Klingons do not make software 'releases'. Our software escapes, leaving a bloody trail of designers and quality assurance people in its wake!

Here is a summary of my procedures for installing a new Fedora release on my system. This evolves and changes as Fedora changes, but it can serve as a reference for me if nothing else :-). You'll have to decide for yourself if you want to steal any or all of these ideas.


My new system has a SSD disk drive as the primary disk. It has enough space for a couple of separate Fedora installations and a stand alone grub partition used to chainload the different Fedora installations.

In order to avoid thinking too hard, I generated the stand alone grub partition by the simple technique of installing a minimal Fedora 15 once with a separate boot partition. Then I installed the full Fedora 15 completely inside one root partition (and when Fedora 16 arrived installed it in the remaining root partition). So I can get to the Fedora 15 and 16 partitions I now have installed (as well as the handy memtest boot image) by chain loading like so:


title Fedora 18 x86_64
        rootnoverify (hd0,1)
        chainloader +1
title Fedora 19 x86_64
        rootnoverify (hd0,2)
        chainloader +1
title Memtest86+ 4.20
	root (hd0,0)
	kernel /memtest/memtest86+-4.20.bin

(I've since converted this to use grub2)

When installing Fedora on the other partitions, I tell it to install grub in the partition, not in the MBR of the disk, and I mount the stand alone grub boot partition as /mainboot, not as /boot

By installing the other two Fedoras with their grub in the partition, I get a completely independent system where updates with new kernels properly modify the local /boot directory and don't interfere with the other Fedora or the stand alone grub parition.

By running both the current and previous Fedora releases in separate partition, I have something to fall back on if some update breaks the current release, and I can refer to the previous release if I find something missing I failed to bring forward in the new release.

Download Install DVD

There are a lot of different media available for installing Fedora. I happen to like using the DVD so I can do all my downloading while my system is up, and have a large and useful set of packages installed from the DVD as soon as the install is completed and get the system back up as soon as possible following the new install.

For me, bittorrent seems to provide the fastest way to download the DVD, and a trick I often use to cheat and get a jump on the official release is to look on the Fedora All Download Methods web page and copy the URL for the bit torrent file. The current URL (for the Fedora 16 torrent) is:


I can then create the expected name of the next Fedora release torrent link:


And usually a few hours before the normal release time of 10 AM EST, the torrent file actually shows up on the fedoraproject server, so you can get a head start downloading (another reason bittorrent is faster :-).

Hard Disk Install

The initial Fedora 15 install was done from an actual DVD because the machine was totally blank. Once one version of Fedora is on the machine, however, I can do subsequent installs from the ISO image on the hard disk. This is much faster than using a real DVD and doesn't eat up any media.

I have the ISO images stashed on my /backup external USB disk, with the Fedora 16 image in the directory /backup/iso-images/Fedora-16-x86_64-DVD/ so to get started with the DVD install procedure I first need to extract the linux kernel and initrd files from the DVD and put them where I can easily make an entry in my /mainboot stand alone grub partition for booting from this installer kernel:

cd /backup/iso-images/Fedora-16-x86_64-DVD/
mkdir mnt
mount -o loop Fedora-16-x86_64-DVD.iso mnt
mkdir /mainboot/f16
cp mnt/isolinux/vmlinuz /mainboot/f16
cp mnt/isolinux/initrd.img /mainboot/f16
umount mnt
rmdir mnt

With the files now extracted, and the knowledge that the partition label on the /backup USB disk is BACKUP, I can make this temporary addition to the /mainboot/grub/grub.conf grub menu:

title Install Fedora 16 x86_64
        root (hd0,0)
        kernel /f16/vmlinuz repo=hd:LABEL=BACKUP:/iso-images/Fedora-16-x86_64-DVD/
        initrd /f16/initrd.img

While I'm editing the grub.conf file, I'll also want to setup the permanent chainloader entry for what will be the new Fedora 16 partition (taking care to make sure I get the partition number right):

title Fedora 16 x86_64
        rootnoverify (hd0,2)
        chainloader +1

At this point, it is almost possible to go ahead and reboot and install, but there are actually a couple of things you probably need to do first:

If the partition you are going to install the new Fedora to is currently listed in your /etc/fstab file, you probably want to comment it out. The installer tends to clobber the disk label when installing, so it may not mount correctly when you reboot back into the currently running system. To avoid boot problems, it is best to just comment out that partition for now.

You also want to take some time to make absolutely sure you'll be able to identify the partition when you are running the installer. I use e2label to give the partition a sensible human readable label (like FEDORA16) before I boot into the installer, but that may not help soon. It appears that the anaconda developers are intent on making it impossible to identify partitions by not allowing you to discover disk labels, so after labeling the disk, you might also want to run the blkid utility and write down or print out a copy of all the information so you'll have a better chance of guessing which /dev/sdaN partition is the one you intended to wipe out and reinstall. (See redhat bugzilla 574121, which I'm still waiting to be implemented :-).

Now is the time to finally reboot your system and choose the Install Fedora 16 x86_64 menu entry in the initial grub menu. That will boot the installer's kernel and use the DVD iso image you pointed at on the kernel command line to run the install.

When the installer asks where to install, be sure to tell it to do a custom partitioning where you can then attempt to find the correct partition to install on.

Also, at some point it will (hopefully) ask where to install grub. Be sure to tell it to install to the partition, and not to the MBR of the disk. If it wipes out the disk MBR, it will wipe out the stand alone grub (which can be fixed from rescue mode, but is a pain - best to get the installer to put the new grub on the same partition with the new Fedora).

Once the install is complete, you could boot into the new Fedora, but I like to nip certain things in the bud by first booting back into the old Fedora partition and tweaking things on the new partition before I run first boot.

Before First Boot

The first thing to do is give the partition a sane label again (like the FEDORA16 label which was just wiped out by anaconda), then you can fix the /etc/fstab file so you can mount the partition again (a mount point like /fedora16 makes a lot of sense).

Now that I have the new Fedora mounted, I can run my zerothboot.sh script (though I always need to check things first to make sure everything it does is still appropriate for the new release).


# Run this script with argument pointing to root of newly installed
# fedora before you boot to the firstboot screen.
export tmpfile
trap "rm -f $tmpfile" EXIT
if [ $# -ne 1 ]
   echo Must be run with single arg giving path to root of new fedora 1>&2
   exit 2
if [ -d "$fedroot" ]
   echo "$fedroot" is not a directory 1>&2
   exit 2

# Disable annoying boot animation which hides anything that might go wrong.
# As long as we are editing kernel command line, disable selinux as well.
files="$fedroot/boot/grub2/grub.cfg $fedroot/etc/default/grub"
for file in $files
   echo Fix "$file" rhgb, selinux
   if [ -f "$file" ]
      cp -f $file $file.zeroboot
      rm -f "$tmpfile"
      sed -e 's/ rhgb / selinux=0 /' \
         < "$file" \
         > "$tmpfile"
      if cmp -s "$tmpfile" "$file"
         cp -f "$tmpfile" "$file"
      rm -f "$tmpfile"
      echo Missing "$file" 1>&2

# We disabled selinux on kernel boot, now use belt and suspenders
# and disable it in the config file as well.
echo Fix "$file", disable selinux
if [ -f "$file" ]
   cp -f $file $file.zeroboot
   rm -f "$tmpfile"
   sed -e 's/SELINUX=enforcing/SELINUX=disabled/' \
      < "$file" \
      > "$tmpfile"
   if cmp -s "$tmpfile" "$file"
      cp -f "$tmpfile" "$file"
   rm -f "$tmpfile"
   echo Missing "$file" 1>&2

# Setup the system to use KDM rather than GDM as the login manager.
# (KDM can be configured, GDM cannot).
echo Setup "$file" for KDM login
cp -f /etc/sysconfig/desktop "$file"

# Disable some annoying things that can be disabled by fiddling
# environment variables early in the X login process.
echo Setup "$file" disable input methods and gvfs
cp -f /etc/X11/xinit/xinitrc.d/00-aaa-me-first.sh "$file"

# Run the scripts that use xinput to adjust buttons and
# wot-not on mice when I login.
echo Setup "$file" for xinput adjustments
cat > "$file" <<'EOF'
chmod 755 "$file"

# Setup udev rules to prevent my backup disks from showing
# up in every file browser and being automounted in every
# gnome session
echo Setup "$file" disable annoying automount
cp -f /etc/udev/rules.d/99-zzz-local.rules "$file"

# Address space randomization loads shared libraries at random
# locations. The prelinker wastes near infinite amounts of
# resources adjusting shared libraries to load at fixed locations
# where they don't conflict. Having both active is utterly
# lunatic, so disable the prelinker (which has never managed
# to save as much time as it wastes anyway).
echo Fix "$file", disable prelinking
if [ -f "$file" ]
   cp -f $file $file.zeroboot
   rm -f "$tmpfile"
   sed -e 's/PRELINKING=yes/PRELINKING=no/' \
      < "$file" \
      > "$tmpfile"
   if cmp -s "$tmpfile" "$file"
      cp -f "$tmpfile" "$file"
   rm -f "$tmpfile"
   echo Missing "$file" 1>&2

# Copy in double sized console font so I can see characters on
# the screen (may not need this soon - this may have made it
# into the official packages).
echo Setup "$file" for bigger font
cp -f /lib/kbd/consolefonts/latarcyrheb-sun32.psfu.gz "$file"

# Set the default console font to use the larger font.
echo Fix "$file", default to bigger font
if [ -f "$file" ]
   rm -f "$tmpfile"
   sed -e 's/latarcyrheb-sun16/latarcyrheb-sun32/' \
      < "$file" \
      > "$tmpfile"
   if cmp -s "$tmpfile" "$file"
      cp -f "$tmpfile" "$file"
   rm -f "$tmpfile"
   echo Missing "$file" 1>&2

# Copy the old ssh host keys to the new partition so I still
# look like the same machine.
echo Fix "$dir" ssh keys
if [ -d "$dir" ]
   cp -f /etc/ssh/*key* "$dir"
   echo Missing "$dir" 1>&2

First Boot

Now it is safe to reboot into the newly installed Fedora partition and run the first boot processing.

The only thing special I do here is add my user back into the system using the advanced button so I can give the new user the same UID and GID as the old user. That way all the files on other disks will still look like they are owned by me. At this point I'm using the brand new /home directory in the new Fedora partition. Later (when I'm sure things are working well) I can mount the old /home and get back all my local user settings.

Checkpoint rpm list

An important thing to do right after installing is to save a list of all the rpm packages the initial install included:

rpm -q --qf "%{NAME}.%{ARCH}\n" -a > /zooty/info/f16-install-rpms.txt

This saves a list of the names and architecture of all the packages without cluttering things up with version numbers (which will change every time there is an update).

Later, when I am about to install the next Fedora release, I'll be able to compare the current set of packages on my Fedora 16 partition with the initial set I saved in f16-install-rpms.txt. That way I'll find out what I manually added (or removed) to get my system in production shape and do the same set of operations in the new Fedora to replicate as nearly as possible the same set of packages.

You do need to apply some judgment to this process. Packages that have been obsoleted and replaced by different software will also show up in the list of differences.

I do a new install this way because I don't trust any upgrade to do the right thing. I have occasionally tried to do an upgrade and I've always been bitten. By not upgrading my existing system, I also keep it intact and fully functional in case the new Fedora has some sort of problem on my hardware. This is also a good way to do a spring cleaning, starting fresh and not bothering to install everything if there are things I no longer need.

Final Tweaks

The remainder of the setup gets even more personal and specific for just my system. I include here a link to the plain text file of notes I try to keep up to date with everything I did to the system (the first bits of this are redundant with what I have written up above). I don't know how useful any of this would be for anyone else, but at least I can look it up on my phone while the system is down during a new install :-).


Installing final Fedora 16

Used hard disk install technique, fetching the initrd.img and vmlinuz files
from the x86_64 DVD iso image (isolinux directory) and stashing them in
/mainboot/f16. Then in the /mainboot/grub/grub.conf file added these

title Fedora 16 x86_64
        rootnoverify (hd0,2)
        chainloader +1

title Install Fedora 16 x86_64
        root (hd0,0)
        kernel /f16/vmlinuz repo=hd:LABEL=ZOOTY:/salvage/iso-images/Fedora-16-x86_64-DVD/
        initrd /f16/initrd.img

Commented out the entry for the /fedora16 mountpoint in /etc/fstab, then
rebooted and selected the "Install Fedora 16 x86_64" grub menu item.

That boots the anaconda installer, and once in the installer, found the
partition labeled FEDORA16 and reformatted and installed to it.

Once the initial install was finished, booted back into fedora 15. Have
not yet run firstboot in f16.

Relabel the fedora 16 partition (which anaconda erased the label of
when installing) as FEDORA16 and remount it on /fedora16.

Initial package snapshot

As an aid to see what extra junk I wind up installing when I want to know
what to add to fedora 17 in 6 months, used chroot to get to the /fedora16
partition and run:

rpm -q --qf "%{NAME}.%{ARCH}\n" -a > /zooty/info/f16-install-rpms.txt

Before firstboot

NOTE: I have a /zooty/projects/zeroboot/ directory now with a much
more spiffed version of a zeroboot.sh script to run instead of this.

As root, run:

/zooty/info/zerothboot.sh /fedora16

Manually fix /fedora16/boot/grub2/grub.cfg to remove junk generated
by os prober (between /etc/grub.d/30_os-prober lines).

Manually fix /fedora16/etc/default/grub to add the line

Also change sun16 to sun32 in both files.


Go ahead and boot f16 for first time after install now.

During firstboot, define user tom as uid 2304, gid 100 (users).

After logging in run (as root)

dracut --force

This will get the sun32 font into the initial ramdisk so the fonts
will look right during boot from now on.

yum install yum-plugin-downloadonly
yum -y --skip-broken update

That gets all the initial updates loaded.

Got this error:

  Updating   : 2:qemu-common-0.15.1-1.fc16.x86_64                        32/174 
Non-fatal POSTIN scriptlet failure in rpm package 2:qemu-common-0.15.1-1.fc16.x86_64
Operation failed: No such file or directory
Operation failed: No such file or directory
warning: %post(qemu-common-2:0.15.1-1.fc16.x86_64) scriptlet failed, exit status 1

yum -C erase grub ccache evolution evolution-NetworkManager \
       evolution-data-server-devel evolution-help nspluginwrapper


For ~tom and ~root directories:

rm -f .emacs profile
ln -s /zooty/home/tom/.emacs .
ln -s /zooty/home/tom/profile .

Now my fingers know how to work when running emacs as tom or as root.



Install software

The file f16-rpms.txt is left over from beta f16 and is the last set of
rpms I recorded having, so it is a good starting place for missing rpms.

sort < /zooty/info/f16-install-rpms.txt > /tmp/base.txt
sort < /zooty/info/f16-rpms.txt > /tmp/extra.txt
comm -13 /tmp/base.txt /tmp/extra.txt > /tmp/missing.txt

Edit that missing set to remove fonts (got too many of them anyway)
and all the ccur-* packages and adobe packages. Just install the
rpmfusion repos then do:

yum -y --skip-broken install `cat /tmp/missing.txt`

Got a couple of errors (I guess things changed since the beta):

Setting up Install Process
No package gdm-plugin-fingerprint.x86_64 available.
Package kpackagekit- is obsoleted by apper-0.7.1-0.4.20111021.fc16.x86_64 which is already installed
Package openoffice.org-voikko-3.1.2-5.fc16.x86_64 is obsoleted by libreoffice-voikko-3.2-4.fc16.x86_64 which is already installed

I should have enough 32 bit libs installed now for it to be safe to install
the adobe and ccur stuff and not drag in a 32 bit lib from an undesirable

yum --nogpg install \
http://redhawk.ccur.com/nightstar-lx/ccur-nstar-lx-redhat-repo-4.2-1.noarch.rpm \
/zooty/downloads/adobe/adobe-release-i386-1.0-1.noarch.rpm \

yum -y install AdobeReader_enu flash-plugin.x86_64 ccur-NightStar-LX

rpm -q --qf "%{NAME}.%{ARCH}\n" -a > /zooty/info/f16-round1-rpms.txt

OK, time to boot back into f15 and see what's been happening on the mail
front and wot-not...

OK, I'm back in f15. Let's do this:

rpm -q --qf "%{NAME}.%{ARCH}\n" -a > /zooty/info/f15-rpms.txt

comm -13 /zooty/info/f16-round1-rpms.txt /zooty/info/f15-rpms.txt > \

I don't actually see anything in that list that I can get from a repo.
The only missing stuff are things that are different in f16 or that I know
I have to get from a specail source. (nxclient from nomachine, gkrellm from
download directory, libdvdcss build from source, etc).


cp /etc/ssh/*key* /fedora16/etc/ssh/*key* (zeroboot script did this already)

merge setting from /etc/ssh/sshd_config into /fedora16 version.

cp /fedora15/etc/*hamster*.txt /etc/


First remove the useless nat networking from libvirtd.

virsh net-destroy default
virsh net-undefine default

Then reproduce the bridge setup from fedora 15:

cp /fedora15/etc/sysconfig/network-scripts/ifcfg-p6p1 \
cp /fedora15/etc/sysconfig/network-scripts/ifcfg-br0 \

chkconfig --level 35 network on
chkconfig --level 12345 NetworkManager off

cp /fedora15/etc/sysconfig/iptables /etc/sysconfig/iptables
cp /fedora15/etc/sysconfig/ip6tables /etc/sysconfig/ip6tables

cp /fedora15/etc/hosts.allow /etc/hosts.allow
cp /fedora15/etc/hosts.deny /etc/hosts.deny

cp /fedora15/etc/resolv.conf* /etc
cp /fedora15/etc/hosts /etc

reboot to make this all take effect


as user tom:

cp /zooty/home/tom/.rpmmacros ~/
rpm -ihv /zooty/downloads/libdvdcss-1.2.10-1.src.rpm
cd /zooty/build/rpmbuild/SPECS
rpmbuild -bb libdvdcss.spec

As root:

yum --nogpg install /zooty/build/rpmbuild/RPMS/x86_64/libdvdcss-1.2.10-1.x86_64.rpm

more user tom stuff

cd ~/
cp -rp /zooty/home/tom/.ssh .ssh

(Greet! After waiting 30 seconds, the ssh forwarded link to work is
back up again).

build tools

cd /zooty/info

(The above can be done via the ~/cronscripts/do-zooty-chroot script
as well without booting into new partition).

NOTE: Really need to add trollfilter and dannyboy to the build
(mail don't work without them)

Might want to add cdrtools as well.


Let's try to keep system log from filling the disk :-).


set LogLevel to "err"


Things are moving more into systemd in f16, but let's see what we have
still under chkconfig:

chkconfig --level 12345 iscsi off
chkconfig --level 12345 iscsid off
chkconfig --level 12345 libvirt-guests off
chkconfig --level 12345 nslm off
chkconfig --level 12345 openct off
chkconfig --level 12345 sandbox off

Now for systemd services which are near impossible to query...
The best you can do is: ls /etc/systemd/system/*.wants/*.service

systemctl disable bluetooth.service
systemctl disable abrt-ccpp.service
systemctl disable abrtd.service
systemctl disable abrt-oops.service
systemctl disable abrt-vmcore.service
systemctl disable avahi-daemon.service
systemctl disable chronyd.service
systemctl disable mdmonitor.service
systemctl disable lvm2-monitor.service
systemctl disable mdmonitor-takeover.service

Having disabled chronyd, need to enable ntp:

Uncomment the "restrict" line in /etc/ntp.conf so local
systems can ask zooty for the time of day.

chkconfig --level 35 ntpd on

Let's see if things still work after reboot (seem to be OK).

nomachine nxclient

Check out the nomachine web page for latest nxclient.

yum --nogpg install \

gkrellm themes

yum localinstall /zooty/downloads/gkrellm-themes-2.1.9-4.noarch.rpm


cp /fedora15/etc/exports /etc/exports

Which looks like this:


systemctl enable nfs-server.service

Note: On kvm or other client machine, add this fstab entry:

zooty:/zooty    /zooty  nfs     rw


cp /fedora15/etc/samba/smb.conf /etc/samba/smb.conf
systemctl enable smb.service
systemctl enable nmb.service

user root

cd ~root
cp -r /fedora15/root/.ssh .ssh


OMG! The world's most important hint!!!! Make fonts readable again:

cd /etc/fonts/conf.d/
ln -s ../conf.avail/10-autohint.conf .

Font designers apparently live in a world of $20,000 300 DPI displays
and the font rendering they specify is optimized for them. Turning on
autohinting (which is what linking in that config file does) makes the
computer decide how to render the fonts rather than following the
instructions only someone with a 300 DPI display could love.

You can also run dconf-editor and find something like
org.gnome.desktop.interface and change the default fonts from the new
Cantarell to something like DejaVu Sans.

Finally, there is the "Theme Font & Size Changer" add on for firefox
which allows you to bump the size of the microscopic fonts that
are in the default firefox theme.


cp /fedora15/etc/sudoers /etc/sudoers

truecrypt (a.k.a realcrypt)

cp /fedora15/usr/bin/truecrypt /usr/bin/truecrypt

That installs this script:

exec /usr/sbin/realcrypt -t "$@"

Still need the service script to make sure all mounted volumes get
unmounted when I reboot.

cp /fedora15/etc/rc.d/init.d/truecrypt /etc/rc.d/init.d/truecrypt
chkconfig --add truecrypt
service truecrypt start

mkdir /secure

Seems to work OK.

postfix part 1

service sendmail stop
edit /etc/aliases and make tom be the final alias for root
alternatives --config mta
(select # corresponding to postfix)
chkconfig --level 2345 postfix on
service postfix start




service hddtemp start
chkconfig --level 2345 hddtemp on

APC ups

It is detected by gnome-power-manager, but that doesn't seem to help
it shutdown cleanly. For that need to:

service apcupsd start
chkconfig --level 2345 apcupsd on

(the default config file in /etc/apcupsd seems to be reasonable).


pptpsetup --create ccur --server vpnflc.ccur.com --username tomh --password <p>
cp /fedora16/etc/rc.d/init.d/novpn /etc/rc.d/init.d/
chkconfig --add novpn

Hey! I should add that novpn script to the zeroboot script!

recover comment in the /etc/ppp/peers/ccur file about alternate servers


cp /fedora15/usr/local/bin/sillycalc /usr/local/bin


anacron is now installed along with cronie so you can't just
remove anything

Make sure to run /usr/local/bin/fix-anacron

cp /fedora15/etc/crontab /etc/crontab

That restores the crontab file from fedora 14 that runs the hourly,
daily, weekly, etc jobs at fixed times dammit.

service crond restart


cp /zooty/info/afteryum.py /usr/lib/yum-plugins/afteryum.py
cp /zooty/info/afteryum.conf /etc/yum/pluginconf.d/afteryum.conf


Do initial run of /usr/local/bin/fix-logwatch

fix ugly cursors

yum install bluecurve-cursor-theme (did that already)

Fix in two places:

Edit /usr/share/icons/default/index.theme

Change to say: Inherits=Bluecurve

Run dconf-editor, goto org.gnome.desktop.interface
change cursor theme to Bluecurve

GTK style

run /usr/local/bin/fix-Adwaita

more crap

rm -f /etc/profile.d/color* /etc/profile.d/PackageKit* /etc/profile.d/vim*

(That gets run in the yum hook, but run it now just to get them all).


Latest virt updates brought ksm and ksmtuned back as explicit
services, so now I can turn them off:

chkconfig --level 12345 ksmtuned off
chkconfig --level 12345 ksm off


useradd -c 'Stunnel User' -d /var/run/stunnel -M -r -s /sbin/nologin stunnel
mkdir -p /var/run/stunnel
chown stunnel:stunnel /var/run/stunnel
cp /fedora15/etc/rc.d/init.d/stunnel /etc/rc.d/init.d/stunnel
cp /fedora15/etc/stunnel/stunnel.conf /etc/stunnel/stunnel.conf
chkconfig --add stunnel

GAAH! This doesn't seem to be starting correctly with systemd. I always
have to do a service stunnel restart after the system is up. Something else
to move to rc.local I guess...


Pick up custom stuff from /fedora15/etc/rc.local
Note that rc.local moved from /etc to /etc/rc.d/

Sigh. Seems like postfix doesn't work after a reboot, add a line to
restart postfix after a delay to go with the line already there that
restarts stunnel. [Seems to work now - I can send mail immediately
after a reboot].

I think I forgot to turn on the postfix service, but if I make sure
it is enabled, it still doesn't work. It doesn't show any errors in the
maillog, but it also can't send mail. Restarting it in rc.local makes
it work OK.

Gah! httpd isn't working after reboot either. Add it to rc.local as well.
[and once again, it is now functioning correctly].

Actually, I forgot to turn on httpd. If I enable it, it does work
OK at boot time :-).


Maybe this service I have in f14 will help get stunnel working?
It looks up the names stunnel is gonna lookup early.

cp /fedora15/etc/rc.d/init.d/namedprime /etc/rc.d/init.d/namedprime
chkconfig --add namedprime


I'm using the repos for the nx server now, and nomachine for the
nxclient rpm, but need to retrieve the custom keys from f13 partition:

cd /etc/nxserver/
cp /fedora15/etc/nxserver/* .


Copy /etc/pki/dovecot/dovecot-openssl.cnf from old release in
case I need to re-gen certs

cp /fedora15/etc/pki/dovecot/dovecot-openssl.cnf \

Remember how to make new cert:

rm -f /etc/pki/dovecot/certs/dovecot.pem
rm -f /etc/pki/dovecot/private/dovecot.pem
export SSLDIR=/etc/pki/dovecot
export OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf

virtual machines

cd /etc/libvirt/qemu
cp /fedora15/etc/libvirt/qemu/*.xml .
service libvirtd restart

Gah! Windows XP machine thinks the video hardware has changed.
I submitted a bugzilla:


cp /fedora15/etc/httpd/conf.d/zooty.conf /etc/httpd/conf.d/zooty.conf

Add this bind mount to fstab:

/zooty/web-content/html /var/www/html       none    rw,bind         0 0

service httpd start
chkconfig --level 2345 httpd on

Found another one: Change the IgnoreIndex setting so I can see all the
damn files (why README files are hidden by default is more than I can


Saved original files from /etc/dovecot/conf.d/ directory in .orig~ backup
files, then modified the files to match the same changes I made in f14
comparing the files in emacs to see what differences matter and
what were just updated comments in new f15 versions. That process generated
these changes in diff -u format:

--- 10-auth.conf	2011-06-05 12:33:47.000000000 -0400
+++ 10-auth.conf	2011-06-05 12:37:10.000000000 -0400
@@ -121,7 +121,7 @@
 !include auth-system.conf.ext
 #!include auth-sql.conf.ext
 #!include auth-ldap.conf.ext
-#!include auth-passwdfile.conf.ext
+!include auth-passwdfile.conf.ext
 #!include auth-checkpassword.conf.ext
 #!include auth-vpopmail.conf.ext
 #!include auth-static.conf.ext
--- 10-mail.conf	2011-06-05 12:34:02.000000000 -0400
+++ 10-mail.conf	2011-06-05 12:37:52.000000000 -0400
@@ -28,6 +28,7 @@
 # <doc/wiki/MailLocation.txt>
 #mail_location = 
+mail_location = maildir:~/Maildir
 # If you need to set multiple mailbox locations or want to change default
 # namespace settings, you can do it by defining namespace sections.
--- 10-master.conf	2011-06-05 12:34:16.000000000 -0400
+++ 10-master.conf	2011-06-05 12:40:01.000000000 -0400
@@ -78,16 +78,17 @@
   # permissions make it readable only by root, but you may need to relax these
   # permissions. Users that have access to this socket are able to get a list
   # of all usernames and get results of everyone's userdb lookups.
-  unix_listener auth-userdb {
+  #unix_listener auth-userdb {
     #mode = 0600
     #user = 
     #group = 
-  }
+  #}
   # Postfix smtp-auth
-  #unix_listener /var/spool/postfix/private/auth {
-  #  mode = 0666
-  #}
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0660
+    user = postfix
+  }
   # Auth process is run as this user.
   #user = $default_internal_user
--- 10-ssl.conf	2011-06-05 12:34:37.000000000 -0400
+++ 10-ssl.conf	2011-06-05 12:40:46.000000000 -0400
@@ -4,6 +4,7 @@
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
 #ssl = yes
+ssl = yes
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
--- 15-lda.conf	2011-06-05 12:34:55.000000000 -0400
+++ 15-lda.conf	2011-06-05 12:43:04.000000000 -0400
@@ -5,6 +5,7 @@
 # Address to use when sending rejection mails.
 # Default is postmaster@<your domain>.
 #postmaster_address =
+postmaster_address = postmaster@example.com
 # Hostname to use in various parts of sent mails, eg. in Message-Id.
 # Default is the system's real hostname.
@@ -44,5 +45,5 @@
 protocol lda {
   # Space separated list of plugins to load (default is global mail_plugins).
-  #mail_plugins = $mail_plugins
+  mail_plugins = $mail_plugins sieve
--- auth-passwdfile.conf.ext	2011-06-05 12:35:16.000000000 -0400
+++ auth-passwdfile.conf.ext	2011-06-05 12:45:06.000000000 -0400
@@ -5,10 +5,10 @@
 passdb {
   driver = passwd-file
-  args = scheme=CRYPT username_format=%u /etc/dovecot/users
+  args = /etc/dovecot.pass
-userdb {
-  driver = passwd-file
-  args = username_format=%u /etc/dovecot/users
+#userdb {
+  #driver = passwd-file
+  #args = username_format=%u /etc/dovecot/users
--- auth-system.conf.ext	2011-06-05 12:35:33.000000000 -0400
+++ auth-system.conf.ext	2011-06-05 12:46:32.000000000 -0400
@@ -7,12 +7,12 @@
 # PAM is typically used with either userdb passwd or userdb static.
 # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
 # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
-passdb {
-  driver = pam
+#passdb {
+  #driver = pam
   # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
   # [cache_key=<key>] [<service name>]
   #args = dovecot
 # System users (NSS, /etc/passwd, or similiar).
 # In many systems nowadays this uses Name Service Switch, which is

On f16 dovecot screamed about imaps and pop3s, in dovecot.conf
fix the protocols line to read:

protocols = imap pop3 lmtp

Then salvaged files and settings from f14:

cp -p /fedora15/etc/dovecot.pass /etc/dovecot.pass
chkconfig --level 2345 dovecot on

If I reclaim old home directory, this will be preserved, but should
note these setting are also required:

Setup ~/.forward to contain the line:

| /usr/local/bin/bogoliver

Setup ~/.dovecot.sieve to contain filtering tests to classify
mail into different IMAP folders automagically.

postfix part 2

Similar to dovecot, I saved orig files in /etc/postfix, applied changes from
f14, and generated this diff -u output:

--- main.cf.orig~	2011-06-05 12:59:48.000000000 -0400
+++ main.cf	2011-06-05 13:02:57.000000000 -0400
@@ -20,6 +20,7 @@
 # is no cure for address rewriting mistakes or mail routing mistakes.
 #soft_bounce = no
+soft_bounce = yes
@@ -110,13 +111,13 @@
 # Note: you need to stop/start Postfix when this parameter changes.
-#inet_interfaces = all
+inet_interfaces = all
 #inet_interfaces = $myhostname
 #inet_interfaces = $myhostname, localhost
-inet_interfaces = localhost
+#inet_interfaces = localhost
 # Enable IPv4, and IPv6 if supported
-inet_protocols = all
+inet_protocols = ipv4
 # The proxy_interfaces parameter specifies the network interface
 # addresses that this mail system receives mail on by way of a
@@ -316,6 +317,12 @@
 #relayhost = uucphost
 #relayhost = [an.ip.add.ress]
+relayhost = []:5025
+smtp_helo_name = zooty
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options =
+smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
 # The relay_recipient_maps parameter specifies optional lookup tables
@@ -557,6 +564,15 @@
 #fast_flush_domains = $relay_domains
+smtpd_sasl_auth_enable = yes
+smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination
+smtpd_sasl_authenticated_header = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
+smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
 # The smtpd_banner parameter specifies the text that follows the 220
--- master.cf.orig~	2011-06-05 13:00:05.000000000 -0400
+++ master.cf	2011-06-05 13:04:19.000000000 -0400
@@ -18,10 +18,10 @@
 #  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
-#smtps     inet  n       -       n       -       -       smtpd
-#  -o smtpd_tls_wrappermode=yes
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+smtps     inet  n       -       n       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
 #628       inet  n       -       n       -       -       qmqpd
 pickup    fifo  n       -       n       60      1       pickup

cp -p /fedora15/etc/pki/dovecot/certs/dovecot.pem \

cp -p /fedora15/etc/pki/dovecot/private/dovecot.pem \

cp -rp /fedora15/etc/postfix/sasl /etc/postfix/sasl

Make sure system name is zooty.my.lan in /etc/sysconfig/network to make
postfix happy.

home directory

Let's go ahead and switch back to saved home directory and make fedora 16
the master I'll run by default

In /etc/fstab add the bind mount:

/zooty/home             /home               none    rw,bind         0 0

mv /home /home.orig
mkdir /home

In /mainboot/grub/grub.conf, switch fedora 16 entry to first in list.


user tom

Go ahead and turn back on tom's cron jobs:

crontab ~/profile/cron/crontab

(Seems to be working, I'm getting mail sucked up automatically
via fetchmail now).

backup & friends

mkdir /backup
cp -r /fedora15/root/cronscripts /root/cronscripts

edit fetch-updates script to use chroot for f15 and native for f16
edit rsync-exclude to exclude /fedora15, not /fedora16

rm -rf /backup/zooty-old
mv /backup/zooty /backup/zooty-old
mkdir -p /backup/zooty/latest
chmod 777 /backup/zooty
mv /backup/zooty-old/cb* /backup/zooty
mv /backup/zooty-old/latest/zooty /backup/zooty/latest

ln -s /root/cronscripts/rsync-backup /etc/cron.daily/zzz-rsync-backup
ln -s /root/cronscripts/fetch-updates /etc/cron.daily/fetch-updates

Also I have this to keep a snapshot of installed rpms:

ln -s /zooty/info/daily-rpm /etc/cron.daily/daily-rpm


cp /fedora15/etc/lirc/lircd.conf /etc/lirc/lircd.conf
chkconfig --level 35 lirc on
cp /fedora15/var/www/cgi-bin/lirc.cgi /var/www/cgi-bin/lirc.cgi

[Nah, I was just playing with this, leave it off on restore]


cp /fedora15/var/www/cgi-bin/traffic-cams /var/www/cgi-bin/traffic-cams

bash bullshit

Observe what happens when I hit TAB after typing cd /zoo

zooty> cd /zoobash: cd: cd: No such file or directory

Another piece of crap to add to after-yum-hook:

rm -f /etc/profile.d/*completion*


3rd party epson drivers for artisan 725:

(from http://avasys.jp/eng/linux_driver/download/lsb/epson-inkjet/escp/)

Also get required scanner packages from:


cd /zooty/downloads/epson
yum install redhat-lsb-printing *.rpm [No! Don't install iscan!]

OK, now turn on the epson printer and see what happens.

Nothing (didn't really think it would auto detect a network printer
via udev :-).

Run system-config-printer and add new network printer (that found it OK).
Adjust settings to Letter rather than A4, then print test page (seems to work).

The iscan stuff doesn't work, and in fact the artisan 720 series is
absent from the list of iscan network supported scanners, so I guess
I should just remove the iscan software.

yum -C erase iscan iscan-data iscan-network-nt

The sane interface also doesn't work on the network, so I guess I
have to use the XP virtual machine if I want to scan (or just scan to
the thumb drive from the front console).

But wait!!! I found this web page which has magic voodoo for getting
scanner to work over network:


1. Install the iscan rpms listed above.
2. edit /etc/sane.d/epkowa.conf and fix the "net" line to read:
   net epson.my.lan 1865
3. edit the /etc/sane.d/dll.conf and comment out epson2:
4. edit /usr/share/iscan-data/fs-blacklist and comment out:
   #fs-blacklist Artisan 700

By golly, after I do that, xsane seems to work!

That is until I try to scan something at high resolution, at which
point it hangs forever :-(. It works better, but I still need to use
windows to do real work...

Now add the HL-2040, use the Foomatic/hpijs-pcl5e since the one
the database says is recommended never works. Also need to
set paper size to Letter instead of A4.

That gets the two "real" printers redefined from scratch.

Now build virtual printer back ends:

cd /zooty/downloads/cups-pdf/
sh -x ./build-em (as root)

http://localhost:631/ to configure them:

pngprint (Virtual PNG image printer)
Location to disk
600 dpi

Virtual_Printer (PDF Printer)
Location Local Printer
600 dpi


I have nothing else to do in my list. Maybe I'm switched to f16 now?
I'll see how it goes and if I run into missing stuff...

services again

Apparently I forgot to disable sendmail and enable postfix and also
forgot to enable httpd, so let's do that and comment out the new
rc.local lines I added and see if things work OK when I reboot again.

KVM disk perf

I'm currently trying to compress my winxppro VM (by first expanding
it), and it is taking forever...

-rw-r--r-- 1 qemu qemu 3538087424 Nov 12 16:48 winxppro.img

-rw-r--r-- 1 qemu qemu 9181790208 Nov 12 19:49 winxppro.img

3 hours managed to write 5643702784 bytes
31,353,904.36 bytes per minute
522,565.07 bytes per second

Still got a ways to go (truely there are snails here).

-rw-r--r-- 1 qemu qemu 16061956096 Nov 12 23:19 winxppro.img

Took a total of 7 or 8 hours (don't remember as far back as when I
started :-).

Tomorrow: Move base file to winxppro.img, rescan hardware to
get audio working again, then make new winxppro.img based
on the fixed base file and run the update to recreate
all the hogs so they will have sound too.

I tried updating the scsi virtio driver and that makes windows bluescreen,
so I guess the "latest" version is too new or has bugs or something.

I tried the fedora 15 version as well (virtio-win-0.1-mm34.iso) and
it bluescreens the same way.

Yow!!! Finally got the new disk driver to install. Need to block
XP at every turn when it wants to be helpful and finally get to the
final "Have Disk" screen for driver updates and point directly
at the windows XP version of the viostor driver. Apparently the
"helpful" XP find the wrong driver and that is why the bluescreens.

Anyway, now I'm trying different options to see which one has the
best performance. My technique is to start with a totally fresh
winxppro.img file, boot up with the desired options, and run
sdelete -c in the KVM, at the same time starting the command

sleep 600 ; virsh destroy winxppro

in a root shell on the host and see how big the winxppro.img file grows
in those 10 minutes.

All default options:

-rw-r--r-- 1 root root 423296512 Nov 13 16:27 winxppro.img

With virt-manager set to cache=none mode:

-rw-r--r-- 1 root root 12813860864 Nov 13 16:44 winxppro.img

Great Googly-Moogly! I'd say cache=none is just a tad faster :-).

Let's try cache=writeback now:

-rw-r--r-- 1 root root 14574551040 Nov 13 16:58 winxppro.img

And we have a new weiner! Now let's try the final option

-rw-r--r-- 1 root root 312606720 Nov 13 17:13 winxppro.img

That option may be the same as "default", in any case, it definitely
sucks as well.

Looks like cache=writeback is my best bet.

Let's stick with writeback in KVM and now try the other options
inside the KVM.

The default inside the kvm appears to be:

   Optimize for performance + Enable write cacheing on the disk

Let's uncheck the "Enable write cacheing on the disk" option and try again.

-rw-r--r-- 1 root root 14584643584 Nov 13 17:26 winxppro.img

A tiny smidge better than previous writeback test, but probably not

Now let's try the final "Optimize for quick removal" setting inside
the KVM and see what happens:

-rw-r--r-- 1 root root 14584643584 Nov 13 17:43 winxppro.img

Actually, those last two apparently ran so fast that the disk image got
completely filled with zeroes before my 10 minutes were up. Let's try them
again with only 5 minutes.

5 minute Try 1: Just writeback, no change to internal XP defaults:

-rw-r--r-- 1 root root 13242662912 Nov 13 18:09 winxppro.img

5 minute Try 2: writeback plus uncheck the "Enable write cacheing on the disk"

-rw-r--r-- 1 root root 12884901888 Nov 13 18:17 winxppro.img

5 minute Try 3: writeback plus "Optimize for quick removal"

-rw-r--r-- 1 root root 11880497152 Nov 13 18:26 winxppro.img

So it looks like my best performance is with cache=writeback in the
virtual machine definition, and default disk settings inside the
Windows XP machine itself. (Which I have now done for all my VMs).

fedora 15

Chroot over to the fedora 15 partition, fiddle the symlink
documented in /etc/inittab to boot multi-user rather than

Remove the symlinks in /etc/cron.daily added for updates and

Remove the /var/spool/cron/tom crontab file.

web page

Fixup the /var/www/html/index.php file to be more up to date
with the current state of the system.

more crap

I keep accidentally typing mc instead of mv and being jerked off into
incomprehensible curses based file manager. Make it stop:

yum -C erase mc

The log file keeps filling up with failed dbus requests to start
NetworkManager even though it is disabled. The pcscd daemon seems to be
running even though I disabled it, so I'll teach both of 'em:

yum -C erase pcsc-lite NetworkManager

Apparently the pcscd thing is more "helpful" software:


As near as I can tell from the description in there, now that systemd
exists, anything on the system that says "I wonder if there is a smart card
reader I ought to talk to" will wind up "helpfully" starting the pcscd

I used to be able to disable it, but now I have to follow up disabling
with driving a stake through its heart by completely removing it as well :-(.

systemd drivel

There are tons of these messages in the log files:

Nov 18 19:59:01 zooty systemd-logind[936]: New session 413 of user tom.
Nov 18 19:59:02 zooty systemd-logind[936]: Removed session 413.

the rsyslogd filtering should be able to get rid of them:

Make a new file: /etc/rsyslog.d/systemd-drivel.conf

:programname, isequal, "systemd-logind" ~
:msg, contains, "Activating via systemd" ~
:msg, contains, "Activation via systemd failed" ~
:msg, contains, "org.freedesktop.systemd" ~

(While I was in there, tossed in a few more rules to get rid
of other less frequent but still annoying clutter messages.)

more services

I see auditd running and spawning off some selinux crap. I also
see mcelog running. I don't think I need either.

/etc/default/grub - add audit=0 to kernel args

/boot/grub2/grub.cfg - do the same

chkconfig --level 12345 auditd off
chkconfig --level 12345 mcelog off


Stupid selinux policy updates keep taking forever to apply. Let's
run the find-selinux script and see what I can get rid of.

These could be erased without taking the whole system with it:

yum -C erase setroubleshoot \
setroubleshoot-plugins \
setroubleshoot-server \
setools-libs \
setools-libs-python \
policycoreutils-python \
policycoreutils-sandbox \
setools-console \
selinux-policy-targeted \
checkpolicy \
policycoreutils \
selinux-policy \

Also add this to /etc/yum.conf:
exclude=selinux-policy-targeted selinux-policy

zooty disk

Poor old /zooty disk up and died on me (gives me something to kill time
playing with on the Thanksgiving holiday :-). I restored the backup to
/space and renamed /space to /zooty and I'm up and running again, but I had
to redo the port of the virtual machines to f16 since I hadn't backed them
up in a while (they are backed up now :-).

Probably have more stuff I ought to install on the VMs (like the
epson artisan software, photoshop, other things).

I probably eventually want to replace it with one of those 3TB 5400 rpm
Hitachi drives with the 6GB/s interfaces, but wait a while till the prices
come back down after the flooding out of all the disk factories.  (Early
guesses by CEO of Seagate is the end of 2012 before everything is normal


Check out http://cdrecord.berlios.de/private/cdrecord.html for
the latest version of the real honest to gosh working cdrecord
tools, download and build from source.

unpack, cd, gmake, sudo gmake install

Everything is now under /opt/schily/bin


There was a bug in the initial bash rpm shipped with fedora that
removed /bin/bash from /etc/shells even on an update.

yum reinstall bash

will reinstall bash from scratch and fix /etc/shells.


yum install libpaper
echo Letter > /etc/papersize

At last! Furshlugginer libreoffice paper size finally defaults to Letter!


This stuff was all inherited by restoring home directory, but the
details are left here in case I need them again (like just now when
I found I had to make a new ~/.mozilla directory to get the weather
radar to function again).

greasemonkey and the autocomplete on greasemonkey script fix problem
with ccur webmail.

Also need to install the Sidebar Bookmark Selector addon in order to
get rid of annoying crap developers decided I needed in the bookmarks
sidebar window.

Found the "My Stuff" bookmarks were stashed up in the bookmarks toolbar
I was able to get rid of with the above addon. Created a real "My Stuff"
folder and moved them to it. Now all my bookmarks are back.

Eradicate stoopid bookmark search box in sidebar:

cat > ~/.mozilla/firefox/*.default/chrome/userChrome.css
    /* Bookmarks sidebar: hide "Search:" */
    #bookmarksPanel > hbox  { display: none !important } 

In about:config

set browser.startup.homepage_override.mstone to "ignore"

to stop annoying "what's new" page popup on every update.

set browser.sessionstore.resume_from_crash to false

to stop annoying "reload session?" popup after abnormal termination.

set browser.tabs.insertRelatedAfterCurrent to false

to stop insane tab ordering

set browser.urlbar.formatting.enabled = false

to stop blindness when reading address

set browser.urlbar.trimURLs = false

to leave all the fucking information in place

set browser.tabs.autoHide = true

to get rid of tab when I only have one

look for ipv6 config and disable it as well (runs faster and better sometimes).

GACK! Firefox be busted in f13. If I try to install "too many"
plugins it just starts exiting with status 1. It works with
just the flash plugin. Looks like the culprit is greasemonkey.

This was a bug with symlinks, changed /home to a bind mount
of /zooty/home instead of a symlink.

Friday the 13th

Grrr Aargh - came home Friday Apr 13, 2012 and the SSD disk was
scrogged. Tried powering off and back on and it worked for a while
then failed again.

So I swapped in a disk from one of the other systems I never
actually use (rebo) and reinstalled f16 on it.

When trying to restore everything, I noted that mail was screwed up because
I don't have /usr/local/bin/dannyboy and /usr/local/bin/trollfilter
installed. I need to add them to the build all script.

P.S. This turned out to be the infamous 5184 hours of operation
bug in the 0009 firmware for the Crucial SSD drive (and my drive
was running that long right on Friday the 13th :-).

New firmware got it going again, so SSD drive is back in zooty.

Looks like I also left isopack out of my list. Need to add it to buildall.


Need to add /etc/udev/rules.d/60-avrisp.rules:

SUBSYSTEM!="usb_device", ACTION!="add", GOTO="avrisp_end"

# Atmel Corp. JTAG ICE mkII
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2103", MODE="660", GROUP="dialout"
# Atmel Corp. AVRISP mkII
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2104", MODE="660", GROUP="dialout"
# Atmel Corp. Dragon
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2107", MODE="660", GROUP="dialout"


avrdude can't see programmer otherwise.

On a related note: Turns out I also have to provide power to the arduino
board for the programmer to work.
Game of Linux Entry Game of Linux Site Map Tom's Fabulous Web Page
Page last modified Sat Jun 15 17:37:15 2013