From AliceWiki
Jump to: navigation, search

Fedora 27 Workstation (x86_64)



$ dnf remove ibus xdg-user-dir\* PackageKit\* abrt\* libreport libvirt\* qemu\* java\* selinux\* setroubleshoot\* spice\*     # remove ~960 M (~ 290 packages)
!!! ibus !!!
$ reboot   # selinux remove/disable
$ dnf remove evolution orca cheese shotwell rhythmbox totem yelp\* hunspell-en hunspell-en-GB                                 # remove ~150 M (~ 50 packages)
$ dnf remove gnome-shell-extension\* gnome-backgrounds gnome-getting-started-docs gnome-user-docs gnome-initial-setup gnome-online-miners gnome-user-docs gnome-getting-started-docs
$ dnf remove baobab gnome-weather gnome-clocks gnome-contacts gnome-clocks gnome-maps gnome-calendar gnome-characters gnome-todo   # gnome-autoar (with nautilus)
$ dnf remove ModemManager lrzsz pptp rp-pppoe wvdial NetworkManager-openconnect NetworkManager-openvpn NetworkManager-pptp NetworkManager-vpnc   # -x libnm-gtk ( !!! libnm-gtk !!! must stay in Fedora)
$ dnf remove \*firmware\* \*b43\* \*pcsc\* usb_modeswitch pcmcia\* \*sane\* -x linux-firmware
$ dnf remove adobe-source-han-sans\* jomolhari\* khmeros\* lklug\* lohit\* naver-nanum\* paktype\* paratype\* sil\* smc\* tabish\* thai\* vlgothic\*
$ dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
$ dnf install http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
$ dnf clean all; rm -rf /var/cache/dnf/; dnf upgrade
$ dnf install dconf-editor gnome-tweak-tool gnome-menus gnome-usage
$ dnf install gcc-c++ binutils git tig rpm-build diffutils patch cmake make cppcheck astyle indent xmlindent emacs
$ dnf install libX11-devel libXpm-devel libXft-devel libXext-devel openssl-devel mesa-libGL-devel glew-devel ftgl-devel mariadb-devel pcre-devel libxml2-devel libuuid-devel giflib-devel
$ dnf install gtk3-devel python-devel pygtk2 gl2ps-devel libAfterImage-devel gsl-devel sqlite-devel
$ dnf install mod_fcgid fcgi-devel readline-devel fuse-devel perl-Image-ExifTool perl-Tk perl-Digest-MD5 perl-Pod-Usage perl-IO-Zlib
$ dnf install freetype-freeworld ntfs-3g fuse-exfat wol p7zip p7zip-plugins unrar qpdf ImageMagick pdf2svg python-img2pdf antiword catdoc odt2txt xclip
$ dnf install audacious audacious-plugins-freeworld-mp3 audacious-plugins-freeworld-aac vlc mediainfo
$ dnf install gstreamer1-libav gstreamer1-vaapi gstreamer1-plugins-{good,good-extras,ugly} gstreamer1-plugins-bad-free gstreamer1-plugins-bad-freeworld
$ dnf install httpd vsftpd mariadb-server
$ dnf install php php-mysqlnd php-mbstring php-xml php-mcrypt php-gd php-pgsql php-intl php-opcache ImageMagick-perl php-pear-Net-Curl

minimum (optimal) needed fonts; lgc fonts family with Unicode coverage restricted to Latin, Greek and Cyrillic (no cjk for Chinese, Japanese and Korean)

$ dnf install dejavu\* liberation\*     !!! liberation-circuit !!!

fonts needed only for legacy applications (xmms, xpdf, xdvi) xorg-x11-fonts-75dpi; ISO8859-1 (Latin-1 — Western European), ISO8859-2 (Latin-2 — Eastern European), ISO8859-5 (Cyrillic)

$ dnf install xorg-x11-fonts-ISO8859-1-75dpi     # needed for ROOT CERN
Adobe Flash Player
$ wget http://fpdownload.macromedia.com/get/flashplayer/pdc/
$ tar -xzf flash_player_npapi_linux.x86_64.tar.gz -C /usr/lib64/mozilla/plugins/ libflashplayer.so
$ chmod 755 /usr/lib64/mozilla/plugins/libflashplayer.so
$ dnf install https://repo.skype.com/latest/skypeforlinux-64.rpm   # install all needed depend packages

Configure Skype to use port 50123 in CERN

$ dnf install java   # icedtea-web
Oracle Java
$ tar -xzf jre-8u*-linux-x64.tar.gz -C /opt/
$ chown -R root:root /opt/jre1.8*
$ ln -s /opt/jre1.8* /opt/jre
$ alternatives --install /usr/bin/java java /opt/jre/bin/java 9999 --slave /usr/share/man/man1/java.1 java.1 /opt/jre/man/man1/java.1
$ alternatives --install /usr/bin/javaws javaws /opt/jre/bin/javaws 9999 --slave /usr/share/man/man1/javaws.1 javaws.1 /opt/jre/man/man1/javaws.1
$ alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /opt/jre/lib/amd64/libnpjp2.so 9999
$ alternatives --config java
$ alternatives --config javaws
$ alternatives --config libjavaplugin.so.x86_64

$ alternatives --display java


NVIDIA on RPM Fusion

Gnome with Wayland and NVIDIA doesn't work by default at this point, but NVIDIA Prepares XWayland OpenGL/Vulkan Acceleration Support (spring 2021).

Intel Centrino Advanced-N 6230 or 6235, AC 7265
$ dnf install iwl6000g2b-firmware   #
$ dnf install iwl7260-firmware      # Intel Wi-Fi 6 AX200 (ASUS ROG STRIX B550-I GAMING)
$ firmware-addon-dell
Broadcom Corporation BCM43228
$ dnf install broadcom-wl kmod-wl
Brother DCP-7070DW
$ dnf install glibc.i686 http://www.brother.com/pub/bsc/linux/dlf/dcp7070dwlpr-2.1.0-1.i386.rpm http://www.brother.com/pub/bsc/linux/dlf/cupswrapperDCP7070DW-2.0.4-2.i386.rpm
Brother DCP-1512R
$ dnf install xsane sane-backends
$ wget http://download.brother.com/welcome/dlf006893/linux-brprinter-installer-2.1.1-1.gz
$ gunzip linux-brprinter-installer-2.1.1-1.gz
$ bash linux-brprinter-installer-2.1.1-1
Input model name ->DCP-1512R
# install all needed depend packages, but need install manually
$ dnf install libusb
lm_sensors and Nuvoton NCT6798D

Nuvoton NCT6798D Super IO Sensors (kernel driver nct6775) for Ryzen 5000 and ASUS B550 motherboard (more info [1], [2]).


# modinfo nct6775
# dmidecode | grep -A 3 -B 2 NCT
Handle 0x0022, DMI type 34, 11 bytes
Management Device
	Description: Nuvoton NCT6798D-R
	Type: Other
	Address: 0x00000295
	Address Type: I/O Port
Bluetooth mouse

System config

kvm: disabled by bios


blacklist kvm
blacklist kvm_intel
blacklist kvm_amd

$ lsmod | grep kvm
kvm                   585728  0
$ modprobe -r kvm



SELINUX=disabled   # after remove selinux-policy package is automatically set to disabled


  • disable HSTS policy (wget --no-hsts, no more ~/.wget-hsts)


hsts = off



# .ifexists module-esound-protocol-unix.so
# load-module module-esound-protocol-unix
# .endif


$ grub2-mkconfig -o /boot/grub2/grub.cfg
$ grub2-set-default 2     # 0 - Fedora, 1 - Fedora recovery, 2 - Windows
$ grub2-editenv list


GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_CMDLINE_LINUX="rhgb quiet ipv6.disable=1"
GRUB_CMDLINE_LINUX_DEFAULT="nouveau.modeset=0 rdblacklist=nouveau"   # nVidia driver
GRUB_CMDLINE_LINUX_DEFAULT="nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off vga=normal"


  • Neodporuca sa menit parameter GRUB_DEFAULT=saved, namiesto toho spustit prikaz grub2-set-default, ktory vygeneruje, modifikuje subor /boot/grub2/grubenv
  • Pouzivanie parametra vga=788 sa povazuje za zastarale a neodporuca sa, namiesto neho sa preferuje pouzitie paramametra GRUB_GFXMODE=1280x1024
  • Ake GRUB_GFXMODE podporuje graficka karta mozno zistit po vchode do console z GRUB2 menu
  1. stlacit "c" pre vchod do GRUB2 console
  2. spustit nasledujuce prikazy v console
grub> set pager=1
grub> insmod vbe
grub> vbeinfo
  • GRUB_FONT mozno vygenerovat pomocou grub2-mkfont
    $ grub2-mkfont --size=18 --output=/boot/grub2/DejaVuSansMono18.pf2 /usr/share/fonts/dejavu/DejaVuSansMono.ttf
  • install the bootloader (grub2 to hard drive) without chroot
$ fdisk -l
Device     Boot     Start       End  Sectors  Size Id Type
/dev/sda1  *         2048  81922047 81920000 39.1G 83 Linux => root directory (with /boot dir)
/dev/sda2        81922048 143362047 61440000 29.3G 83 Linux
/dev/sda3       143362048 234440703 91078656 43.4G 83 Linux

/dev/sdb1            2048  524290047  524288000   250G 83 Linux
/dev/sdb2       524290048 1953525167 1429235120 681.5G 83 Linux
$ mount /dev/sda1 /mnt      (with /mnt/boot dir)
$ mount /dev/sdaX /mnt/boot (only if root directory without /boot dir)
$ grub2-install --boot-directory=/mnt/boot /dev/sda (or try with option --recheck)
$ grub2-mkconfig -o /boot/grub2/grub.cfg (only if needed)

Disk partitions

$ fdisk -S 32 -H 32 /dev/sda      # partition alignment for SSD
$ fdisk -lu /dev/sda              # first sector should be divisible by 512
$ blockdev --getalignoff /dev/sda # '0' if the partition is aligned

$ fstrim --all
$ systemctl enable fstrim.timer
$ cat /proc/mounts | grep sda
$ blkid                           # locate/print block device attributes
$ findmnt --target /tmp
/tmp   tmpfs  tmpfs  rw,nosuid,nodev
$ less /usr/lib/systemd/system/tmp.mount


/dev/sda1                                 /             ext4    defaults         1 1
UUID=a2f7bb52-0212-41c9-83c8-77cea001bb71 /home         ext4    defaults         1 2

/dev/sda1        /             ext4       defaults,noatime,nodiratime,discard    1 1

# tmpfs (size=more than 50 % of total RAM)
tmpfs            /scratch      tmpfs      nodev,nosuid,size=7G                   0 0

tmpfs            /tmp          tmpfs      defaults                               0 0
tmpfs            /var/tmp      tmpfs      mode=1777,strictatime,nosuid,nodev     0 0

# ntfs-3g
/dev/sda1        /mnt/win_c    ntfs       defaults,ro                            0 0
/dev/sda2        /mnt/win_d    ntfs       defaults                               0 0

UUID=93ea881d-5390-4b16-8372-b1036cb0c471 /mnt/free1    ext4    defaults         1 2
UUID=DCC88D4BC88D24BC                     /mnt/win_c    ntfs-3g ro               0 0

# nfs
strela-stor.jinr.ru:/vol/vol1/strela      /strela-stor  nfs     defaults,noatime 0 0
  • There is no need for the discard flag if you run fstrim periodically.
  • http://askubuntu.com/questions/205930/automatic-trim-vs-manual-trim
  • The difference between automatic and manual trim is that automatic trim (using the discard mount option) trims freed blocks on sync after any file is deleted, whereas manual trim (using fstrim) trims all the free space at once.


$ dnf install freetype-freeworld     # is compiled with the patented subpixel rendering enabled
$ wget https://raw.githubusercontent.com/musinsky/config/master/fontconfig/19-mucha-font.conf -P /usr/share/fontconfig/conf.avail/
$ ln -s /usr/share/fontconfig/conf.avail/19-mucha-font.conf /etc/fonts/conf.d/19-mucha-font.conf


  • Po zmene niektoreho parametra v config file staci napr. vo Firefoxe len refresh(nut) stranku, zmena je okamzita (bez potreby restartu X)
  • Zmysel ma asi len vyskusat prepinat medzi autohint a hinting, ktora kombinacia parametrov je najvhodnejsia zavisi od rozlisenia a velkosti monitora, fontov, atd.
  • Uzivatel moze pouzivat vlastnu konfiguraciu pomocou suboru ~/.config/fontconfig/fonts.conf (using ~/.fonts.conf file is obsolete)
  • Niektore aplikacie (napr. LibreOffice) mozu ignorovat fontconfig nastavenia, riesenie pomocou upravy ~/.Xresources file, resp. /etc/X11/Xresources
user fonts

Exo 2 a contemporary geometric sans serif (bezpätkové) font family (included in Google Fonts)

  • Exo 2 is a very versatile font, so it has 9 weights (the maximum on the web) and each with a true italic version (18 styles, Latin Plus, Extended Cyrillic)
  • Tieto fonty maju ceske, slovenske (a cyrilika) znaky s diakritikou, na rozdiel od niektorych inych fontov z Google Fonts rodiny, ktore sa tak len tvaria
  • Pravdepodobne bude coskoro (info z 2020-02) aj balicek pre Fedoru
$ wget www.ndiscovered.com/archives/exo-2.zip
$ unzip -d /usr/share/fonts/Exo2 exo-2.zip     # 18 *.otf files
$ fc-cache -v
$ fc-list | grep -i exo


/etc/hosts        localhost localhost.localdomain localhost4 localhost4.localdomain4
147.213.X.X      alice alice.saske.sk
::1              alice alice.saske.sk localhost localhost.localdomain localhost6 localhost6.localdomain6


search saske.sk
  • Ake pouzit nameserver(s) mozeme zistit pomocou dig - DNS lookup utility
$ dig -t ns saske.sk
ns1.saske.sk.		86400	IN	A
ns2.saske.sk.		86400	IN	A
ns3.saske.sk.		86400	IN	A
$ dig -t ns jinr.ru
ns1.jinr.ru.		44546	IN	A
ns2.jinr.ru.		44546	IN	A


HOSTNAME=alice     # alice.saske.sk


NM_CONTROLLED=yes    # if 'no', NetworkManager will ignore this connection/device (default 'yes')
# PEERDNS=no          # don't modify /etc/resolv.conf file


plugins=ifcfg-rh     # read and write configuration from the standard /etc/sysconfig/network-scripts/ifcfg-em1 file
  • Prepojenie medzi starym network (disabled) a novym NetworkManager (enabled) service pomocou plugins=ifcfg-rh a paremetra NM_CONTROLLED=yes
  • NetworkManager prichadza aj s command-line utility nmcli a nastrojom nm-tool
  • The /etc/sysconfig/networking/ directory is used by the Network Administration Tool (system-config-network) and its contents should not be edited manually

Services and Daemons

  • Although it is still possible to use the chkconfig a service utilities to manage services that have init scripts installed in the /etc/rc.d/init.d/ directory, it is advised that you use the systemctl utility
$ systemctl stop NetworkManager.service
$ systemctl disable NetworkManager.service
$ chkconfig --levels 35 network on            # obsolete (not prefer) way
$ service network start                       # obsolete (not prefer) way
  • systemctl control the systemd system and service manager, that uses services files located in /usr/lib/systemd/system/ for services, and /etc/systemd/system/ for configuration
$ systemctl
$ systemctl action service_name.service       # action = enable, disable, start, stop, restart,   is-enabled, is-active, status
$ systemctl list-units --type=service
$ systemctl status chronyd.service

$ systemctl enable mariadb.service
$ systemctl start mariadb.service     # /var/log/mariadb/mariadb.log (chown mysql:mysql, chmod 660)
$ systemctl enable httpd.service
$ systemctl start httpd.service       # /var/log/httpd/ (chown root:root, chmod 700)
  • TRIM Support (SSD disks)
$ systemctl enable fstrim.timer
  • user mask service
$ systemctl --user mask any.service
Created symlink /home/musinsky/.config/systemd/user/any.service → /dev/null.
  • /etc/ssh/sshd_config
PermitRootLogin no     # disable root access
PermitRootLogin without-password
  • /etc/motd

message of the day with ASCII Text Signature Generator (standard font + kerning) or with FIGlet program figlet -k alice

figlet -k $(hostname -s) > /etc/motd



# listen_ipv6=YES
user and autostart applications
  • disable evolution services
$ systemctl --user list-unit-files | grep evolution
$ systemctl --user mask evolution-addressbook-factory.service evolution-calendar-factory.service evolution-source-registry.service evolution-user-prompter.service
  • disable autostart desktop application


Potrebujem zakazat napr. migrates user settings from GConf to dconf, zmazanim suboru rm /etc/xdg/autostart/gsettings-data-convert.desktop sa dana aplikacia ani jednoducho nespusti. Toto je vsak len "docasne" riesenie, kedze system po update (alebo nejakej inej zmene) moze tento subor znova vygenerovat.

Desktop Application Autostart Specification odporuca "when the .desktop file has the Hidden key set to true, the .desktop file MUST be ignored". Aby nam vsak system tento subor (aj s Hidden key) po nejakom case (napr. update) neprepisal, skopirujeme subor do $XDG_CONFIG_HOME = ~/.config/autostart/. Do skopirovaneho suboru potom pridame Hidden=true key.

$ cp /etc/xdg/autostart/gsettings-data-convert.desktop ~/.config/autostart/
$ echo -e "Hidden=true" >> ~/.config/autostart/gsettings-data-convert.desktop
  • disable GNOME Tracker (desktop autostart application)


Jednotlive aplikacie mozem zakazat pomocou Hidden=true key (pripadne jednoducho zmazanim suborov, ale len docasne riesenie). Samotny tracker sice bude bezat, ale nebude nic indexovat. Najjednoduchsie je uplne zakazat tracker services, nebude spusteny a teda nebude ani indexovat (package tracker nemozem odinstalovat zo systemu !!! na F31 uz je to mozne !!!).

$ systemctl --user list-unit-files | grep tracker
$ systemctl --user mask tracker-extract.service tracker-miner-apps.service tracker-miner-fs.service tracker-miner-rss.service tracker-store.service tracker-writeback.service


default settings (for all zones) in directory /usr/lib/firewalld/zones/

$ firewall-cmd --get-default-zone
$ firewall-cmd --set-default-zone=FedoraServer
$ dnf install cockpit # must be installed
$ firewall-cmd --permanent --zone=FedoraServer --add-service=http     # modify (or create) file /etc/firewalld/zones/FedoraServer.xml
$ firewall-cmd --permanent --zone=FedoraServer --add-service=ftp

$ firewall-cmd --permanent --zone=FedoraServer --add-port=5555/tcp
$ firewall-cmd --permanent --zone=FedoraServer --add-port=5556/tcp

$ firewall-cmd --permanent --zone=FedoraServer --add-port=1714-1764/tcp
$ firewall-cmd --permanent --zone=FedoraServer --add-port=1714-1764/udp

$ firewall-cmd --reload
$ firewall-cmd --get-services     # list of all supported services
$ firewall-cmd --list-all-zones
$ firewall-cmd --get-zones
FedoraServer FedoraWorkstation block dmz drop external home internal public trusted work
$ firewall-cmd --get-active-zones
  interfaces: eno1
$ firewall-cmd --zone=external --change-interface=em1
external: em1
$ firewall-cmd --zone=external --list-all
$ firewall-cmd --zone=external --add-port=1234/tcp
$ firewall-cmd --zone=external --remove-port=1234/tcp
# allow IP address
$ firewall-cmd --permanent --zone=FedoraServer --add-rich-rule="rule family="ipv4" source address="" port protocol="tcp" port="7503" accept"

$ firewall-cmd --zone=external --add-rich-rule="rule family="ipv4" source address="" accept"
# port forwarding
$ firewall-cmd --permanent --zone=FedoraServer --add-forward-port=port=443:proto=tcp:toport=7503
$ firewall-cmd --permanent --zone=FedoraServer --add-port=443/tcp

$ firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=4321:toaddr=