December 6, 2008

Installing Fedora 10

Finally whacked my old Fedora 7 install and I’m starting over with a fresh install of Fedora 10. Some things I ran into:

  • I’ve got this fairly bizarre setup where my desktop has two NICs that need to be bridged. Fedora 10 throws out the old network service in favor of NetworkManager. However, the release notes pretty much tell you that NetworkManager isn’t for people that want bridging. No problem, just switch back to the old network service.

    I copied in my F7 ifcfg-* files verbatim and things seem to be working.

  • Either I’m on drugs or F7 used to rename network interfaces based on the HWADDR variable in your ifcfg-* files. In any case that doesn’t happen on F10: instead it just says “this MAC doesn’t match the MAC on the interface!” and doesn’t do anything at all with that interface. (Welcome to a bridge device trying to DHCP with no slave interfaces.) The new way of doing this isn’t bad, though: edit /etc/udev.d/rules.d/70-persistent-net.rules and set the NAMEs you want.

  • Apparently RPM Fusion is the new hotness: Freshrpms, rpm.livna.org, and “Dribble” (never heard of it) collaborating together for a single third-party RHEL/Fedora repository. At this point in my re-installation this sounds good to me: I used Freshrpms and rpm.livna.org together before, and I did have some confusion around whose packages were better. Unfortunately it sounds like there was some disagreement over the people running RPM Fusion (and maybe EPEL?) so Dag, Dries, and ATrpms are still around. There was RPMForge, but now they seem to have tucked that into rpmrepo along with ATrpms and some vague reference to “the CentOS project”.

    O, the confusion.

    Anyway, I’ve configured the RPM Fusion repositories in Yum via their directions. I also installed yum-protectbase, per a guide’s suggestion not to clobber Fedora base package. (We’ll see how that works out as I go on.)

  • Installed the NVIDIA binary drive for my GeForce 6500 (no, not a typo of 6600) from RPM Fusion. Pulled in stuff including system-config-display, which doesn’t want to run. I get an error like AttributeError: 'NoneType' object has no attribute 'device'. My gut tells me this is temporary breakage in Fedora, but I really haven’t investigated it much. I started with some directions on installing the NVIDIA driver in Fedora and went from there. Process was something like:

    1. yum install kmod-nvidia
    2. Ran livna-config-display, found that it picked the correct settings.
    3. Reboot to make sure I get the NVIDIA driver. (I did.)
    4. Find out that system-config-display won’t be helping me set my resolution, et al today.
    5. Find that /etc/X11/xorg.conf doesn’t describe much of anything: only sections were Files, ServerFlags, and Device (probably added/modified by the driver package), and Extensions.
    6. Find my xorg.conf which I backed up from Fedora 7 and copy its sections for the Monitor and the Screen into F10’s xorg.conf.
    7. Log out and back in to get new settings.

    After that everything was right as rain. Moving on.

  • Actually, while I was in there I also added the config section for my PS/2 Microsoft IntelliMouse Explorer through my KVM. (My KVM apparently screws up the mouse signals, so Linux/X sees some extra buttons when I use the scroll wheel. Maybe I should get a new KVM.)

    Re-using the mouse stanza from my F7 xorg.conf proved more difficult than I thought. I had to add a couple ServerFlags:

    Option      "AllowEmptyInput" "off"
Option      "AutoAddDevices" "off"

    Apparently new X.org wants to ask hal what your input devices are, so without turning AllowEmptyInput off Xorg will just ignore anything using the mouse driver. Of course, after just turning off AllowEmptyInput and with just my mouse stanza in xorg.conf I started getting all my mouse inputs happening twice; that is, click once and you get a double click. This is because it was auto-detecting my mouse and also using my explicitly configured mouse. So then you have to turn off AutoAddDevices. Note that this probably means plugging in new input devices won’t make them “just work” in X.org, but that’s purely speculation.

    Of course, after adding the two above I found out that I didn’t have a keyboard anymore, so I had to copy in the keyboard InputDevice stanza from my old F7 xorg.conf as well.

    Are we having fun yet?

  • Oh, and I also added DontZap, which probably exists primarily for the benefit of Emacs users.

  • I spent hours toying with Compiz Fusion configuration. (I was doing it through gconf-editor, but I’m told ccsm is a good configuration tool for Compiz Fusion–not installed by default, at least on my box.)

    To use Compiz Fusion you have to turn on “Desktop Effects.” Compiz Fusion plugins I’m using: core, glib, gconf, dbus, png, svg, text, video, screenshot, place, minimize, wall, move, resize, switcher, scale, decoration, resizeinfo, snap, vpswitch, scaleaddon, showdesktop. Note that order can be important: text needs to come before scaleaddon.

    • Between wall, scale/scaleaddon, and showdesktop, I’ve got keys basically just like Expose.
    • switcher switches more or less like I want it (i.e. like Sawfish.
    • place could stand to be a little smarter but I’ll live.
    • Note that you don’t need wobbly (too much eye candy, methinks) to get window snapping, you just need snap.
    • vpswitch lets you go jump directly to specific virtual desktops, so I can have C-1 through C-4 just like I do with Spaces.
    • resizeinfo fulfills my need to see my terminal geometry while I’m resizing it.

    All in all I’m pretty happy. There are even ways to do things like bring up the run dialog. One thing I would like to see fixed is the title filtering in scaleaddon: apparently broken, though I think someone might have realized this per some Googling I did.

    For now, no Sawfish for me.

    (I will note here that my Super (i.e. Windows) key seems to be behaving strangely in some applications. For example, if I try to make <Super>n open a new terminal in gnome-terminal, it secretly makes it so any time I hit n I open a new terminal. Duh.)

It was about this time that I decided to try and switch from writing this entry on my MacBook to writing it on my new F10 box. This meant I had to get at least Emacs and Pandoc working, and that probably meant that I was going to need Firefox to work so I could download/configure those things.

  • Funny thing: the proverbial “last straw” that led me to upgrade Fedora was that I wanted Firefox 3 and Weave. Unfortunately F7 was old enough that I just had Firefox 2.x. The Firefox 3 binaries from getfirefox.com wouldn’t run Weave, complaining that Weave couldn’t initialize its crypto module (WeaveCrypto.so). So I figured I’d just upgrade to a distribution that has Firefox 3 by default.

    I bet you can already guess where this is going.

    I fired up Firefox, installed Weave, restarted Firefox and… same error about not being able to load the crypto module. Go to the Weave Forums, see that a new Weave seems to be out (finally): Weave 0.2.92. Cool! Lets read the notes:

    1. This is the first release after some really major changes, so expect rough edges (even more than usual).
    2. Only bookmarks sync is currently implemented.
    3. You will need to set up your own instance of the 0.3 server.

    I’m thinking some really harsh things right now. I really just want Google Browser Sync back. I don’t have any right to bitch about nice people doing a somewhat complicated task and doing it entirely for free; but I will say that it’s a really big deal for me to be able to keep Firefox synchronized between the 2-4 computers I use it on.

    I will simply say: Weave is nowhere near ready for prime time–just like (I believe) it advertises, if only through the version number.

    So fuck it: I’m now a Foxmarks user. They just added password synchronization, and most importantly the shit seems to work on both my Mac and this new F10 install. Now all I think I want is cookie synchronization (I like for my login cookies to get propagated around, it makes for nice “seamless” browsing when I switch which computer I’m on).

  • So I know that one of the few packages I elected to install right at install time was Emacs. Lets start it up. WTF, where is my 10×20 font? Turns out I had bitmap-fonts installed, but I couldn’t use them (except for a few sizes–WTF?) until I installed the xorg-x11-fonts-misc package. (In fact, now that I look at that package, I’m not sure bitmap-fonts is important here at all, since xorg-x11-fonts-misc seems to have 10x20 font files itself.)

  • Time to get Pandoc installed, which means getting Haskell stuff. I use Pandoc to convert between Markdown and HTML: I compose blog posts in Markdown, then convert to HTML before uploading to WordPress (all in Emacs, of course). When I want to edit a post, I use Pandoc to convert from HTML back to Markdown. So far it’s working pretty well, and it gives me the option of using syntax highlighting. I’ll probably have a longer post about Pandoc (and Haskell) in the future.

    Today I just want the pandoc program. I’ve got a couple patches against Pandoc so I don’t even bother to check if it’s in one of my configured repositories. I did yum install ghc.

    No cabal-install in Yum. (It was in MacPorts, which made my first installation of Pandoc somewhat easier.) The Real World Haskell book apparently has instructions on installing cabal into your home directory. Don’t follow these! What they don’t tell you is that you can just go grab cabal-install (conveniently the last package on their list…) and run its bootstrap.sh script, which nicely leaves you with ~/.cabal/bin/cabal.

    Pandoc needs utf8-string, zip-archive, and highlighting-kate. zip-archive needs the zlib-devel RPM installed, and highlighting-kate needs (indirectly) pcre-devel; so yum install zlib-devel pcre-devel. Then I can just cabal install utf8-string zip-archive highlighting-kate. Now I can compile Pandoc. This worked well.

Now I’m blogging on my F10 install. Hooray. But now I want some tunes.

  • F10 comes with amarok-1.98-1.fc10. As far as I can tell this entirely unusable. For example, I could never get the Phonon backend for Xine to work properly. Fedora aside, looks like I’m not the only one having problems with Phonon and Amarok. Woe be on to me for not running KDE? Perhaps.

    In any event I think this was a serious boner on the part of the Fedora maintainer. Amarok 1 was a very popular, and very feature-full application. To toss it out for the barely functional beta of the next version at this point seems foolish.

    Thankfully some kind soul made Amarok 1.4 RPMs for Fedora 10. yum localinstall these. Don’t forget to add something like exclude=amarok to, say, /etc/yum.conf so your nice working Amarok doesn’t get clobbered by the new broken Fedora one.

    If you then want to change your fonts in Amarok, you need to change them in the KDE theme. Where the fuck did kcontrol go? No idea. Someone posted a little snippet to go into your ~/.kde/share/config/kdeglobals file to change the fonts in Amarok (and KDE3?). I just used Sans Serif instead of UnDotum and changed 10 to 12 to get bigger fonts.

  • Somewhat surprisingly, sound basically worked. I managed to do a minimal enough installation that I didn’t even have the Gnome mixer, gnome-volume-control. Needed to install gnome-media for this, as well as aumix. Then I could turn up my volume, set my mixers appropriately, etc. Amarok worked with the ALSA output. Not sure if PulseAudio is involved here or not.

  • I’ve actually been using mDNS ever since I got a Mac. To enable this I:

    1. Went into system-config-firewall and opened the mDNS port (UDP 5353 IIRC).
    2. Installed nss-mdns, which nicely adds the appropriate configuration into /etc/nsswitch.conf.
    3. Restarted nscd (I use LDAP, lookups take too long if they’re not cached) and then ran nscd -i hosts to clear out the cached negative responses from my earlier tests.

  • Of course, shortly after using system-config-firewall, I decided it will still be easier in the long run to just maintain my iptables rules in a shell script, like I always have. So no more use of system-config-firewall for me.

  • My e-mail comes to me through a relay via SMTP. Delivery happens the good ol’ Unix way, through through mailfilter instead of procmail. I mostly copied the old setting from my F7 setup. I did remove Exim in favor of Postfix. (Exim, not Sendmail by default now, I guess?) TMDA was in Fedora, which is nice, and so was mailfilter. I also grabbed all the usual suspects like SpamAssassin, ClamAV (and set up a clamd for it), Razor, and Pyzor. (I don’t think Pyzor is working, due to failing sort of messages in /var/log/maillog. Oh well.)

    Everything pretty much worked smoothly. Only catches were SELinux stuff. Needed to restorecon -Rv /var/run/clamd.local /usr/sbin ~ to get all the contexts right. I also needed the following policy:

    policy_module(localmail,1.0.2)

require {
        type postfix_local_t;
        type unconfined_t;
}

clamav_stream_connect(postfix_local_t);
spamassassin_exec_client(postfix_local_t);
mta_send_mail(postfix_local_t);

# This is probably way too broad, but I don't understand how to fix it
# and Google isn't helping.  So long, security!
allow postfix_local_t unconfined_t:unix_stream_socket connectto;

    Apparently the newer SELinux stuff comes with the policy sources and development Stuff on-board? In any case I had /usr/share/selinux/devel/Makefile already, so it was a snap to make the policy and then semodule --install it.

  • Installed a bunch of media players. I used an mplayer-codecs RPM I made for the all-20071007.tar.bz2 bundle of MPlayer codecs.

    I will mention one thing I ran into while building the MPlayer codecs:

    *** ERROR: No build ID note found in
    .../mplayer-codecs-20071007-1.fc10.i386/usr/lib/win32/vid_h263.xa

    Turns out this is some new feature semi-recently shoved in to find-debuginfo.sh, which is part of the normal process for building an RPM. To skip this check for this big tarball of binaries, I put %undefine _missing_build_ids_terminate_build at the beginning of the spec file.

  • Installed Flash. (In case you can’t tell, I’m digging Mauriat Miranda’s guide. It’s reducing the task of reinstalling from actual thought to copy/paste.)

  • I copied over my .purple directory from my F7 install and expected to start Pidgin up and get going. Wrong: the #1 protocol I use on this box is Bonjour, and it didn’t work. Oddly, other PCs were seeing my announcement, but no one came up on my buddy list. Running Pidgin from the console (in debug mode? I can’t remember now) showed that it was refusing messages from anyone that wasn’t on my buddy list; as I just mentioned, that effectively meant it was refusing messages from everyone.

    This turns out to be a pain in my ass: they apparently found an insecure configuration in DBus, and the fix was to lock down what types of messages can be sent back in response to a DBus message (as far as I can tell, which may not be very far). For more information, see:

    The “broken services tracking bug” doesn’t list Avahi yet, but sure enough the DBus change breaks Avahi as well as all those other things listed. Pidgin/libpurple depend on Avahi to tell them who’s announcing presence (Bonjour) capabilities. No response from Avahi, no buddies in Pidgin.

    There is a quick, dirty, and insecure fix to the DBus problem which basically un-does the security fix as far as I can tell. Far from ideal, but (A) I don’t think that I’m particularly vulnerable, unless Fedora sucks in a malicious package, or unless I give someone else access to my box (ergo DBus); and (B) an local security problem is better than a box where a bunch of shit (i.e. Pidgin) doesn’t work.

  • VMware installed pretty easily, except in 6.5 you don’t have /usr/bin/vmware-config.pl anymore. Now you apparently do sudo /usr/bin/vmware-modconfig --console --install-all. Network configuration is (I guess) done with sudo /usr/bin/vmware-netcfg. My XP VM is booted and running, so I guess it can’t be that bad.

Post script: I started this installation Saturday, December 6th, and I’m posting this on Wednesday, December 10th. Sigh.

22:04 | 1 comment | Permalink | Tags: , ,