This file is intended to be a list of customizations I've applied to a Fedora 12 system (f12). For earlier and later systems, see Contents.
These are applied to our systems after doing a kickstart install, and as needed after that. Packages are installed using the usual yum. Individual files may be distributed using rdist or rsync. Some files are system configurations which are installed in place: there may be an associated rdist action to restart a corresponding system service. Other files are simply action scripts in the sense that rdist runs them after transferring or updating them: these are mostly installed in /root/conf.
If you get warnings on starting acroread (32-bit) from a command line, of the form Gtk-WARNING **: Unable to locate theme engine in module_path, then you need to install the gtk2-engines.i686 package.
In order for Adobe Flash (32-bit) to work, you need to ensure you have got installed the Fedora nspluginwrapper.i686 package. You can install this after flash-plugin, or before, it doesn't seem to matter.
As of early July 2010, the Adobe YUM repository knew about the updated Flash, version 10.1.53.64, but didn't seem to know about the security issue with Adobe Reader versions 9.3.2 and earlier, which resulted in the release of AdobeReader_enu-9.3.3. So as of that date, this had to be downloaded via non-repository means. As of late August 2010, the Adobe YUM repository knows about Adobe Reader version 9.3.4, and as of early October 2010, it knows about version 9.4.
There is a conflict with IMA for openafs-client-1.4.12 and others at kernel level 2.6.31.12-174.2.3 and 2.6.32.11-99 and others, with the kernel's IMA support (Integrity Measurement Architecture). The log fills with messages like "kernel: ima_file_free: open/free imbalance".
It seems that this may be fixable in the future by a kernel parameter to turn off IMA, or a change in the way openAFS does disk caches, but a circumvention for the moment is to add option -memcache in AFSD_ARGS in file /etc/sysconfig/openafs, to cause use of an in-memory AFS cache.
export XDG_UTILS_DEBUG_LEVEL=4 # to give extra information xdg-icon-resource install --size 32 /root/png/BHAM-desy.png BHAM-desyThis follows the naming convention that a vendor- prefix should be used for the installed icon; in this example the final argument is superfluous since it matches the icon filename.
The solution was for the user to remove old historic font definition files using a simple cleanfonts script (below) and then start a new session; of the following, $HOME/.fonts.conf may be the main culprit:
cd; rm -R .fonts .fonts.cache-* .fonts.conf .fontconfig
(Installation of gecko-mediaplayer using yum also installs gnome-mplayer. The totem-mozplugin package is not required).
I first downloaded the ICAClient-11.100-1.i386.rpm package, free from the www.citrix.com web-site Downloads area.
In order to install this 32-bit package on my 64-bit systems, the following 32-bit libraries were at first missing: libXaw.so.7 libXmu.so.6 libXpm.so.4 libXp.so.6 libXm.so.4. This required yum install libXaw.i686 (which also installs libXmu and libXpm as dependencies), and yum install libXp.i686, but this left libXm.so.4 still required. The Fedora 12 lesstif package provides libXm.so.2 but not a later version. The openmotif package provides it, indeed the Citrix web-site says that OpenMotif v2.3.1 is required for their client, but it is not available under Fedora 12 for licensing reasons. It is however available from Scientific Linux 5 and CentOS 5 sites, and the versions there are compatible with Fedora 12 in this case. So with that installed, the ICAClient-11.100-1.i386.rpm package installs cleanly.
There is then an error when you run /usr/lib/ICAClient/wfica or /usr/lib/ICAClient/wfica.sh, as follows:
Warning: Missing charsets in String to FontSet conversion Warning: Unable to load any usable fontset Error: Aborting: no fontset foundAdvice on the web is to set LANG=C in place of (say) en_US.UTF-8, and that can be done by inserting export LANG=C in shell script /usr/lib/ICAClient/wfica.sh, or in my case in our local script /usr/local/bin/wts. Using unset LANG in those places is equally effective.
On moving from ICAClient version 9 to version 11, I found all the users' drive mappings didn't work. On making a trivial (non-)change in their settings in wfcmgr, and clicking Apply to cause them to be re-saved, they all worked again, so I guess there has been an incompatible parameter change in the ini files for the ICA client between version 9 and 11.
I then found a 15 second delay in connecting to the terminal server, during which time the Citrix splash screen is displayed. During this time, the client is sending out UDP broadcasts to the icabrowser port (port 1604), and just the terminal server machine responds, and 3 probes are going out at 5 second intervals, whereas previously (older system, older ICAClient) it was at 1 second intervals, and so wasn't seen as a problem. This was resolved by setting the client wfcmgr setting Properties -> Network -> Server Location to the DNS name of my terminal server, as well as that being the Destination name. The same exchanges then take place but without using broadcasts and without the delays.
A bug/feature of the new setup with ICAClient-11 is that when viewing a drive-mapped directory on the Windows system, using say Windows Explorer as usual, ordinary directories and files work fine, but attempts to access files which are symbolic links to other linux files or directories fails. These symbolic (or soft) links were created on the Linux system using the usual Linux command ln -s. Clicking on such files gives the error Filename is not accessible. The parameter is incorrect. On the other hand, shortcuts created by Windows on the drive-mapped directories continue to work on Windows, and create .lnk files, but of course they are not recognised as links by Linux. This is a ICAClient problem not present in ICAClient version 9, as I have not changed the software on the Windows system, which remains Metaframe Presentation Server.
The circumvention for that security feature is to be found on this forum page. That worked for me: in fact I only needed to tweak wfclient.ini, as the other file was already configured as required.
It does not seem to be possible to change this for all users, yet (KDE 4.4.0). The file to change ought to be /usr/share/kde-settings/kde-profile/default/share/config/kglobalshortcutsrc but, as noted by this Red Hat bug report, and a comment in the file itself, this file is apparently ignored.
Also see so-called Bug 108510, the patch for which may well be the source of all the trouble, as it turns out.
To suppress the loading of the nouveau driver during boot-up, which is a prerequisite for a different graphics driver to access the graphics device, it was necessary to remove rhgb quiet and add nouveau.modeset=0 to the kernel line in the /boot/grub/grub.conf file.
With the nvidia driver downloaded from the www.nvidia.com web-site and installed, the problem didn't occur with EVO version 2, but EVO version 1.5.x continued to complain about no OpenGL, oddly. However since EVO version 2 is out of beta soon, this is not a problem.
On a PC with a different install history, EVO's ViEVO window wouldn't appear, even though the Tools -> Video -> Advanced window said that OpenGL was present. But the /tmp/Koala.log file had the line
ViEVO ERR ./vievo: error while loading shared libraries: libSDL-1.2.so.0: cannot open shared object file: No such file or directorywhich gave the hint to install the SDL.i686 version as well as the x86_64 version. (This may be required because of my use of a 32-bit version of Sun Java).
Note that the OpenGL functionality of the nvidia driver can stop working if the xorg-x11-server-Xorg package is updated at some point by (say) yum, when the X server is next started: after a reboot, for example. This is because that package supplies file /usr/lib64/xorg/modules/extensions/libglx.so, which in a nvidia driver setup is replaced by a soft-link to a nvidia version-numbered file. On my systems, I detect such an update at boot time and force a re-install of the nvidia software. However, it is probably sufficient simply to re-instate that soft-link from a copy, either every boot or after a yum update. There may be other files provided by the nvidia driver software that a yum update will replace, but I haven't found any others in the current software. Of course, if a new kernel is installed, a new kernel module will need to be built; that too can be detected and performed at boot time.
The audio of EVO (either version) works with my PCs' built-in Intel analogue audio input/output, It also works with a Logitech USB adapter, though it's necessary to use kmix (or alsamixer) to raise the volume of that device from an initial zero. With EVO version 1.5, the received sound on built-in soon deteriorated to Dalek quality on one test; this needs looking at again.
But locally I have added export GS_OPTIONS=${GS_OPTIONS:--sPAPERSIZE=a4} near the top of this script, to save the ordinary user some hassle. This way it's easy enough for the expert user to override, on the odd occasions that A4 is not required.
The config file can be set up in user mode by invoking the screensaver with the --setup option, and then moving that file from the user $KDEHOME/share/config/ directory to /usr/share/config so that it applies to all users.
The resource files are in directory /usr/share/kde4/apps/kdisplay/app-defaults/. So an alternative presumably is to comment-out property definitions in those files, or remove unwanted files.
In this release, all of the 6 mailcap entries present for various mime-types use /usr/bin/xdg-open to invoke the corresponding application. In principle this is a good idea, but which doesn't always work out, when the file being acted upon is a temporary file.
With KDE installed, the application so-invoked for image/* is gwenview, and, because that monitors the file during display to test for changes, it does not cope well when the underlying application then deletes the temporary file! This happens because /usr/bin/xdg-open invokes kde-open, and this command launches a further application like gwenview and then exits immediately, instead of waiting for gwenview to finish. So for image/* I changed the invoked application from /usr/bin/xdg-open to gwenview, and that works without problems.
For OpenOffice equivalents for MS word, MS excel and MS powerpoint, I've added an explicit call to ooffice.
Previously customised for PDF files to call /usr/local/bin/pdfviewer, which allowed a user environment variable to choose between preferred applications, but for the moment I'm leaving this at the mailcap default of calling /usr/bin/xdg-open for this mime-type.
This also is a good place to define the version of javaws to use for application/x-java-jnlp-file, though the most common use of this for my users was for the EVO video-conferencing application, which I now encourage people to start using an EVO desktop panel icon, instead.
For mozilla-type browsers, the variable which defines this file's location can be found in an about:config listing: helpers.global_mailcap_file. There is also the user's personal version at helpers.private_mailcap_file (and you may also find helpers.global_mime_types_file and helpers.private_mime_types_file).
This is a good point to mention that if migrating from previous versions of Linux, personal mailcap files $HOME/.mailcap may contain entries which are no longer valid, and therefore will get in the way of invoking the right application. I have a script cleanmailcap which removes all invalid entries; in practice this generally removes all entries, so it would have been sufficient simply to remove the $HOME/.mailcap file.
SEARCH="mydept.example.com example.com" RES_OPTIONS="timeout:3 rotate"These values are made use of by the /sbin/dhclient-script when the network is started, and used to set corresponding values in /etc/resolv.conf. The SEARCH value goes into a search directive and determines which domains are searched when a name with fewer than n dots (default 1) is looked-up. The RES_OPTIONS value goes into a options directive, and in this case specify the DNS lookup timeout and to rotate queries amongst the DNS servers. For more information on these, see man resolv.conf.
Other techniques for specifying the search order, such as specifying dhcp option 119 in /etc/dhcpd.conf on the dhcpd server, did not work for me, but the above technique works just fine.
So the symptoms are: a printer is not printing even though there's a queue, lpq reports not ready for that printer, /etc/cups/printers.conf contains separate lines containing State Stopped, StateMessage Printer not responding, Reason paused, and /var/log/cups/error_log contains lines like Unable to write print data: Broken pipe, Backend returned status 1 (failed), Printer stopped due to backend errors; please consult the error_log file for details. .
After several abortive attempts to find anything useful on the web about this, I found this handy article, so at least I knew I wasn't alone! I had already made a fix-up command using the same approach to change the state in the printers.conf file, and there was the alternative of using the cupsenable command instead (not tested), but I was looking for something that didn't involve intervention every time a problem came up. So I used the same method as in the very last paragraph of that page: in /etc/cups/printers.conf, change the ErrorPolicy from stop-printer to abort-job. This CUPS documentation page gives useful information on the options. I might try the retry-job option sometime; the number of retries (default 5) is apparently controlled by the JobRetryLimit in the cupsd.conf file, where also is the JobRetryInterval (default 30 seconds).
In fact this is something that could be configured when a printer is added to the system, such as by using the system-config-printer utility: under Properties / Policies, it's possible to configure the printer error policy. You can configure this later, using the same utility, or by using the cups GUI, but I have known this to change (screw up?) carefully set-up changes elsewhere, so the safest approach when doing it later is to modify the /etc/cups/printers.conf by hand as above, stopping the cups service first of course.
$ echo $XAUTHORITY /var/run/kdm/.Xauth2cdkFa $ DISPLAY=otherpc:0 xset q No protocol specified xset: unable to open display "otherpc:0" $ unset XAUTHORITY $ DISPLAY=otherpc:0 xset q Keyboard Control: auto repeat: on key click percent: 0 LED mask: 00000000 .. etc ..
I have no particular solution to tackle this generally, although one could presumably unset XAUTHORITY at an early stage. I'll compare it with what you get when gdm is the login greeter (aka DISPLAYMANAGER in /etc/sysconfig/desktop).
To turn off IPv6 DNS lookups when firefox is being used, which cause unnecessary lookup delays, you can view page about:config and set network.dns.disableIPv6 to true, or add the equivalent in the prefs.js file:
user_pref("network.dns.disableIPv6", true);
To turn off IPv6 DNS lookups when an ssh client command is used, my local wrapper script uses ssh with the -4 option. An alternative seems to be to put AddressFamily inet in file /etc/ssh/ssh_config, possibly within the scope of a Host declaration.
To turn off IPv6 for the sshd daemon specifically, you can substitute ListenAddress 0.0.0.0 in /etc/ssh/sshd_config file.
You can tell if IPv6 support is generally enabled if the following give some output:
lsmod | grep ipv6
ip a | grep inet6
netstat -nutlp | grep ::
The lsmod has a non-zero use count in the default case (but see below).
The netstat assumes you've got some services running which
might allow IPv6 clients, like rpcbind, or an unconfigured sshd.
Trying various recipes on the web in turn, separately (not together!), to see if they apply to Fedora 12:
install net-pf-10 /bin/true
install ipv6 /bin/true
This works.
Use /bin/false if you don't mind seeing half-a-dozen FATAL messages in the log.
If your system uses rpcbind, you may see reassuring log messages like
rpcbind: cannot create socket for tcp6 and udp6.
Under a vanilla Fedora 12, the use of 00 in the name for ordering purposes
is not needed, so you can call it what you like,
as those aliases don't appear elsewhere in that directory.
We have a wrapper script /usr/local/bin/xv that simply does the following:
#!/bin/sh
echo 'xv.pspaper: a4' | xrdb -merge
/usr/bin/xv "$@"
Here's a list of such autostart files which (possibly for valid reasons) don't have specific *ShowIn tags on my system: abrt-applet.desktop gnome-keyring-daemon.desktop krb5-auth-dialog.desktop nm-applet.desktop polkit-gnome-authentication-agent-1.desktop pulseaudio.desktop restorecond.desktop sealertauto.desktop xfconf-migration-4.6.desktop.
The print-screen function key setting will also be found under Keyboard & Mouse / Global Keyboard Shortcuts / component khotkeys.
L.S.Lowe
