Linux desktops Fedora 15 (Lovelock) customization

This is a page for Fedora 15, which was released on 24 May 2011. It's got some advice on what custom changes I applied to that system. For earlier or later systems, have a look at the Contents page.

Install of f15 failed initially when using kickstart

Install can stall

         route add -net xxx.yy.0.0 netmask 255.255.0.0 reject

Network device naming

# grep -o biosdevname=.* /proc/cmdline
biosdevname=0
# dmesg | grep eth0
[    8.640315] tg3 0000:04:00.0: eth0: Tigon3 [partno(BCM95754) rev b002] (PCI Express) MAC address 00:22:19:xx:xx:xx
[    8.640320] tg3 0000:04:00.0: eth0: attached PHY is 5787 (10/100/1000Base-T Ethernet) (WireSpeed[1], EEE[0])
[    8.640323] tg3 0000:04:00.0: eth0: RXcsums[1] LinkChgREG[0] MIirq[0] ASF[0] TSOcap[1]
[    8.640326] tg3 0000:04:00.0: eth0: dma_rwctrl[76180000] dma_mask[64-bit]
[   10.349101] udev[502]: renamed network interface eth0 to em1

Use of systemd in place of upstart and SysVinit

From the migration point of view, this leaves something to be desired, in that /etc/rc.d/rc.local (aka /etc/rc.local) by default is started before networking setup or local or remote disk mounting is complete. But rc.local is the service most likely to be used by the local administrator, and so is the one where full backward compatibility should have been preserved, IMHO. Funnily enough the service that starts it is called /etc/rc.local Compatibility.

Meanwhile, until I migrate local stuff to systemd, I've adapted a suggestion from G.Merli (thanks!): copying /lib/systemd/system/rc-local.service to /etc/systemd/system/rc-local.service, and in that copy, adding the line After=remote-fs.target in the [Unit] section. This delays the starting of rc.local till the remote mounts have been done: for me, typically 8 sec delay from systemd start for the network, plus 0.1 sec for remote mounts. If you care about the network being up but don't care about remote mounts, After=network.target will be fine.

There's some discussion of similar problems: for example Bug 754789. I notice that in Fedora 16, a model rc.local script is not provided, though the service is there to start it if you create it yourself. This issue seems now to have been addressed for Fedora 16, see Bug 754789 comment 15 onwards.

firstboot service starts even though disabled in kickstart

if [ -e /etc/systemd/system/graphical.target.wants/firstboot-graphical.service ]; then
   systemctl disable firstboot-graphical.service
   systemctl disable firstboot-text.service
fi

The sandbox service and effects

One of its effects is to provide extra bind mounts for /var, /var/tmp, and /home. In other words, even if those directories reside in your root (/) filesystem, and are not on separate partitions or logical volumes, they appear in a df and mount command output and in /etc/mtab. This applies even if SELinux is disabled (with SELINUX=disabled in /etc/sysconfig/selinux). I turned this off using a chkconfig sandbox off and rebooted, and these extra mounts disappeared. It sounds like an interesting facility, but I don't want it yet!

Bind mounts reported differently

In the earlier kernels this did give rise to the oddity that if you did those bind mounts and then umounted /share, and then maybe even mounted another device as /share, the bind mounts were still listed just like before, which was misleading. I could argue though that giving a plain device file in a df output as the source of a subdirectory bind mount is also misleading.

A more informative command though is findmnt. In my case, the information line contains /tmp /dev/sda12[/xtmp] so it's possible to see the subdirectory source of the bind mount command.

*I've noticed that in Fedora 15, /etc/mtab is a sym-link to /proc/mounts which in turn is a sym-link to /proc/self/mounts. In Fedora 12, /etc/mtab was maintained separately, and contained information on which mounts had been achieved via binding, which the kernel version /proc/self/mounts did not have. This I guess is why df output has changed. I like this link which puts the subject of binding into perspective.

Use of file capabilities

More recently, file capabilities are supported, whereby the privileged capabilities for a process can be initially set from the extended attribute bits of its executable file, rather than by requiring a setuid-root executable file which then might (or might not) confine its capabilities using system calls.

Fedora 15 has had an initiative to make more use of file capabilities. Checking using getcap -r /bin /usr/bin /sbin /usr/sbin reveals around nine commands in those directories which used to be setuid-root in Fedora 14, but are now simply setcap. As I have one or two setuid-root programs of my own, I'll have to see if I can make them have setcap rather than setuid. For example, use CAP_SYS_CHROOT as a permitted but not inheritable capability for a command that does a chroot(2) and then executes user code, and use CAP_SYS_NICE for commands that need real-time priority.

One issue related to capabilities happened for me for machines where, as an alternative to installing Fedora 15 from scratch, I rsync an image of a Fedora 15 system taken from a vanilla (installed but not yet booted) system. In that case, certain commands didn't receive their capability settings. So when an ordinary user issued /bin/ping, s/he got the message: ping: icmp open socket: Operation not permitted. The ping command is one of those that is no longer setuid-root in Fedora. This happened because of two omissions of mine: firstly the source and destination file-systems containing the Fedora image hadn't been set up with default mount options user_xattr acl, which can be set using tune2fs or explicitly specified on mount, and secondly, when performing the rsync, both to create and to later fetch from the image, I just used option -a and omitted to use option -X or --xattrs, required to preserve extended attributes.

Font rendering issues

Hover to view fonts >> << hover to remove

Application	As supplied	As fixed
firefox
firefox, xmag view
Terminal application, colours switched to black-on-white, default font (monospace 12), xmag view
LibreOffice Writer
LibreOffice Writer, xmag view

In the as-supplied case the characters are skinnier and, to my eyes, more irregular: some characters are hinted quite a bit, and some aren't (like i F T). In the case of LibreOffice, parts of the Times Roman digit 2 have almost been greyed-out of existence in the as-supplied case.

The fix-up was to make use of the autohinter by:

         ln -s ../conf.avail/10-autohint.conf /etc/fonts/conf.d/

Getting CUPS printing to work

ServerName  my.cups.server:631

Installing Skype

The skype rpm downloaded from Skype for Fedora is a 32-bit version. It used to be the case that the rpm didn't declare all its dependencies; if that is still true with version 4.0, you may also need to yum install qt-devel.i686 and yum install libXScrnSaver.i686 packages, if they are not already present on your system (particularly likely if your Fedora is 64-bit).

The Options / Sound Devices screen says "It appears your system has PulseAudio running: to change sound settings you need to use your Desktop Manager volume control or PulseAudio volume control". Trying to get skype to use a particular audio device was helped by installing the Fedora pavucontrol package for PulseAudio, so I could list audio streams and which device they are connected to. With that installed, the skype Options / Sound Devices panel gives an extra button Open PulseAudio Volume Control. Then in principle you can see what audio streams there are for Playback and Recording and which hardware audio device they are connected to. (Or you can use the session manager's sound control interface: eg kmix seems to have the same facilities).

As well as the built-in Intel audio, skype works nicely with my USB audio devices: Phoenix Duet (the basic PCS, and the Duet Executive TMX320VC5509) the similar-looking Plantronics Calisto P420-M, and a Logitech ClearChat Pro USB headset.

Adobe repository, Adobe Reader and Flash

It doesn't matter if you install/update firefox before or after installing flash-plugin, in terms of setting up the required symlinks from the browser to the plugin, because flash-plugin's setup script is run when flash-plugin is installed, but also when triggered by the install of firefox, mozilla, opera, and seamonkey.

If you have a 64-bit Fedora installation, but a 32-bit version of an Adobe package, then you need to install some 32-bit versions of a couple of packages, as follows.

If you get warnings on starting acroread (32-bit) from a command line, of the form Gtk-WARNING **: Unable to locate theme engine in module_path, then if the message mentions oxygen-gtk, you need to install the Fedora oxygen-gtk.i686 package. (In previous versions it was necessary to install the Fedora gtk2-engines.i686 package).

In order for Adobe Flash 32-bit to work on a 64-bit system (if this is what you want to do even though a 64-bit version is now available), you need to ensure you have got installed the Fedora nspluginwrapper.i686 package. You can install this after flash-plugin, or before, it doesn't seem to matter.

On one occasion, even though Adobe Flash was fully and correctly installed, my firefox lost knowledge of the Flash plugin. Trying with a different firefox profile on the same machine showed Flash was present and correct. I fixed the problem for my default profile by stopping firefox and deleting the file pluginreg.dat in the $HOME/.mozilla/firefox tree. That file was then regenerated on firefox startup and Flash worked again. In fact, this is similar in effect to the Mozilla-recommended method of re-creating the plugins database, which recommends doing the same, but via the firefox Help / Troubleshooting page.

ATrpms repository

Then you can simply yum install any required ATrpms package. Because of clashes with rpmfusion I normally have these repos disabled by default until needed (see below).

rpmfusion repositories

yum localinstall http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
yum localinstall http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm

You can get mplayer and openafs from rpmfusion-free, and nvidia drivers and xv from rpmfusion-nonfree, amongst many other packages. To get the KDE k3b CD creator to stop warning about missing mp3 support, install the k3b-extras-freeworldpackage from rpmfusion-free. This brings in some other packages like lame-libs from the same repo.

ICAClient version 11: Citrix Windows Terminal Server client

I first downloaded the ICAClient-11.100-1.i386.rpm package, free from the www.citrix.com web-site Downloads / Client Center area.

That web page rightly says that OpenMotif v2.3.1 is a pre-requisite for the ICAClient package, OpenMotif providing the required libXm.so.4 library. OpenMotif is not available under Fedora for licensing reasons, and Fedora's lesstif package only provides a libXm.so.2 library. OpenMotif is however available from the rpmfusion-nonfree repository, and that version provides a libXm.so.4 library. Just yum install openmotif with rpmfusion-nonfree available.

OpenMotif is also available from Scientific Linux 5 and CentOS 5 sites, and that is what I used for historical reasons. A complication for that version is that the file /usr/share/X11/XKeysymDB is a pre-requisite of that openmotif package. In a RHEL5/SL5/Centos5 system that file would be provided by the libX11 package, but libX11 on Fedora lacks it. Installing openmotif with --nodeps option and copying that file by hand from elsewhere works, but then yum will nag you every time you use it that there's a missing dependency. So I've found it better to package-up that single file, and install it before installing openmotif. That's available via yum localinstall http://www.ep.ph.bham.ac.uk/general/support/fedora-xkeysymdb.rpm if you want it. Then you can install the openmotif package: for example, yum localinstall ftp://ftp.scientificlinux.org/linux/scientific/5rolling/i386/SL/openmotif-2.3.1-5.el5_6.2.i386.rpm (other repositories are available). This will trigger the automatic installation of pre-reqs libXp.i686 and libXmu.i686 if necessary.

Finally you can install the ICAClient package you downloaded from Citrix earlier: yum localinstall ICAClient-11.100-1.i386.rpm and this will trigger the automatic installation of pre-req libXaw.i686 if necessary. That's the installation completed.

As an ordinary user, there is an error when you run /usr/lib/ICAClient/wfica or /usr/lib/ICAClient/wfica.sh, as follows (you may just get the first line with Fedora 15):

Warning: Missing charsets in String to FontSet conversion
Warning: Unable to load any usable fontset
Error: Aborting: no fontset found

On moving from ICAClient version 9 to version 11, I found all the users' drive mappings didn't work. On making a trivial (non-)change in their settings in wfcmgr, and clicking Apply to cause them to be re-saved, they all worked again, so I guess there has been an incompatible parameter change in the ini files for the ICA client between version 9 and 11.

I then found a 15 second delay in connecting to the terminal server, during which time the Citrix splash screen (possibly blank) is displayed. During this time, the client is sending out UDP broadcasts to the icabrowser port (port 1604), and just the terminal server machine responds, and 3 probes are going out at 5 second intervals, whereas previously (older system, older ICAClient) it was at 1 second intervals, and so wasn't seen as a problem. This was resolved by setting the client wfcmgr setting Properties -> Network -> Server Location to the DNS name of my terminal server, as well as that being the Destination name. This adds a couple of configuration lines to the $HOME/.ICAClient/appsrv.ini file. The same exchanges then take place but without using broadcasts and without the delays.

A feature of the new setup with ICAClient-11 is that when viewing a drive-mapped directory on the Windows system, using say Windows Explorer as usual, ordinary directories and files work fine, as do symbolic links to files or directories in the same directory or daughter directories, but attempts to access files which are symbolic links to other linux files or directories elsewhere in the file hierarchy fails. These symbolic (or soft) links were created on the Linux system in the usual way using the Linux command ln -s. Clicking on such files gives the error Filename is not accessible. The parameter is incorrect. On the other hand, shortcuts created by Windows on the drive-mapped directories continue to work on Windows, and create .lnk files, but of course they are not recognised as links by Linux. This is a ICAClient 11 security feature not present in ICAClient version 9.

The circumvention for that security feature is to be found on this forum page. That worked for me: in fact I only needed to tweak wfclient.ini, as the other file was already configured as required.

Turning off over-helpful PackageKit action

There are various ways I've found that you can do that: put unset command_not_found_handle at the end of your $HOME/.bashrc; make file /etc/profile.d/PackageKit.sh unreadable to the ordinary user; configure the file /etc/PackageKit/CommandNotFound.conf; or do a yum erase PackageKit-command-not-found.

As supplied the return code for a mistyped interactive command is 0, rather than 127 as it should be. This could lead to problems if you mistype a command pipeline which relies on return codes being sensible. This only happens in interactive mode, so missing commands invoked from scripts don't get the treatment anyway.

As a BOFH administrator, I also go a bit further and remove the kpackagekit package, so that a KDE user isn't misled into thinking they are the administrator, and also remove PackageKit-yum-plugin, which then stops PackageKit cycling up and down when yum is invoked (which in my case is mostly from scripts). I suppose the alternative for the latter would be always to invoke yum with a --disableplugin= option, but that's too much to remember.

Installing Sun Java

With --noscripts in use, it's then necessary to unpack the *.pack files in the installed tree as a separate step. So I have a script which sources just the unpack_jars function from the scriptlet and then runs it on each *.pack file in the /usr/java/jdk* tree.

Using nVidia's OEM driver via RPMfusion akmods

For Fedora 12, I had used nVidia's own driver by downloading it myself from their web site and using the provided run script. I had set up a method of recompiling the kernel module at boot time when booting into a fresh kernel, and it worked reasonably well.

With Fedora 15, I decided to go main-stream and make use of the akmods-nvidia package from RPMfusion (the so-called automagical method of making new kernel modules). This worked flawlessly when starting from a freshly installed system. It doesn't matter if you are running in graphics (runlevel 5) mode on the nouveau driver when you use the procedure.

• Ensure that kernel-devel package matches the current kernel package.
• Ensure rpmfusion repositories are setup for yum (see earlier section).
• yum -y install akmods
  from rpmfusion free; this brings in kmodtool as well, and if necessary kernel-devel.
• Check for file /etc/X11/xorg.conf: if it exists and is not for the nvidia driver, then rename or remove it.
• yum -y install akmod-nvidia
  from rpmfusion non-free: this brings in the following dependent packages: libvdpau, nvidia-settings, nvidia-xconfig, xorg-x11-drv-nvidia and xorg-x11-drv-nvidia-libs.
• Wait for kmod-nvidia package (the kernel module) to be built and installed in the background.*
• yum -y install xorg-x11-drv-nvidia-libs.i686
  in the case you are installing in a 64-bit system but want 32-bit glx applications like google-earth to work too.
• Check /etc/X11/xorg.conf is now in place and specifies the nvidia driver.
• Reboot

Notes:

The package akmod-nvidia contains a file (and a soft-link to it), namely a source rpm for the latest nvidia-kmod in /usr/src/akmods/, and installing akmod-nvidia has a script side-effect which builds and installs a kmod-nvidia package for the current kernel. Furthermore, when a new kernel and kernel-devel package is later installed, then by virtue of script /etc/kernel/postinst.d/akmods which runs as a posttrans step of installation of a kernel via command new-kernel-pkg --rpmposttrans, a new kmod-nvidia package should be created and installed. Yet more: at boot time, the akmods service should create any necessary module, should you reboot into an older kernel. This last method is probably over-kill for me and the service could be disabled.

The /etc/X11/xorg.conf file specifying a device Driver of "nvidia" is normally put in place by the posttrans scriptlet of package xorg-x11-drv-nvidia by copying file /etc/X11/nvidia-xorg.conf, but if the xorg.conf file exists already, this is not done. Alternatively, use command nvidia-xconfig to replace that file. Otherwise you run the risk of having a system which hangs just before the login screen appears.

The nouveau driver gets disabled by virtue of a /etc/modprobe.d/ file in package xorg-x11-drv-nvidia, and a scriptlet side-effect of installing this package is to add nouveau.modset=0 rdblacklist=nouveau nomodeset to the kernel command line in /boot/grub/grub.conf. (I'm not sure where the last parameter nomodeset appeared from, and it's not present on another PC; it's not in the package postinstall scriptlet, though it does appear in the preuninstall scriptlet. Odd).

When running Google Earth, before finalising the steps above, I had found the contents of the earth image were black. After going back and forward with nVidia releases without success, I found this forum page reply 7 which hinted that I needed to install a 32-bit version: xorg-x11-drv-nvidia-libs.i686 from the RPM Fusion repository, as well as the 64-bit; this also pulled in libXvMC.i686 and libvdpau.i686 Fedora packages. So that's why this is included in the steps above. The googleearth-bin binary is currently 32-bit, even though I downloaded it as the google-earth-stable-6.1.0.4857-0.x86_64 package! This also helped with the video-conferencing application EVO, when run under a 32-bit Sun Java package.

(*) For the wait step above, in my nvidia install script (and in other scripts which might result in a akmods build), I have a section with a sleep-test-loop on the /usr/sbin/akmods process. It previously checked for a busy lock file /var/cache/akmods/.lockfile, but akmods version 0.3.7 now flocks /var/lock/subsys/akmods instead.

Previous thoughts on disabling nouveau at boot time (superseded by above)

As an alternative, the NVidia driver's README.txt recommends that you add a file /etc/modprobe.d/disable-nouveau.conf containing:

blacklist nouveau
options nouveau modeset=0

Actually at this point the nouveau module is present, but with zero use count, so you can rmmod it (or leave it to the nvidia installation script to do that).

Some benchmarking with nouveau and nvidia drivers

System	Windows manager and setup	glxgears	teapot (help off)	gtkperf -a (low is good)
Fedora 12 with nouveau driver (0.0.15-21.20091105)	No GLX support	n/a	n/a	n/a
Fedora 12 with nvidia.com driver (195.36.15)	XFCE window manager / default	2950 FPS	490 FPS	1.86 sec
Fedora 12 with nvidia.com driver (195.36.15)	KDE desktop effects disabled	2940 FPS	490 FPS	1.85 sec
Fedora 12 with nvidia.com driver (195.36.15)	KDE desktop effects enabled (blur option n/a)	2080 FPS	429 FPS	4.09 sec
Fedora 15 with nouveau driver (0.0.16-24.20110324)	XFCE window manager / default	1155 FPS	276 FPS	2.74 sec
Fedora 15 with nouveau driver (0.0.16-24.20110324)	KDE desktop effects disabled	1155 FPS	274 FPS	7.87 sec
Fedora 15 with nouveau driver (0.0.16-24.20110324)	KDE desktop effects enabled + defaults	670 FPS	129 FPS	11.52 sec
Fedora 15 with nouveau driver (0.0.16-24.20110324)	KDE desktop effects enabled + no blur	1061 FPS	248 FPS	7.57 sec
Fedora 15 with nvidia.com driver (275.21)	KDE desktop effects enabled + no blur	2410 FPS
Fedora 15 with nvidia.com driver (280.13)	XFCE window manager / default	3180 FPS	476 FPS	2.93 sec
Fedora 15 with nvidia.com driver (280.13)	KDE desktop effects disabled	3180 FPS	475 FPS	7.12 sec
Fedora 15 with nvidia.com driver (280.13)	KDE desktop effects enabled + defaults	1490 FPS	320 FPS	7.44 sec
Fedora 15 with nvidia.com driver (280.13)	KDE desktop effects enabled + no blur	2180 FPS	425 FPS	6.10 sec
Fedora 15 with nvidia.com driver (285.05 rawhide)	KDE desktop effects enabled + no blur	1980 FPS	402 FPS	5.62 sec

Conclusions:

• It's good to see that the current nouveau driver supports GLX.
• But the nvidia.com driver gives better performance than the current nouveau driver by a factor approaching 3.
• There was no difference in performance between use with KDE with desktop effects disabled, and with XFCE.
• KDE desktop effects with all defaults gave performance of 60% of best.
• KDE desktop effects with disabled blur effect boosted that to 75% of best.
• KDE desktop effects as a whole gives an improved user experience, and so for me is worth some penalty.
• The blur effect, even when actually not resulting in any blurs, has a quite high performance hit, and so for me can be disabled.

Also see this KDE forum page and this comment on using glxgears as a benchmark and this advice too!

To disable blur, use System Settings / Desktop Effects / All Effects / untick Blur. To configure by hand, the incantation for the kwinrc file in the [Plugins] section is: kwin4_effect_blurEnabled=false .

Using OpenGL with nvidia cards as tested by the EVO video conferencing application

On viewing a session and then clicking on the VieVO expand-window button to produce a window at max resolution, the ViEVO app crashed (leaving EVO running) when icedtea java was in use. But that problem disappeared on making use of Oracle-Sun Java jdk1.6.0_25 in place of icedtea-web-1.0.2-2 (openjdk), so it would be wrong to ascribe that problem to the graphics driver!

On Fedora 12, With the nvidia.com driver in place of nouveau with an NVidia graphics card, the Tools / Video / Advanced window information stated: OpenGL; Vendor: NVIDIA Corporation; Version: 3.2.0 NVIDIA 195.36.15; Renderer: Quadro NVS 290/PCI/SSE2.

(It did not work under Fedora 12 with an NVidia graphics card and the default nouveau graphics driver. EVO version 1.5.x had the message "No OpenGL detected" in the AV controls Video window. EVO version 2 didn't work either: the Tools / Video / Advanced window information stated OpenGL Vendor: Mesa Project, Version: 1.4 (2.1 Mesa 7.7.1-DEVEL, Renderer: Software Rasterizer, but no video window appeared, even if Disable OpenGL was set in that window.)

Getting Google Earth to run

Both my old (5.1) and new (6.1.0) versions of Google Earth gave a black contents for the earth image, with my nVidia setup; I needed to install xorg-x11-drv-nvidia-libs.i686 (see the section above Using nVidia's OEM driver via RPMfusion akmods). The googleearth-bin binary is currently 32-bit, even though I downloaded it as the google-earth-stable-6.1.0.4857-0.x86_64 package!

New tmpfs filesystem /run

KDE's kdm as login greeter

To put kdm into effect, I put DISPLAYMANAGER into file /etc/sysconfig/desktop, and also set the default session manager by setting DESKTOP, as follows:

DISPLAYMANAGER="KDE"
DESKTOP="KDE"

KDE network management icon

KDE window decorations

Compositing KDE window manager

Compositing in KDE can produce some very weird screen effects with the VESA driver (on an nVidia card, at least), as I found out when I booted with kernel parameter nouveau.modeset=0 and no other installed video driver: so avoid this!

KDE Screen edge behaviour

KDE screen saver

A specific screen saver, kslideshow, now seems to work OK without a configuration file. In previous versions, a config file /usr/share/config/kslideshow.kssrc was required to prevent a "No images found" message.

Another specific screen saver, kpartsaver, known in the Banners & Pictures section as Media Screen Saver, shows the message "The screen saver is not configured yet". A solution is to configure it in the System Settings for Screen Saver (above) as an ordinary user, adding some images say from /usr/share/backgrounds. To make that available to all users, copy $KDEHOME/share/config/kpartsaverrc to /usr/share/config/kpartsaverrc.

KDE splash screen

KDE bouncing cursor

KDE konsole tweaks

To give users a straightforward terminal emulator window, not too different from xfce's Terminal, I want to turn off the menu bar and the tab bar by default, and have black text on white background. So again this can be done from the same configure window as above. (Having got rid of the menu bar, you can bring it back if you wish by a right-click and select Show Menubar).

You can construct your own konsole profile with a new name. If you want that to be available to all users then copy it from $KDEHOME/share/apps/konsole directory to /usr/share/kde4/apps/konsole directory. To make it the default for all users, add a line to the Desktop Entry section of /usr/share/kde-settings/kde-profile/default/share/config/konsolerc with the text DefaultProfile=mylocal.profile or whatever you've called it.

KDE Dolphin tweaks

In Dolphin / Settings / Configure Dolphin / General / Previews, the default is to generate preview thumbnails for Directories, Images (GIF, PNG, BMP, ...), and JPEG Images (Rotated Automatically). You can turn these off if you wish, individually. To remove these as a default for all users, create a file /usr/share/config/dolphinrc with the contents:

[PreviewSettings]
Plugins=

KDE Device Notifier extra actions

On our local desktops, I've added the following actions: Just make it accessible, in other words mount it and tell me where, and Open a Terminal, with the mount point as the current directory. These are defined as follows:

/usr/share/kde4/apps/solid/actions/BHAM-just-mount.desktop:

[Desktop Entry]
X-KDE-Solid-Predicate=[ [ StorageVolume.ignored == false AND [ StorageVolume.usage == 'FileSystem' OR StorageVolume.usage == 'Encrypted' ] ] OR [ IS StorageAccess AND StorageDrive.driveType == 'Floppy' ] ]
Type=Service
Actions=open;

[Desktop Action open]
Name=Just make it accessible
Exec=kdialog --passivepopup "mounted at %f" 5
Icon=gdu-mount

[Desktop Entry]
X-KDE-Solid-Predicate=[ [ StorageVolume.ignored == false AND [ StorageVolume.usage == 'FileSystem' OR StorageVolume.usage == 'Encrypted' ] ] OR [ IS StorageAccess AND StorageDrive.driveType == 'Floppy' ] ]
Type=Service
Actions=open;

[Desktop Action open]
Name=Open a terminal for this device
Exec=Terminal --working-directory=%f
Icon=Terminal

KDE default Favorite applications

[Favorites]
FavoriteURLs=/usr/share/applications/kde4/systemsettings.desktop,/usr/share/applications/kde4/dolphin.desktop

KDE's autostarted applications, including akonadi and nepomuk

Nepomuk "interconnects data from different desktop applications using semantic metadata". and seems to start around 9 processes including a "desktop search" process. For me, a typical user has 500k files and 50GB of disk in their personal $HOME space, not counting files in larger shared data and software areas, so desktop search and SHA-1 hashing of every indexed file could be seen as a bad idea. (In fact, any access to such files updates the last-use times, which negates the ability to archive files on the basis of last-use). You can turn Nepomuk off as an individual user by System Settings / Desktop Search / Basic Settings and untick the two tick boxes and Apply. You can do that as the default for all users by changing true to false in /usr/share/kde-settings/kde-profile/default/share/config/nepomukserverrc file. You still get the akonadi_nepomuk_contact_feeder and nepomukserver processes. Another solution is that you remove or move the corresponding /usr/share/autostart/nepomukserver.desktop autostart file.

Akonadi is "a storage service for personal information management (PIM) data and metadata". On one occasion, this feature of KDE 4 caused around 50 akonadi-related processes to start when I logged in: a quarter of all processes, and half of my own processes, for my setup. I think they were /usr/bin/akonadi_contacts_resource invocations, and I haven't been able to reproduce this since: perhaps that's a good thing!

Akonadi itself doesn't seem easily configurable per user. This is unfortunate, because some users might want its features, and others not: personal information management may be important for the home user, but is perhaps a minor consideration for serious linux/unix users in a research environment. System Settings / Akonadi Configuration does allow a user to stop the server, but it comes merrily back next time you login. Some processes are controlled from /usr/share/kde4/services/kcm_akonadi*desktop files and so those can be tweaked or removed perhaps; they belong to the kdepim-runtime package, which could be removed. I don't know what effect doing that has on other KDE features. The akonadi package itself can't easily be removed without erasing 29 other packages (for me), which is not very modular.

KDE session manager and configuring what you get on logon

One useful function for me is allowing me to define what applications to start at logon time. The effect of the default feature of Restore Previous Session is that invariably I get far too many application windows that I forgot to close before I logged out, which then take valuable seconds to start up.

So having started the Session Manager, I have chosen Restore manually saved session. Then an extra option appears on the Start / Leave box, namely Save Session. Using that allows me to tailor what I want to see on Login. This for me is cleaner and noticeably quicker on login!

KDE over-use of resources

Changing the encryption method for passwords

Invalid swap can make boot stall for 80 seconds

For me this may have happened as I installed a second system and must have opted to format an existing swap area, thereby getting a new UUID. The /sbin/blkid user utility is handy for displaying partition labels and UUIDs.

A4 paper default for ps2pdf and friends

One way of fixing this, for this small set of commands in particular, is to add the following line near the top of script /usr/bin/ps2pdfwr:

export GS_OPTIONS=${GS_OPTIONS--sPAPERSIZE=a4}

A way to fix this in general for Ghostscript is to edit file /usr/share/ghostscript/*/Resource/Init/gs_init.ps and uncomment the line containing /DEFAULTPAPERSIZE (a4) def by removing the percent.

A4 paper default for xv

         #!/bin/sh
         echo 'xv.pspaper: a4' | xrdb -merge
         /usr/bin/xv "$@"

Keyboard layout setting

The default keyboard layout for graphical mode is read by the X server when it starts from /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf file. That file is automatically generated and updated by system process system-setup-keyboard, which monitors file /etc/sysconfig/keyboard as its source of information. That process gets started at boot time from /etc/systemd/system/system-setup-keyboard.service as part of the systemd init sequence. If you feel this constant monitoring is not necessary in your system, you could systemctl disable system-setup-keyboard.service after the first boot.

The layout can also be assigned within KDE by System Settings / Hardware / Input Devices / Keyboard / Layouts / Configure Layouts. You can configure layout choices and then choose one from the System tray.

The keyboard layout for console tty mode is set by the KEYTABLE= option on the kernel command line in the /boot/grub/grub.conf file, as set up at installation. If this keyword is absent, the default is US layout; file /etc/sysconfig/keyboard appears to be ignored for this mode.

The file /lib/systemd/systemd-vconsole-setup appears to know about KEYTABLE and /etc/sysconfig/keyboard.

Turning off IPv6

To turn off IPv6 DNS lookups when firefox is being used, which cause unnecessary lookup delays, you can view page about:config and set network.dns.disableIPv6 to true, or add the equivalent in the prefs.js file:

         user_pref("network.dns.disableIPv6", true);

To turn off IPv6 DNS lookups when an ssh client command is used, my local wrapper script uses ssh with the -4 option. An alternative seems to be to put AddressFamily inet in file /etc/ssh/ssh_config, possibly within the scope of a Host declaration.

To turn off IPv6 for the sshd daemon specifically, you can substitute ListenAddress 0.0.0.0 in /etc/ssh/sshd_config file.

You can tell if IPv6 support is generally enabled if the following give some output:

         lsmod | grep ipv6
	 ip a | grep inet6
	 netstat -nutlp | grep ::

Trying various recipes on the web in turn, separately (not together!), to see if they apply to Fedora 15:

• Add --noipv6 on kickstart network directive: doesn't work, according to the above tests (lsmod and ip a), not even during the kickstart installation.
• Add NETWORKING_IPV6=no in /etc/sysconfig/network, and reboot: doesn't work, according to the above tests.
• Add IPV6INIT=no additionally to the above file: doesn't work either.
• Add net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf and reboot: partly works: this doesn't prevent kernel module ipv6 being loaded, and netstat shows that ipv6 addresses are being listened to, but the ip a command shows that no interfaces have inet6 addresses.
• Add ipv6.disable=1 to the kernel command line in /boot/grub/grub.conf: this works, with the minor comment that the kernel module ipv6 still appears in lsmod, but has zero use count, so can be rmmod'd in say rc.local, for tidyness. But ip a and netstat -nutlp show no use of IPv6. You should get the reassuring log message: IPv6: Loaded, but administratively disabled, reboot required to enable. (This method works when using bonding on multiple ethernet interfaces, too, but you can't rmmod the ipv6 module in that case).
• Add a file like /etc/modprobe.d/00local.conf which contains:

           install net-pf-10 /bin/true
           install ipv6      /bin/true
  
  

  This works. Use /bin/false if you don't mind seeing half-a-dozen FATAL messages in the log. If your system uses rpcbind, you may see reassuring log messages like rpcbind: cannot create socket for tcp6 and udp6. Under a vanilla Fedora, the use of 00 in the name for ordering purposes is not needed, so you can call it what you like, as those aliases don't appear elsewhere in that directory.
  (This method doesn't work when using bonding on multiple ethernet interfaces, as the bonding module references entry points into the ipv6 module, so use the previous method).

Problem with xfce Terminal application

On a couple of occasions only, I've found that it freezes completely, so that all Terminal windows simultaneously do not allow user input, while all other types of window continue to work. This has been reported elsewhere too. If/when this next happens I will have to strace the process to see what (if anything) is going on.

Problem with emacsclient and emacs --daemon

/usr/bin/emacsclient: can't find socket; have you started the server?
To start the server in Emacs, type "M-x server-start".
Starting Emacs daemon.
Back to top level.
Back to top level.
Back to top level.
last line repeats ad nauseam

These file associations from mime-types to applications are very flexible, as settable in KDE System Settings / File Associations, but is it the case that someone will want to use emacs (say) to edit a C++ file, but use nedit (say) to edit a .txt file and vim to edit a shell file? Do I really have to go through 100 different mime-types of type text/something in order to force my favourite editor to be used in almost all cases? Apparently so: this needs further investigation!

Problem in devpts with opening Terminal, konsole, and gnome-terminal sessions

Doing a mount | grep devpts revealed the problem. The /dev/pts mount had mode=600 and no gid=5, even though the /etc/fstab entry specifies gid=5,mode=620 on its options. Some checks showed that it was the lack of gid=5 that caused the problem. This was caused by a script of mine mounting a devpts file-system in a secondary place (a chroot image) without the necessary gid=5,mode=620, and that was sufficient to cause all mounts of the devpts file system to get the error.

The following code in /etc/rc.d/rc.local is in place in case it recurs, but since I fixed the chroot image mount, hasn't been needed:

if mount | grep -q '/dev/pts.*mode=600'; then
  logger -t rclocal mount of /dev/pts incorrect: remounting using fstab entry
  mount -o remount /dev/pts
fi

New commands in Fedora 15

• cp: has options --attributes-only --no-clobber --reflink;
• nproc: reports number of processing units available to current process;
• readlink: not new of course, but moved to /bin and soft-linked from /usr/bin;
• shuf: writes a random permutation (shuffle) of input lines to output;
• stdbuf: invokes a command with modified in/out buffering;
• timeout: a user-level command for running a command with a time-limit.
• truncate: (not new in Fedora, but absent in RHEL5/SL5) truncate a file as specified.

Under review ....

For earlier systems, see Contents.

These are applied to our systems after doing a kickstart install, and as needed after that. Packages are installed using the usual yum. Individual files may be distributed using rdist or rsync.

X driver for legacy nVidia cards