Fedora Core 7 notes

It is August of 2007. The time is long overdue. Core 7 has been out for some time, Core 8 is starting to appear, and I have long been running i386 core 6 on my dual core AMD64. I have decided to bite the bullet and switch to the 64 bit distribution. I will need to do a full fresh install to make the switch to the 64 bit release.

My intent is to run a 32 bit firefox to avoid browser plugin hell. It turns out this is what gets installed anyway, so this is a non-issue.

I find that as of FC7, I can only get a DVD iso image, so I will need to figure out how to burn a dvd. I do this:

growisofs -dvd-compat -Z /dev/dvd=./F-7-x86_64-DVD.iso
Amazingly, this seems to work. While it is burning, I take a look at my hard drive layout:
sda1 is /boot with 500M of space
sda2 is / with 40G of space (only 12G in use)
sda5 is /u1
I will need to reformat /boot and /, but will leave /u1 alone. I will, before the reformat, copy / and especially /etc to tar files in the /u1 partition, which has plenty of space.
cd /etc ; tar cvf /u2/etc.tar .
cd / ; tar clvf /u2/root.tar .
See the following link on downloading fedora. As of FC7, a set of iso images for CDrom buring are no longer provided, so any system you want to install on must either have a DVD reader, or a fast network connection to a server holding the full set of FC7 rpm's so you can do a network install. A network install can be launched from the rescue image, which can be burned on a CD.

Network install

I boot the DVD (it has some problem doing the install off the DVD, which is just as well). I tell it to do an http: install from:
mmto.org
fedora/releases/7/Fedora/x86_64/os

This is amazingly fast; worlds faster than installing off of the DVD or a stack of CD's. Once it was done, there were 359 or so updates available, so I edited the files in /etc/yum.repos.d to point to our local mirror. In general, this editing consisted of commenting out the mirrorlist line and adding the URL of our repository as a baseurl.
When this was fixed up, I did a yum update and a reboot. This has me running the 2.6.22-1.41.fc7 kernel.

I tried this on an i386 machine next, first attempting to launch a network install using the rescue disk, then attempting the same thing with the boot disk. Both fail looking for the file

fedora/releases/7/Fedora/i386/os/RELEASE_NOTES_en_US.UTF-8.html
This does not exist in the repository, and even when I fiddle with our mirror and put it there by making a link, the install just hangs.

My home directory

I added myself as a user during the install, which assigned me a uid different from the one that owns all my files on the partition that I did not format (namely /u1/tom). This leads to fairly serious problems later on as I try to merge the new and old and don't find and change ownership on all the files. Also some files in /tmp get marked with a wrong uid and this causes lots of problems. Once I sort out these permission problems, make a link from /home/tom to /u1/tom, and take care about the dot files (I put them all into DOTFILES and merge in the contents of .bashrc); everything seems OK for a while, but see below under "window managers".

Other home directories

These require a bunch of links to be made:
ln -s /u1/Camera /home/Camera
ln -s /u2/Mathworks /home/Mathworks
ln -s /u1/tom /home/tom
ln -s /u2/vxworks /home/vxworks
Don't forget to add vwuser to the passwd file.

Mail, and in particular SPAM

It is necessary (as detailed in my other fedora notes) to edit the sendmail config file and start sendmail to begin receiving mail on port 25.

Once this is done, I am deluged by spam, and so I do:

service spamassassin start
chkconfig spamassassin on
Still mountains of spam, what is up, well I need the stuff in .spamassassin, which is where all the bayesian learned stuff is kept, but even that hasn't abated the flood of spam.

Aha, my old notes tell the tale, I also need:

/etc/procmailrc
Which is what directs my incoming mail to spamd, we put this in place and wait to see if the sewer still belches forth.

Red hat graphical boot

I dislike this, so I want to turn it off. This is easy to do by editing:
/boot/grub/grub.conf
And changing "rhgb" to "norhgb" on the kernel line.

SElinux headaches

My rule in the past has always been to avoid this like the plague. It bit me in the past, and I figure that this is some piece of red tape mandated by some security paranoid organizations that I would be wise to avoid. Whether this is true or not, my bottom line conclusion not to run it seems still to be correct. I tried running SElinux in permissive mode, and within less than 24 hours regretted it. The sign of trouble was when doing yum install wine I get:
[root@wally]# yum install wine
Loading "installonlyn" plugin
rpmdb: Lock table is out of available locker entries
rpmdb: Unknown locker ID: 8ab
A quick google search indicates this is a new issue with FC7 and is related to a "leak" within SElinux that consumes all lock entries which yum also needs. To shoot SElinux in the head do this:
Edit /etc/selinux/config
SELINUX=disabled
reboot
The command:
sestatus -v
will show what is actually going on.
Indeed, after changing the one line in /etc/selinux/config file as shown above and rebooting, this shows that selinux is disabled.

You can also set selinux=0 on the command line. I don't know why you would want to, but that would be another way to turn it off.

Note that it will be much more problematic to turn selinux on than to turn it off and may require filesystem relabelling that I don't yet understand. Not something to tinker with or take lightly.

Window managers

I shot myself in the foot in the following way. For some time I have kept my home directory /home/tom on a separate partition (/u1/tom). When I did the recent install, I created a new tom user (for which the install invented some new uid) and then I played around merging the /home/tom directory, with /u1/tom and finally ending up with /home/tom being a link to /u1/tom.

This is a godsend when I want to do a full install and not loose everything in my home directory, but this led to mischief because there were a bunch of hidden "dot" files with ownership given to the install invented uid which is no longer tom. Directories in particular where things like .nautilus .gnome .gconf and so on. This was nasty to sort out, and the symptoms of trouble were that metacity would seg-fault, and that preference changes could not be made that lasted from session to session.

Now that things are all better, I can do things like include the date with the time on the panel, add an icon to start a terminal and calculator, and in particular set things up so that windows get focus as soon as the mouse moves over them without clicking.

Alternate Window managers

Metacity is the current default window manager for gnome. Metacity is simple and lean. Previously sawfish and enlightenment were used as gnome window managers and were highly configurable. A recommended fun bleeding edge window manager is xfce, which you can get via:
yum install xfce\*

Get the Nividia driver doing dual head

It is amazing how cramped my system seems with only one monitor up and running. I use the kernel driver from the livna site (this way someone else does the dirty work and yum gets me both updated kernels and updated nvidia kernel drivers).

First I need the file in /etc/yum.repos.d for the livna repository. The easy way to get this is to go to the livna site and get the livna-release-7.rpm and whack it in. Then do:

yum install kmod-nvidia
this fetches 3 packages:
kmod-nvidia.x86_64
livna-config-display.noarch
xorg-x11-drv-nvidia.x86_64
It tries to run the livna-config-display script, but this is unable to parse my config file and gives up, which is OK with me. I am going to copy my old dual head config file to /etc/X11/xorg.conf anyway.

I copy in my FC6 dual head xorg.conf file and need to change two paths to look for modules in /usr/lib64/xorg/modules and things fire up OK.

yum and the TEP repository

First, I copy the file /etc/yum.repos.d/TEP.repo from my old system. This will work without changes because TEP is following a sensible pattern and the $releasever variable will take care of things. I also need his GPG key, which I just copy from /etc/pki/rpm-gpg/RPM-GPG-KEY-TEP. After this, I can do:
yum install pgplot\*
and Fred is my uncle.

My web site

I use lighttpd so I need to do:
yum install lighttpd
yum install lighttpd-fastcgi

Notice that the fastcgi module is a package of its own.

I copy my old lighttpd.conf file into /etc/lighttpd and do:

service lighttpd start
chkconfig lightppd on

iptables, dhcp, private network, diskless booting

I fiddle with /etc/sysconfig/iptables to turn on port 80 (how did that get missed during the install), and the stuff I need for DHCP and diskless booting. In fact I do a whole bunch of fiddling by hand editing this script that I don't want to advertise in detail here. Since you are advised NOT to hand edit this file, I make a copy of it as iptables.TJT just in case some brain-dead system config GUI decides to mangle it.
After hacking to my hearts content:
service iptables restart

I add some lines to /etc/rc.local to assign my machine an IP number on our private network.

ip addr add 192.168.99.101/24 brd + dev eth0 label eth0:local
To get dhcp going:
yum install dhcp\*
copy my old /etc/dhcpd.conf
service dhcpd restart
chkconfig dhcpd on
To get rsh going:
yum install rsh\*
yum install tftp\*
edit /etc/xinetd.d/rsh
service xinetd start
chkconfig xinetd on
Surprisingly, this yum install also fetched xinetd (who woulda thought you could run a unix system without it). So the packages fetched are:
rsh-server
xinetd
tftp
tftp-server
I also copy over all the junk in my old /tftpboot directory. Don't forget to add vwuser to the passwd file.

ntp

This is easy. Copy the old /etc/ntp.conf file. I don't (but maybe I should) do anything with /etc/ntp/ntpservers or any of the stuff in /etc/ntp. Then:
service ntpd restart
chkconfig ntpd on
ntpq -p
The last command checks that things are running and the correct servers are talking (and that the firewall is passing the NTP traffic).

cdrecord, wodim, and ckrkit

The original cdrecord that I have used for years was written and maintained by Joerg Schilling. My only annoyance with it is that the syntax for specifying the burning device changes annually (as it has done yet again with the release of FC7). And the program RUDELY goes into an infinite loop with a whining diatribe telling you to fix your configuration file.

In the process of trying to find the documentation that would enable me to yet again make changes and figure out how they want me to specify my CD burning device, I discover that I am actually running wodim which is part of the cdrkit which is a spinoff of the original cdrecord package. It would seem that cdrecord, in some cooperative effort with Sun microsystems, released cdredord under something called the CDDL, which is GPL unfriendly, and so much so that people felt it necessary to fork a branch of cdrecord and keep it under the GPL. All well and good, but why this requires rude looping error messages and needless syntax changes is lost on me.

Mr. Schilling was always rather SUN-centric and cranky towards linux (which probably represents 90+ percent of his user base). I think a lot of the crankiness revolved around the /dev/sg interface, which was slow to be accepted (for who knows what reason) by the linux developers. The problem of course right now is for me to be able to burn a CD.

Amusingly wodim --devices yields a segmentation fault!
This bodes ill.

Here is the amazing part:

wodim yada.iso
Simply works - this kind of cancels some of the other issues.

They say there is a package k3b that is a KDE based burner that might be a sensible alternative given the state of wodim.

Ruby on Rails and MySQL

For the first time (for me at least), I find I am able to do:
yum install rubygems
This also fetches me ruby-rdoc and ruby-irb.
gem install rails
The first time I tried this the gems site was down, but I day later this got me:
Successfully installed rails-1.2.3
Successfully installed rake-0.7.3
Successfully installed activesupport-1.4.2
Successfully installed activerecord-1.15.3
Successfully installed actionpack-1.13.3
Successfully installed actionmailer-1.3.3
Successfully installed actionwebservice-1.2.3

After doing this, I have discovered that rails is actually available via yum as package: rubygem-rails. I suppose if I had done:

yum list | grep rails
I would have discovered this new package.

Some old notes of mine tell me that the mysql stuff actually lives in /var/lib/mysql, and I find this to be an empty directory on my newly installed system, so I just copy my old /var/lib/mysql there from my saved root filesystem files and then do this:

chkconfig mysqld on
service mysqld restart
I enable fastcgi in the lighttpd.conf file and restart lighttpd and get messages like this:
Cannot find gem for Rails =1.1.6:
    Install the missing gem with 'gem install -v=1.1.6 rails', or
    change environment.rb to define RAILS_GEM_VERSION with your desired version
It looks like what I need to do is to edit /u1/rails/depot/config/environment.rb and change RAILS_GEM_VERSION to 1.2.3 in all three of my rails applications.
After doing this, I still get errors (lots of them) when I restart the web servers, as follows:
/u1/rails/demo/public/../config/boot.rb:28:
    Warning: require_gem is obsolete.  Use gem instead.

--and--

/usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `gem_original_require': no such file to load -- fcgi (MissingSourceFile)
        from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `require'
	....
	from /u1/rails/demo/public/dispatch.fcgi:22

Ignoring the require_gem business for now, there are two packages that must be installed before any of this can work. There used to be trouble with the gems for this, so I will still do this by hand. Get fcgi-2.4.0.tar.gz and ruby-fcgi-0.8.7.tar.gz.

fcgi-2.4.0.tar.gz has been stable since 2003. This is distributed as the version for the Apache webserver (yes, we will be using lighttpd, not to worry). Do this:

cd fcgi-2.4.0
make clean
make distclean
./configure
make
make install
Stuff gets installed into /usr/local

To do the next bit, you need the ruby-devel package, but I decide to get cranky and do this:

yum install ruby\*
This gets me 69 packages (including ruby-devel). I am running ruby 1.8.6 it would seem. After this, do:
cd ruby-fcgi-0.8.7
ruby install.rb config
ruby install.rb setup
ruby install.rb install
I restart lighttpd and still get messages as follows:
/u1/rails/demo/public/../config/boot.rb:28:
    Warning: require_gem is obsolete.  Use gem instead.

-and-

Couldn't write to "/u1/rails/demo/public/../config/../log/fastcgi.crash.log": starting
  Errno::EACCES: Permission denied - /u1/rails/demo/public/../config/../log/fastcgi.crash.log
These messages are eliminated first by editing /u1/rails/demo/config/boot.rb and changing require_gem to gem in two places for each application. The log messages are due to the fact that lighttpd used to be user:group 105:105, and now is 496:495, so I just delete the old fastcgi.crash.log files and everything is fine.

Now my rails application is alive and well, but I get this odd message "You are being redirected" with a link that has to be clicked. Apparently this is a known lighttpd bug that almost got fixed in lighttpd 1.4.16 (which is the latest and what FC7 ships with). There is a patch to lighttpd:

--- src/connections.c.orig	Mon Jul 30 10:41:09 2007
+++ src/connections.c	Mon Jul 30 10:42:01 2007
@@ -1445,7 +1445,6 @@ int connection_state_machine(server *srv
				} else if (con->in_error_handler) {
					/* error-handler is back and has generated content */
					/* if Status: was set, take it otherwise use 200 */
-					con->http_status = con->error_handler_saved_status;
				}

				if (con->http_status == 0) con->http_status = 200;
but this is likely to make it into a soon coming update and I am too lazy to get the lighttpd sources, apply the patch and rebuild, so I will just live with this for now.

New bugs in my rails applications

My application is now getting complaints when I try to create mysql records about certain columns not being allowed to be null. These are columns that I indeed did not explicitly define, and apparently they used to be set to 0, but now they are set to null. My fix is to explicitly set the value of all columns, in these cases to zero, and things are working like they used to be.

Building for 64 bit: kermit

For a little project I am working on, I need a copy of kermit to fiddle with serial ports. This tangles me into some new weeds as far as building for 64 bit architectures. Here are some high points:

Library files are in /usr/lib64 for 64 bit stuff and in /usr/lib for 32 bit stuff. This may require some changes to Makefiles.

You can build for 32 bit targets on a 64 bit machine using the -m32 option to gcc.

When I try to build kermit (albeit version cku197 circa 2000 or before) I get the following when I do "make linuxso" ...

/usr/bin/ld: errno: TLS definition in /lib64/libc.so.6 section .tbss mismatches non-TLS reference in ckuus4.o
/lib64/libc.so.6: could not read symbols: Bad value
Some googling on this tells me "this is the well-known errno problem". Ha! A recommended fix is to hack the makefile by adding the string -include /usr/include/errno.h to the C compiler options. I am skeptical, but I do it and it works. I suppose this just indicates sloppy coding practices in the original source that not longer sorts itself out nicely, but it solves my problem for now.

Flash

This becomes interesting on a 64 bit architecture. First thing is to get the flash plugin. I had an old flash.repo file from FC6 days that I copied into /etc/yum.repos.d. Then I do:
yum install flash\*
And I get the flash-plugin package, the only problem is that I still cannot view flash websites. A little poking around reveals that I am running the 64 bit version of firefox 2.0.0.5, and this is a 32 bit plugin.

The website I use to test all this (currently using flash on its "splash page") is the bushnell site

The easy way to sort this out is simple, just run 32 bit firefox! No hassles with 32 bit plugins, so I do this:

yum erase firefox.x86_64
This works fine, and I am on with life (I already had firefox.i386 installed). However if you want explore the world of 32 bit plugins with 64 bit firefox, here are some tips:

Consider doing yum install firefox-32. I am told that this will give you some kind of chooser menu so you can pick between 32 and 64 bit versions ... or something like that.

There is some FC7 advice online (which I tried, but didn't have luck with), that goes as follows:

rpm -ihv http://gwenole.beauchesne.info/projects/nspluginwrapper/files/nspluginwrapper-0.9.91.4-1.x86_64.rpm \
http://gwenole.beauchesne.info/projects/nspluginwrapper/files/nspluginwrapper-i386-0.9.91.4-1.x86_64.rpm
The claim is after doing this, you will have a pluginwrapper than makes 32 bit plugins work with a 64 bit firefox, but whenever you add new plugins, you will need to run:
nspluginwrapper -u

Mathlab

These needs a license manager running to fire up. I copy the file /etc/rc.d/init.d/flexlm from my old root, but this time I call it "mathlab", and I add two lines that are pseudo comments to allow chkconfig to manage it:
# chkconfig: 35 85 15
# description: Mathlab license manager
Now chkconfig mathlab on works, but service mathlab start ends up looking for executables in /home/Mathworks/etc/glnxa64. I make links as follows:
cd /home/Mathworks/etc
ln -s glnx86 glnxa64
cd /home/Mathworks/bin
ln -s glnx86 glnxa64
Now the license manager starts OK. I also need some links in /usr/local/bin:
ln -s /home/Mathworks/bin/matlab
ln -s /home/Mathworks/bin/mex
Now I get two more problems. It complains about a missing Java Runtime (JRE) and:
/u2/Mathworks_2007a/bin/glnxa64/MATLAB: error while loading shared libraries: libXp.so.6: cannot open shared object file: No such file or directory
The libXp thing is easy to fix via yum install libXp, this is some deprecated Xorg library that java expects to find.

To install java, see below. Something is still wrong, and I may have to just reinstall matlab ...

A record of one fellows fussing around to get matlab to run under FC6 (which gave me no troubles at all) is worth a look.

Java

It seems wise to install a 32 bit java, so it will play with the 32 bit firefox I now run (so I can use my 32 bit flash plugin), so ...
I go to www.java.com and get jre-6u2-linux-i586.bin. Note that x86 versions, as well as RPM's are also available. Then I do:
chmod a+x jre-6u2-linux-i586.bin
su
cd /usr
mkdir java
cd java
/archive/jre-6u2-linux-i586.bin
This goes easy and fast, and leaves me with a new directory /usr/java/jre1.6.0_02. Then I do this:
cd /usr/lib/mozilla/plugins
ln -s /usr/java/jre1.6.0_02/plugin/i386/ns7/libjavaplugin_oji.so
(This could instead have been done in ~/mozilla/plugins)

They say that if you are running netscape (do people anywhere still run netscape?) or mozilla, you will need to go to the preferences menu of the browser and enable java. With firefox, I haven't found an enable java preference, and it is just turned on as shipped.

Just for the record the Fedora project advises against using the Sun java By default it runs GNU java when you enter "java" on the command line, and does not provide a mature browser plugin.

Most critically for me, since I am ignoring all this advice, the java plugin from sun requires the compat-libstdc++ package, so I do:

yum install compat-libstdc++\*
which gets me:
compat-libstdc++-33.i386
compat-libstdc++-33.x86_64
compat-libstdc++-296.i386
After doing this, the browser plugin works!

If you actually want to use the command line java or do java development, you will have to get around gnu java by using usr/bin/alternatives.
A recommended way of doing things (which I have yet to try) is:

/usr/sbin/alternatives --install /usr/bin/java /usr/java/jre1.6.0_02/bin/java 2
echo 2 | /usr/sbin/alternatives --config java
java -version

Subversion and mod_dav

I want to make my subversion repository web accessible, and need to run apache on port 8080 and use lighttpd (which I run as my main web server on port 80) to proxy to the port 8080 apache. I had this all set up under FC6, so here is how to make it come alive under FC7:
/etc/httpd/conf/httpd.conf - copy from my old root directory
/etc/httpd/conf.d/subversion.conf - copy from my old root directory
yum install mod_dav_svn
examine and discard subversion.conf.rpmnew
service httpd start
chkconfig httpd on
This has apache running on port 8080 as before. Now I just add the mod_proxy stuff (from FC6) to /etc/lighttpd/lighttpd.conf And really this is trivial, only 3 lines are required once the mod_proxy module line is uncommented:
proxy.server = (
    "/svn" => (("host" => "127.0.0.1", "port" => 8080 ))
)

Other stuff

Easy ones:
yum install perl-Tk
yum install gnuplot
Tcl is more insidious. Just typing tcl gets nothing, but the tcl package is installed according to yum. What the hey? Where have they hidden tcl? I have to go and find the rpm for this and do rpm -qlp on this to discover that they now call this tclsh, not tcl as we have for so many years .... On my fedora 6 system, tcl is a link to tclsh is a link to tclsh8.4. At least they both exist on old systems so when I change the shebang line in scripts to tclsh they will work everywhere that I care about.
Have any comments? Questions? Drop me a line!

Adventures in Computing / tom@mmto.org