This is a quick glance work-in-progress page for Fedora 17, which was released on 29 May 2012, and earlier Fedora systems. It's got some advice on what custom changes I applied to such systems. For Fedora 15 specifically, see this earlier page. For other systems, have a look at the Contents page.
This is a known Bug 840160 and Bug 840204, as yet unfixed.
menuentry_id_option
to include the string "--unrestricted" in file /etc/grub.d/00_header.
I also add GRUB_DISABLE_OS_PROBER=true in /etc/default/grub because I don't personally like the way
in which grub2 adds entries for other systems (see next two items),
and in any case I use a mastergrub initial chooser which eliminates the need for that.
Then I run grub2-mkconfig to replace the grub.cfg file.
Similarly a partition which contain a manufacturer Recovery system is listed as a bootable partition just like a normal system partition. Normally such Recovery is accessed via a special BIOS-defined key which the administrator may choose to hide from the ordinary user.
This a known Bug 840272.
Hopefully additional fine tuning will be available in later grub2 versions. Or maybe someone will write a simplified modern boot loader!
route add -net xxx.yy.0.0 netmask 255.255.0.0 reject
When using a kickstart, I used to specify a --device=eth0 option. Now I don't, so that installation can use em1 or eth0 or whatever the interface is. It's apparently legal to omit --device for the first or only network command, because after all if anaconda has already fetched my kickstart file, it knows what to default to.
The migration of rc.local from System V to Fedora wasn't handled perfectly, IMHO.
In Fedora 15, /etc/rc.d/rc.local (aka /etc/rc.local) is started before
networking setup or local or remote disk mounting is complete.
But rc.local was the service most likely to be used by the local administrator,
and so is the one where backward compatibility should have been preserved, I would say.
This has been partially remedied in Fedora 17, where the rc.local service is started
after the network is up, rather than immediately.
For an installation which still uses rc.local and expects additionally
that any remote filesystems are up when it runs,
that can be effected by copying /usr/lib/systemd/system/rc-local.service
to /etc/systemd/system/rc-local.service and changing
After=network.target to After=remote-fs.target in the copied file.
/etc/systemd/system/graphical.target.wants/firstboot-graphical.service
exist. To fix this, in the %post section of my Fedora 15 kickstart file, I have:
if [ -e /etc/systemd/system/graphical.target.wants/firstboot-graphical.service ]; then systemctl disable firstboot-graphical.service systemctl disable firstboot-text.service fi
There are sandbox and seunshare commands for running user commands in a sandbox. One of its effects is to provide extra bind mounts for the major system directories like /home. In other words, even if those directories reside in your root (/) filesystem, and are not on separate partitions or logical volumes, they appear in a df and mount command output and in /etc/mtab. This applies even if SELinux is disabled. It's not clear to me yet whether these commands are provided simply for use in a SELinux enforcing environment, or whether they also give added value in a SELinux disabled environment.
/share/xtmp on /tmp type none (rw,bind).
In Fedora 15, the result of the same mount command is reported as
/dev/sda12 /tmp type ext3 (rw,relatime,....),
and the subdirectory xtmp or the word bind never appears.
In the earlier kernels this did give rise to the oddity that if you did those bind mounts and then umounted /share, and then maybe even mounted another device as /share, the bind mounts were still listed just like before, which was misleading. I could argue though that giving a plain device file in a df output as the source of a subdirectory bind mount is also misleading.
A more informative command though is findmnt.
In my case, the information line contains
/tmp /dev/sda12[/xtmp]
so it's possible to see the subdirectory source of the bind mount command.
*I've noticed that in Fedora 15 onwards, /etc/mtab is a sym-link to /proc/mounts which in turn is a sym-link to /proc/self/mounts. In Fedora 12, /etc/mtab was maintained separately, and contained information on which mounts had been achieved via binding, which the kernel version /proc/self/mounts did not have. This I guess is why df output has changed.
More recently, file capabilities are supported, whereby the privileged capabilities for a process can be initially set from the extended attribute bits of its executable file, rather than by requiring a setuid-root executable file which then might (or might not) confine its capabilities using system calls.
Fedora 15 onwards makes more use of file capabilities. Checking using getcap -r /bin /usr/bin /sbin /usr/sbin reveals around nine commands in those directories which used to be setuid-root in Fedora 14, but are now simply setcap. These include the 'r' remote commands, and ping and mtr. As I have one or two setuid-root programs of my own, I'll have to see if I can make them have setcap rather than setuid. For example, use CAP_SYS_CHROOT as a permitted but not inheritable capability for a command that does a chroot(2) and then executes user code, and use CAP_SYS_NICE for commands that need real-time priority.
One issue related to capabilities happened for me for machines where, as an alternative to installing Fedora from scratch using the usual anaconda, I rsync an image of a system taken from a vanilla (installed but not yet booted) system. A simple rsync -a does not copy file extended attributes, where the file capabilities are stored, so care needs to be taken to remedy that, in the rsync or afterwards.
Hover to view fonts >> << hover to remove
In the as-supplied case the characters are skinnier and, to my eyes, more irregular: some characters are hinted quite a bit, and some aren't (like i F T). In the case of LibreOffice, parts of the Times Roman digit 2 have almost been greyed-out of existence in the as-supplied case.
The fix-up was to make use of the autohinter by:
ln -s ../conf.avail/10-autohint.conf /etc/fonts/conf.d/
as described in
Bug 708525.
This apparently overrides the TrueType bytecode interpreter which was enabled in Fedora 15.
The autohinter result isn't perfect:
note the closeness of the first "i" and "s" in "This font is Times Roman 12".
But it is generally easier to read.
/etc/cups/client.conf with the contents
(the :portnumber is optional):
ServerName my.cups.server:631
The skype rpm downloaded from Skype
for Fedora is a 32-bit version.
It used to be the case that the rpm didn't declare all its dependencies;
if that is still true with version 4.0,
you may also need to yum install qt-devel.i686 and
yum install libXScrnSaver.i686 packages,
if they are not already present on your system
(particularly likely if your Fedora is 64-bit).
The Options / Sound Devices screen says "It appears your system has PulseAudio running: to change sound settings you need to use your Desktop Manager volume control or PulseAudio volume control". Trying to get skype to use a particular audio device was helped by installing the Fedora pavucontrol package for PulseAudio, so I could list audio streams and which device they are connected to. With that installed, the skype Options / Sound Devices panel gives an extra button Open PulseAudio Volume Control. Then in principle you can see what audio streams there are for Playback and Recording and which hardware audio device they are connected to. (Or you can use the session manager's sound control interface: eg kmix seems to have the same facilities).
As well as the built-in Intel audio, skype works nicely with my USB audio devices: Phoenix Duet (the basic PCS, and the Duet Executive TMX320VC5509) the similar-looking Plantronics Calisto P420-M, and a Logitech ClearChat Pro USB headset.
There is a trivial error in the current Adobe Reader (9.5.x) script file /opt/Adobe/Reader9/bin/acroread, which is linked-to by /usr/bin/acroread, which can cause the following error output:
dirname: missing operand Try `dirname --help' for more information.This is because the script relies on gconftool-2 giving a positive response to a query about a http url handler; such a response may occur in some cases, but not in many cases including mine! Various solutions can be used: mine is to tweak the script as follows:
sed -i.orig 's/xargs dirname/xargs -r dirname/' /opt/Adobe/Reader9/bin/acroreadIn fact I also tweak the string "gconftool-2" in the script so that it isn't invoked anywhere in the script: it causes the gconfd-2 daemon to start even in a non-GNOME environment.
Because both those applications are 32-bit currently, then if you have a 64-bit Fedora installation, you may need to install some 32-bit versions of a couple of packages, as follows.
If you get warnings on starting acroread (32-bit) from a command line, of the form
Gtk-WARNING **: Unable to locate theme engine in module_path,
then if the message mentions oxygen-gtk,
you need to install the Fedora oxygen-gtk.i686 package.
(In previous versions it was necessary to install the Fedora gtk2-engines.i686 package).
In order for Adobe Flash (32-bit) to work, you need to ensure you have got installed the Fedora nspluginwrapper.i686 package. You can install this after flash-plugin, or before, it doesn't seem to matter.
Then you can simply yum install any required ATrpms package.
Because of clashes with rpmfusion I normally have these repos disabled
by default until needed (see below).
yum localinstall http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm yum localinstall http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpmFor myself, I then disable these repositories by default, by changing enabled=1 to enabled=0 in their repo files in /etc/yum.repos.d/ directory. When needed, I just use the appropriate yum --enablerepo option.
To get the KDE k3b CD creator to stop warning about missing mp3 support, install the k3b-extras-freeworldpackage from rpmfusion-free. This brings in some other packages like lame-libs from the same repo.
I first downloaded the ICAClient-11.100-1.i386.rpm package, free from the www.citrix.com web-site Downloads / Client Center area.
That web page rightly says that OpenMotif v2.3.1 is a pre-requisite for the ICAClient package, and that provides the libXm.so.4 library. OpenMotif is not available under Fedora for licensing reasons, and Fedora's lesstif package only provides a libXm.so.2 library. It is however available from Scientific Linux 5 and CentOS 5 sites.
A complication is that the file /usr/share/X11/XKeysymDB
is a pre-requisite of that openmotif package.
In a RHEL5/SL5/Centos5 system, that file would be provided by the libX11 package,
but libX11 on Fedora lacks it.
Installing openmotif with --nodeps option and copying that file by hand from elsewhere works,
but then yum will nag you every time you use it that there's a missing dependency.
So I've found it better to package-up that single file, and install it
before installing openmotif.
That's available via
yum localinstall http://www.ep.ph.bham.ac.uk/general/support/fedora-xkeysymdb.rpm if you want it.
Then you can install the openmotif package:
for example
yum localinstall ftp://ftp.scientificlinux.org/linux/scientific/5rolling/i386/SL/openmotif-2.3.1-5.el5_5.1.i386.rpm
(other repositories are available).
This will trigger the automatic installation of pre-reqs libXp.i686 and libXmu.i686 if necessary.
Finally you can install the ICAClient package you downloaded from Citrix earlier:
yum localinstall ICAClient-11.100-1.i386.rpm and
this will trigger the automatic installation of pre-req libXaw.i686 if necessary.
That's the installation completed.
As an ordinary user, there is an error when you run /usr/lib/ICAClient/wfica or /usr/lib/ICAClient/wfica.sh, as follows (you may just get the first line with Fedora 15):
Warning: Missing charsets in String to FontSet conversion Warning: Unable to load any usable fontset Error: Aborting: no fontset foundAdvice on the web is to set LANG=C in place of (say) en_US.UTF-8, and that can be done by inserting export LANG=C in shell script /usr/lib/ICAClient/wfica.sh, or in my case in our local script /usr/local/bin/wts. Using unset LANG in those places is equally effective.
On moving from ICAClient version 9 to version 11, I found all the users' drive mappings didn't work. On making a trivial (non-)change in their settings in wfcmgr, and clicking Apply to cause them to be re-saved, they all worked again, so I guess there has been an incompatible parameter change in the ini files for the ICA client between version 9 and 11.
I then found a 15 second delay in connecting to the terminal server, during which time the Citrix splash screen (possibly blank) is displayed. During this time, the client is sending out UDP broadcasts to the icabrowser port (port 1604), and just the terminal server machine responds, and 3 probes are going out at 5 second intervals, whereas previously (older system, older ICAClient) it was at 1 second intervals, and so wasn't seen as a problem. This was resolved by setting the client wfcmgr setting Properties -> Network -> Server Location to the DNS name of my terminal server, as well as that being the Destination name. This adds a couple of configuration lines to the $HOME/.ICAClient/appsrv.ini file. The same exchanges then take place but without using broadcasts and without the delays.
A feature of the new setup with ICAClient-11 is that when viewing a drive-mapped directory on the Windows system, using say Windows Explorer as usual, ordinary directories and files work fine, as do symbolic links to files or directories in the same directory or daughter directories, but attempts to access files which are symbolic links to other linux files or directories elsewhere in the file hierarchy fails. These symbolic (or soft) links were created on the Linux system in the usual way using the Linux command ln -s. Clicking on such files gives the error Filename is not accessible. The parameter is incorrect. On the other hand, shortcuts created by Windows on the drive-mapped directories continue to work on Windows, and create .lnk files, but of course they are not recognised as links by Linux. This is a ICAClient 11 security feature not present in ICAClient version 9.
The circumvention for that security feature is to be found on this forum page. That worked for me: in fact I only needed to tweak wfclient.ini, as the other file was already configured as required.
There are various ways I've found that you can do that:
put unset command_not_found_handle at the end of your $HOME/.bashrc;
make file /etc/profile.d/PackageKit.sh unreadable to the ordinary user;
configure the file /etc/PackageKit/CommandNotFound.conf;
or do a yum erase PackageKit-command-not-found.
As supplied the return code for a mistyped interactive command is 0, rather than 127 as it should be. This could lead to problems if you mistype a command pipeline which relies on return codes being sensible. This only happens in interactive mode, so missing commands invoked from scripts don't get the treatment anyway.
Without scripts it's still necessary to unpack the *.pack files in the installed tree, so I have a script which sources just the unpack_jars function from the scriptlet and then runs it on each *.pack file in the /usr/java/jdk* tree.
For Fedora 12, I had used nVidia's own driver by downloading it myself from their web site and using the provided run script. I had set up a method of recompiling the kernel module at boot time when booting into a fresh kernel, and it worked reasonably well.
With Fedora 15, I decided to go main-stream and make use of the akmods-nvidia package from RPMfusion (the so-called automagical method of making new kernel modules). This worked flawlessly when starting from a freshly installed system. It doesn't matter if you are running in graphics (runlevel 5) mode on the nouveau driver when you use the procedure.
Notes:
The package akmod-nvidia contains a file (and a soft-link to it), namely
a source rpm for the latest nvidia-kmod in /usr/src/akmods/,
and installing akmod-nvidia has a script side-effect which builds
and installs a kmod-nvidia package for the current kernel.
Furthermore, when a new kernel and kernel-devel package is later installed,
then by virtue of script /etc/kernel/postinst.d/akmods which runs
as a posttrans step of installation of a kernel
via command new-kernel-pkg --rpmposttrans,
a new kmod-nvidia package should be created and installed.
Yet more: at boot time, the akmods service should
create any necessary module, should you reboot into an older kernel.
This last method is probably over-kill for me and the service could be disabled.
The /etc/X11/xorg.conf file specifying a device Driver of "nvidia"
is normally put in place by the posttrans scriptlet of
package xorg-x11-drv-nvidia by copying file /etc/X11/nvidia-xorg.conf,
but if the xorg.conf file exists already, this is not done.
Alternatively, use command nvidia-xconfig to replace that file.
Otherwise you run the risk of having a system which hangs just before the
login screen appears.
The nouveau driver gets disabled by virtue of a /etc/modprobe.d/
file in package xorg-x11-drv-nvidia, and a scriptlet side-effect of installing
this package is to add
nouveau.modset=0 rdblacklist=nouveau nomodeset
to the kernel command line in /boot/grub/grub.conf.
(I'm not sure where the last parameter nomodeset appeared from,
and it's not present on another PC;
it's not in the package postinstall scriptlet,
though it does appear in the preuninstall scriptlet. Odd).
When running Google Earth, before finalising the steps above, I had found the contents of the earth image were black. After going back and forward with nVidia releases without success, I found this forum page reply 7 which hinted that I needed to install a 32-bit version: xorg-x11-drv-nvidia-libs.i686 from the RPM Fusion repository, as well as the 64-bit; this also pulled in libXvMC.i686 and libvdpau.i686 Fedora packages. So that's why this is included in the steps above. The googleearth-bin binary is currently 32-bit, even though I downloaded it as the google-earth-stable-6.1.0.4857-0.x86_64 package! This also helped with the video-conferencing application EVO, when run under a 32-bit Sun Java package.
(*) For the wait step above, in my nvidia install script (and in other scripts which might result in a akmods build), I have a section with a sleep-test-loop on the /usr/sbin/akmods process. It previously checked for a busy lock file /var/cache/akmods/.lockfile, but akmods version 0.3.7 now flocks /var/lock/subsys/akmods instead.
As an alternative, the NVidia driver's README.txt recommends that you add a file /etc/modprobe.d/disable-nouveau.conf containing:
blacklist nouveau options nouveau modeset=0But it rightly warns that this will only come into effect for boot-time purposes when your /boot initramfs is re-created. This can be done manually or by updating/re-installing the kernel. If the kernel is already up to date, then look at file /usr/libexec/plymouth/plymouth-update-initrd for an example mkinitrd line! (You can check what files a ramdisk contains by using the /sbin/lsinitrd command). Then reboot. But beware, you will get no X server and also no console tty, so be sure that you can login from another PC via ssh (say)!
Actually at this point the nouveau module is present, but with zero use count, so you can rmmod it (or leave it to the nvidia installation script to do that).
| System | Windows manager and setup | glxgears | teapot (help off) | gtkperf -a (low is good) |
|---|---|---|---|---|
| Fedora 12 with nouveau driver (0.0.15-21.20091105) | No GLX support | n/a | n/a | n/a |
| Fedora 12 with nvidia.com driver (195.36.15) | XFCE window manager / default | 2950 FPS | 490 FPS | 1.86 sec |
| Fedora 12 with nvidia.com driver (195.36.15) | KDE desktop effects disabled | 2940 FPS | 490 FPS | 1.85 sec |
| Fedora 12 with nvidia.com driver (195.36.15) | KDE desktop effects enabled (blur option n/a) | 2080 FPS | 429 FPS | 4.09 sec |
| Fedora 15 with nouveau driver (0.0.16-24.20110324) | XFCE window manager / default | 1155 FPS | 276 FPS | 2.74 sec |
| Fedora 15 with nouveau driver (0.0.16-24.20110324) | KDE desktop effects disabled | 1155 FPS | 274 FPS | 7.87 sec |
| Fedora 15 with nouveau driver (0.0.16-24.20110324) | KDE desktop effects enabled + defaults | 670 FPS | 129 FPS | 11.52 sec |
| Fedora 15 with nouveau driver (0.0.16-24.20110324) | KDE desktop effects enabled + no blur | 1061 FPS | 248 FPS | 7.57 sec |
| Fedora 15 with nvidia.com driver (275.21) | KDE desktop effects enabled + no blur | 2410 FPS | ||
| Fedora 15 with nvidia.com driver (280.13) | XFCE window manager / default | 3180 FPS | 476 FPS | 2.93 sec |
| Fedora 15 with nvidia.com driver (280.13) | KDE desktop effects disabled | 3180 FPS | 475 FPS | 7.12 sec |
| Fedora 15 with nvidia.com driver (280.13) | KDE desktop effects enabled + defaults | 1490 FPS | 320 FPS | 7.44 sec |
| Fedora 15 with nvidia.com driver (280.13) | KDE desktop effects enabled + no blur | 2180 FPS | 425 FPS | 6.10 sec |
| Fedora 15 with nvidia.com driver (285.05 rawhide) | KDE desktop effects enabled + no blur | 1980 FPS | 402 FPS | 5.62 sec |
Conclusions:
Also see this KDE forum page and this comment on using glxgears as a benchmark and this advice too!
To disable blur, use System Settings / Desktop Effects / All Effects / untick Blur. To configure by hand, the incantation for the kwinrc file in the [Plugins] section is: kwin4_effect_blurEnabled=false .
On viewing a session and then clicking on the VieVO expand-window button to produce a window at max resolution, the ViEVO app crashed (leaving EVO running) when icedtea java was in use. But that problem disappeared on making use of Oracle-Sun Java jdk1.6.0_25 in place of icedtea-web-1.0.2-2 (openjdk), so it would be wrong to ascribe that problem to the graphics driver!
On Fedora 12, With the nvidia.com driver in place of nouveau with an NVidia graphics card, the Tools / Video / Advanced window information stated: OpenGL; Vendor: NVIDIA Corporation; Version: 3.2.0 NVIDIA 195.36.15; Renderer: Quadro NVS 290/PCI/SSE2.
(It did not work under Fedora 12 with an NVidia graphics card and the default nouveau graphics driver. EVO version 1.5.x had the message "No OpenGL detected" in the AV controls Video window. EVO version 2 didn't work either: the Tools / Video / Advanced window information stated OpenGL Vendor: Mesa Project, Version: 1.4 (2.1 Mesa 7.7.1-DEVEL, Renderer: Software Rasterizer, but no video window appeared, even if Disable OpenGL was set in that window.)
/lib/ld-lsb.so.3: bad ELF interpreter: No such file or directory.
This was fixed by installing this package: redhat-lsb.i686,
that is, the 32-bit architecture in addition to the 64-bit.
Both my old (5.1) and new (6.1.0) versions of Google Earth gave a black contents for the earth image, with my nVidia setup; I needed to install xorg-x11-drv-nvidia-libs.i686 (see the section above Using nVidia's OEM driver via RPMfusion akmods). The googleearth-bin binary is currently 32-bit, even though I downloaded it as the google-earth-stable-6.1.0.4857-0.x86_64 package!
To put kdm into effect, I put DISPLAYMANAGER into file /etc/sysconfig/desktop, and also set the default session manager by setting DESKTOP, as follows:
DISPLAYMANAGER="KDE" DESKTOP="KDE"
yum install kdeartwork).
The default can be changed for all users by modifying file
/usr/share/kde-settings/kde-profile/default/share/config/kwinrc
so that PluginLib=kwin3_keramik .
There are plenty of other decorations that are fetchable using
the Get New Decorations button.
Compositing in KDE can produce some very weird screen effects with the VESA driver (on an nVidia card, at least), as I found out when I booted with kernel parameter nouveau.modeset=0 and no other installed video driver: so avoid this!
A specific screen saver, kslideshow, now seems to work OK without a configuration file. In previous versions, a config file /usr/share/config/kslideshow.kssrc was required to prevent a "No images found" message.
Another specific screen saver, kpartsaver, known in the Banners & Pictures section as Media Screen Saver, shows the message "The screen saver is not configured yet". A solution is to configure it in the System Settings for Screen Saver (above) as an ordinary user, adding some images say from /usr/share/backgrounds. To make that available to all users, copy $KDEHOME/share/config/kpartsaverrc to /usr/share/config/kpartsaverrc.
To give users a straightforward terminal emulator window, not too different from xfce's Terminal, I want to turn off the menu bar and the tab bar by default, and have black text on white background. So again this can be done from the same configure window as above. (Having got rid of the menu bar, you can bring it back if you wish by a right-click and select Show Menubar).
You can construct your own konsole profile with a new name. If you want that to be available to all users then copy it from $KDEHOME/share/apps/konsole directory to /usr/share/kde4/apps/konsole directory. To make it the default for all users, add a line to the Desktop Entry section of /usr/share/kde-settings/kde-profile/default/share/config/konsolerc with the text DefaultProfile=mylocal.profile or whatever you've called it.
In Dolphin / Settings / Configure Dolphin / General / Previews, the default is to generate preview thumbnails for Directories, Images (GIF, PNG, BMP, ...), and JPEG Images (Rotated Automatically). You can turn these off if you wish, individually. To remove these as a default for all users, create a file /usr/share/config/dolphinrc with the contents:
[PreviewSettings] Plugins=
On our local desktops, I've added the following actions: Just make it accessible, in other words mount it and tell me where, and Open a Terminal, with the mount point as the current directory. These are defined as follows:
/usr/share/kde4/apps/solid/actions/BHAM-just-mount.desktop:
[Desktop Entry] X-KDE-Solid-Predicate=[ [ StorageVolume.ignored == false AND [ StorageVolume.usage == 'FileSystem' OR StorageVolume.usage == 'Encrypted' ] ] OR [ IS StorageAccess AND StorageDrive.driveType == 'Floppy' ] ] Type=Service Actions=open; [Desktop Action open] Name=Just make it accessible Exec=kdialog --passivepopup "mounted at %f" 5 Icon=gdu-mount/usr/share/kde4/apps/solid/actions/BHAM-open-terminal.desktop:
[Desktop Entry] X-KDE-Solid-Predicate=[ [ StorageVolume.ignored == false AND [ StorageVolume.usage == 'FileSystem' OR StorageVolume.usage == 'Encrypted' ] ] OR [ IS StorageAccess AND StorageDrive.driveType == 'Floppy' ] ] Type=Service Actions=open; [Desktop Action open] Name=Open a terminal for this device Exec=Terminal --working-directory=%f Icon=TerminalIf you wanted to use konsole instead of Terminal for the above action, the Exec string would be konsole --workdir %f. To add an action for just yourself, you can use System Settings / Device Actions / Add, and enter the details.
[Favorites] FavoriteURLs=/usr/share/applications/kde4/systemsettings.desktop,/usr/share/applications/kde4/dolphin.desktop
Nepomuk "interconnects data from different desktop applications using semantic metadata". and seems to start around 9 processes including a "desktop search" process. For me, a typical user has 500k files and 50GB of disk in their personal $HOME space, not counting files in larger shared data and software areas, so desktop search and SHA-1 hashing of every indexed file could be seen as a bad idea. (In fact, any access to such files updates the last-use times, which negates the ability to archive files on the basis of last-use). You can turn Nepomuk off as an individual user by System Settings / Desktop Search / Basic Settings and untick the two tick boxes and Apply. You can do that as the default for all users by changing true to false in /usr/share/kde-settings/kde-profile/default/share/config/nepomukserverrc file. You still get the akonadi_nepomuk_contact_feeder and nepomukserver processes. Another solution is that you remove or move the corresponding /usr/share/autostart/nepomukserver.desktop autostart file.
Akonadi is "a storage service for personal information management (PIM) data and metadata". On one occasion, this feature of KDE 4 caused around 50 akonadi-related processes to start when I logged in: a quarter of all processes, and half of my own processes, for my setup. I think they were /usr/bin/akonadi_contacts_resource invocations, and I haven't been able to reproduce this since: perhaps that's a good thing!
Akonadi itself doesn't seem easily configurable per user. This is unfortunate, because some users might want its features, and others not: personal information management may be important for the home user, but is perhaps a minor consideration for serious linux/unix users in a research environment. System Settings / Akonadi Configuration does allow a user to stop the server, but it comes merrily back next time you login. Some processes are controlled from /usr/share/kde4/services/kcm_akonadi*desktop files and so those can be tweaked or removed perhaps; they belong to the kdepim-runtime package, which could be removed. I don't know what effect doing that has on other KDE features. The akonadi package itself can't easily be removed without erasing 29 other packages (for me), which is not very modular.
One useful function for me is allowing me to define what applications to start at logon time. The effect of the default feature of Restore Previous Session is that invariably I get far too many application windows that I forgot to close before I logged out, which then take valuable seconds to start up.
So having started the Session Manager, I have chosen Restore manually saved session. Then an extra option appears on the Start / Leave box, namely Save Session. Using that allows me to tailor what I want to see on Login. This for me is cleaner and noticeably quicker on login!
authconfig --enable-md5 --passalgo=md5 --updateall
does that effectively, in Fedora 15.
But actually it's simpler than that.
The relevant file that is changed is
the file pointed-to by /etc/pam.d/system-ac:
the password sufficient line gets
the sha512 replaced by md5 instead.
The file /etc/login.defs is also updated by that authconfig command,
and contains configurable parameters for ENCRYPT_METHOD, see man login.defs,
but changing that file back and forth did not make any difference,
for my tests, in practice.
My old way of fixing this, for this small set of commands in particular, is to add the following line near the top of script /usr/bin/ps2pdfwr:
export GS_OPTIONS=${GS_OPTIONS--sPAPERSIZE=a4}
This sets the default papersize to A4 unless the user overrides GS_OPTIONS,
or unless there is a setpagedevice PageSize in the Postscript file itself.
Alternatively, just put this line into your login profile.
My preferred way to fix this in general for Ghostscript is to edit
file /usr/share/ghostscript/*/Resource/Init/gs_init.ps
and uncomment the line containing /DEFAULTPAPERSIZE (a4) def
by removing the percent.
#!/bin/sh
echo 'xv.pspaper: a4' | xrdb -merge
/usr/bin/xv "$@"
The default keyboard layout for graphical mode
is read by the X server when it starts from
/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf file.
That file is automatically generated and updated by
system process system-setup-keyboard,
which monitors file /etc/sysconfig/keyboard as its source of information.
That process gets started at boot time from
{/etc,/usr/lib}/systemd/system/system-setup-keyboard.service
as part of the systemd init sequence.
If you feel this constant monitoring is not necessary in your system, you could
systemctl disable system-setup-keyboard.service
after the first boot.
The layout can also be assigned within KDE by System Settings / Hardware / Input Devices / Keyboard / Layouts / Configure Layouts. You can configure layout choices and then choose one from the System tray.
The keyboard layout for console tty mode is set by the KEYTABLE= option on the kernel command line in the /boot/grub/grub.conf file, as set up at installation. If this keyword is absent, the default is US layout; file /etc/sysconfig/keyboard appears to be ignored for this mode.
The file /lib/systemd/systemd-vconsole-setup appears to know about KEYTABLE and /etc/sysconfig/keyboard.
To turn off IPv6 DNS lookups when firefox is being used, which cause unnecessary lookup delays, you can view page about:config and set network.dns.disableIPv6 to true, or add the equivalent in the prefs.js file:
user_pref("network.dns.disableIPv6", true);
To turn off IPv6 DNS lookups when an ssh client command is used, my local wrapper script uses ssh with the -4 option. An alternative seems to be to put AddressFamily inet in file /etc/ssh/ssh_config, possibly within the scope of a Host declaration.
To turn off IPv6 for the sshd daemon specifically, you can substitute ListenAddress 0.0.0.0 in /etc/ssh/sshd_config file.
You can tell if IPv6 support is generally enabled if the following give some output:
lsmod | grep ipv6
ip a | grep inet6
netstat -nutlp | grep ::
The lsmod has a non-zero use count in the default case (but see below).
The netstat assumes you've got some services running which
might allow IPv6 clients, like rpcbind, or an unconfigured sshd.
Trying various recipes on the web in turn, separately (not together!), to see if they apply to Fedora 15:
install net-pf-10 /bin/true
install ipv6 /bin/true
This works.
Use /bin/false if you don't mind seeing half-a-dozen FATAL messages in the log.
If your system uses rpcbind, you may see reassuring log messages like
rpcbind: cannot create socket for tcp6 and udp6.
Under a vanilla Fedora, the use of 00 in the name for ordering purposes
is not needed, so you can call it what you like,
as those aliases don't appear elsewhere in that directory.
/usr/bin/emacsclient: can't find socket; have you started the server? To start the server in Emacs, type "M-x server-start". Starting Emacs daemon. Back to top level. Back to top level. Back to top level. last line repeats ad nauseamproduced by emacs. Given that many users only edit one file at a time, it may be that having a client/server for emacs is unnecessary for us, so I will remove the file
/usr/share/applications/emacsclient.desktop,
or just make it readable only by root,
so that it disappears from KDE file associations and therefore from dolphin.
These file associations from mime-types to applications are very flexible, as settable in KDE System Settings / File Associations, but is it the case that someone will want to use emacs (say) to edit a C++ file, but use nedit (say) to edit a .txt file and vim to edit a shell file? Do I really have to go through 100 different mime-types of type text/something in order to force my favourite editor to be used in almost all cases? Apparently so: this needs further investigation!
Doing a mount | grep devpts revealed the problem.
The /dev/pts mount had mode=600 and no gid=5, even though the
/etc/fstab entry specifies gid=5,mode=620 on its options.
Some checks showed that it was the lack of gid=5 that caused the problem.
This was caused by a script of mine mounting a devpts file-system in a
secondary place (a chroot image) without the necessary gid=5,mode=620,
and that was sufficient to cause all mounts of the devpts
file system to get the error.
For me this may have happened as I installed a second system and must have opted to format an existing swap area, thereby getting a new UUID. The /sbin/blkid user utility is handy for displaying partition labels and UUIDs.
For earlier systems, see Contents.
L.S.Lowe
