Linux desktops Fedora 17 quick glance

Author: L.S.Lowe. File: f17custom. This update: 20121119. Part of Guide to the Local System.

This is a quick glance work-in-progress page for Fedora 17, which was released on 29 May 2012, and earlier Fedora systems. It's got some advice on what custom changes I applied to such systems. For Fedora 15 specifically, see this earlier page. For other systems, have a look at the Contents page.

Installing Fedora (Fedora 16, Fedora 17)

I first did a manual install, starting from a Network Install CD, having downloaded the ISO from this Fedora all download methods page. There was a message at boot-up about a systemd start up error, possibly related to this bug 727404, just before the line Starting anaconda version x.xx, but it wasn't a show stopper. The initial steps went fine. In Fedora 17 on a server with 4 network interfaces, anaconda took over 6 minutes to realise that only one of them was connected, in order to fetch the kickstart file. My Fedora 17 kickstart %packages section specifies quite a few package groups and some individual packages: there were 3383 packages loaded in all. By the way, Fedora now insists that all % sections of a kickstart file finish with %end.

Anaconda / GRUB 2 issues (Fedora 16, Fedora 17)

There are several problems with anaconda and/or its setup for GRUB 2 (version 1.99) which mean that what is intended to be an improved facility doesn't yet attain that.

An aside on bootloader passwords

There is talk in Fedora Grub2 bug reports that a determined hacker/cracker who has physical access to any system will almost certainly gain root access to the data within that system, unless the filesystem is protected by encryption, and that a bootloader password is no protection. This is often true on a vanilla PC, but if the BIOS Setup is password-protected and removable media is boot-excluded, the computer case is secured to prevent theft and BIOS override, and there is a boot loader password, that has been sufficient in the past to prevent obvious accesses to root.

Install can stall (Fedora 15)

For me, it's not unknown for a certain UK Fedora mirror to cause anaconda to get stuck during "Starting installation process", and fetch errors to come up on the F3 installation screen. It's possible this is related to bug 679709, but that's just a guess. As I don't know an easy way round this using anaconda itself, I've found it useful to remove it at a lower level by using its IP address in the following command, added to the %pre kickstart script, or typed as soon as possible into the F2 shell screen:
         route add -net xxx.yy.0.0 netmask reject

Network device naming (Fedora 15, Fedora 17)

The Consistent Network Device Naming scheme came in with Fedora 15. What this means for me is that with some PCs like Dell, the network device is em1, some network cards appear as p1p1, p1p2, p4p1, and similar, while for my oldest ones with a network port on an Asus motherboard, it continues to appear as eth0. Names are steered by files in /usr/lib/udev/rules.d/ and /etc/udev/rules.d/, and the biosdevname command can convert from one form to the other. The alternative is to override with biosdevname=0 as a kernel parameter, according to the above fedora web page, in order to get the old behaviour. Although that didn't work for me in Fedora 15, it does in Fedora 17, though I don't make use of it. These different network names make life a bit more complicated for a cluster where system images are shared between different computers, but nothing I can't handle!

When using a kickstart, I used to specify a --device=eth0 option. Now I don't, so that installation can use em1 or eth0 or whatever the interface is. It's apparently legal to omit --device for the first or only network command, because after all if anaconda has already fetched my kickstart file, it knows what to default to.

Use of systemd in place of upstart and SysVinit (Fedora 15, Fedora 17)

The systemd setup allows services to start in parallel, unlike sysVinit /etc/rc.d/rc?.d/ scripts which are strictly sequential by assigned number. Dependencies can be assigned.

The migration of rc.local from System V to Fedora wasn't handled perfectly, IMHO. In Fedora 15, /etc/rc.d/rc.local (aka /etc/rc.local) is started before networking setup or local or remote disk mounting is complete. But rc.local was the service most likely to be used by the local administrator, and so is the one where backward compatibility should have been preserved, I would say. This has been partially remedied in Fedora 17, where the rc.local service is started after the network is up, rather than immediately. For an installation which still uses rc.local and expects additionally that any remote filesystems are up when it runs, that can be effected by copying /usr/lib/systemd/system/rc-local.service to /etc/systemd/system/rc-local.service and changing to in the copied file.

firstboot service started even though disabled in kickstart (Fedora 15)

I disabled the firstboot service in the kickstart file using the services command, because I often install systems remotely and I don't want users to feel they have to administer the system when it first boots. That disabling works as far as chkconfig and sysV links are concerned, but not as far as systemd is concerned, as symbolic links like /etc/systemd/system/ exist. To fix this, in the %post section of my Fedora 15 kickstart file, I have:
if [ -e /etc/systemd/system/ ]; then
   systemctl disable firstboot-graphical.service
   systemctl disable firstboot-text.service

The sandbox service and effects (Fedora 15, Fedora 17)

The sandbox service is part of the policycoreutils package which in turn is part of SELinux. In Fedora 17, it's in the policycoreutils-sandbox package. If installed on Fedora 15, it was a running service unless the service was explicitly turned off, and this affected mounts for the major directories.

There are sandbox and seunshare commands for running user commands in a sandbox. One of its effects is to provide extra bind mounts for the major system directories like /home. In other words, even if those directories reside in your root (/) filesystem, and are not on separate partitions or logical volumes, they appear in a df and mount command output and in /etc/mtab. This applies even if SELinux is disabled. It's not clear to me yet whether these commands are provided simply for use in a SELinux enforcing environment, or whether they also give added value in a SELinux disabled environment.

Bind mounts reported differently (Fedora 15, Fedora 17)

It looks as though bind mounts are reported in a different way for Fedora 15 onwards, compared with some earlier Fedoras/kernels, when you look at the output of a df command, a mount command (with no operands), or the contents of /etc/mtab*. In my case, /share is a mount-point for a large partition /dev/sda12. In Fedora 12, a mount performed by a mount -t bind /share/xtmp /tmp command is reported as /share/xtmp on /tmp type none (rw,bind). In Fedora 15, the result of the same mount command is reported as /dev/sda12 /tmp type ext3 (rw,relatime,....), and the subdirectory xtmp or the word bind never appears.

In the earlier kernels this did give rise to the oddity that if you did those bind mounts and then umounted /share, and then maybe even mounted another device as /share, the bind mounts were still listed just like before, which was misleading. I could argue though that giving a plain device file in a df output as the source of a subdirectory bind mount is also misleading.

A more informative command though is findmnt. In my case, the information line contains /tmp /dev/sda12[/xtmp] so it's possible to see the subdirectory source of the bind mount command.

*I've noticed that in Fedora 15 onwards, /etc/mtab is a sym-link to /proc/mounts which in turn is a sym-link to /proc/self/mounts. In Fedora 12, /etc/mtab was maintained separately, and contained information on which mounts had been achieved via binding, which the kernel version /proc/self/mounts did not have. This I guess is why df output has changed.

Use of file capabilities (Fedora 15, Fedora 17)

The capabilities facility in the kernel has been around for many years, as described in man capabilities, and this is made use of in Fedora 15 onwards by a few system daemons, like dhclient, ntpd and systemd-logger, to restrict their own capabilities for security. (This can be checked using /proc/$pid/status or the getpcaps command).

More recently, file capabilities are supported, whereby the privileged capabilities for a process can be initially set from the extended attribute bits of its executable file, rather than by requiring a setuid-root executable file which then might (or might not) confine its capabilities using system calls.

Fedora 15 onwards makes more use of file capabilities. Checking using getcap -r /bin /usr/bin /sbin /usr/sbin reveals around nine commands in those directories which used to be setuid-root in Fedora 14, but are now simply setcap. These include the 'r' remote commands, and ping and mtr. As I have one or two setuid-root programs of my own, I'll have to see if I can make them have setcap rather than setuid. For example, use CAP_SYS_CHROOT as a permitted but not inheritable capability for a command that does a chroot(2) and then executes user code, and use CAP_SYS_NICE for commands that need real-time priority.

One issue related to capabilities happened for me for machines where, as an alternative to installing Fedora from scratch using the usual anaconda, I rsync an image of a system taken from a vanilla (installed but not yet booted) system. A simple rsync -a does not copy file extended attributes, where the file capabilities are stored, so care needs to be taken to remedy that, in the rsync or afterwards.

Font rendering issues (Fedora 15, Fedora 17)

Font rendering defaults have changed in Fedora 15, continued into Fedora 17, and arguably not always for the better. But it's fixable. By default, gnome-terminal and konsole terminal emulators look OK, but Firefox, Terminal, LibreOffice and some other apps do not look great. Here are some examples, using this page for Firefox, and cat /etc/hosts.allow text for Terminal:

Hover to view fonts >> << hover to remove

In the as-supplied case the characters are skinnier and, to my eyes, more irregular: some characters are hinted quite a bit, and some aren't (like i F T). In the case of LibreOffice, parts of the Times Roman digit 2 have almost been greyed-out of existence in the as-supplied case.

The fix-up was to make use of the autohinter by:

         ln -s ../conf.avail/10-autohint.conf /etc/fonts/conf.d/
as described in Bug 708525. This apparently overrides the TrueType bytecode interpreter which was enabled in Fedora 15. The autohinter result isn't perfect: note the closeness of the first "i" and "s" in "This font is Times Roman 12". But it is generally easier to read.

Getting CUPS printing to work (Fedora 15,16,17)

It's only necessary to run the cupsd daemon on PC/servers which control printers, and not on simple clients. So in order to let my PC clients talk to my local CUPS server, which handles all my local (networked) printers, it was simply necessary to define the file /etc/cups/client.conf with the contents (the :portnumber is optional):
ServerName  my.cups.server:631

Installing Skype (Fedora 15,16,17)

Skype is available for Fedora. For a long time it was an old version, 2.2 beta,compared with 5.3 for Windows. In June 2012, this was updated to version 4.0. Though nominally this is for Fedora 16 on, it works on Fedora 15 too. The Sound Devices support is integrated into the PulseAudio server. The Video Devices support seems to works too (for example, a Logitech C500 webcam was recognised).

The skype rpm downloaded from Skype for Fedora is a 32-bit version. It used to be the case that the rpm didn't declare all its dependencies; if that is still true with version 4.0, you may also need to yum install qt-devel.i686 and yum install libXScrnSaver.i686 packages, if they are not already present on your system (particularly likely if your Fedora is 64-bit).

The Options / Sound Devices screen says "It appears your system has PulseAudio running: to change sound settings you need to use your Desktop Manager volume control or PulseAudio volume control". Trying to get skype to use a particular audio device was helped by installing the Fedora pavucontrol package for PulseAudio, so I could list audio streams and which device they are connected to. With that installed, the skype Options / Sound Devices panel gives an extra button Open PulseAudio Volume Control. Then in principle you can see what audio streams there are for Playback and Recording and which hardware audio device they are connected to. (Or you can use the session manager's sound control interface: eg kmix seems to have the same facilities).

As well as the built-in Intel audio, skype works nicely with my USB audio devices: Phoenix Duet (the basic PCS, and the Duet Executive TMX320VC5509) the similar-looking Plantronics Calisto P420-M, and a Logitech ClearChat Pro USB headset.

Adobe repository, Adobe Reader and Flash (Fedora 15,16,17)

To use Adobe as a YUM repository, first download the adobe-release-i386 package: go to and choose YUM for Linux, and then install that package, using rpm --install or yum localinstall. You can then use yum to install the AdobeReader_enu package for Adobe Reader (acroread), and other language variations, and the flash-plugin package for Adobe Flash 10, using that Adobe repository. Also, updates to those packages ought to come automatically, when you yum update.

There is a trivial error in the current Adobe Reader (9.5.x) script file /opt/Adobe/Reader9/bin/acroread, which is linked-to by /usr/bin/acroread, which can cause the following error output:

   dirname: missing operand
   Try `dirname --help' for more information.
This is because the script relies on gconftool-2 giving a positive response to a query about a http url handler; such a response may occur in some cases, but not in many cases including mine! Various solutions can be used: mine is to tweak the script as follows:
   sed -i.orig 's/xargs dirname/xargs -r dirname/' /opt/Adobe/Reader9/bin/acroread
In fact I also tweak the string "gconftool-2" in the script so that it isn't invoked anywhere in the script: it causes the gconfd-2 daemon to start even in a non-GNOME environment.

Because both those applications are 32-bit currently, then if you have a 64-bit Fedora installation, you may need to install some 32-bit versions of a couple of packages, as follows.

If you get warnings on starting acroread (32-bit) from a command line, of the form Gtk-WARNING **: Unable to locate theme engine in module_path, then if the message mentions oxygen-gtk, you need to install the Fedora oxygen-gtk.i686 package. (In previous versions it was necessary to install the Fedora gtk2-engines.i686 package).

In order for Adobe Flash (32-bit) to work, you need to ensure you have got installed the Fedora nspluginwrapper.i686 package. You can install this after flash-plugin, or before, it doesn't seem to matter.

ATrpms repository (Fedora 15) (Fedora 17: not yet checked)

The ATrpms repository has a number of useful packages missing for various reasons from Fedora. This repository can be set up for yum by installing the atrpms-repo package, listed on the following web page: . A version for Fedora 14 or Fedora 15 will do equally well.

Then you can simply yum install any required ATrpms package. Because of clashes with rpmfusion I normally have these repos disabled by default until needed (see below).

rpmfusion repositories (Fedora 15) (Fedora 17: not yet checked)

The repositories for rpmfusion-free and rpmfusion-nonfree can be made available by performing the following:
yum localinstall
yum localinstall
For myself, I then disable these repositories by default, by changing enabled=1 to enabled=0 in their repo files in /etc/yum.repos.d/ directory. When needed, I just use the appropriate yum --enablerepo option.

To get the KDE k3b CD creator to stop warning about missing mp3 support, install the k3b-extras-freeworldpackage from rpmfusion-free. This brings in some other packages like lame-libs from the same repo.

ICAClient version 11: Citrix Windows Terminal Server client (Fedora 15) (Fedora 17: not yet checked)

We have a Citrix windows terminal server, with Citrix Presentation Server software, which requires a ICAClient package to be installed on our linux systems to access it. In previous Linux systems we have used ICAClient version 9, but this is now rather out of date (2005) and the current version is 11.

I first downloaded the ICAClient-11.100-1.i386.rpm package, free from the web-site Downloads / Client Center area.

That web page rightly says that OpenMotif v2.3.1 is a pre-requisite for the ICAClient package, and that provides the library. OpenMotif is not available under Fedora for licensing reasons, and Fedora's lesstif package only provides a library. It is however available from Scientific Linux 5 and CentOS 5 sites.

A complication is that the file /usr/share/X11/XKeysymDB is a pre-requisite of that openmotif package. In a RHEL5/SL5/Centos5 system, that file would be provided by the libX11 package, but libX11 on Fedora lacks it. Installing openmotif with --nodeps option and copying that file by hand from elsewhere works, but then yum will nag you every time you use it that there's a missing dependency. So I've found it better to package-up that single file, and install it before installing openmotif. That's available via yum localinstall if you want it.

Then you can install the openmotif package: for example yum localinstall (other repositories are available). This will trigger the automatic installation of pre-reqs libXp.i686 and libXmu.i686 if necessary.

Finally you can install the ICAClient package you downloaded from Citrix earlier: yum localinstall ICAClient-11.100-1.i386.rpm and this will trigger the automatic installation of pre-req libXaw.i686 if necessary. That's the installation completed.

As an ordinary user, there is an error when you run /usr/lib/ICAClient/wfica or /usr/lib/ICAClient/, as follows (you may just get the first line with Fedora 15):

Warning: Missing charsets in String to FontSet conversion
Warning: Unable to load any usable fontset
Error: Aborting: no fontset found
Advice on the web is to set LANG=C in place of (say) en_US.UTF-8, and that can be done by inserting export LANG=C in shell script /usr/lib/ICAClient/, or in my case in our local script /usr/local/bin/wts. Using unset LANG in those places is equally effective.

On moving from ICAClient version 9 to version 11, I found all the users' drive mappings didn't work. On making a trivial (non-)change in their settings in wfcmgr, and clicking Apply to cause them to be re-saved, they all worked again, so I guess there has been an incompatible parameter change in the ini files for the ICA client between version 9 and 11.

I then found a 15 second delay in connecting to the terminal server, during which time the Citrix splash screen (possibly blank) is displayed. During this time, the client is sending out UDP broadcasts to the icabrowser port (port 1604), and just the terminal server machine responds, and 3 probes are going out at 5 second intervals, whereas previously (older system, older ICAClient) it was at 1 second intervals, and so wasn't seen as a problem. This was resolved by setting the client wfcmgr setting Properties -> Network -> Server Location to the DNS name of my terminal server, as well as that being the Destination name. This adds a couple of configuration lines to the $HOME/.ICAClient/appsrv.ini file. The same exchanges then take place but without using broadcasts and without the delays.

A feature of the new setup with ICAClient-11 is that when viewing a drive-mapped directory on the Windows system, using say Windows Explorer as usual, ordinary directories and files work fine, as do symbolic links to files or directories in the same directory or daughter directories, but attempts to access files which are symbolic links to other linux files or directories elsewhere in the file hierarchy fails. These symbolic (or soft) links were created on the Linux system in the usual way using the Linux command ln -s. Clicking on such files gives the error Filename is not accessible. The parameter is incorrect. On the other hand, shortcuts created by Windows on the drive-mapped directories continue to work on Windows, and create .lnk files, but of course they are not recognised as links by Linux. This is a ICAClient 11 security feature not present in ICAClient version 9.

The circumvention for that security feature is to be found on this forum page. That worked for me: in fact I only needed to tweak wfclient.ini, as the other file was already configured as required.

Turning off over-helpful PackageKit action (Fedora 15,16,17)

If you mistype a command in the bash shell, then you get the response bash: mytypo: command not found.... Note the "..." which is absent from the normal bash response (in Fedora 14 the message was Command not found with a capital C). Then there is a small delay while PackageKit tries to find a package corresponding to what you typed, and prompts you if it finds something similar. This is probably quite helpful in a self-admin context where you've started off with a small set of packages. But if you have a pretty full installation of Fedora, so that an apparently missing command probably means you've simply mistyped, or if you don't have authority to update the system anyway, this action may be more often irritating than helpful. So you may want to turn it off.

There are various ways I've found that you can do that: put unset command_not_found_handle at the end of your $HOME/.bashrc; make file /etc/profile.d/ unreadable to the ordinary user; configure the file /etc/PackageKit/CommandNotFound.conf; or do a yum erase PackageKit-command-not-found.

As supplied the return code for a mistyped interactive command is 0, rather than 127 as it should be. This could lead to problems if you mistype a command pipeline which relies on return codes being sensible. This only happens in interactive mode, so missing commands invoked from scripts don't get the treatment anyway.

Installing Sun Java (Fedora 15) (Fedora 17: not yet checked)

I usually install Sun Java as a non-default but available package. Some of our programs stipulate Sun's version rather than the supplied iced tea. I download the jdk package from the Sun web site as an rpm.bin and run it as non-root to extract the rpm but not install it. Then on each machine I install the package using the rpm --noscripts option. Can't use yum as it doesn't provide a way of suppressing scripts as far as I know: some people on the web say that a yum --noscripts option is not provided because why would you ever want to suppress the side-effects of scriptlets when installing? Well here's why: IMHO the Sun java jdk scriptlets are 3400 lines of annoying cr*p. They interfere with parts of the system setup which they should not reach, particularly if it's not going to be the default java package: the package doesn't make use of the alternatives method of allowing the co-existence of different vendors/suppliers of the same command names. Perhaps there should be a limit (140 characters!?) for rpm scriptlets, to encourage designers to do configuration as modular commands and maybe even find a way of making each part of the configuration optional.

Without scripts it's still necessary to unpack the *.pack files in the installed tree, so I have a script which sources just the unpack_jars function from the scriptlet and then runs it on each *.pack file in the /usr/java/jdk* tree.

Using nVidia's OEM driver via RPMfusion akmods (Fedora 15) (Fedora 17: not yet checked)

My systems have nVidia cards, so disabling the nouveau driver and using nVidia's own driver was something that I wanted to test to see what improvements it gave (see later section for that).

For Fedora 12, I had used nVidia's own driver by downloading it myself from their web site and using the provided run script. I had set up a method of recompiling the kernel module at boot time when booting into a fresh kernel, and it worked reasonably well.

With Fedora 15, I decided to go main-stream and make use of the akmods-nvidia package from RPMfusion (the so-called automagical method of making new kernel modules). This worked flawlessly when starting from a freshly installed system. It doesn't matter if you are running in graphics (runlevel 5) mode on the nouveau driver when you use the procedure.


The package akmod-nvidia contains a file (and a soft-link to it), namely a source rpm for the latest nvidia-kmod in /usr/src/akmods/, and installing akmod-nvidia has a script side-effect which builds and installs a kmod-nvidia package for the current kernel. Furthermore, when a new kernel and kernel-devel package is later installed, then by virtue of script /etc/kernel/postinst.d/akmods which runs as a posttrans step of installation of a kernel via command new-kernel-pkg --rpmposttrans, a new kmod-nvidia package should be created and installed. Yet more: at boot time, the akmods service should create any necessary module, should you reboot into an older kernel. This last method is probably over-kill for me and the service could be disabled.

The /etc/X11/xorg.conf file specifying a device Driver of "nvidia" is normally put in place by the posttrans scriptlet of package xorg-x11-drv-nvidia by copying file /etc/X11/nvidia-xorg.conf, but if the xorg.conf file exists already, this is not done. Alternatively, use command nvidia-xconfig to replace that file. Otherwise you run the risk of having a system which hangs just before the login screen appears.

The nouveau driver gets disabled by virtue of a /etc/modprobe.d/ file in package xorg-x11-drv-nvidia, and a scriptlet side-effect of installing this package is to add nouveau.modset=0 rdblacklist=nouveau nomodeset to the kernel command line in /boot/grub/grub.conf. (I'm not sure where the last parameter nomodeset appeared from, and it's not present on another PC; it's not in the package postinstall scriptlet, though it does appear in the preuninstall scriptlet. Odd).

When running Google Earth, before finalising the steps above, I had found the contents of the earth image were black. After going back and forward with nVidia releases without success, I found this forum page reply 7 which hinted that I needed to install a 32-bit version: xorg-x11-drv-nvidia-libs.i686 from the RPM Fusion repository, as well as the 64-bit; this also pulled in libXvMC.i686 and libvdpau.i686 Fedora packages. So that's why this is included in the steps above. The googleearth-bin binary is currently 32-bit, even though I downloaded it as the google-earth-stable- package! This also helped with the video-conferencing application EVO, when run under a 32-bit Sun Java package.

(*) For the wait step above, in my nvidia install script (and in other scripts which might result in a akmods build), I have a section with a sleep-test-loop on the /usr/sbin/akmods process. It previously checked for a busy lock file /var/cache/akmods/.lockfile, but akmods version 0.3.7 now flocks /var/lock/subsys/akmods instead.

Previous thoughts on disabling nouveau at boot time (superseded by above) (Fedora 15) (Fedora 17: not yet checked)

To disable nouveau modeset at boot time, add the parameter nouveau.modeset=0 to the kernel command line in /boot/grub/grub.conf. (Advice on the web also to use parameter rdblacklist=nouveau appears to have no additional effect, and no sufficient effect on its own). Then reboot. But beware, you will get no X server and also no console tty, so be sure that you can login from another PC via ssh (say)!

As an alternative, the NVidia driver's README.txt recommends that you add a file /etc/modprobe.d/disable-nouveau.conf containing:

blacklist nouveau
options nouveau modeset=0
But it rightly warns that this will only come into effect for boot-time purposes when your /boot initramfs is re-created. This can be done manually or by updating/re-installing the kernel. If the kernel is already up to date, then look at file /usr/libexec/plymouth/plymouth-update-initrd for an example mkinitrd line! (You can check what files a ramdisk contains by using the /sbin/lsinitrd command). Then reboot. But beware, you will get no X server and also no console tty, so be sure that you can login from another PC via ssh (say)!

Actually at this point the nouveau module is present, but with zero use count, so you can rmmod it (or leave it to the nvidia installation script to do that).

Some benchmarking with nouveau and nvidia drivers (Fedora 15) (Fedora 17: not yet checked)

Performed on a Dell T3400 workstation (Q9550, Quadro NVS 290). FPS = frames per second, with the corresponding window visible, of course! As glxgears is commonplace but is not really recommended as a benchmark (see below), I also used the teapot benchmark from the mesa-demos package (type h to toggle the help screen off: makes a big difference), and gtkperf (from the gtkperf package). Apart from showing that this card is not the fastest card available, the relative performance is worth a look:

System Windows manager and setup glxgears teapot
(help off)
gtkperf -a
(low is good)
Fedora 12 with nouveau driver (0.0.15-21.20091105) No GLX support n/a n/a n/a
Fedora 12 with driver (195.36.15) XFCE window manager / default 2950 FPS 490 FPS 1.86 sec
Fedora 12 with driver (195.36.15) KDE desktop effects disabled 2940 FPS 490 FPS 1.85 sec
Fedora 12 with driver (195.36.15) KDE desktop effects enabled (blur option n/a) 2080 FPS 429 FPS 4.09 sec
Fedora 15 with nouveau driver (0.0.16-24.20110324) XFCE window manager / default 1155 FPS 276 FPS 2.74 sec
Fedora 15 with nouveau driver (0.0.16-24.20110324) KDE desktop effects disabled 1155 FPS 274 FPS 7.87 sec
Fedora 15 with nouveau driver (0.0.16-24.20110324) KDE desktop effects enabled + defaults 670 FPS 129 FPS 11.52 sec
Fedora 15 with nouveau driver (0.0.16-24.20110324) KDE desktop effects enabled + no blur 1061 FPS 248 FPS 7.57 sec
Fedora 15 with driver (275.21) KDE desktop effects enabled + no blur 2410 FPS
Fedora 15 with driver (280.13) XFCE window manager / default 3180 FPS 476 FPS 2.93 sec
Fedora 15 with driver (280.13) KDE desktop effects disabled 3180 FPS 475 FPS 7.12 sec
Fedora 15 with driver (280.13) KDE desktop effects enabled + defaults 1490 FPS 320 FPS 7.44 sec
Fedora 15 with driver (280.13) KDE desktop effects enabled + no blur 2180 FPS 425 FPS 6.10 sec
Fedora 15 with driver (285.05 rawhide) KDE desktop effects enabled + no blur 1980 FPS 402 FPS 5.62 sec


Also see this KDE forum page and this comment on using glxgears as a benchmark and this advice too!

To disable blur, use System Settings / Desktop Effects / All Effects / untick Blur. To configure by hand, the incantation for the kwinrc file in the [Plugins] section is: kwin4_effect_blurEnabled=false .

Using OpenGL with nvidia cards as tested by the EVO video conferencing application (Fedora 15) (Fedora 17: not yet checked)

The video window ViEVO component of EVO (version 2) now starts up OK with the nouveau graphics driver that comes with Fedora 15. The Tools / Video / Advanced window information states OpenGL; Vendor: nouveau; Version 1.3 Mesa 7.11-devel; Renderer: Gallium 0.4 on NV86.

On viewing a session and then clicking on the VieVO expand-window button to produce a window at max resolution, the ViEVO app crashed (leaving EVO running) when icedtea java was in use. But that problem disappeared on making use of Oracle-Sun Java jdk1.6.0_25 in place of icedtea-web-1.0.2-2 (openjdk), so it would be wrong to ascribe that problem to the graphics driver!

On Fedora 12, With the driver in place of nouveau with an NVidia graphics card, the Tools / Video / Advanced window information stated: OpenGL; Vendor: NVIDIA Corporation; Version: 3.2.0 NVIDIA 195.36.15; Renderer: Quadro NVS 290/PCI/SSE2.

(It did not work under Fedora 12 with an NVidia graphics card and the default nouveau graphics driver. EVO version 1.5.x had the message "No OpenGL detected" in the AV controls Video window. EVO version 2 didn't work either: the Tools / Video / Advanced window information stated OpenGL Vendor: Mesa Project, Version: 1.4 (2.1 Mesa 7.7.1-DEVEL, Renderer: Software Rasterizer, but no video window appeared, even if Disable OpenGL was set in that window.)

Getting Google Earth to run (Fedora 15) (Fedora 17: not yet checked)

I downloaded Google Earth version 6.1.0 from this google earth web page. Running this initially gave this error: /lib/ bad ELF interpreter: No such file or directory. This was fixed by installing this package: redhat-lsb.i686, that is, the 32-bit architecture in addition to the 64-bit.

Both my old (5.1) and new (6.1.0) versions of Google Earth gave a black contents for the earth image, with my nVidia setup; I needed to install xorg-x11-drv-nvidia-libs.i686 (see the section above Using nVidia's OEM driver via RPMfusion akmods). The googleearth-bin binary is currently 32-bit, even though I downloaded it as the google-earth-stable- package!

New tmpfs filesystem /run (Fedora 15) (Fedora 17: not yet checked)

This new in-memory filesystem /run contains /var/run and /var/lock. Subdirectories which previously might have been created on package installation now have to be created every boot. This is done at start-up: see man systemd-tmpfiles. It's the responsibility of each package maintainer who requires to use /var/run or /var/lock to have a suitable conf file in /etc/tmpfiles.d/ directory: there are 23 such files on my systems.

KDE's kdm as login greeter (Fedora 15) (Fedora 17: not yet checked)

I prefer KDE's kdm greeter to Gnome's gdm and MIT's xdm, when logging in. You get a choice of session managers in the initial screen, and you get additional options in the Menu, like Remote Login. By default it just remembers the most recent user, rather than a long list of users of other computers. There are lots of different options which can be set in the /etc/kde/kdm/kdmrc file.

To put kdm into effect, I put DISPLAYMANAGER into file /etc/sysconfig/desktop, and also set the default session manager by setting DESKTOP, as follows:


KDE network management icon (Fedora 15) (Fedora 17: not yet checked)

If I click on the kcm_networkmanagement_tray system tray icon, it lists my wired networking interface, but if I click on Manage Connections, it doesn't list it. Also, if using the network service, in place of the default NetworkManager service, the kcm_networkmanagement_tray system tray icon shows as a red X, and it reports "No network interfaces". Not sure if this is a feature but it looks like a bug. Even if eliminated from a model $KDEHOME/share/config/plasma-desktop-appletsrc file, it seems to re-introduce itself on the panel automatically. So if I decide to continue to use the network service for my desktop PCs, one solution is to yum remove kde-plasma-networkmanagement package and its dependent lib package. It does have a nice network activity display, though.

KDE window decorations (Fedora 15, Fedora 17)

The style of windows decorations can be changed by the user using System Settings / Workspace Appearance / Windows Decorations. I like the Keramik look for windows, so for that scroll up to Keramik and click Apply. If the vertical scroll bar is off-screen, make the window wider. (If the wanted window decoration still doesn't appear, yum install kdeartwork). The default can be changed for all users by modifying file /usr/share/kde-settings/kde-profile/default/share/config/kwinrc so that PluginLib=kwin3_keramik . There are plenty of other decorations that are fetchable using the Get New Decorations button.

Compositing KDE window manager (Fedora 15) (Fedora 17: not yet checked)

Apart from some really old PCs, I like to turn on the Compositing features of the KDE window manager. This can be done by the user using System Settings / Desktop Effects / Enable desktop effects. On suitable machines, with a suitable video driver, it can be done as a default for all users by modifying file /usr/share/kde-settings/kde-profile/default/share/config/kwinrc: in the [Compositing] section change Enabled from False to True. For really very old PCs, on the other hand, you might instead want to change MoveMode and ResizeMode from Opaque to Transparent.

Compositing in KDE can produce some very weird screen effects with the VESA driver (on an nVidia card, at least), as I found out when I booted with kernel parameter nouveau.modeset=0 and no other installed video driver: so avoid this!

KDE Screen edge behaviour (Fedora 15) (Fedora 17: not yet checked)

I find special screen edge behaviour catches me unawares. If not wanted, this feature can be turned off for the user by System Settings / Workspace Behavior / Screen Edges, and untick or disable functions there you don't want. The maximise and tiling defaults can be changed for all users by adding to the [Windows] section of file /usr/share/kde-settings/kde-profile/default/share/config/kwinrc a couple of lines: ElectricBorderMaximize=false and ElectricBorderTiling=false .

KDE screen saver (Fedora 15) (Fedora 17: not yet checked)

A screen saver might be needed for security in a shared office or simply for amusement. It can be set from System Settings / Display and Monitor / Screen Saver; I usually choose Random and set a delay of 30 minutes and a Require password after 300 seconds. To make that the default for all users, copy $KDEHOME/share/config/kscreensaverrc to /usr/share/kde-settings/kde-profile/default/share/config/kscreensaverrc .

A specific screen saver, kslideshow, now seems to work OK without a configuration file. In previous versions, a config file /usr/share/config/kslideshow.kssrc was required to prevent a "No images found" message.

Another specific screen saver, kpartsaver, known in the Banners & Pictures section as Media Screen Saver, shows the message "The screen saver is not configured yet". A solution is to configure it in the System Settings for Screen Saver (above) as an ordinary user, adding some images say from /usr/share/backgrounds. To make that available to all users, copy $KDEHOME/share/config/kpartsaverrc to /usr/share/config/kpartsaverrc.

KDE splash screen (Fedora 15) (Fedora 17: not yet checked)

The KDE splash screen displays while KDE is initialising after a user login. The default is the Lovelock splash. This can be configured from System Settings / Workspace Appearance / Splash Screen. If you like the Constantine "smile" splash screen, you may need to install constantine-kde-theme package first. To make any change the default for all users, copy $KDEHOME/share/config/ksplashrc to /usr/share/kde-settings/kde-profile/default/share/config/ksplashrc .

KDE bouncing cursor (Fedora 15) (Fedora 17: not yet checked)

The bouncing cursor can be turned off by the user using System Settings / Application and System Notifications / Launch Feedback and changing Bouncing Cursor to No Busy Cursor. The default can then be changed for all users by copying $KDEHOME/share/config/klaunchrc to /usr/share/kde-settings/kde-profile/default/share/config/klaunchrc .

KDE konsole tweaks (Fedora 15) (Fedora 17: not yet checked)

I like to be able to set the title of terminal windows using ANSI sequences. (Such sequences are also used by the default PROMPT_COMMAND in bash to set the title, for example). This doesn't happen by default in konsole: instead the default windows title is a shortened current directory followed by the current command name. This default can be changed by konsole menu / Settings / Configure Profiles / Edit Profile / Tabs and choose what combinations you want from the Insert drop down, which for me is simply %w, in place of the default %d : %n.

To give users a straightforward terminal emulator window, not too different from xfce's Terminal, I want to turn off the menu bar and the tab bar by default, and have black text on white background. So again this can be done from the same configure window as above. (Having got rid of the menu bar, you can bring it back if you wish by a right-click and select Show Menubar).

You can construct your own konsole profile with a new name. If you want that to be available to all users then copy it from $KDEHOME/share/apps/konsole directory to /usr/share/kde4/apps/konsole directory. To make it the default for all users, add a line to the Desktop Entry section of /usr/share/kde-settings/kde-profile/default/share/config/konsolerc with the text DefaultProfile=mylocal.profile or whatever you've called it.

KDE Dolphin tweaks (Fedora 15) (Fedora 17: not yet checked)

The file-manager Dolphin has some defaults which you can tweak.

In Dolphin / Settings / Configure Dolphin / General / Previews, the default is to generate preview thumbnails for Directories, Images (GIF, PNG, BMP, ...), and JPEG Images (Rotated Automatically). You can turn these off if you wish, individually. To remove these as a default for all users, create a file /usr/share/config/dolphinrc with the contents:


KDE Device Notifier extra actions (Fedora 15) (Fedora 17: not yet checked)

When a portable device is plugged in, KDE's Device Notifier pops up with a set of actions for this device that are available: eg for a USB stick or CD-ROM these are Download Photos (maybe twice if you have Gwenview and digiKam), and Open with File Manager (Dolphin).

On our local desktops, I've added the following actions: Just make it accessible, in other words mount it and tell me where, and Open a Terminal, with the mount point as the current directory. These are defined as follows:


[Desktop Entry]
X-KDE-Solid-Predicate=[ [ StorageVolume.ignored == false AND [ StorageVolume.usage == 'FileSystem' OR StorageVolume.usage == 'Encrypted' ] ] OR [ IS StorageAccess AND StorageDrive.driveType == 'Floppy' ] ]

[Desktop Action open]
Name=Just make it accessible
Exec=kdialog --passivepopup "mounted at %f" 5
[Desktop Entry]
X-KDE-Solid-Predicate=[ [ StorageVolume.ignored == false AND [ StorageVolume.usage == 'FileSystem' OR StorageVolume.usage == 'Encrypted' ] ] OR [ IS StorageAccess AND StorageDrive.driveType == 'Floppy' ] ]

[Desktop Action open]
Name=Open a terminal for this device
Exec=Terminal --working-directory=%f
If you wanted to use konsole instead of Terminal for the above action, the Exec string would be konsole --workdir %f. To add an action for just yourself, you can use System Settings / Device Actions / Add, and enter the details.

KDE default Favorite applications (Fedora 15) (Fedora 17: not yet checked)

If you don't want konqueror (say) to appear in the initial default list of Favorite applications in the KDE menu, then for yourself just right-click it and select Remove from Favourites. To do this as the default action for all new users, create file /usr/share/kde-settings/kde-profile/default/share/config/kickoffrc with the following content, or tweaked as you wish:

KDE's autostarted applications, including akonadi and nepomuk (Fedora 15) (Fedora 17: not yet checked)

Some KDE services are started at user login time by virtue of desktop files in the /usr/share/autostart directory. These include klipper, kmix, krunner, nepomuk, plasma-desktop, polkitd, printer-applet, xsettings-kde.

Nepomuk "interconnects data from different desktop applications using semantic metadata". and seems to start around 9 processes including a "desktop search" process. For me, a typical user has 500k files and 50GB of disk in their personal $HOME space, not counting files in larger shared data and software areas, so desktop search and SHA-1 hashing of every indexed file could be seen as a bad idea. (In fact, any access to such files updates the last-use times, which negates the ability to archive files on the basis of last-use). You can turn Nepomuk off as an individual user by System Settings / Desktop Search / Basic Settings and untick the two tick boxes and Apply. You can do that as the default for all users by changing true to false in /usr/share/kde-settings/kde-profile/default/share/config/nepomukserverrc file. You still get the akonadi_nepomuk_contact_feeder and nepomukserver processes. Another solution is that you remove or move the corresponding /usr/share/autostart/nepomukserver.desktop autostart file.

Akonadi is "a storage service for personal information management (PIM) data and metadata". On one occasion, this feature of KDE 4 caused around 50 akonadi-related processes to start when I logged in: a quarter of all processes, and half of my own processes, for my setup. I think they were /usr/bin/akonadi_contacts_resource invocations, and I haven't been able to reproduce this since: perhaps that's a good thing!

Akonadi itself doesn't seem easily configurable per user. This is unfortunate, because some users might want its features, and others not: personal information management may be important for the home user, but is perhaps a minor consideration for serious linux/unix users in a research environment. System Settings / Akonadi Configuration does allow a user to stop the server, but it comes merrily back next time you login. Some processes are controlled from /usr/share/kde4/services/kcm_akonadi*desktop files and so those can be tweaked or removed perhaps; they belong to the kdepim-runtime package, which could be removed. I don't know what effect doing that has on other KDE features. The akonadi package itself can't easily be removed without erasing 29 other packages (for me), which is not very modular.

KDE session manager and configuring what you get on logon (Fedora 15, Fedora 17)

The KDE session Manager is in System Settings / System Administration / Startup and Shutdown / Session Management. This is rather an odd place for it, because other items under System Administration require you to be the administrator (not surprisingly)! Another way to find it is by clicking on the Start (f) button and then typing the first few characters of Session.

One useful function for me is allowing me to define what applications to start at logon time. The effect of the default feature of Restore Previous Session is that invariably I get far too many application windows that I forgot to close before I logged out, which then take valuable seconds to start up.

So having started the Session Manager, I have chosen Restore manually saved session. Then an extra option appears on the Start / Leave box, namely Save Session. Using that allows me to tailor what I want to see on Login. This for me is cleaner and noticeably quicker on login!

Changing the encryption method for passwords (Fedora 15) (Fedora 17: not yet checked)

For a time I need to maintain backward compatibility for stored passwords, so that they are stored in md5-encrypted format, not sha512. The command authconfig --enable-md5 --passalgo=md5 --updateall does that effectively, in Fedora 15. But actually it's simpler than that. The relevant file that is changed is the file pointed-to by /etc/pam.d/system-ac: the password sufficient line gets the sha512 replaced by md5 instead. The file /etc/login.defs is also updated by that authconfig command, and contains configurable parameters for ENCRYPT_METHOD, see man login.defs, but changing that file back and forth did not make any difference, for my tests, in practice.

A4 paper default for ps2pdf and friends (Fedora 15, Fedora 17)

When a Postscript file is converted to PDF using ps2pdf, ps2pdf12, psd2pdf13, or psd2pdf14, if the Postscript contains no setpagedevice Postscript command to set the PageSize, then it will get converted to a US-letter size PDF file. (This can be checked using the pdfinfo command, or acroread Properties). This is pretty hopeless for many (most?) of us, as when printed on A4 paper, the top of each page is cropped.

My old way of fixing this, for this small set of commands in particular, is to add the following line near the top of script /usr/bin/ps2pdfwr:

This sets the default papersize to A4 unless the user overrides GS_OPTIONS, or unless there is a setpagedevice PageSize in the Postscript file itself. Alternatively, just put this line into your login profile.

My preferred way to fix this in general for Ghostscript is to edit file /usr/share/ghostscript/*/Resource/Init/ and uncomment the line containing /DEFAULTPAPERSIZE (a4) def by removing the percent.

A4 paper default for xv (any system)

Some of our users use the John Bradley xv application, which is available for Fedora from and from rpmfusion-nonfree: xv and xv-doc[s] packages. One thing they usually want is to have the default paper size as A4, instead of US Letter size, thereby saving a click or two every time xv is used. This is easily accomplished with the following wrapper script /usr/local/bin/xv:

         echo 'xv.pspaper: a4' | xrdb -merge
         /usr/bin/xv "$@"

Keyboard layout setting (Fedora 15, Fedora 17)

The default layout and language for the keyboard in graphical mode is set from the contents of the /etc/sysconfig/keyboard file, as follows.

The default keyboard layout for graphical mode is read by the X server when it starts from /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf file. That file is automatically generated and updated by system process system-setup-keyboard, which monitors file /etc/sysconfig/keyboard as its source of information. That process gets started at boot time from {/etc,/usr/lib}/systemd/system/system-setup-keyboard.service as part of the systemd init sequence. If you feel this constant monitoring is not necessary in your system, you could systemctl disable system-setup-keyboard.service after the first boot.

The layout can also be assigned within KDE by System Settings / Hardware / Input Devices / Keyboard / Layouts / Configure Layouts. You can configure layout choices and then choose one from the System tray.

The keyboard layout for console tty mode is set by the KEYTABLE= option on the kernel command line in the /boot/grub/grub.conf file, as set up at installation. If this keyword is absent, the default is US layout; file /etc/sysconfig/keyboard appears to be ignored for this mode.

The file /lib/systemd/systemd-vconsole-setup appears to know about KEYTABLE and /etc/sysconfig/keyboard.

Turning off IPv6 (Fedora 15) (Fedora 17: not yet checked)

IPv6 is the very near future, but for me it isn't the present, and it's an extra thing to think about, if it is available on a system.

To turn off IPv6 DNS lookups when firefox is being used, which cause unnecessary lookup delays, you can view page about:config and set network.dns.disableIPv6 to true, or add the equivalent in the prefs.js file:

         user_pref("network.dns.disableIPv6", true);

To turn off IPv6 DNS lookups when an ssh client command is used, my local wrapper script uses ssh with the -4 option. An alternative seems to be to put AddressFamily inet in file /etc/ssh/ssh_config, possibly within the scope of a Host declaration.

To turn off IPv6 for the sshd daemon specifically, you can substitute ListenAddress in /etc/ssh/sshd_config file.

You can tell if IPv6 support is generally enabled if the following give some output:

         lsmod | grep ipv6
	 ip a | grep inet6
	 netstat -nutlp | grep ::
The lsmod has a non-zero use count in the default case (but see below). The netstat assumes you've got some services running which might allow IPv6 clients, like rpcbind, or an unconfigured sshd.

Trying various recipes on the web in turn, separately (not together!), to see if they apply to Fedora 15:

New commands (Fedora 15, Fedora 17)

New commands in coreutils package in f15 not in f12: New commands in coreutils package in f17 not in f15:

New commands (with man files) in my f17 install, not in my f15 install:

New sbin commands (with man files) in my f17 install, not in my f15 install:

KDE over-use of resources (seen in Fedora 15)

I've had one occasion where according to top, the plasma-desktop process was using 99% of a core, and the kwin process had expanded to 5.6 GB virtual memory, 5.0 GB RAM, on an 8GB PC. After a logoff/logon, this went down to a more sensible 0.0 %CPU for both, and 52 MB RAM for both. I shall watch that to see if it recurs!

Problem with emacsclient and emacs --daemon (seen in Fedora 15)

One of our undergrad users had started an emacsclient session (all she wanted was an editor, and that was what a left-click in dolphin gave her), and a few days after she had logged off, she still had an emacs --daemon process using 50% of the cpu time on that PC, and her $HOME/.xsession-errors file was 210 GB in size and growing. It contained lines like:
/usr/bin/emacsclient: can't find socket; have you started the server?
To start the server in Emacs, type "M-x server-start".
Starting Emacs daemon.
Back to top level.
Back to top level.
Back to top level.
last line repeats ad nauseam
produced by emacs. Given that many users only edit one file at a time, it may be that having a client/server for emacs is unnecessary for us, so I will remove the file /usr/share/applications/emacsclient.desktop, or just make it readable only by root, so that it disappears from KDE file associations and therefore from dolphin.

These file associations from mime-types to applications are very flexible, as settable in KDE System Settings / File Associations, but is it the case that someone will want to use emacs (say) to edit a C++ file, but use nedit (say) to edit a .txt file and vim to edit a shell file? Do I really have to go through 100 different mime-types of type text/something in order to force my favourite editor to be used in almost all cases? Apparently so: this needs further investigation!

Problem in devpts with opening Terminal, konsole, and gnome-terminal sessions (Seen in Fedora 15)

Early on we had problems with opening Terminal and gnome-terminal and konsole sessions; for Terminal the following error message would appear: Failed to execute child. grantpt failed: Permission denied. For gnome-terminal, the message was There was an error creating the child process for this terminal: grantpt failed: permission denied. For konsole, there was no obvious error message: simply no shell prompt.

Doing a mount | grep devpts revealed the problem. The /dev/pts mount had mode=600 and no gid=5, even though the /etc/fstab entry specifies gid=5,mode=620 on its options. Some checks showed that it was the lack of gid=5 that caused the problem. This was caused by a script of mine mounting a devpts file-system in a secondary place (a chroot image) without the necessary gid=5,mode=620, and that was sufficient to cause all mounts of the devpts file system to get the error.

Invalid swap can make boot stall for 80 seconds (Fedora 15) (Fedora 17: not yet checked)

If you inadvertently get your /etc/fstab and your swap area out of synch, in that the UUID= (or possibly LABEL=) in fstab does not match any swap area, then the system will stall for 80 seconds during boot, and then continue with the following message in /var/log/messages: Job dev-disk-by\x2duuid-....device/start timed out or Job dev-disk-by\x2dlabel-....device/start timed out. Although it's understandable that boot should allow exotic device setups to settle before declaring them missing, 80 seconds is a long time to be without any message on the screen.

For me this may have happened as I installed a second system and must have opted to format an existing swap area, thereby getting a new UUID. The /sbin/blkid user utility is handy for displaying partition labels and UUIDs.

Difference in hwclock invocation (Fedora 15, Fedora 17: not yet checked)

This is just a place-holder for the moment, but there does seem to be a small difference between Fedora 12 and Fedora 14 as to the issuing of the hwclock command. First thoughts are: /etc/rc.d/rc.sysinit used to issue a hwclock --hctosys, but no longer does (but check!). As before, optional service /etc/init.d/ntpdate finds network time once and then optionally issues hwclock --systohc. As before, optional service ntpd finds network time continually and also effectively sets the hwclock hardware using "11 minute mode" (since adjtimex --print "status" 0x0040 bit is zero). As before,. /etc/init.d/halt issues hwclock --systohc.

For earlier systems, see Contents.

Birmingham Particle Physics Group