2:off   3:on    4:on    5:on    6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cups            0:off   1:off   2:off   3:on    4:on    5:on    6:off
dhcpd           0:off   1:off   2:off   3:on    4:on    5:on    6:off
dkms_autoinstaller      0:off   1:off   2:on    3:on    4:on    5:on    6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
irqbalance      0:off   1:off   2:off   3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcbind         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcidmapd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
sendmail        0:off   1:off   2:on    3:on    4:on    5:on    6:off
smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
udev-post       0:off   1:on    2:on    3:on    4:on    5:on    6:off
vboxdrv         0:off   1:off   2:on    3:on    4:on    5:on    6:off
vboxweb-service 0:off   1:off   2:on    3:on    4:on    5:on    6:off
xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off

If you want a list of all services that are available but disabled, use the following command:

/sbin/chkconfig --list|grep ':off' | grep -v ":on"

Please note that NetworkManager and the various system-config-network* scripts interfere with each other:

Kernel choice

Since Fedora 11 at least, the default kernel that was installed was a PAE kernel. With F14, a "standard" kernel was installed. To switch to the PAE kernel:

yum install kernel-PAE kernel-PAE-devel 

In addition, edit /etc/sysconfig/kernel and change DEFAULTKERNEL=kernel to DEFAULTKERNEL=kernel-PAE.

If you are running particular kernel modules, remember to update these, too - as an example, if you were running wireless on a standard kernel with the module kmod-wl, you will need to load kmod-wl-PAE now.

User Accounts

Fedora uses User Private Groups (UPG) where the group ID is the same name as the user ID. For a while, I preferred to have all users in the group users, so I modified the user account, removed its private group and change ownership accordingly:

chown -R joe:users /home/joe

It is possible that there are still some stray files in the system. Before changing ownership blindly, I would always feed the list to a file, verify this and modify files only afterwards:

find / -gid 500 > /tmp/gid500files.txt
find / -gid 500 | xargs chgrp users

Update: later on I reverted to UPG; read about the advantages e.g. in this article. In the example presented here, we have an existing user "joe", UID 500, with its primary group "users", GID 100. We want to revert to UPG with UID and GID 1000 (in preparation of the installation of Debian where "normal" UIDs start at 1000).

  1. See if a private group for user joe exists:
    grep ^joe /etc/group
    
  2. If yes, edit /etc/group and change the UID of joe from 500 to 1000. If not:
    /usr/sbin/groupadd -gid 1000 joe
    
  3. Edit /etc/passwd and change both GID of joe from 500 to 1000.
  4. Change ownership of files in home directory and in the system:
    chown -R joe:joe /home/joe
    find / -uid 500 -print0 | xargs -0 chown joe
    find / -gid 500 -print0 | xargs -0 chgrp joe
    
  5. Check manually for files with "wrong" UID or GID, e.g. on shared drives or on the VirtualBox partition.

log files

On production machines I like to have a quick look at the key logfiles. Of course the default permission for these files is rather restrictive ... yet I do not want to log in as root just to have read access. On the other hand, I don't want to grant access to these files to all users in my group.

With Linux supporting ACL (access Control Lists), the solution is as simple and as elegant as it can get: Use ACL to grant selective access on a per-file and per-user basis. The following line allows user joe to read /var/log/messages:

setfacl -m user:joe:r-- /var/log/messages

Trouble-free!

Installing and using Linux has never been easier: Almost everything worked right out of the box!

Lenovo IdeaPad S12

"Suspend" broken

I'm using a Lenovo IdeaPad S12 as laptop. I recently installed F13, but changed to F14 since it was published just a few days later and the NetworkManager application had been improved (this was brought to F13 later on, too). I was having an issue here:

In Fedora 13:

In Fedora 14, things have swapped:

Using Fedora 'testing' repos

To install packages while they are still in the Fedora 'testing' repos, use a command along the following line:

yum --enablerepo=updates-testing update kde-plasma-networkmanagement

Packages not provided in the Fedora repositories

A number of applications that I use are not available in the Fedora repositories, for various reasons. Generally, I download all such "non-packaged" software into /usr/local/src, follow the instructions in the README and INSTALL files and install into the /usr/local/ tree. - Compiling and installation of a number of packages may require the installation of development headers and tools. I recommend to install the full set of development packages.

tex2pdf

A very useful script to create PDF documents from LyX and LaTeX files. Instructions on configuring Lyx to use tex2pdf are given in the accompanying README file.

cd /tmp
wget http://download.berlios.de/tex2pdf/tex2pdf-3.2a.tar.gz
tar xvzf tex2pdf-3.2a.tar.gz
chmod +rx tex2pdf-3.2a/tex2pdf
cp tex2pdf-3.2a/tex2pdf /usr/local/bin/

Acrobat Reader, Flash Plugin

The Flash plugin is needed to display animations on many websites. Download and install from the Adobe website are straightforward:

rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
yum install flash-plugin # AdobeReader_enu mozplugger 

Acrobat Reader is "the" PDF reader. However, I have currently removed AdobeReader from my computer since it generates a security warning with SELinux. Instead, I use xpdf and Okular as PDF readers.

Google Earth

This one required quite some work; initially Google Earth crashed in Fedora 14 (and as of early December 2010, the "6 beta" still does, so make sure you download the 5.1 version instead - mine is currently 5.1.3535.3218). In spite of the broken installer, I got it working as follows:

sh ./GoogleEarthLinux.bin --target /tmp/ge
cd /tmp/ge/setup.data/bin/Linux/x86
mv -f setup.gtk setup.gtk2
cd /tmp/ge2
./setup.sh
yum install redhat-lsb

The default fonts look ugly on my KDE-based system, due to some duplicate libraries. To fix this (according to a posting on fedoraforum.org), rename the libraries:

cd /opt/google-earth/
for i in libQt*.so.4; do mv $i `echo $i| sed s/4/4.orig/`; done

MS Core Fonts

If you have already installed these fonts on a previous version of the system, simply copy them, then update the font cache:

mkdir /usr/share/fonts/msttcore
cp -v /mnt/f11/usr/share/fonts/msttcore/* /usr/share/fonts/msttcore/
fc-cache /usr/share/fonts/msttcore/

Of course you could copy them using any other tool that does the job, such as scp:

scp -P <port> user@192.168.X.Y:/usr/share/fonts/msttcore/* /usr/share/fonts/msttcore

Otherwise, please refer e.g. to the instructions in the Unofficial Fedora FAQ.

Virtualisation and the like

VirtualBox

I use VirtualBox to run an instance of Microsoft Windows as "guest" inside the Fedora system. For details, please refer to my GPS software page.

Citrix

For certain applications (e.g. a consulting mandate that required accessing the client's data remotely) I use Citrix Receiver, which is essentially a terminal client to a Microsoft Windows server. The software is not Open Source but is available free of charge on the manufacturer's website, section "Downloads", product "Citrix Receiver".

The installation as such is straightforward; as root:

yum install openmotif.i686
yum -y --nogpgcheck localinstall ICAClient-12.1.0-0.i386.rpm

... with that, the firefox plug-in worked but I received an error message: SSL Error - Contact your help desk with the following information: You have not chosen to trust "VeriSign Class 3 Public Primary Certification Authority - G5", the issuer to the server's security certificate (SSL Error 61).

To resolve this problem, you need to find, download and install the SSL root certificate manually:

  1. In my case, a web search with ssl root certificate verisign quickly led to the Verisign support page.
  2. Find and download the corresponding certificate (here, G5)
  3. cp PCA-3G5.pem /opt/Citrix/ICAClient/keystore/cacerts/
  4. Done!

Links