Skip to content

Fedora

Jump to bottom
Gabor Szarnyas edited this page Sep 29, 2022 · 112 revisions

Notes for configuring Fedora and also GNOME.

Packages

Some important packages for an initial install:

sudo dnf install -y \
  boost-devel cargo clang cloc cmake code compat-openssl10 dconf docker docker-compose ffmpeg \
  gimp gitk go gparted gthumb guile22 hexedit htop inkscape julia maven mc meld mercurial neofetch \
  nodejs npm ocaml okular pandoc powerline-fonts qbittorrent qdirstat recode remmina rust \
  simplescreenrecorder slack snapd subversion texlive-scheme-full the_silver_searcher datamash \
  vim vlc wdiff wondershaper xclip xmlstarlet zsh zstd R R-Rcpp-devel Rstudio-desktop \
  smartmontools tldr pv ntpdate fzf wl-clipboard sysstat \
  BibTool \
  glibc-devel-static \
  python3-pip virtualenv \
  linux-libertine-fonts \
  ftp

Hungarian language pack for LibreOffice:

sudo dnf install -y libreoffice-langpack-hu

And, of course:

sudo dnf install -y asciiquarium aalib cmatrix toilet cowsay lolcat

Bootstrapping an EC2 Fedora box

sudo dnf install -y tmux

# go to tmux
# SELinux can get in the way of benchmarking, consider disabling it
echo "sudo setenforce 0" >> ~/.bashrc
sudo dnf upgrade -y
sudo dnf install -y \
  htop git wget zstd docker mc vim the_silver_searcher nmon bmon fzf \
  maven \
  python3-pip
sudo gpasswd -a ${USER} docker
# use `newgrp` or reboot
sudo reboot

# mount NVMe disk
export NVME_DEVICE=/dev/nvme1n1
sudo mkfs -t ext4 ${NVME_DEVICE}
sudo mkdir /data
sudo mount ${NVME_DEVICE} /data
sudo chown -R ${USER}:${USER} /data
sudo systemctl stop docker
sudo mkdir -p /etc/docker
echo '{ "data-root": "/data/docker" }' | sudo tee /etc/docker/daemon.json > /dev/null
sudo systemctl start docker
docker run hello-world

Wayland

Things that do no work on Wayland:

  • The Dropbox desktop app says "Connecting..." but otherwise it works and shows notifications for changes.
  • Screenshots and screen sharing might be problematic out-of-the-box (e.g. Zoom screensharing only allows sharing a desktop but not an individual window).

GNOME

Drag and drop does not work under Wayland for decompressing archive (file roller)

It indeed doesn't work, see: https://gitlab.gnome.org/GNOME/file-roller/-/issues/4

Show hidden files

Nautilus does not show hidden files by default and Ctrl + H only reveals them temporarily. To change this, run:

gsettings set org.gnome.nautilus.preferences show-hidden-files true

Switching between windows

By default, Alt + Tab does not cycle between windows of the same application. To amend this, install dconf-editor and follow this guide.

$ sudo dnf install -y dconf-editor

Search for org/gnome/desktop/wm/keybindings, then delete '<Alt>Tab' under switch-applications and add it to switch-windows.

Screenshot (Shutter/Collabshot/... alternative)

Up to Fedora 34

As suggested, install xclip and try the following in the console:

TIMESTAMP=$(date "+%F %H-%M-%S"); gnome-screenshot -acf "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" && cat "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" | xclip -i -selection clipboard -target image/png

If this works, go to Keyboard shortcuts and assign the following command to a hotkey such as Ctrl + Shift + P:

bash -c 'TIMESTAMP=$(date "+%F %H-%M-%S"); gnome-screenshot -acf "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" && cat "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" | xclip -i -selection clipboard -target image/png'

On Wayland, use wl-copy:

bash -c 'TIMESTAMP=$(date "+%F %H-%M-%S"); gnome-screenshot -acf "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" && cat "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" | wl-copy'

Fedora 35+

The gnome-screenshot tool no longer works in Fedora 35. An alternative is to use the GNOME Screenshot UI as suggested in Fostips and Reddit:

sudo dnf copr enable yalter/gnome-shell-screenshot-ui
sudo dnf upgrade

Reboot and configure the hotkeys in Settings | Keyboard | Keyboard Shortcuts.

Screen has a blue tint

  • Problem: The entire desktop has a blue-ish tint which is painted on every window.
  • Solution: It seems to be that the problem is that when resizing an application to full screen (which is foreshadowed by a blue rectangular on the desktop), it isn't resized but gets stuck in an illegal state. The solution is to try resizing another window, which usually causes the window manager to jump out of the illegal state. See also: source.

Skype

Webcam/microphone are not detected -- solution:

sudo sysctl -w fs.inotify.max_user_watches=12288

If it works, also provide it as a configuration file:

sudo vim /etc/sysctl.conf

Add:

fs.inotify.max_user_watches=12288

Zoom

Using the default configuration with a single full HD display, Zoom started magnified to 2x. As suggested, edit the Zoom configuration file (depending on the installation, might be at ~/.config/zoomus.conf or under ~/.local/share/applications/us.zoom.Zoom.desktop) and set:

autoScale=false

Then, restart the application.

SELinux

To access files (such as certificate and key files for OpenVPN), you might have to relabel (bits of) your home directory with: restorecon -R ~

OpenVPN

SELinux blocks OpenVPN. As suggested:

First, check the logs with.

sudo journalctl -f

Jul 15 23:31:21 localhost.localdomain nm-openvpn[53696]: Options error: --ca fails with 'cert-file.crt': Permission denied (errno=13)

The logs have suggestions on how to fix the problem. I ran:

sudo semanage fcontext -a -t home_cert_t cert-file.crt
restorecon -R -v cert-file.crt

And did the same for the .key file as well.

Mounting files for Docker

SELinux prevents Docker from mounting files. To fix this:

chcon -Rt svirt_sandbox_file_t file_or_dir_to_mount

Or add the :z modifier as described in the Docker documentation:

docker run ... -v "$(pwd)"/target:/app:z ...

(Where /app is the directory on the host machine to mount.)

Snap gets blocked

Snap commands such as sudo snap refresh can get blocked by SELinux:

SELinux is preventing snapd from read access on the directory /home/runner.

Solution:

sudo chcon -Rt user_home_dir_t /home/runner
restorecon /home/runner

Change filetype associations

For example, suppose you want to open all video files with VLC:

sudo sed -i 's/vlc.desktop;//g' /usr/share/applications/mimeapps.list
sudo sed -i 's/org.gnome.Totem.desktop;/vlc.desktop;/g' /usr/share/applications/mimeapps.list
sudo sed -i 's/totem.desktop/vlc.desktop/g' /usr/share/applications/mimeapps.list
sudo dnf remove -y totem

PostgreSQL

Install Postgres with:

sudo dnf install postgresql postgresql-server

Before running the database first, you have to initialize it with:

sudo /usr/bin/postgresql-setup --initdb

Set the access control as described in https://developer.fedoraproject.org/tech/database/postgresql/about.html.

ldconfig does not find files under /usr/local

A process might return cannot open shared object file: No such file or directory even though the compilation went fine and sudo ldconfig was issued. As per this answer, the problem is that Fedora does not index this directory by default. To amend this, add the following lines to /etc/ld.so.conf, then rerun sudo ldconfig:

/usr/local/lib
/usr/local/lib64

Moving windows between monitors

  • Problem: The default GNOME hotkeys for moving windows between monitors/displays are:

    • Shift+Super+Left: Move window to leftward monitor and
    • Shift+Super+Right: Move window to rightward monitor.

    However, these stopped working sometime in Oct 2021 (GNOME 40). The same issue persisted with GNOME 41. Other hotkeys (view split on the left/right) continued working.

  • Solution: Use dconf-editor to edit the following keys in /org/gnome/desktop/wm/keybindings/:

    • move-to-monitor-left
    • move-to-monitor-right

    Uncheck the "Use default value" option but kept their default values (['<Super><Shift>Left'] and ['<Super><Shift>Right'], respectively).

(See the related Reddit thread.)

Firewall

I had trouble setting up the network for QEMU virtual machines:

Could not start virtual network 'default': error from service: changeZoneOfInterface: COMMAND_FAILED: 'python-nftables' failed: ...

The problem can be reproduced from the command line by simply issuing:

sudo firewall-cmd --reload

This results in:

Error: COMMAND_FAILED: 'python-nftables' failed: 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld_policy_drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_input", "type": "filter", "hook": "input", "prio": 9, "policy": "drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_forward", "type": "filter", "hook": "forward", "prio": 9, "policy": "drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_output", "type": "filter", "hook": "output", "prio": 9, "policy": "drop"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_input", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_forward", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_output", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}]}

It seems that the conflict is introduced by Docker/Moby. Of course, uninstalling Docker is not an option for most users. So, a solution to the problem, as suggested in the Red Hat Bugzilla is the following:

  • Delete or move the firewalld trusted zone configuration file /etc/firewalld/zones/trusted.xml:

    sudo mv /etc/firewalld/zones/trusted.xml /etc/firewalld/zones/trusted.xml.bkp

  • Restart the firewalld and libvirtd services:

    sudo systemctl restart firewalld
sudo systemctl restart libvirtd

  • The virtual network should now start.

Chromium applications claim the profile is locked

Chromium-based applications claim the profile is locked and ask the user to claim Unlock profile and relaunch to continue. This can be traced back to them putting the hostname in the title. By default, the hostname is not set on Fedora, so the solution to this problem is to set it using:

sudo hostnamectl set-hostname ...

ElanTech touchpad does not work after rebooting

On my T480s running Fedora 32 and GNOME 3.36.5, the touchpad did not work after a full reboot. (I never had any problems after suspend.) An external mouse was working fine.

The solution to fix the touchpad, as per Ask Ubuntu, was to run:

sudo sh -c 'echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol'

Sound

Volume control

If you have sound issues, use PulseAudio Volume Control:

sudo dnf install -y pavucontrol

Pipewire issues

Fedora 34 introduced Pipewire as a default audio-video daemon. Unfortunately, it has some problems (changing the output between speakers and headphones is difficult, sound mixing for some video files can be suboptimal, high CPU usage causes the sound to crackle/scratch, etc.). If these occur, consider reverting to PulseAudio using the following command:

sudo dnf swap --allowerasing pipewire-pulseaudio pulseaudio

From the same thread - if the audio breaks, run:

systemctl --user restart pipewire pipewire-pulse

Alt + Shift + Tab tab does work (should cycle windows backwards)

For me, the combination of unsetting the Switch windows keyboard shortcut, rebooting, and running gsettings as suggested at gnome.org helped:

gsettings set org.gnome.desktop.wm.keybindings switch-applications "[]"
gsettings set org.gnome.desktop.wm.keybindings switch-applications-backward "[]"
gsettings set org.gnome.desktop.wm.keybindings switch-windows "['<Alt>Tab', '<Super>Tab']"
gsettings set org.gnome.desktop.wm.keybindings switch-windows-backward  "['<Alt><Shift>Tab', '<Super><Shift>Tab']"

Virtualization

VirtualBox

$ sudo vboxconfig 
vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.
This system is currently not set up to build kernel modules.
Please install the Linux kernel "header" files matching the current kernel
for adding new hardware support to the system.
The distribution packages containing the headers are probably:
    kernel-devel kernel-devel-5.7.7-200.fc32.x86_64
This system is currently not set up to build kernel modules.
Please install the Linux kernel "header" files matching the current kernel
for adding new hardware support to the system.
The distribution packages containing the headers are probably:
    kernel-devel kernel-devel-5.7.7-200.fc32.x86_64

Solution (source):

sudo dnf install -y "kernel-devel-$(uname -r)"

Neo4j ulimit problem

Problem:

WARNING: Max 1000 open files allowed, minimum of 40000 recommended. See the Neo4j manual.

Solution: As suggested in this blogpost, to work around this, edit /etc/systemd/user.conf:

sudo vim /etc/systemd/user.conf

And add:

DefaultLimitNOFILE=40000

Some suggest to also edit /etc/systemd/system.conf and add the same variable:

sudo vim /etc/systemd/system.conf

Once you're done with the edits, reboot your system.

Update: See also the recent official documentation.

Wifi timeout issues

MAC address randomization

Problem: After upgrading to Fedora 33, wifi repeatedly prompts for password and prompts for password (even though the password is correct). The journalctl log shows:

NetworkManager[...]: <warn>  [1604657333.4499] device (wlp61s0): Activation: (wifi) association took too long
NetworkManager[...]: <info>  [1604657333.4499] device (wlp61s0): state change: config -> failed (reason 'no-secrets', sys-iface-state: 'managed')
NetworkManager[...]: <warn>  [1604657333.4554] device (wlp61s0): Activation: failed for connection '...'

Solution: As suggested in the Fedora Magazine, edit /etc/NetworkManager/conf.d/00-macrandomize.conf and add the following:

sudo vim /etc/NetworkManager/conf.d/00-macrandomize.conf
[connection]
wifi.cloned-mac-address=stable

Restart the network manager:

sudo service NetworkManager restart

This setting can also be changed specifically for each connection:

nmcli c modify <guid> 802-11-wireless.cloned-mac-address permanent

Trouble connecting to APs using old encryption algorithms

In Fedora 33, wifi connection times out for some APs even with the previous issue tackled. This can be a problem with e.g. some eduroam APs.

The journalctl output is along the lines of:

(wlp61s0): supplicant interface state: associating -> disconnected
(p2p-dev-wlp61s0): supplicant management interface state: associating -> disconnected
(wlp61s0): Activation: (wifi) association took too long
(wlp61s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
(wlp61s0): Activation: (wifi) asking for new secrets
(wlp61s0): supplicant interface state: disconnected -> scanning
(p2p-dev-wlp61s0): supplicant management interface state: disconnected -> scanning

To fix it, revert to Fedora 32 policies as discussed in the Fedora Wiki by issuing the following command:

sudo update-crypto-policies --set DEFAULT:FEDORA32

Then, reboot your machine.

File type association

To change e.g. from Totem to VLC player, edit the gnome-mimeapps.list file (as suggested here):

sudo vim /usr/share/applications/gnome-mimeapps.list

Replace the org.gnome.Totem.desktop strings with vlc.desktop.

Disable virtual terminal keys

The keys Ctrl + Alt + F1 to Ctrl + Alt + F12 change between virtual terminals (also known as tty consoles). Sometimes, these cause crashes which can take down the whole system (this happened to me quite a few times on Fedora 32/33 and GNOME 3 when pressing Ctrl + Alt + F12). It seems it is not possible to disable these hotkeys – instead, they should be bound to a combination that is difficult to press. This website suggests adding the b key to the undesirable combinations.

for i in `seq 1 12`; do
  echo "Set terminal ${i} to ['<Primary><Alt>F${i}b']"
  gsettings set org.gnome.mutter.wayland.keybindings switch-to-session-${i} "['<Primary><Alt>F${i}b']"
done

Drop down terminal / dropdown terminal

  • On Wayland, Guake cannot bind the F12 hotkey.
    • My attempt to set guake -t to this hotkey in the GNOME settings did not work as expected – the resulting Guake window was was offset from the top left corner, a known issue.
  • Drop Down Terminal works but does not support multiple tabs.
  • Drop Down Terminal X was an extension of Drop Down Terminal with support for multiple tabs. Unfortunately, it was buggy (some tabs hung/crashed, URL highlighting didn't work reliably) and has been discontinued.
  • Yakuake is a drop down terminal for KDE. When used under GNOME, it (unsurprisingly) seems to work better with X window than with Wayland. With the latter, it has problems with the window sizes, jumping between screens (e.g. it's rendered on screen 1 with the size/shape of screen 2, it always shows the screen size when opened, and its height is fixed to 100%).
  • ddterm is a Wayland-native drop down terminal which seems to be the best option so far.

Installing HP printers

HP does not offer official drivers for Linux, so use HPLIP instead. You may have a partial hplip installation but it will not work if it has missing dependencies. To check whether all dependencies are available, run hp-check.

In my case, this revealed the following missing packages:

sudo dnf install -y cups libjpeg-devel cups-devel libusb1-devel sane-backends-devel avahi-devel net-snmp-devel python3-PyQt4
sudo dnf install -y xsane avahi-tools python3-notify2

Additionally, you may install the following package for an HPLIP GUI application:

sudo dnf install -y hplip-gui

To install your printer, run:

sudo hp-setup

If you're using the GUI and it hangs, don't forget to check the CLI – it may prompt you with a question whether to download a plug-in, accept a license, etc.

Connecting to a TP-Link Archer C6 wifi router on 2.4GHz

Fedora 32+ cannot connect to a TP-Link Archer C6 wifi router on 2.4GHz (meanwhile, the 5GHz variant works fine). The log of sudo journalctl -xe -u NetworkManager shows the following log:

Aug 07 17:04:30 t480s NetworkManager[1276]: <info>  [1628348670.0579] device (wlp61s0): supplicant interface state: disconnected -> scanning
Aug 07 17:04:30 t480s NetworkManager[1276]: <info>  [1628348670.0579] device (p2p-dev-wlp61s0): supplicant management interface state: disconnected -> scanning
Aug 07 17:04:33 t480s NetworkManager[1276]: <warn>  [1628348673.3745] device (wlp61s0): Activation: (wifi) association took too long
Aug 07 17:04:33 t480s NetworkManager[1276]: <info>  [1628348673.3746] device (wlp61s0): state change: config -> failed (reason 'no-secrets', sys-iface-state: 'managed')
Aug 07 17:04:33 t480s NetworkManager[1276]: <info>  [1628348673.3763] manager: NetworkManager state is now CONNECTED_LOCAL
Aug 07 17:04:33 t480s NetworkManager[1276]: <warn>  [1628348673.3803] device (wlp61s0): Activation: failed for connection 'TP-Link_XXX'
Aug 07 17:04:33 t480s NetworkManager[1276]: <info>  [1628348673.3817] device (wlp61s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')

(There are no errors, just <warn> entries about the lack of secrets.)

This is a frequent problem with this router type.

The solution is to replace the wpa_supplicant service with iwd. Adopting the suggestions on Ask Ubuntu and the Linux Mint Forums:

Install iwd (iNet Wireless Daemon):

sudo dnf install -y iwd

Change the wifi backend:

sudo vim /etc/NetworkManager/conf.d/wifi_backend.conf

Add:

[device]
wifi.backend=iwd

Then, issue the following commands:

sudo systemctl stop wpa_supplicant.service
sudo systemctl disable wpa_supplicant.service
sudo systemctl enable iwd.service
sudo systemctl start iwd.service
sudo systemctl restart NetworkManager.service

If you would like to turn wpa_supplicant back on, change the /etc/NetworkManager/conf.d/wifi_backend.conf file to:

[device]
wifi.backend=wpa_supplicant

Then, run:

sudo systemctl stop iwd.service
sudo systemctl disable iwd.service
sudo systemctl enable wpa_supplicant.service
sudo systemctl start wpa_supplicant.service
sudo systemctl restart NetworkManager.service

This may not be sufficient – for me, a full reboot was needed.

Zoom screen sharing broken in Fedora 35

Sometime when trying to share the screen with Zoom on Fedora 35 with Wayland, one is greeted with only the option to share a whiteboard but no windows/entire screen option. It also displays the error message "You need to install PulseAudio(1.0 and above)."

A workaround, as suggested at fedoraproject.org, if you go to Settings, Share Screen, and under When I share my screen in a meeting, select Automatically share desktop, it works.

Installing SDKMAN in Docker

In a fresh Fedora 36 Docker container, the following commands are required for installing SDKMAN:

sudo yum install -y curl zip
curl -s "https://get.sdkman.io" | bash
source ~/.sdkman/bin/sdkman-init.sh
Clone this wiki locally