FedoraCore3
From Rivalug Wiki
Back to HowToList
Notes for installing, tuning and enhancing Fedora Core 3
Everything is a work in progress at this time.
Last Update: --Carlisle 12:54, 29 Jul 2005 (PDT)
Contents
|
History and Goals
This document started by using FedoraCore2Desktop as a template.
I hope to use this to develop guidelines for an FC3 desktop system, firewall system and maybe servers such as samba/nfs or apache/ftp/rsync
Please post any problems with this document here: http://rivalug.org/forums/index.php?topic=71.0
Features
Fedora Core 3 was released in November of 2004. It is expected to reach end-of-life in January of 2006 and will then be updated by the Fedora Legacy Project.
Release Notes: http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/RELEASE-NOTES-en.html http://www.redhat.com/magazine/001nov04/features/fedoracore3/
Selected Features:
kernel 2.6.9 ( 2.6.12 after updating) gcc 3.4.2 (3.4.4 after updating) glibc 2.3.3 (2.3.6 after updating) gnome 2.8 kde 3.3 (3.4.2 after updating) x.org x11 6.8.1 (6.8.2 after updating) perl 5.8.5 openssh 3.9p1 mozilla 1.7.3 (1.7.12 after updating) firefox 1.0 (1.0.7 after updating) thunderbird 1.0 (1.0.7 after updating) openoffice 1.1.2 (1.1.3 after updating) gaim 1.0.1 (1.5 after updating) gimp 2.0.5 (2.2.8 after updating) HelixPlayer 1.0.1.gold
Differences from Fedora Core 2
No kernel-source rpm. The kernel source is now in a SRPM on one of the SRPM disks. To install the kernel source use command: rpm -ivh kernel-blah.src.rpm and this will put the kernel source in /usr/src/redhat/SRPMS/ the source can then be modified and a new kernel rpm created.
new place to mount floppies and other disks: /media
ssh differences:
Fedora Core 3 contains OpenSSH 3.9, which includes strict permission and ownership checks for the ~/.ssh/config file. These checks mean that ssh will exit if this file does not have appropriate ownership and permissions. Also, as part of a security enhancement, for X11 forwarding instead of using ssh -X account@host, use ssh -Y account@host. See release notes.
yum.conf is different yum has been reconfigured to use xml files for the header information. It also suppports mirror lists.
Updating from Fedora Core 2
In general, I always recomend installing a new operating system from scratch. Backup /etc /root /usr/local if you put anthing there, /home and maybe /var
If you really want to upgrade from one version to another read this: http://linux.duke.edu/~skvidal/misc/fc2-fc3-update-with-yum.txt
Download
Official Site: http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/iso/ Local Mirror: http://mirror.vcu.edu/pub/linux/fedora/3/iso/ Bittorrent: http://torrent.dulug.duke.edu/
If you intend to download the Fedora Core 3 DVD ISO image, keep in mind that not all file downloading tools can accommodate files larger than 2GB in size. For example, wget will exit with a File size limit exceeded error.
The curl and ncftpget file downloading tools do not have this limitation, and can successfully download files larger than 2GB.
How to download ISOs
FTP: wget -c ftp://mirror.vcu.edu/pub/linux/fedora/3/iso/FC3-i386-disc*.iso wget ftp://mirror.vcu.edu/pub/linux/fedora/3/iso/MD5SUM
HTTP: wget -c http://mirror.vcu.edu/pub/linux/fedora/3/iso/FC3-i386-disc1.iso wget -c http://mirror.vcu.edu/pub/linux/fedora/3/iso/FC3-i386-disc2.iso wget -c http://mirror.vcu.edu/pub/linux/fedora/3/iso/FC3-i386-disc3.iso wget -c http://mirror.vcu.edu/pub/linux/fedora/3/iso/FC3-i386-disc4.iso wget http://mirror.vcu.edu/pub/linux/fedora/3/iso/MD5SUM
How to verify ISOs
md5sum -c MD5SUM
Support
Sites:
http://fedora.redhat.com/ http://fedoranews.org/ http://www.fedorafaq.org/ http://www.fedoraforum.org/ http://www.tldp.org/ http://fcp.homelinux.org/ http://fcp.homelinux.org/modules/wffaq/
For Laptops:
http://www.linux-laptop.net/
Mailing Lists with archives:
http://www.redhat.com/mailman/listinfo/fedora-list http://www.redhat.com/mailman/listinfo/fedora-test-list
IRC:
http://fedora.redhat.com/participate/communicate/
Books:
http://www.lulu.com/static/fedora.php
Installation
Network Install
Download just the first ISO, verify ISO, burn to CD, then media check CD.
start installation from CD
at install prompt: linux askmethod select English as language select US as keyboard select ftp as installation method select dynamic IP to configure TCP/IP
server= mirror.vcu.edu ( or 128.172.160.105 ) path= pub/linux/fedora/3/i386/os/Fedora/
Floppy Install
Problem:
Kernel no longer fits on floppy disk.
Hints:
http://www.cs.utsa.edu/~bylander/fedora2-experience.html http://www.linux.ie/pipermail/ilug/2004-June/015747.html
Bare Bones Installation
http://www.simpaticus.com/linux/small-netserver-fc3-howto.php
Partitioning
For most desktop systems, just stick with making a
/boot 100-150 Mb swap that is roughly one to two times the amount of RAM on your system / for everything else.
For server systems, the partitioning depends on what the server will be used for.
An example samba file server may have:
/boot 150 Mb swap 2 Gb / 3 Gb /usr 6 Gb /var 3 Gb /home being the largest because that's where most of the files will be.
An example web server may have:
/boot 150 Mb swap 2 Gb / 3 Gb /usr 6 Gb /var 3 Gb /var/www being the largest because that's where most of the files will be.
Turning off graphical login
By default graphical login is turned on. To turn this off edit /etc/inittab.
change the line: id:5:initdefault: to: id:3:initdefault:
Dual Boot with Windows
researching
Boot Loaders
grub lilo System Commander: http://www.v-com.com/product/Partition_Commander_Home.html
If windows does not boot
researching
Its a know problem that on some hardware with dual boot between windows and any kernel 2.6 based distribution, that windows will sometimes fail to boot after the linux distribution is installed.
Installing FC2 or any distribution with a 2.6 kernel has resulted in making Windows unbootable. Many say Widnows by default uses a technically invalid but usable partition data, installing a 2.6 kernel distribution changes the partition data to be technically valid data which windows doesn't like. I would recommend reading all the links below before installing any 2.6 kernel based distribution to dual boot with any windows distribution. see Bug Number 115980
Fedora test discussion. A potential fix is being discussed here.
Comment from Fedora News: Quote It turns out that the bug (#115980) is a result of a few subtle but key changes within the 2.6 kernel. A certain functionality with regards to hard disk geometry has been pulled out, as the kernel developers thought it would be better if userspace utilities took care of this instead. The Bugzilla bug is related to CHS geometry problems, which most likely stems from an error within the parted utility, addressing the BIOS incorrectly. It turns out that BIOS updates tend to fix problems for many users that have been bitten by this "bug". On newer machines, this is basically non-reproducible.
Here is the discussion of the recomended fix: http://www.redhat.com/archives/fedora-test-list/2004-May/msg02143.html
And the Slashdot discussion of this bug: http://slashdot.org/article.pl?sid=04/05/23/1448209&mode=thread&tid=110&ti
Tuning IDE Harddrive performance
edit /etc/sysconfig/harddisks enable:
USE_DMA=1 MULTIPLE_IO=16 EIDE_32BIT=3
read: http://support.pa.msu.edu/help/faqs/linux/harddisks.html
Turning off IPv6
Why? see http://www.mozilla.org/releases/mozilla1.7/README.html#new-issues Also see http://www.redhat.com/archives/fedora-test-list/2004-October/msg02898.html
edit /etc/modprobe.conf add: alias net-pf-10 off or add: install ipv6 /bin/true reboot
Driver Issues
Old Issues
Firewire
Firewire was disabled in the fc2 kernel for the initial release.
Updated kernels appear not have this problem.
3Com 3c905 network cards
Fedora Core 2 on some older network cards networking does not come up properly, more here.
This appears to be fixed in the kernels used in Fedora Core 3.
Installing Nvdia drivers
There were known issues with Nvidia drivers and the original FC3 kernel, see http://www.redhat.com/archives/fedora-test-list/2004-October/msg01758.html
These appear to be fixed with the most up to date kernels and nVidia drivers.
Support: Nvidia Linux discussion forums: http://www.nvnews.net/vbulletin/forumdisplay.php?s=&forumid=14
read: http://www.nvidia.com/object/linux_display_ia32_1.0-7667.html
download: http://download.nvidia.com/XFree86/Linux-x86/1.0-7667/NVIDIA-Linux-x86-1.0-7667-pkg1.run
chmod the file to 700 to make in executable. Run it and install the kernel module.
Note: you will get a warning about a conflict with the rivafb kernel module. This can usually be ignored for most systems. For more info read: http://reviews.cnet.com/5208-6617-0.html?forumID=11&threadID=32538&messageID=376020
Note: I have not been able to get any Nvidia driver module to install using Fedora and the 2.6.12 kernel. I'm still using the 2.6.11 kernel until this problem is solved. It has been suggested to install the kernel-devel package first, but this did not solve my problem. http://forums.fedoraforum.org/showthread.php?t=64674
Note: you will get a warning about the kernel being "tainted" this is because the nVidia kernel module is not open source. This will not affect the performance of your system.
read: ftp://download.nvidia.com/XFree86/Linux-x86/1.0-7667/README.txt edit: /etc/X11/xorg.conf Replace Driver "nv" or "vesa" with "nvidia" In the Module section, make sure you have: Load "glx" Remove the following lines: Load "dri" Load "GLcore"
Immediately after installation issue:
cp -a /dev/nvidia* /etc/udev/devices/
The nVidia drivers have to be reinstalled every time the kernel is updated. Also, if X fails to run and you have previously updated, even if it wasn't the kernel, first try reinstalled the nVidia drivers before other troubleshooting.
if you make a backup of your xorg.conf file, don't name it /etc/X11/xorg.conf.backup else your xorg.conf file will be replace with the backup file at every reboot.
Sound
FC2 uses ALSA for sound. By default, all volume levels are set to zero.
Make sure that once you are in X, run /usr/bin/system-config-soundcard. Sometimes if you don't have sound, you have to do this again.
Then run /usr/bin/kmix (I usually configure it to but a volume icon in the task bar) then adjust your Output and Input settings. I had a problem playing audio CDs until I turned on the audio CD input and raised the input volume.
also read:
http://www.mjmwired.net/resources/mjm-fedora-fc3.shtml#alsa
Security
Turning off unused services
researching
The /sbin/chkconfig command is used to control what services are used. The default chkconfig file looks like this:
rhnsd 0:off 1:off 2:off 3:on 4:on 5:on 6:off netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off netdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off nifd 0:off 1:off 2:off 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off bluetooth 0:off 1:off 2:off 3:off 4:off 5:off 6:off nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off readahead 0:off 1:off 2:off 3:off 4:off 5:on 6:off ntpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off pcmcia 0:off 1:off 2:on 3:on 4:on 5:on 6:off mDNSResponder 0:off 1:off 2:off 3:on 4:on 5:on 6:off diskdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off cups-config-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off readahead_early 0:off 1:off 2:off 3:off 4:off 5:on 6:off microcode_ctl 0:off 1:off 2:off 3:off 4:off 5:off 6:off rpcsvcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off xinetd based services: chargen-udp: off rsync: off cups-lpd: off klogin: off time: off eklogin: off gssftp: off kshell: off echo: off chargen: off daytime-udp: off echo-udp: off time-udp: off daytime: off krb5-telnet: off
Find out what these services do here: FedoraCore3Services
Services which are turned on after editing:
[root@localhost root]# chkconfig --list | grep on sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on is service provides NFS file locking functional 2:off 3:off 4:off 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off hpoj 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off microcode_ctl 0:off 1:off 2:off 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcsvcgssd 0:on 1:off 2:off 3:on 4:off 5:on 6:on autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off readahead_early 0:off 1:off 2:off 3:off 4:off 5:on 6:off rpcidmapd 0:on 1:off 2:off 3:on 4:off 5:on 6:on netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcgssd 0:on 1:off 2:off 3:on 4:off 5:on 6:on cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Reducing access
researching
/etc/hosts.allow
# # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. #
ALL: 127.0.0.1 LOCAL sshd: ALL
/etc/hosts.deny
# # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap!
ALL: ALL
/etc/ssh/sshd_config (work in progress)
PermitRootLogin without-password Banner /etc/issue Protocol 2 AllowUsers joe, jane, spot
Reference: http://wiki.linuxquestions.org/wiki/Configuring_the_OpenSSH_SSH_daemon
Banners
researching http://ciac.llnl.gov/ciac/bulletins/j-043.shtml
Banner recommended by Bastille Linux script. Replace $owner with your name if you wish. If you have a company that specifies a banner, use that banner instead:
***************************************************************************
NOTICE TO USERS
This computer system is the private property of $owner, whether individual, corporate or government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy.
Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to your employer, to authorized site, government, and law enforcement personnel, as well as authorized officials of government agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of such personnel or officials. Unauthorized or improper use of this system may result in civil and criminal penalties and administrative or disciplinary action, as appropriate. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.
****************************************************************************
rewrite /etc/rc.d/rc.local to match the file here: FedoraCore3_Appendix#rc.local
add banner to sshd edit /etc/ssh/sshd_config
modify: Banner /etc/issue.net
restart sshd
Logs
Configuring logwatch vi /etc/log.d/logwatch.conf change MailTo = to an address of your choice. You will be emailed nightly.
installing logcheck see http://sourceforge.net/projects/sentrytools/
Bastille Linux
It has not been determined if the Bastille Linux hardening script works under Fedora Core 3. see http://www.bastille-linux.org/
Center for Internet Security Benchmark
This security standards organization has created a security benchmark for linux.
As of 17Jan05 the benchmark and benchmarking tool have been configured to work with FC3.
see http://www.cisecurity.org/bench_linux.html
In order to install the CIS benchmark, one needes to install the sharutils package to use the uudecode program. This can be downloaded here: http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/Fedora/RPMS/sharutils-4.2.1-22.i386.rpm
kernel security
From FC1 release notes:
Exec-shield
kernel includes new Exec-shield functionality. Exec-shield is a security-enhancing modification to the Linux kernel that makes large parts of specially-marked programs — including their stack — not executable. This can reduce the potential damage of some security holes. Exec-shield is related to the older "non-exec stack patch" but has the potential to provide greater protection.
Exec-shield can also randomize the virtual memory addresses at which certain binaries are loaded. This randomized VM mapping makes it more difficult for a malicious application to improperly access code or data based on knowledge of the code or data's virtual address.
NOTE: Prelinking also plays a part in the randomization of VM mapping.
Exec-shield's behavior can be controlled via the proc file system. Two files are used:
/proc/sys/kernel/exec-shield
/proc/sys/kernel/exec-shield-randomize
The /proc/sys/kernel/exec-shield file controls overall Exec-shield functionality, and can be manipulated using the following command:
echo <value> > /proc/sys/kernel/exec-shield
Where <value> is one of the following:
- 0 — Exec-shield (including randomized VM mapping) is disabled for all binaries, marked or not
- 1 — Exec-shield is enabled for all marked binaries
- 2 — Exec-shield is enabled for all binaries, regardless of marking (To be used for testing purposes ONLY)
The default value for /proc/sys/kernel/exec-shield is 1.
The /proc/sys/kernel/exec-shield-randomize file controls whether Exec-shield randomizes VM mapping, and can be manipulated using the following command:
echo <value> > /proc/sys/kernel/exec-shield-randomize
Where <value> is one of the following:
- 0 — Randomized VM mapping is disabled
- 1 — Randomized VM mapping is enabled
The default value for /proc/sys/kernel/exec-shield-randomize is 1.
It is also possible to configure Exec-shield by including one (or both) of the following lines in the /etc/sysctl.conf file:
kernel.exec-shield=<value>
kernel.exec-shield-randomize=<value>
(Where <value> is as previously described.)
NOTE: Exec-shield functionality is available only to binaries that have been built (and marked) using the toolchain (compiler, assembler, linker) available with Fedora Core 1 (or a recent upstream version of gcc and binutils that correctly inserts .note.GNU-stack and PT_GNU_STACK information, respectively). Binaries that have been built using a different version of the toolchain can still be used, but since they will not be marked, they will not take advantage of Exec-shield.
Application developers should keep in mind that, in the majority of cases, GCC correctly marks its generated code as being capable of using Exec-shield. In the few instances (usually caused by inline assembler or other nonportable code) where GCC non-optimally (or, more rarely, incorrectly) marks generated code, it is possible to pass GCC options to obtain the desired result:
The options controlling binary marking at the assembler level are:
-Wa,--execstack
-Wa,--noexecstack
The options controlling binary marking at the linker level are:
-Wl,-z,execstack
-Wl,-z,noexecstack
It is also possible to exert more fine-grained control by explicitly disabling Exec-shield for a specific binary at run time. This is done using the setarch command:
setarch i386 <binary>
(Where <binary> represents the binary to be run.) The binary is then run without Exec-shield functionality.
The proc file /proc/self/maps can be used to observe Exec-shield's effects. By using cat to display the current process's VM mapping, you can see Exec-shield at work. Similarly, you can use setarch in conjunction with cat to see how normal VM mapping differs from Exec-shield's mapping.
prevent loading of kernel modules
kernel now makes it possible to prevent the loading of kernel modules. This can be useful for system administrators wanting to ensure that only a strictly-controlled set of modules are loaded. To disable kernel module loading, issue the following command:
echo off > /proc/modules
Other security references
researching
SE Linux
researching
References
http://fedora.redhat.com/docs/selinux-faq-fc3/ http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/ http://www.redhat.com/archives/fedora-selinux-list/ http://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266 http://www.nsa.gov/selinux/ - http://www.nsa.gov/selinux/info/faq.cfm http://www.gentoo.org/proj/en/hardened/selinux/index.xml http://www.crypt.gen.nz/selinux/faq.html http://www.redhat.com/archives/fedora-devel-list/2004-September/msg00909.html
Updating
read http://www.fedora.us/wiki/FedoraHOWTO update list: http://fedoranews.org/blog/index2.php?cat=3 update announcements: https://www.redhat.com/archives/fedora-announce-list/
Using RPM
researching
| Action | Command | Example |
|---|---|---|
| install | rpm -i <package> | |
| update | rpm -U <package> | |
| freshen | rpm -F <package> | |
| build from source rpm | rpmbuild --rebuild <source package> | |
| list all installed packages | rpm -qa | |
| get information on a package | rpm -qi <package> | |
| determine which package supplied a given file | rpm -qf <file> | |
| checksum packages | rpm -K <package> |
Installing GPG Keys
base and updates-released:
rpm --import http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/RPM-GPG-KEY-fedora
updates-testing:
rpm --import http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/RPM-GPG-KEY-fedora-test
development: many rawhide packages are unsigned! see see http://www.redhat.com/archives/fedora-test-list/2004-October/msg02157.html
extras: rpm --import http://download.fedora.redhat.com/pub/fedora/linux/extras/RPM-GPG-KEY-Fedora-Extras
livna-stable: rpm --import http://rpm.livna.org/RPM-LIVNA-GPG-KEY
Yum
http://linux.duke.edu/projects/yum/ https://lists.dulug.duke.edu/pipermail/yum/ http://www.charlescurley.com/yum/
History
Previous discussed in FedoraCore2Desktop
Yum Repositories
| Label | Repository Location | Description |
|---|---|---|
| base | http://download.fedora.redhat.com/pub/fedora/linux/core/3/ | These are the official packages that exist at release time. |
| updates-released | http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ | These are the official updates that come out after release time. |
| updates-testing | http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/3/ | These are fedora updates that are in pre-release tested. Not recommended on production systems. |
| development | http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/ | These are the packages in development track for the next fedora core release. Also known as rawhide. Not recommended on production systems. |
| extras | http://download.fedora.redhat.com/pub/fedora/linux/extras/3/ | 3rd party packages created by the The Fedora Project: http://fedoraproject.org/ Documentation is here: http://fedoraproject.org/wiki/Extras |
| livna-stable | http://rpm.livna.org/fedora/3/i386/yum/stable | Packages maintained by http://rpm.livna.org which are not included in the fedora or fedora-extras repositories due to licensing issues. |
| livna-testing | http://rpm.livna.org/fedora/3/i386/yum/testing | These are livna packages that are in pre-release tested. Not recommended on production systems. |
| livna-unstable | http://rpm.livna.org/fedora/3/i386/yum/unstable | These are livna packages that are under development. Not recommended on production systems. |
The above repositories are designed to work together. Other repositories are available, but they may not always work well together. Research will be needed to determine this.
http://www.fedoratracker.org/ is a site which indexes 3rd party yum repositories. Also try http://dag.wieers.com/home-made/apt/mega-merge.php
yum.conf
/etc/yum.conf
[main] cachedir=/var/cache/yum debuglevel=2 logfile=/var/log/yum.log pkgpolicy=newest distroverpkg=redhat-release tolerant=1 exactarch=1 retries=20 obsoletes=1 gpgcheck=1
# PUT YOUR REPOS HERE OR IN separate files named file.repo # in /etc/yum.repos.d
fedora.repo
/etc/yum.repos.d/fedora.repo
[base]
name=Fedora Core $releasever - $basearch - Base
baseurl=http://mirror.vcu.edu/pub/linux/fedora/$releasever/$basearch/os/
http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/os/
failovermethod=priority
#mirrorlist=http://fedora.redhat.com/download/mirrors/fedora-core-$releasever.us.east
enabled=1
gpgcheck=1
gpgkey=http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/RPM-GPG-KEY-fedora
fedora-updates.repo
/etc/yum.repos.d/fedora-updates.repo
[updates-released]
name=Fedora Core $releasever - $basearch - Released Updates
baseurl=http://mirror.vcu.edu/pub/linux/fedora/updates/$releasever/$basearch/
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/$basearch/
failovermethod=priority
#mirrorlist=http://fedora.redhat.com/download/mirrors/updates-released-fc$releasever.us.east
enabled=1
gpgcheck=1
gpgkey=http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/RPM-GPG-KEY-fedora
fedora-extras.repo
/etc/yum.repos.d/fedora-extras.repo
[extras]
name=Fedora Extras
baseurl=http://mirror.vcu.edu/pub/linux/fedora/extras/$releasever/$basearch/
http://download.fedora.redhat.com/pub/fedora/linux/extras/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://download.fedora.redhat.com/pub/fedora/linux/extras/RPM-GPG-KEY-Fedora-Extras
livna-stable.repo
/etc/yum.repos.d/livna-stable.repo
[livna-stable]
name=Livna.org Fedora Compatible Packages (stable)
baseurl=http://livna.cat.pdx.edu/fedora/$releasever/$basearch/RPMS.stable
http://rpm.livna.org/fedora/$releasever/$basearch/RPMS.stable
http://wftp.tu-chemmnitz.de/pub/linux/livna/fedora/$releasever/$basearch/RPMS.stable
#failovermethod=priority enabled=1 gpgcheck=1 gpgkey=http://rpm.livna.org/RPM-LIVNA-GPG-KEY
jpackage.repo
/etc/yum.repos.d/jpackage.repo
[jp16-generic] name=JPackage 1.6, generic baseurl=ftp://jpackage.hmdc.harvard.edu/JPackage/1.6/generic/free/ enabled=1 gpgcheck=1 gpgkey=http://www.jpackage.org/jpackage.asc
[jp16-nonfree-generic] name=JPackage 1.6, generic baseurl=ftp://jpackage.hmdc.harvard.edu/JPackage/1.6/generic/non-free/ enabled=1 gpgcheck=1 gpgkey=http://www.jpackage.org/jpackage.asc
[jp16-fc3] name=JPackage 1.6 for Fedora Core 3 baseurl=ftp://jpackage.hmdc.harvard.edu/JPackage/1.6/fedora-3/free/ enabled=1 gpgcheck=1 gpgkey=http://www.jpackage.org/jpackage.asc
Apt-Get
researching
http://fedoranews.org/contributors/stanton_finley/fc3_note/#Apt https://moin.conectiva.com.br/AptRpm
rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/extras/3/i386/apt-0.5.15cnc6-12.r362.i386.rpm
Configuration file:
/etc/apt/sources.list
Sample configuration:
rpm http://SERVERNAME/fedora fedora/3/i386 os updates stable rpm-src http://SERVERNAME/fedora fedora/3/i386 os updates stable
Up2Date
researching
configuration file
/etc/sysconfig/rhn/sources
sample configuration
yum fedora-us-core-3 http://SERVERNAME/fedora/fedora/3/i386/RPMS.os yum fedora-us-updates-3 http://SERVERNAME/fedora/fedora/3/i386/RPMS.updates yum fedora-us-stable-3 http://SERVERNAME/fedora/fedora/3/i386/RPMS.stable yum fedora-core-3 http://download.fedora.redhat.com/pub/fedora/linux/core/3/$ARCH/os/ yum updates-released-fc3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/$ARCH/
yum-mirror fedora-core-3 http://fedora.redhat.com/download/up2date-mirrors/fedora-core-3 yum-mirror updates-released-fc3 http://fedora.redhat.com/download/up2date-mirrors/updates-released-fc3
#yum updates-testing http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/3/$ARCH/ #yum-mirror updates-testing http://fedora.redhat.com/download/up2date-mirrors/updates-testing-fc3 #yum development http://download.fedora.redhat.com/pub/fedora/linux/core/development/$ARCH/ #yum-mirror development http://fedora.redhat.com/download/up2date-mirrors/fedora-core-rawhide
Comparing Commands
| Action | Yum | Up2date (command line) |
|---|---|---|
| apply all updates | yum update | |
| apply all updates with exclusions | yum --exclude <package> update | up2date-nox --update (exclude list ignored by default) |
| show all packages available | yum list | up2date-nox --list |
| install package | yum install <package name> | |
| only download package (do not install) | yum --download-only <package> | up2date-nox --download <package> |
| install package from cache (used after download only) | yum -C install <package name> | up2date-nox --install <package name> |
| remove package | yum remove <package name> | |
| list rollback | up2date-nox --list-rollbacks | |
| get information on a package | yum info <package name> | |
| which package provides a feature or file | yum provides <feature> | |
| search packages contain this word | yum search <string> |
Installing Applications
A note about multimedia on linux
Because the Fedora project is dedicated to creating a pure open source linux distribution, many multimedia capabilities are not included by default. This is because many multimedia protocols or applictions are not open source. For example, mp3 decoding is only allowed by license from the owners. That they may not charge for it now, is completely up to them, thus mp3 decoding is not included in FC3 by default. Many applications listed below are ways to include the multimedia experience we are used to finding on windows or macintosh computers.
Mozilla
It appears the Fedora project is now creating their own rpms from mozilla source, so they will appear in the package updates. The following information may no longer be relavant:
If you wish to install a version of mozilla not included by the distribution get packages from here: ftp://mirror.vcu.edu/pub/mozilla.org/mozilla/yum/SeaMonkey/releases/current/redhat/2/i386/
(this could also be configured with yum) Note: Mozilla 1.7.3 is now included in FC2 updates, so the above is not be necessary until Mozilla 1.8 is released.
[mozilla 1.6] name=Mozilla 1.6 for Fedora Core $releasever baseurl=http://mirror.vcu.edu/pub/mozilla.org/mozilla/yum/SeaMonkey/releases/1.6/redhat/$releasever/
Installing Java
version 1.4.2_07 http://java.sun.com/j2se/1.4.2/download.html ln -s /usr/java/j2sdk1.4.2_06/jre/plugin/i386/ns610-gcc32/libjavaplugin_oji.so /usr/lib/mozilla/plugins
version 1.5.0_01
If you want to be on the cutting edge, Java 5 ( the new name for Java 2 version 1.5 ) can be downloaded here: http://java.sun.com/j2se/1.5.0/download.jsp
ln -s /usr/java/j2sdk1.5.0_01/jre/plugin/i386/ns7/libjavaplugin_oji.so /usr/lib/mozilla/plugins
Installing Flash
manual method:
goto http://www.macromedia.com/shockwave/download/alternates/#linux download install_flash_player_7_linux.tar.gz open the archive with tar -xvzf install_flash_player_7_linux.tar.gz cd to flashplayer-installer cp flashplayer.xpt /usr/lib/mozilla/plugins cp libflashplayer.so /usr/lib/mozilla/plugins
OR
yum repository: /etc/yum.repos.d/flash.repo
[flash] name=macromedia.mplug.org - Flash Plugin baseurl=http://macromedia.mplug.org/apt/fedora/$releasever http://sluglug.ucsc.edu/macromedia/apt/fedora/$releasever http://ruslug.rutgers.edu/macromedia/apt/fedora/$releasever # http://macromedia.rediris.es/apt/fedora/$releasever enabled=1 gpgcheck=1 gpgkey=http://ruslug.rutgers.edu/macromedia/gpg-publickey.txt
install gpg key install plug-in with
yum install flash-plugin
Installing an MP3 and DVD Players
If the livna.org repsitory is correctly configured in yum, use:
yum install xmms-mp3
To add the ability to play mp3s to xmms
yum install xine yum install libdvdcss
To add DVD playback capability
Installing RealPlayer
http://fedoranews.org/tchung/realplayer/ http://fedoranews.org/contributors/stanton_finley/fc3_note/#Real
go to http://www.real.com/linux/ look for Advanced Installation, download rpm you should get a file called RealPlayer10GOLD.bin chmod 700
running this file will lauch the install script. It will ask for your install directory, I recommend /usr/local/real/RealPlayer mozilla plugins will get symlinked to /usr/local/mozilla/plugins/ as part of install. ls -l /usr/lib/mozilla/plugins/ should show
nphelix.so -> /usr/local/RealPlayer/mozilla/nphelix.so nphelix.xpt -> /usr/local/RealPlayer/mozilla/nphelix.xpt
VMware
VMware Workstation 4.5.2-8848 will work under Fedora Core 2. see http://www.vmware.com/products/desktop/ws_features.html
There is a workaround available for VMware 4.5.2 with Fedora Core 3, see the release notes: http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/RELEASE-NOTES-en.html
Note with VMwareWorkstation-4.5.2-8848 and kernel-2.6.10-1.770_FC3, vmware will run but it takes a very long time, ~5 mins to load.
Crossover Office
Crossover Office Standard will work under Fedora Core 3. see http://www.codeweavers.com/site/products/cxoffice/
I found a bug when installing some programs like Quicktime-the installation hangs and never completes. It is expecting to find an OpenGL library in particular location. If this occure try the command:
touch <CXOFFICE ROOT>/lib/libGL.so.1
Cedega
formerly known as WineX It has not been determined yet if Cedega will run under Fedora Core 3 see http://www.transgaming.com/products_linux.php
Neverwinter Nights
Neverwinter Nights 1.65 will work under Fedora Core 3. see http://nwn.bioware.com/downloads/linuxclient.html
More suggestions
http://www.linux.com/article.pl?sid=04/06/24/1638255
Installing Adobe Acrobat
including getting an Adobe Acrobat Reader rpm that works with Fedora, they suggest using the Suse rpm found here: http://mirror.vcu.edu/pub/linux/suse/i386/9.0/suse/i586/acroread-5.08-52.i586.rpm
Laptops
The Fedora Core 1 kernel now includes support for laptop mode. When placed in laptop mode, the kernel batches disk I/O, allowing the disk drive to become idle long enough for the drive's power-saving features to take affect. This can result in significant increases in battery runtime.
To enable laptop mode, issue the following command:
echo 1 > /proc/sys/vm/laptop_mode
To disable laptop mode, issue the following command:
echo 0 > /proc/sys/vm/laptop_mode
Other References
http://fedoranews.org/contributors/stanton_finley/fc3_note/ http://stanton-finley.net/fedora_core_3_installation_notes.html http://www.mjmwired.net/resources/mjm-fedora-fc3.shtml http://www.lulu.com/static/fedora.php http://fedora.ivazquez.net/ http://www.xades.com/proj/fedora_repos.html
http://www.fedorafaq.org/ http://www.fedoraforum.org/ http://www.stud.uni-karlsruhe.de/~usge/fc2_install_notes.html http://fedoranews.org/colin/fnu/issue12.shtml http://fedoranews.org/colin/fnu/issue13.shtml http://fedoranews.org/colin/fnu/issue14.shtml
This page has been accessed 10154 times. This page was last modified 22:19, 28 Nov 2005.
