Fedora

Fedora 27 Workstation (x86_64)

Packages
deltarpm=false

$ dnf remove ibus xdg-user-dir\* PackageKit\* abrt\* libreport libvirt\* qemu\* java\* selinux\* setroubleshoot\* spice\*    # remove ~960 M (~ 290 packages) $ reboot  # selinux remove/disable

$ dnf remove evolution orca cheese shotwell rhythmbox totem yelp\* hunspell-en hunspell-en-GB                                # remove ~150 M (~ 50 packages) $ dnf remove gnome-shell-extension\* gnome-backgrounds gnome-getting-started-docs gnome-user-docs gnome-initial-setup gnome-online-miners gnome-user-docs gnome-getting-started-docs $ dnf remove baobab gnome-weather gnome-clocks gnome-contacts gnome-clocks gnome-maps gnome-calendar gnome-characters gnome-todo  # gnome-autoar (with nautilus) $ dnf remove ModemManager lrzsz pptp rp-pppoe wvdial NetworkManager-openconnect NetworkManager-openvpn NetworkManager-pptp NetworkManager-vpnc  # -x libnm-gtk ( !!! libnm-gtk !!! must stay in Fedora) $ dnf remove \*firmware\* \*b43\* \*pcsc\* usb_modeswitch pcmcia\* \*sane\* -x linux-firmware $ dnf remove adobe-source-han-sans\* jomolhari\* khmeros\* lklug\* lohit\* naver-nanum\* paktype\* paratype\* sil\* smc\* tabish\* thai\* vlgothic\*

$ dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm $ dnf install http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm $ dnf clean all; rm -rf /var/cache/dnf/; dnf upgrade

$ dnf install dconf-editor gnome-tweak-tool gnome-menus $ dnf install gcc-c++ binutils git rpm-build diffutils patch cmake cppcheck astyle indent xmlindent $ dnf install libX11-devel libXpm-devel libXft-devel libXext-devel openssl-devel mesa-libGL-devel glew-devel ftgl-devel mariadb-devel pcre-devel libxml2-devel $ dnf install gtk3-devel python-devel pygtk2 gl2ps-devel libAfterImage-devel gsl-devel sqlite-devel $ dnf install mod_fcgid fcgi-devel readline-devel fuse-devel perl-Tk perl-Digest-MD5 perl-Pod-Usage $ dnf install freetype-freeworld ntfs-3g p7zip p7zip-plugins unrar man-pages-cs ImageMagick pdf2svg antiword catdoc odt2txt $ dnf install audacious audacious-plugins-freeworld-mp3 audacious-plugins-freeworld-aac vlc mediainfo $ dnf install gstreamer1-libav gstreamer1-vaapi gstreamer1-plugins-{good,good-extras,ugly} gstreamer1-plugins-bad-free gstreamer1-plugins-bad-freeworld

$ dnf install httpd vsftpd mariadb-server $ dnf install php php-mysqlnd php-mbstring php-xml php-mcrypt php-gd php-pgsql php-intl php-pear-Net-Curl

minimum (optimal) needed fonts; lgc fonts family with Unicode coverage restricted to Latin, Greek and Cyrillic $ dnf install dejavu\* liberation\* fonts needed only for legacy applications (xmms, xpdf, xdvi) ; ISO8859-1 (Latin-1 &mdash; Western European), ISO8859-2 (Latin-2 &mdash; Eastern European), ISO8859-5 (Cyrillic) $ dnf install xorg-x11-fonts-ISO8859-1-75dpi    # needed for ROOT CERN
 * fonts

$ wget http://fpdownload.macromedia.com/get/flashplayer/pdc/28.0.0.161/flash_player_npapi_linux.x86_64.tar.gz $ tar -xzf flash_player_npapi_linux.x86_64.tar.gz -C /usr/lib64/mozilla/plugins/ libflashplayer.so $ chmod 755 /usr/lib64/mozilla/plugins/libflashplayer.so
 * Adobe Flash Player

$ dnf install https://repo.skype.com/latest/skypeforlinux-64.rpm  # install all needed depend packages Configure Skype to use port 50123 in CERN
 * Skype


 * Java
 * OpenJDK
 * $ dnf install java  # icedtea-web


 * Oracle Java
 * $ tar -xzf jre-8u*-linux-x64.tar.gz -C /opt/&#10;$ chown -R root:root /opt/jre1.8*&#10;$ ln -s /opt/jre1.8* /opt/jre
 * $ alternatives --install /usr/bin/java java /opt/jre/bin/java 9999 --slave /usr/share/man/man1/java.1 java.1 /opt/jre/man/man1/java.1&#10;$ alternatives --install /usr/bin/javaws javaws /opt/jre/bin/javaws 9999 --slave /usr/share/man/man1/javaws.1 javaws.1 /opt/jre/man/man1/javaws.1&#10;$ alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /opt/jre/lib/amd64/libnpjp2.so 9999&#10;$ alternatives --config java&#10;$ alternatives --config javaws&#10;$ alternatives --config libjavaplugin.so.x86_64&#10;&#10;$ alternatives --display java

Hardware
!!! ToDo !!!

!!! http://negativo17.org/nvidia-driver/ !!! !!! https://www.easycoding.org/2017/01/11/pravilnaya-ustanovka-drajverov-nvidia-v-fedora.html !!!

$ dnf install akmod-nvidia kernel-devel xorg-x11-drv-nvidia-devel $ dnf install akmod-nvidia-304xx kernel-devel xorg-x11-drv-nvidia-304xx-devel $ dnf install kmod-nvidia xorg-x11-drv-nvidia-devel Do suboru pridat riadok  a vygenerovat novy  subor (pomocou ). Samotny instalator sice pridava tieto parametre priamo do, tie sa vsak potom (pri volani prikazu ) prepisu.
 * nVidia on RPM Fusion
 * akmod (preferovany sposob, pre kazdy novy kernel sa pre-build-uje novy modul)
 * kmod (instaluje menej blastu, ale modul nemusi byt stale pre aktualny kernel)

Vypnut nouveau cez grub (resp. blacklist.conf) uz nie je mozne, je priamo integrovany v jadre. Mazeme nouveau v initramfs (bez odinstalovania nouveau driver) a robime rezervnu kopiu. Nepotrebne od Fedory 20. $ mv /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r)-nouveau.img $ dracut /boot/initramfs-$(uname -r).img $(uname -r)

$ dnf install iwl6000g2b-firmware $ dnf install iwl7260-firmware firmware-addon-dell
 * Intel Centrino Advanced-N 6230 or 6235, AC 7265

$ dnf install broadcom-wl kmod-wl
 * Broadcom Corporation BCM43228

$ dnf install glibc.i686 http://www.brother.com/pub/bsc/linux/dlf/dcp7070dwlpr-2.1.0-1.i386.rpm http://www.brother.com/pub/bsc/linux/dlf/cupswrapperDCP7070DW-2.0.4-2.i386.rpm
 * Brother DCP-7070DW

$ dnf install xsane sane-backends $ wget http://download.brother.com/welcome/dlf006893/linux-brprinter-installer-2.1.1-1.gz $ gunzip linux-brprinter-installer-2.1.1-1.gz $ bash linux-brprinter-installer-2.1.1-1 Input model name ->DCP-1512R $ dnf install libusb
 * Brother DCP-1512R
 * 1) install all needed depend packages, but need install manually


 * Bluetooth mouse

kvm: disabled by bios
blacklist kvm blacklist kvm_intel blacklist kvm_amd $ lsmod | grep kvm kvm                  585728  0 $ modprobe -r kvm

SELinux
SELINUX=disabled  # after remove  package is automatically set to disabled

GRUB 2
$ grub2-mkconfig -o /boot/grub2/grub.cfg $ grub2-set-default 2    # 0 - Fedora, 1 - Fedora recovery, 2 - Windows $ grub2-editenv list
 * http://fedoraproject.org/wiki/GRUB_2
 * https://wiki.archlinux.org/index.php/GRUB

GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX=" rhgb quiet ipv6.disable=1" GRUB_DISABLE_RECOVERY="true"

GRUB_CMDLINE_LINUX_DEFAULT="nouveau.modeset=0 rdblacklist=nouveau"  # nVidia driver GRUB_CMDLINE_LINUX_DEFAULT="nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off vga=normal " GRUB_THEME="/boot/grub2/themes/system/theme.txt" GRUB_GFXMODE=1280x1024 GRUB_FONT=/boot/grub2/DejaVuSansMono18.pf2 GRUB_GFXPAYLOAD_LINUX=keep GRUB_BACKGROUND=/usr/share/backgrounds/path/image.png grub> set pager=1 grub> insmod vbe grub> vbeinfo $ fdisk -l Device    Boot     Start       End  Sectors  Size Id Type /dev/sda1 *         2048  81922047 81920000 39.1G 83 Linux => root directory (with /boot dir) /dev/sda2       81922048 143362047 61440000 29.3G 83 Linux /dev/sda3      143362048 234440703 91078656 43.4G 83 Linux /dev/sdb1           2048  524290047  524288000   250G 83 Linux /dev/sdb2      524290048 1953525167 1429235120 681.5G 83 Linux
 * Neodporuca sa menit parameter, namiesto toho spustit prikaz , ktory vygeneruje, modifikuje subor
 * Pouzivanie parametra sa povazuje za zastarale a neodporuca sa, namiesto neho sa preferuje pouzitie paramametra
 * Ake podporuje graficka karta mozno zistit po vchode do console z GRUB2 menu
 * 1) stlacit "c" pre vchod do GRUB2 console
 * 2) spustit nasledujuce prikazy v console
 * mozno vygenerovat pomocou $ grub2-mkfont --size=18 --output=/boot/grub2/DejaVuSansMono18.pf2 /usr/share/fonts/dejavu/DejaVuSansMono.ttf
 * install the bootloader (grub2 to hard drive) without chroot

$ mount /dev/sda1 /mnt     (with /mnt/boot dir) $ mount /dev/sdaX /mnt/boot (only if root directory without /boot dir) $ grub2-install --boot-directory=/mnt/boot /dev/sda (or try with option --recheck) $ grub2-mkconfig -o /boot/grub2/grub.cfg (only if needed)

Disk partitions
$ fdisk -S 32 -H 32 /dev/sda     # partition alignment for SSD $ fdisk -lu /dev/sda             # first sector should be divisible by 512 $ blockdev --getalignoff /dev/sda # '0' if the partition is aligned $ fstrim --all $ systemctl enable fstrim.timer
 * https://wiki.archlinux.org/index.php/Solid_State_Drives
 * https://wiki.archlinux.org/index.php/Advanced_Format

$ blkid                          # locate/print block device attributes

$ findmnt --target /tmp TARGET SOURCE FSTYPE OPTIONS /tmp  tmpfs  tmpfs  rw,nosuid,nodev $ less /usr/lib/systemd/system/tmp.mount Options=mode=1777,strictatime,nosuid,nodev

/dev/sda1                                /             ext4    defaults         1 1 UUID=a2f7bb52-0212-41c9-83c8-77cea001bb71 /home        ext4    defaults         1 2 /dev/sda1       /             ext4       defaults,noatime,nodiratime,discard    1 1 tmpfs           /scratch      tmpfs      nodev,nosuid,size=7G                   0 0 tmpfs           /tmp          tmpfs      defaults                               0 0 tmpfs           /var/tmp      tmpfs      mode=1777,strictatime,nosuid,nodev     0 0 /dev/sda1       /mnt/win_c    ntfs       defaults,ro                            0 0 /dev/sda2       /mnt/win_d    ntfs       defaults                               0 0 UUID=93ea881d-5390-4b16-8372-b1036cb0c471 /mnt/free1   ext4    defaults         1 2 UUID=DCC88D4BC88D24BC                    /mnt/win_c    ntfs-3g ro               0 0 strela-stor.jinr.ru:/vol/vol1/strela     /strela-stor  nfs     defaults,noatime 0 0
 * 1) HDD
 * 1) SSD
 * 1) tmpfs (size=more than 50 % of total RAM)
 * 1) ntfs-3g
 * 1) nfs


 * There is no need for the discard flag if you run fstrim periodically.
 * http://askubuntu.com/questions/205930/automatic-trim-vs-manual-trim
 * The difference between automatic and manual trim is that automatic trim (using the discard mount option) trims freed blocks on sync after any file is deleted, whereas manual trim (using fstrim) trims all the free space at once.

Fonts
$ dnf install freetype-freeworld    # is compiled with the patented subpixel rendering enabled
 * http://fedoraproject.org/wiki/Features/FontconfigEnableAutohinting
 * https://wiki.archlinux.org/index.php/Font_Configuration

$ wget https:// raw.githubusercontent.com/musinsky/config/master/fontconfig/19-mucha-font.conf -P /usr/share/fontconfig/conf.avail/ $ ln -s /usr/share/fontconfig/conf.avail/19-mucha-font.conf /etc/fonts/conf.d/19-mucha-font.conf


 * Po zmene niektoreho parametra v config file staci napr. vo Firefoxe len refresh(nut) stranku, zmena je okamzita (bez potreby restartu X)
 * Zmysel ma asi len vyskusat prepinat medzi a, ktora kombinacia parametrov je najvhodnejsia zavisi od rozlisenia a velkosti monitora, fontov, atd.
 * Uzivatel moze pouzivat vlastnu konfiguraciu pomocou suboru (using  file is obsolete)
 * V repository je balik  s roznymi upravenymi config files
 * Niektore aplikacie (napr. LibreOffice) mozu ignorovat fontconfig nastavenia, riesenie pomocou upravy ~/.Xresources file, resp.

Network

 * http://docs.fedoraproject.org/en-US/Fedora/18/html/System_Administrators_Guide/ch-Network_Interfaces.html

127.0.0.1       localhost localhost.localdomain localhost4 localhost4.localdomain4 147.213.X.X     alice alice.saske.sk ::1              alice alice.saske.sk localhost localhost.localdomain localhost6 localhost6.localdomain6

nameserver 147.213.192.3 nameserver 147.213.196.3 search saske.sk $ dig -t ns saske.sk ;; ADDITIONAL SECTION: ns1.saske.sk. 86400	IN	A	147.213.192.3 ns2.saske.sk. 86400	IN	A	147.213.196.3 ns3.saske.sk. 86400	IN	A	147.213.192.31
 * Ake pouzit nameserver(s) mozeme zistit pomocou - DNS lookup utility

$ dig -t ns jinr.ru ;; ADDITIONAL SECTION: ns1.jinr.ru. 44546	IN	A	159.93.17.7 ns2.jinr.ru. 44546	IN	A	159.93.14.7

NETWORKING=yes HOSTNAME=alice    # alice.saske.sk

DEVICE=em1 NM_CONTROLLED=yes   # if 'no', NetworkManager will ignore this connection/device (default 'yes') HWADDR=AA:BB:CC:DD:EE:FF ONBOOT=yes IPADDR=147.213.X.X NETMASK=255.255.255.0 GATEWAY=147.213.X.1 DNS1=147.213.192.3 DNS2=147.213.196.3
 * 1) PEERDNS=no          # don't modify  file

[main] plugins=ifcfg-rh    # read and write configuration from the standard  file
 * Prepojenie medzi starym network (disabled) a novym NetworkManager (enabled) service pomocou a paremetra
 * NetworkManager prichadza aj s command-line utility a nastrojom
 * The directory is used by the Network Administration Tool (system-config-network) and its contents should not be edited manually

Services and Daemons

 * https://fedoraproject.org/wiki/Systemd
 * https://wiki.archlinux.org/index.php/Systemd
 * https://www.freedesktop.org/wiki/Software/systemd

$ systemctl stop NetworkManager.service $ systemctl disable NetworkManager.service $ chkconfig --levels 35 network on           # obsolete (not prefer) way $ service network start                      # obsolete (not prefer) way $ systemctl $ systemctl action service_name.service      # action = enable, disable, start, stop, restart,   is-enabled, is-active, status $ systemctl list-units --type=service
 * Although it is still possible to use the a  utilities to manage services that have init scripts installed in the  directory, it is advised that you use the  utility
 * control the system and service manager, that uses services files located in  for services, and  for configuration

$ systemctl status chronyd.service $ systemctl enable mariadb.service $ systemctl start mariadb.service    #  (chown mysql:mysql, chmod 660) $ systemctl enable httpd.service $ systemctl start httpd.service      #  (chown root:root, chmod 700)

$ systemctl enable fstrim.timer
 * TRIM Support (SSD disks)

$ systemctl --user mask any.service Created symlink /home/musinsky/.config/systemd/user/any.service → /dev/null.
 * user mask service

sshd
PermitRootLogin no    # disable root access PermitRootLogin without-password

message of the day with ASCII Text Signature Generator (standard font + kerning) or with FIGlet program figlet -k $(hostname -s) > /etc/motd

vsftpd
anonymous_enable=NO listen=YES
 * 1) listen_ipv6=YES

user and autostart applications
$ systemctl --user list-unit-files | grep evolution $ systemctl --user mask evolution-addressbook-factory.service evolution-calendar-factory.service evolution-source-registry.service evolution-user-prompter.service
 * disable evolution services


 * disable autostart desktop application

Potrebujem zakazat napr. migrates user settings from GConf to dconf, zmazanim suboru sa dana aplikacia ani jednoducho nespusti. Toto je vsak len "docasne" riesenie, kedze system po update (alebo nejakej inej zmene) moze tento subor znova vygenerovat.

Desktop Application Autostart Specification odporuca "when the .desktop file has the Hidden key set to true, the .desktop file MUST be ignored". Aby nam vsak system tento subor (aj s Hidden key) po nejakom case (napr. update) neprepisal, skopirujeme subor do =. Do skopirovaneho suboru potom pridame key. $ cp /etc/xdg/autostart/gsettings-data-convert.desktop ~/.config/autostart/ $ echo -e "Hidden=true" >> ~/.config/autostart/gsettings-data-convert.desktop


 * disable GNOME Tracker (desktop autostart application)

Jednotlive aplikacie mozem zakazat pomocou key (pripadne jednoducho zmazanim suborov, ale len docasne riesenie). Samotny sice bude bezat, ale nebude nic indexovat. Najjednoduchsie je uplne zakazat tracker services, nebude spusteny a teda nebude ani indexovat (package nemozem odinstalovat zo systemu). $ systemctl --user list-unit-files | grep tracker $ systemctl --user mask tracker-extract.service tracker-miner-apps.service tracker-miner-fs.service tracker-miner-rss.service tracker-store.service tracker-writeback.service

FirewallD
default settings (for all zones) in directory $ firewall-cmd --get-default-zone FedoraWorkstation $ firewall-cmd --set-default-zone=FedoraServer
 * https://fedoraproject.org/wiki/FirewallD
 * https://fedoraproject.org/wiki/Features/firewalld
 * http://fedora.cz/zaklady-firewalld/

$ dnf install cockpit # must be installed $ firewall-cmd --permanent --zone=FedoraServer --add-service=http    # modify (or create) file $ firewall-cmd --permanent --zone=FedoraServer --add-service=ftp $ firewall-cmd --permanent --zone=FedoraServer --add-port=5555/tcp $ firewall-cmd --permanent --zone=FedoraServer --add-port=5556/tcp $ firewall-cmd --reload

$ firewall-cmd --get-services    # list of all supported services $ firewall-cmd --list-all-zones $ firewall-cmd --get-zones FedoraServer FedoraWorkstation block dmz drop external home internal public trusted work $ firewall-cmd --get-active-zones FedoraServer interfaces: eno1 $ firewall-cmd --zone=external --change-interface=em1 external: em1 $ firewall-cmd --zone=external --list-all $ firewall-cmd --zone=external --add-port=1234/tcp $ firewall-cmd --zone=external --remove-port=1234/tcp

$ firewall-cmd --permanent --zone=FedoraServer --add-rich-rule="rule family="ipv4" source address="159.93.0.0/16" port protocol="tcp" port="7503" accept" $ firewall-cmd --zone=external --add-rich-rule="rule family="ipv4" source address="147.213.192.75" accept"
 * 1) allow IP address

$ firewall-cmd --permanent --zone=FedoraServer --add-forward-port=port=443:proto=tcp:toport=7503 $ firewall-cmd --permanent --zone=FedoraServer --add-port=443/tcp $ firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=4321:toaddr=10.0.0.1
 * 1) port forwarding