install ======= Fedora 18 has such a horrendously cryptic manual partitioning interface that I decided to develop a totally new install technique for it. First I installed a new Fedora 18 virtual machine (named f18). After I got through install and firstboot, I shut down the virtual machine. Then I reformatted the old FEDORA16 partition, labelling the new empty partition FEDORA18, and changing /etc/fstab to mount it on /fedora18 (and actually mounting it there after the reformat was done). Then I did this: guestmount -d f18 -i --ro /mnt Now I have the f18 virtual machine filesystem mounted on /mnt, at which point I can do this: rsync -a -H -A -X --exclude=lost+found/ /mnt/ /fedora18 Now I have a complete install of fedora on the /fedora18 partition which I have copied from the virtual machine disk image. A few tweaks are required before I can boot from it though: --- /mnt/boot/grub2/grub.cfg 2012-12-03 20:21:17.000000000 -0500 +++ /fedora18/boot/grub2/grub.cfg 2012-12-04 15:24:34.017583407 -0500 @@ -52,13 +52,12 @@ font=unicode else insmod part_msdos -insmod lvm insmod ext2 -set root='lvm/fedora-root' +set root='hd0,msdos2' if [ x$feature_platform_search_hint = xy ]; then - search --no-floppy --fs-uuid --set=root --hint='lvm/fedora-root' 5911be03-34c7-44c0-b458-a8e5c24703f1 + search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 --hint='hd0,msdos2' c1d455b0-56c6-4d98-bd70-668fbf5117cb else - search --no-floppy --fs-uuid --set=root 5911be03-34c7-44c0-b458-a8e5c24703f1 + search --no-floppy --fs-uuid --set=root c1d455b0-56c6-4d98-bd70-668fbf5117cb fi font="/usr/share/grub/unicode.pf2" fi @@ -73,13 +72,12 @@ fi terminal_output gfxterm insmod part_msdos -insmod lvm insmod ext2 -set root='lvm/fedora-root' +set root='hd0,msdos2' if [ x$feature_platform_search_hint = xy ]; then - search --no-floppy --fs-uuid --set=root --hint='lvm/fedora-root' 5911be03-34c7-44c0-b458-a8e5c24703f1 + search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 --hint='hd0,msdos2' c1d455b0-56c6-4d98-bd70-668fbf5117cb else - search --no-floppy --fs-uuid --set=root 5911be03-34c7-44c0-b458-a8e5c24703f1 + search --no-floppy --fs-uuid --set=root c1d455b0-56c6-4d98-bd70-668fbf5117cb fi insmod gfxmenu loadfont ($root)/boot/grub2/themes/system/DejaVuSans-10.pf2 @@ -93,40 +91,38 @@ ### END /etc/grub.d/00_header ### ### BEGIN /etc/grub.d/10_linux ### -menuentry 'Fedora' --class fedora --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-5911be03-34c7-44c0-b458-a8e5c24703f1' { +menuentry 'Fedora' --class fedora --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-c1d455b0-56c6-4d98-bd70-668fbf5117cb' { load_video set gfxpayload=keep insmod gzio insmod part_msdos - insmod lvm insmod ext2 - set root='lvm/fedora-root' + set root='hd0,msdos2' if [ x$feature_platform_search_hint = xy ]; then - search --no-floppy --fs-uuid --set=root --hint='lvm/fedora-root' 5911be03-34c7-44c0-b458-a8e5c24703f1 + search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 --hint='hd0,msdos2' c1d455b0-56c6-4d98-bd70-668fbf5117cb else - search --no-floppy --fs-uuid --set=root 5911be03-34c7-44c0-b458-a8e5c24703f1 + search --no-floppy --fs-uuid --set=root c1d455b0-56c6-4d98-bd70-668fbf5117cb fi echo 'Loading Linux 3.6.6-3.fc18.x86_64 ...' - linux /boot/vmlinuz-3.6.6-3.fc18.x86_64 root=/dev/mapper/fedora-root ro rd.md=0 rd.dm=0 rd.lvm.lv=fedora/root rd.luks=0 rhgb quiet + linux /boot/vmlinuz-3.6.6-3.fc18.x86_64 root=LABEL=FEDORA18 ro rd.md=0 rd.dm=0 rd.luks=0 selinux=0 quiet echo 'Loading initial ramdisk ...' initrd /boot/initramfs-3.6.6-3.fc18.x86_64.img } -submenu 'Advanced options for Fedora' $menuentry_id_option 'gnulinux-advanced-5911be03-34c7-44c0-b458-a8e5c24703f1' { - menuentry 'Fedora, with Linux 3.6.6-3.fc18.x86_64' --class fedora --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.6.6-3.fc18.x86_64-advanced-5911be03-34c7-44c0-b458-a8e5c24703f1' { +submenu 'Advanced options for Fedora' $menuentry_id_option 'gnulinux-advanced-c1d455b0-56c6-4d98-bd70-668fbf5117cb' { + menuentry 'Fedora, with Linux 3.6.6-3.fc18.x86_64' --class fedora --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.6.6-3.fc18.x86_64-advanced-c1d455b0-56c6-4d98-bd70-668fbf5117cb' { load_video set gfxpayload=keep insmod gzio insmod part_msdos - insmod lvm insmod ext2 - set root='lvm/fedora-root' + set root='hd0,msdos2' if [ x$feature_platform_search_hint = xy ]; then - search --no-floppy --fs-uuid --set=root --hint='lvm/fedora-root' 5911be03-34c7-44c0-b458-a8e5c24703f1 + search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos2 --hint-efi=hd0,msdos2 --hint-baremetal=ahci0,msdos2 --hint='hd0,msdos2' c1d455b0-56c6-4d98-bd70-668fbf5117cb else - search --no-floppy --fs-uuid --set=root 5911be03-34c7-44c0-b458-a8e5c24703f1 + search --no-floppy --fs-uuid --set=root c1d455b0-56c6-4d98-bd70-668fbf5117cb fi echo 'Loading Linux 3.6.6-3.fc18.x86_64 ...' - linux /boot/vmlinuz-3.6.6-3.fc18.x86_64 root=/dev/mapper/fedora-root ro rd.md=0 rd.dm=0 rd.lvm.lv=fedora/root rd.luks=0 rhgb quiet + linux /boot/vmlinuz-3.6.6-3.fc18.x86_64 root=LABEL=FEDORA18 ro rd.md=0 rd.dm=0 rd.luks=0 selinux=0 quiet echo 'Loading initial ramdisk ...' initrd /boot/initramfs-3.6.6-3.fc18.x86_64.img } --- /mnt/boot/grub2/device.map 2012-12-03 20:21:09.000000000 -0500 +++ /fedora18/boot/grub2/device.map 2012-12-03 21:07:52.212811655 -0500 @@ -1,3 +1,2 @@ # this device map was generated by anaconda -(hd0) /dev/vda -(hd1) /dev/vda +(hd0) /dev/sda --- /mnt/etc/default/grub 2012-12-03 20:21:15.000000000 -0500 +++ /fedora18/etc/default/grub 2012-12-04 15:29:23.441247641 -0500 @@ -1,6 +1,6 @@ GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved -GRUB_CMDLINE_LINUX="rd.md=0 rd.dm=0 rd.lvm.lv=fedora/root rd.luks=0 $([ -x /usr/sbin/rhcrashkernel-param ] && /usr/sbin/rhcrashkernel-param || :) rhgb quiet" +GRUB_CMDLINE_LINUX="rd.md=0 rd.dm=0 rd.luks=0 $([ -x /usr/sbin/rhcrashkernel-param ] && /usr/sbin/rhcrashkernel-param || :) selinux=0 quiet" GRUB_DISABLE_RECOVERY="true" GRUB_THEME="/boot/grub2/themes/system/theme.txt" That seems to be all the files I need to change. Then I can chroot into the /fedora18 partition and run grub-install --force /dev/sda2 Now it is bootable from the chainload entry in my /mainboot partition, and I have fedora18 installed (Ta-Da!). I've run updates and tried to add lots of rpms to match the set I have in f17 (not always successfully). (The lists of rpms from various comparisons are stashed in /fedora18/home/tom/rpms). I've also done this: systemctl disable gdm.service systemctl enable kdm.service And I've run the /zooty/projects/zeroboot/zeroboot.sh script after removing the reference to the /etc/sysconfig/display file which is no longer used (instead the above service diddling should give me kdm). Note: Later I deleted every line in the grub config containing "gfx" and that got rid of the annoying graphical grub screen. Also note: Rather than go through this again, I just did a "yum distro-sync" after the testing repos were disabled and have kept the f18 beta through all the yum updates as my f18 production system. Yet another thing to do: The hostname is now stashed in /etc/hostname, need to fill it in with the line zooty.my.lan networking ========== Remove the useless nat networking from libvirtd. virsh net-destroy default virsh net-undefine default Everything else was already done earlier (turning off NetworkManager, etc). See https://bugzilla.redhat.com/show_bug.cgi?id=781890 for implications of this and maybe a better way if it starts coming back again. ssh === The zeroboot script copied the host keys and hamster files: But I need to do this manually: merge setting from f17 /etc/ssh/sshd_config into fedora18 version. service sshd restart New thing to tweak: UsePrivilegeSeparation yes Maybe gets rid of the "sandbox is useless" log messages? software ======== General software notes: The names an organization of lots of rpms have changed (udev is now part of systemd for instance), many, many OCD packagers have decided to split things into multiple packages and their evil twins have decided to combine other things into one package. The means the old standby of comparing rpm lists: rpm -q --qf "%{NAME}.%{ARCH}\n" -a Doesn't work as well as it has in previous releases. One new trick I found was to do rpm -q --list on fedora 17 to get the actual filenames installed by the rpm and then do a yum install on fedora 18 giving a filename and let it find the rpm containing that file now that it has a totally different name. It is also useful to compare the contents of /usr/sbin and /usr/bin to see what is missing. extra stuff =========== Still need to manually install some things. (Like adobe stuff since adobe has decided to drop support for yum). Most of this was done via chroot without actually having to run fedora 17. downloaded nxclient rpm from nomachine and installed it. downloaded acroread and flas-plugin rpms from adobe and installed them. Epson linux driver is still same version last downloaded from: http://linux.avasys.jp/drivers/lsb/epson-inkjet/stable/RPMS/x86_64/ epson-inkjet-printer-artisan-725-835-series-1.0.0-1lsb3.2.x86_64.rpm Currently stashed in /zooty/downloads/epson/, install from there. Install gkrellm-themes rpm from /zooty/downloads libdvdcss ========= as user tom: cp /zooty/home/tom/.rpmmacros ~/ rpm -ihv /zooty/downloads/libdvdcss-1.2.10-1.src.rpm cd /zooty/build/rpmbuild/SPECS rpmbuild -bb libdvdcss.spec As root: yum --nogpg install /zooty/build/rpmbuild/RPMS/x86_64/libdvdcss-1.2.10-1.x86_64.rpm That is the last of the missing rpms (at least the ones I recognize as useful, there are a bunch of other random things, but unless I find I actually do need them, I'm not bothering with them). grub2 tweaks ============ Add the line: GRUB_DISABLE_OS_PROBER="true" to /etc/default/grub emacs ===== For ~tom: rm -f .emacs profile ln -s /zooty/home/tom/.emacs . ln -s /zooty/home/tom/profile . Now my fingers know how to work when running emacs as tom or as root. (The zeroboot script already did this for root). more user tom stuff =================== cd ~/ cp -rp /zooty/home/tom/.ssh .ssh (Greet! After waiting 30 seconds, the ssh forwarded link to work is back up again). services ======== Things are moving more into systemd in f17, but let's see what we have still under chkconfig: chkconfig --level 12345 iscsi off chkconfig --level 12345 iscsid off Now check systemd. This command will show what is enabled: systemctl --full list-unit-files | grep enabled | fgrep .service systemctl disable abrt-ccpp.service systemctl disable abrt-oops.service systemctl disable abrt-vmcore.service systemctl disable abrt-xorg.service systemctl disable abrtd.service systemctl disable avahi-daemon.service systemctl disable chronyd.service systemctl disable dbus-org.freedesktop.Avahi.service systemctl disable ksm.service systemctl disable ksmtuned.service systemctl disable lvm2-monitor.service systemctl disable mcelog.service systemctl disable mdmonitor-takeover.service systemctl disable mdmonitor.service systemctl disable openct.service systemctl disable packagekit-offline-update.service Let's make doubly sure... systemctl mask abrt-ccpp.service systemctl mask abrt-oops.service systemctl mask abrt-vmcore.service systemctl mask abrt-xorg.service systemctl mask abrtd.service systemctl mask avahi-daemon.service systemctl mask chronyd.service systemctl mask dbus-org.freedesktop.Avahi.service systemctl mask ksm.service systemctl mask ksmtuned.service systemctl mask lvm2-monitor.service systemctl mask mcelog.service systemctl mask mdmonitor-takeover.service systemctl mask mdmonitor.service systemctl mask openct.service systemctl mask packagekit-offline-update.service Anyway, now that I've disabled chronyd, I need to enable ntpd. Uncomment the "restrict 192.168.1.0" line in /etc/ntp.conf so local systems can ask zooty for the time of day. chkconfig --level 35 ntpd on Let's see if things still work after reboot... build tools =========== cd /zooty/info ./build-all.sh (The above can be done via the ~/cronscripts/do-zooty-chroot script as well without booting into new partition). Might want to add cdrtools to the script as well (but isn't there yet). ACK: Need to install libvmime-devel to get trollfilter to build. Did that and re-ran build-all, everything worked this time (so now I recognize one of the things I ignored during the installs above :-). cdrecord ======== Check out http://cdrecord.berlios.de/private/cdrecord.html for the latest version of the real honest to gosh working cdrecord tools, download and build from source. unpack, cd, gmake, sudo gmake install Everything is now under /opt/schily/bin nfs === zeroboot did this part: cp /fedora15/etc/exports /etc/exports Which looks like this: /zooty 192.168.1.0/24(rw,sync) But I need to run this: systemctl enable nfs-server.service Note: On kvm or other client machine, add this fstab entry: zooty:/zooty /zooty nfs rw samba ===== zeroboot did this part: cp /fedora15/etc/samba/smb.conf /etc/samba/smb.conf But I need to run this: systemctl enable smb.service systemctl enable nmb.service (Doesn't help - samba has been taken over by the tinfoil hat guys, see below for major changes I had to make). truecrypt (a.k.a realcrypt) =========================== zeroboot did this part: cp /fedora15/usr/bin/truecrypt /usr/bin/truecrypt cp /fedora15/etc/rc.d/init.d/truecrypt /etc/rc.d/init.d/truecrypt That installs this script: #!/bin/bash # unset DISPLAY exec /usr/sbin/realcrypt -t "$@" But I need to do these: Still need the service script to make sure all mounted volumes get unmounted when I reboot. chkconfig --add truecrypt service truecrypt start mkdir /secure Seems to work OK. postfix part 1 ============== service sendmail stop edit /etc/aliases and make tom be the final alias for root newaliases alternatives --config mta (select # corresponding to postfix) chkconfig --level 35 postfix on service postfix start lm_sensors ========== sensors-detect hddtemp ======= service hddtemp start chkconfig --level 35 hddtemp on APC ups ======= It is detected by gnome-power-manager, but that doesn't seem to help it shutdown cleanly. For that need to: service apcupsd start chkconfig --level 35 apcupsd on (the default config file in /etc/apcupsd seems to be reasonable). pptp ==== pptpsetup --create ccur --server vpnflc.ccur.com --username tomh --password

cp /fedora17/etc/rc.d/init.d/novpn /etc/rc.d/init.d/ chkconfig --add novpn Hey! I should add that novpn script to the zeroboot script! recover comment in the /etc/ppp/peers/ccur file about alternate servers anacron ======= anacron is now installed along with cronie so you can't just remove anything Make sure to run /usr/local/bin/fix-anacron cp /fedora17/etc/crontab /etc/crontab That restores the crontab file from fedora 14 that runs the hourly, daily, weekly, etc jobs at fixed times dammit. service crond restart afteryum ======== cp /zooty/info/afteryum.py /usr/lib/yum-plugins/afteryum.py cp /zooty/info/afteryum.conf /etc/yum/pluginconf.d/afteryum.conf logwatch ======== Do initial run of /usr/local/bin/fix-logwatch fix ugly cursors ================ yum install bluecurve-cursor-theme (did that already) Fix in two places: Edit /usr/share/icons/default/index.theme Change to say: Inherits=Bluecurve Run dconf-editor, goto org.gnome.desktop.interface change cursor theme to Bluecurve GTK style ========= run /usr/local/bin/fix-Adwaita Actually, I'm now going into dconf-editor org.gnome.desktop.interface and changing the theme to oxygen-gtk which I picked by trying all the themes that had both gtk 2.0 and 3.0 definitions. At least I have arrows in scrollbars now. (The f18 Adwaita theme has now done away with arrows so it is impossible to scroll just a little in a big list). more crap ========= rm -f /etc/profile.d/color* /etc/profile.d/PackageKit* /etc/profile.d/vim* (That gets run in the yum hook, but run it now just to get them all). stunnel ======= zeroboot did these: cp /fedora17/etc/rc.d/init.d/stunnel /etc/rc.d/init.d/stunnel cp /fedora17/etc/stunnel/stunnel.conf /etc/stunnel/stunnel.conf But I need to do this: useradd -c 'Stunnel User' -d /var/run/stunnel -M -r -s /sbin/nologin stunnel mkdir -p /var/run/stunnel chown stunnel:stunnel /var/run/stunnel chkconfig --add stunnel GAAH! This doesn't seem to be starting correctly with systemd. I always have to do a service stunnel restart after the system is up. Something else to move to rc.local I guess... rc.local ======== cp -p /fedora17/etc/rc.d/rc.local /etc/rc.d/rc.local Pick up custom stuff from /fedora17/etc/rc.d/rc.local Note that rc.local moved from /etc to /etc/rc.d/ Sigh. Seems like postfix doesn't work after a reboot, add a line to restart postfix after a delay to go with the line already there that restarts stunnel. [Seems to work now - I can send mail immediately after a reboot]. I think I forgot to turn on the postfix service, but if I make sure it is enabled, it still doesn't work. It doesn't show any errors in the maillog, but it also can't send mail. Restarting it in rc.local makes it work OK. namedprime ========== I don't know if this really helps anything, but it looks up names early I want to get cached in DNS. Can't hurt I guess. zeroboot did this for me: cp /fedora17/etc/rc.d/init.d/namedprime /etc/rc.d/init.d/namedprime I need to do this: chkconfig --add namedprime nx == I'm using the repos for the nx server now, and nomachine for the nxclient rpm, but need to retrieve the custom keys from f17 partition: cd /etc/nxserver/ cp /fedora17/etc/nxserver/* . chown nx:root * cd /var/lib/nxserver/home/.ssh rm -f * cp /fedora17/var/lib/nxserver/home/.ssh/* . chown nx:root * (That got things restored, but they didn't work till a fix for freenx-server showed up and a few other things were tweaked: see below). cert ==== Copy /etc/pki/dovecot/dovecot-openssl.cnf from old release in case I need to re-gen certs cp /fedora17/etc/pki/dovecot/dovecot-openssl.cnf \ /etc/pki/dovecot/dovecot-openssl.cnf Remember how to make new cert: rm -f /etc/pki/dovecot/certs/dovecot.pem rm -f /etc/pki/dovecot/private/dovecot.pem export SSLDIR=/etc/pki/dovecot export OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh virtual machines ================ First run virt-manager and define /zooty/images/ as a storage pool cd /etc/libvirt/qemu cp /fedora17/etc/libvirt/qemu/*.xml . service libvirtd restart Gah! When I had machine problems the other day and reloaded BIOS defaults, I guess I forgot to re-enable KVM. This is a good opportunity to reboot and fix that :-). OK, reboot fixed that, but then I found I needed this to see my spice based KVMs from virt-manager: yum install spice-gtk-python (found this fix in bugzilla 819270). Hmmm... Mouse no workee in windows VMs when I start via virt-manager. Actually, after a reboot, the mouse does work - who knows what happened? httpd ===== cp /fedora17/etc/httpd/conf.d/zooty.conf /etc/httpd/conf.d/zooty.conf Change the IndexIgnore setting in /etc/httpd/conf/httpd.conf so I can see all the damn files (why README files are hidden by default is more than I can imagine). The proper value is blank line (no patterns to ignore). WRONG!!! The proper value is to delete the directive - the new apache pukes when it has no arguments. (Conveniently, f18 has reorganized everything so it is impossible to compare). Add this bind mount to fstab: /zooty/web-content/html /var/www/html none rw,bind 0 0 chkconfig --level 35 httpd on GAH! Doesn't work. Apache has changed the access controls: http://httpd.apache.org/docs/2.4/upgrading.html Need to replace all my: Order allow,deny Allow from all directive pairs with: Require all granted Now it works... printers ======== Make sure latest version of epson driver was installed above: epson-inkjet-printer-artisan-725-835-series-1.0.0-1lsb3.2.x86_64.rpm (from http://avasys.jp/eng/linux_driver/download/lsb/epson-inkjet/escp/) cd /zooty/downloads/cups-pdf/ sh -x ./build-em (as root) cp /fedora17/etc/cups/printers.conf /etc/cups/printers.conf cp /fedora17/etc/cups/ppd/* /etc/cups/ppd/ google-chrome ============= Search for and install google-chrome stable from google (which provides the google chrome repo for updates). AVRISP mkII =========== (zeroboot already does this). cp /fedora17/etc/udev/rules.d/60-avrisp.rules /etc/udev/rules.d/60-avrisp.rules libreoffice =========== yum install libpaper echo Letter > /etc/papersize At last! Furshlugginer libreoffice paper size finally defaults to Letter! myphone.conf ============ Add this to the /etc/modprobe.d/ directory: options usb-storage quirks=0489:c001:i,04b0:018f:i run dracut --force That makes the usb-storage driver ignore my phone and android camera so I can talk to them with adb without getting scads of messages about storage errors in the logs. (Didn't run dracut since I've done kernel updates since the file was copied over by zeroboot). /etc/php.ini ============ For file uploads from camera to work, I needed to modify some stuff in the php.ini file: post_max_size = 0 upload_tmp_dir = /zooty/tmp upload_max_filesize = 200M chronyd versus ntpd =================== I thought I fixed this, but I see chronyd message in the log. I need to be running ntpd so I can serve time to other computer in my LAN. OK, I did disable chronyd.service and enable ntpd.service, but chronyd is still the one running. So now I just did: yum -C erase chrony Let's see it start up after that :-). hunspell ======== For some reason ispell stopped working in emacs (and for some even more mysterious reason it did not stop working at work). Enough strace commands finally discovered this could make it work: zooty> cd /usr/share/myspell/ zooty> sudo ln -s en_US.aff default.aff zooty> sudo ln -s en_US.dic default.dic No idea why it stopped working since I never had these links before. (Ispell is working now with no action by me, but I keep this hint around in case it stops again). Must have something to do with environment. Now that I've logged in with my original home directory, ispell is busted and I need to make the symlinks again. (And now it works again). User tom groups =============== Wups. Need to make tom a member of uucp, lock, dialout groups (as well as primary users group). grep in emacs ============= Annoying compile.el inserts a line in the grep buffers that emacs thinks is a grep hit, but it can't find the file for it. GRRRR! Make my own version of compile.el that simply doesn't add that line at all. grep works again... (Just inherit this from old profile/lisp dir). home directory ============== What the heck, let's go ahead and switch home directory and finish up the conversion to f18 for real. mv /home /home.orig mkdir /home Add this to /etc/fstab /zooty/home /home none rw,bind 0 0 Make fedora 18 the default in /mainboot/grub/grub.conf Now let's boot into f18 and see what happens... ... Not bad, I've got my fvwm session going, google-chrome is (mostly) OK, etc. Next thing I need is to get mail setup and running again. dovecot ======= Saved original files from /etc/dovecot/conf.d/ directory in .orig~ backup files, then modified the files to match the same changes I made in f16 comparing the files in emacs to see what differences matter and what were just updated comments in new f16 versions. That process generated these changes in diff -u format: --- 10-auth.conf.orig~ 2012-06-11 18:51:52.821092845 -0400 +++ 10-auth.conf 2012-06-11 18:52:38.838180841 -0400 @@ -121,7 +121,7 @@ !include auth-system.conf.ext #!include auth-sql.conf.ext #!include auth-ldap.conf.ext -#!include auth-passwdfile.conf.ext +!include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-vpopmail.conf.ext #!include auth-static.conf.ext --- 10-mail.conf.orig~ 2012-06-11 19:07:33.291304775 -0400 +++ 10-mail.conf 2012-06-11 19:07:50.833897042 -0400 @@ -27,7 +27,7 @@ # # # -#mail_location = +mail_location = maildir:~/Maildir # If you need to set multiple mailbox locations or want to change default # namespace settings, you can do it by defining namespace sections. --- 10-master.conf.orig~ 2012-06-11 18:53:07.226609356 -0400 +++ 10-master.conf 2012-06-11 19:09:29.783636658 -0400 @@ -86,16 +86,17 @@ # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). - unix_listener auth-userdb { + #unix_listener auth-userdb { #mode = 0666 #user = #group = - } + #} # Postfix smtp-auth - #unix_listener /var/spool/postfix/private/auth { - # mode = 0666 - #} + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + } # Auth process is run as this user. #user = $default_internal_user --- 10-ssl.conf.orig~ 2012-06-11 18:54:51.110754898 -0400 +++ 10-ssl.conf 2012-06-11 18:55:15.747176850 -0400 @@ -5,7 +5,7 @@ # SSL/TLS support: yes, no, required. # disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections -ssl = required +ssl = yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but --- 15-lda.conf.orig~ 2012-06-11 18:55:39.227221836 -0400 +++ 15-lda.conf 2012-06-11 18:56:34.320933054 -0400 @@ -4,7 +4,7 @@ # Address to use when sending rejection mails. # Default is postmaster@. -#postmaster_address = +postmaster_address = postmaster@example.com # Hostname to use in various parts of sent mails, eg. in Message-Id. # Default is the system's real hostname. @@ -44,5 +44,5 @@ protocol lda { # Space separated list of plugins to load (default is global mail_plugins). - #mail_plugins = $mail_plugins + mail_plugins = $mail_plugins sieve } --- auth-passwdfile.conf.ext.orig~ 2012-06-11 18:56:55.432482137 -0400 +++ auth-passwdfile.conf.ext 2012-06-11 18:58:09.654908772 -0400 @@ -5,16 +5,16 @@ passdb { driver = passwd-file - args = scheme=CRYPT username_format=%u /etc/dovecot/users + args = /etc/dovecot.pass } -userdb { - driver = passwd-file - args = username_format=%u /etc/dovecot/users +#userdb { + #driver = passwd-file + #args = username_format=%u /etc/dovecot/users # Default fields that can be overridden by passwd-file #default_fields = quota_rule=*:storage=1G # Override fields from passwd-file #override_fields = home=/home/virtual/%u -} +#} --- auth-system.conf.ext.orig~ 2012-06-11 18:58:44.276350980 -0400 +++ auth-system.conf.ext 2012-06-11 18:59:27.805675414 -0400 @@ -7,12 +7,12 @@ # PAM is typically used with either userdb passwd or userdb static. # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM # authentication to actually work. -passdb { - driver = pam +#passdb { + #driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=] # [cache_key=] [] #args = dovecot -} +#} # System users (NSS, /etc/passwd, or similiar). # In many systems nowadays this uses Name Service Switch, which is Then salvaged files and settings from f16: cp -p /fedora17/etc/dovecot.pass /etc/dovecot.pass chkconfig --level 35 dovecot on If I reclaim old home directory, this will be preserved, but should note these setting are also required: Setup ~/.forward to contain the line: | "/usr/local/bin/dannyboy --prog=/usr/local/bin/trollfilter --arg=--filter --prog=/usr/bin/bogofilter --arg=-p --arg=-e --prog=/usr/libexec/dovecot/deliver" Setup ~/.dovecot.sieve to contain filtering tests to classify mail into different IMAP folders automagically. postfix part 2 ============== Similar to dovecot, I saved orig files in /etc/postfix, applied changes from f16, and generated this diff -u output: --- main.cf 2012-06-11 19:17:22.452251819 -0400 +++ main.cf 2012-06-11 19:19:59.305770830 -0400 @@ -19,7 +19,7 @@ # (by changing 5xx replies into 4xx replies). However, soft_bounce # is no cure for address rewriting mistakes or mail routing mistakes. # -#soft_bounce = no +soft_bounce = yes # LOCAL PATHNAME INFORMATION # @@ -110,10 +110,10 @@ # # Note: you need to stop/start Postfix when this parameter changes. # -#inet_interfaces = all +inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost -inet_interfaces = localhost +#inet_interfaces = localhost # Enable IPv4, and IPv6 if supported inet_protocols = all @@ -316,6 +316,12 @@ #relayhost = uucphost #relayhost = [an.ip.add.ress] +relayhost = [127.0.0.1]:5025 +smtp_helo_name = zooty +smtp_sasl_auth_enable = yes +smtp_sasl_security_options = +smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd + # REJECTING UNKNOWN RELAY USERS # # The relay_recipient_maps parameter specifies optional lookup tables @@ -560,6 +566,15 @@ # #fast_flush_domains = $relay_domains +smtpd_sasl_auth_enable = yes +smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination +smtpd_sasl_authenticated_header = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth + +smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem +smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem + # SHOW SOFTWARE VERSION OR NOT # # The smtpd_banner parameter specifies the text that follows the 220 --- master.cf 2012-06-11 19:20:41.677833258 -0400 +++ master.cf 2012-06-11 19:21:10.065205232 -0400 @@ -19,11 +19,11 @@ # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#smtps inet n - n - - smtpd -# -o syslog_name=postfix/smtps -# -o smtpd_tls_wrappermode=yes -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_client_restrictions=permit_sasl_authenticated,reject +smtps inet n - n - - smtpd + -o syslog_name=postfix/smtps + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cp -p /fedora17/etc/pki/dovecot/certs/dovecot.pem \ /etc/pki/dovecot/certs/dovecot.pem cp -p /fedora17/etc/pki/dovecot/private/dovecot.pem \ /etc/pki/dovecot/private/dovecot.pem cp -rp /fedora17/etc/postfix/sasl /etc/postfix/sasl Make sure system name is zooty.my.lan in /etc/hostname to make postfix happy. And after rebooting, I can send and receive mail! I'm mostly over the hump now in the transition to f17. user tom ======== Go ahead and turn back on tom's cron jobs: crontab ~/profile/cron/crontab (Seems to be working, I'm getting mail sucked up automatically via fetchmail now). traffic ======= cp /fedora17/var/www/cgi-bin/traffic-cams /var/www/cgi-bin/traffic-cams backup & friends ================ mkdir /backup cp -r /fedora17/root/cronscripts /root/cronscripts edit fetch-updates script to use chroot for f17 and native for f18 edit rsync-exclude and back2-exclude to exclude /fedora17, not /fedora16 rm -rf /backup/zooty-old mv /backup/zooty /backup/zooty-old mkdir -p /backup/zooty/latest chmod 777 /backup/zooty mv /backup/zooty-old/cb* /backup/zooty mv /backup/zooty-old/latest/zooty /backup/zooty/latest rm -rf /back2/zooty-old mv /back2/zooty /back2/zooty-old mkdir -p /back2/zooty/latest chmod 777 /back2/zooty mv /back2/zooty-old/cb* /back2/zooty mv /back2/zooty-old/latest/zooty /back2/zooty/latest ln -s /root/cronscripts/rsync-backup /etc/cron.daily/zzz-rsync-backup ln -s /root/cronscripts/fetch-updates /etc/cron.daily/fetch-updates ln -s /zooty/info/daily-rpm /etc/cron.daily/daily-rpm ln -s /root/cronscripts/mirror-zooty /etc/cron.daily/mirror-zooty fedora 17 ========= Chroot over to the fedora 17 partition, fiddle the symlink documented in /etc/inittab to boot multi-user rather than graphical. rm -f /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target Remove the symlinks in /etc/cron.daily added for updates and backup cd /etc/cron.daily rm -f daily-rpm rm -f fetch-updates rm -f zzz-rsync-backup rm -f mirror-zooty Remove the /var/spool/cron/tom crontab file. OK, fedora 17 is officially un-used now (but could easily be resurrected). getting NX to work ================== I had to apply the work around in this bugzilla just to get connected in the first place: https://bugzilla.redhat.com/show_bug.cgi?id=903186 (Some new version of a netcat tool they were using was spewing to stderr and flaking out the nomachine nxclient). P.S. There is an official freenx-server release now with this fix, so no manual hackery is needed any longer. Having gotten connected, I had to invent this work around to get any gtk 3 programs to run (which unfortunately included emacs): https://bugzilla.redhat.com/show_bug.cgi?id=903410 Finally I can remote connect and run useful programs! Yikes! No I can't. My keyboard mapping is now totally fucked up. The x.orig wiki seems to indicate that maybe I can run this: setxkbmap -model pc105 -layout us -option "" That seems to work. tooltips ======== AAUGH! I don't know if it is oxygen-gtk or google-chrome or what, but tooltips now sprout over the top of everything I try to read the instant I stop moving the mouse. Some googling finally came up with this: In each of the files: /etc/gtk-2.0/gtkrc /etc/gtk-3.0/settings.ini Add the line gtk-tooltip-timeout = 10000 That makes it take 10 seconds to popup the annoying tooltip. I rarely leave the mouse in one place that long :-). Gaah! These disappear on updates. Try ~/.config/gtk-[23].0/ directories instead... (Doesn't seem to work, guess I need to add those fixes to my /usr/local/bin/fix-Adwaita script). samba ===== Fucking morons disabled SHARE security, now I need some other way to mount share from windows. Run the system-config-samba tool. Setup user security with samba user tom and password fuck and try connecting that way. It worked, there were checkboxes for remembering credentials and remounting next time, but I'll bet anything it won't auto reconnect the next time I boot (at least that was the problem I constantly had the last time I tried user based security). Yep, won't remount when auto login at boot. In fact telling it the mount should be persistent pops up all kinds of annoying messages when it doesn't work. I need to make a fucking batch file that uses ping for the side effect of a delay then uses the net use command to mount the share: @ECHO OFF ping 192.168.118.253 -n 1 -w 10000 > NUL NET USE Z: \\zooty\public fuck /USER:PARADOX\tom Sheesh! Holy crap! Now windows persists in telling me about the network drive it couldn't reconnect even though I disconnected it. I have to manually connect it again so I can uncheck the persistent option so it won't fail every time I login. A few more hours of googling and I finally found the fucking startup folder down in some idiot mocrosoft roaming directory tree 300 levels deep (C:\Users\(User-Name)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup) and was able to make a link to my batch job there. At last I get the damn share mounted when I auto login. (With an ugly cmd window sitting there for 10 seconds - I can set the link properties to start minimized so I only get an ugly icon in the task bar though). What a load of crap (and I note that the NFS normal mode of operation is essentially identical to the now deleted SHARE security, so what in the fuck is the disease afflicting the morons in charge of samba? Is their next move to try and get NFS disabled? Their web site also claims to open windows to a wider world - well Microsoft hasn't removed SHARE security so why the fuck has samba removed it?). S/PDIF audio ============ The 3.8 kernels that showed up in f18 broke my play-movie script. See: https://bugzilla.redhat.com/show_bug.cgi?id=919630 Eventually determined that this magical change was needed: /usr/share/alsa/cards/HDA-Intel.conf --- HDA-Intel.conf.orig 2013-03-20 19:13:37.808602053 -0400 +++ HDA-Intel.conf 2013-03-20 19:14:26.332531304 -0400 @@ -113,12 +113,14 @@ hook_args [ { name "IEC958 Playback Default" + index 16 lock true preserve true value [ $AES0 $AES1 $AES2 $AES3 ] } { name "IEC958 Playback Switch" + index 16 value true } ] Also, I now say device=iec958 on mplayer rather than device=hw=0.1. If this breaks again, I should suspect an alsa update overwrote these changes and maybe I'll need to move them into a fixup script to re-apply after any updates. ================================================================= BZZZZT! WARNING! Replaced motherboard after bios disaster... ================================================================= Needed to re-run sensors-detect (unfortunately the new super io chip isn't recognized so none of the zillion sensors on the new motherboard are available though I found a note on google saying the lm_sensors guys are trying to squeeze the datasheet out of asus and/or nuvoton). Needed to run "hwclock -w" to get the motherboard rtc set to the accurate time (which I want in UTC). Kept having dovecot problems when time went backwards right after booting. Helpfull biosdevname now gives me em1 instead of p6p1 so I had to rename and edit all my vlans in /etc/sysconfig-network-scripts that mentioned p6p1. Also had to reassign the old MAC address in the router so I could get zooty's proper IP address assigned. The sound system is different. I had to "yum reinstall alsa-libs" to back out the stuff I screwed around with before. Now HDMI and S/PDIF both show up in pulseaudio as possible output devices. Gotta figure out what to say to mplayer in the play-movie script to make this all work. Maybe I can leave pulse running and just switch to different output? Found it seemed simpler to use device=hw=1.1, don't know why the device name "iec958" didn't work since aplay knows that device is on card 1, but for some reason it didn't, the hw=1.1 gets directly to the right s/pdif digital output device (I think - at least I hear audio via the receiver :-). Intel video driver ================== xrandr --output HDMI2 --set "Broadcast RGB" Full For the longest time, I've had the suspicion that the intel video driver has been screwing with the output range. The above command verifies this as suddently the thin white mist over my screen is completely dissapated after running that command. Now how the devil do I make it the default mode of operation for the display so I don't have to do the xrandr switch (which makes the screen flicker, and usually screws up the video sync a bit till I power cycle the TV). The "intel" man page has this cryptic note: TMDS-1 , TMDS-2 , HDMI-1 , HDMI-2 DVI/HDMI outputs. Avaliable common properties include: BROADCAST_RGB - method used to set RGB color range Adjusting this property allows you to set RGB color range on each channel in order to match HDTV requirment(default 0 for full range). Setting 1 means RGB color range is 16-235, 0 means RGB color range is 0-255 on each channel. (Full range is 0-255, not 16-235) SDVO and DVO TV outputs are not supported by the driver at this time. See xorg.conf(5) for information on associating Monitor sections with these outputs for configuration. Associating Monitor sec- tions with each output can be helpful if you need to ignore a specific output, for example, or statically configure an extended desktop monitor layout. So what syntax do I need in which file? I can't make xorg.conf.d work, but I've added the xrandr command to /etc/X11/xinit/xinitrc.d/00-aaa-me-first.sh. That definitely adds a flicker when I login, but it also definitely fixes it correctly. Maybe if I make it check current mode I could avoid extra flicker. Finally found an example xorg file with some monitor options (of course the example is from someone complaining it doesn't work :-). Section "Device" Identifier "intelsnb" Driver "intel" Option "monitor-HDMI1" "DVI" Option "monitor-HDMI2" "HDMI" Option "RandRRotation" "on" EndSection Section "Monitor" Identifier "DVI" Option "PreferredMode" "1680x1050" Option "LeftOf" "HDMI" EndSection Section "Monitor" Identifier "HDMI" Option "PreferredMode" "1680x1050" Option "Rotate" "CCW" EndSection Section "Screen" Identifier "Screen0" Monitor "DVI" Device "intelsnb" DefaultDepth 24 SubSection "Display" Modes "1680x1050" Virtual 3360 1680 EndSubSection EndSection Perhaps I could try something like this: Section "Device" Identifier "intelsnb" Driver "intel" Option "monitor-HDMI2" "HDMI" EndSection Section "Monitor" Identifier "HDMI" Option "Broadcast RGB" "Full" EndSection (Someday maybe I'll give it a whirl, but it probably won't work much better than the xrandr command). Well, I tried it and it don't work. I see things in the X log like "output HDMI2 has no Monitor section", yet every indication is that the gibberish above should provide a monitor section for HDMI2, so I guess I need to stick with randr till something better comes along.