Re: postfix fails to start on boot
Once upon a time, Alex said: > I have a fedora38 server with postfix-3.7.9 (although this problem has > existed for a long time) that fails to start because I believe the server > has multiple interfaces. The issue is that the postfix.service unit has After=network.target (which is fine for binding to 0.0.0.0 (or :: for IPv6). When instead you want to bind to specific IPs (especially beyond just localhost), it needs to wait for the entire network to be up, which instead needs to be After=network-online.target. Run "sudo systemctl edit postfix.service" and insert these lines: [Unit] After=network-online.target That should take care of it. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: /boot too small
Once upon a time, Michal Schorm said: > On Tue, May 14, 2024 at 8:13 PM Tim via users > wrote: > > Does /boot still need to be its own partition, these days? > > /boot/efi has to be, but that's mapped into /boot, already. > > Definitely not. It does for a variety of cases, such as an encrypted root filesystem. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Hotel wifi network - how to connect / ssh between 2 laptops
Once upon a time, Bill Oliver said: > On Fri, 2024-03-22 at 10:09 -0600, Sbob wrote: > > All > > > > > > I have 2 laptops I need to connect for testing / coding via ssh, if I > > connect each to the hotel wifi I cannot connect across laptops with > > ssh, > > If I grab a wifi router and connect it to the hotel wifi and use the > > router's wifi will this work? > > > > > > would it also work with a simple wifi extender? > > > > > > Thanks for any advice > > -- > > I have, in the past, successfully gotten around firewalls that only > allow http/https on tcp by setting the port for ssh to 80,8080,443 or > 8443. I haven't tried it in a few years, though. I've heard that some > systems can inspect packets well enough to discern ssh on port 80, but > that never happened to me. For a lot of "public" wifi networks, it's not even a firewall, it's that the access points are set to client isolation mode (so the AP only allows clients to talk to the gateway). It's basically an extra security layer on their part to keep customer A from causing problems for customer B. So then you do need your own access point/router. On newer Android devices, you can re-share the wifi with hotspot mode, so don't need any additional equipment. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: PCI-E to PS2
Once upon a time, Tim said: > ToddAndMargo: > > Just found this on their web site: > > > > "***Don't support CMOS or MS-DOS" > > > > Even if it did not arrive dead, it would have still > > required the OS to boot. Lesson learned. > > From what I'd read, that ought to be the case with any PCI-E based > card. Apparently the slots aren't dealt with early enough (they > certainly can't be if they require drivers). Although that doesn't > make sense with other things - a graphics card can show a pre-boot > screen, for instance (there's obviously some built-in functionality, > even if it's more basic than post-boot). I expect it's that motherboard firmware knows how to activate two kinds of input devices - PS/2 via the emulation of the legacy chips that date back to the 1980s, and USB. A PCIe device is neither of those. It's not just a matter of initializing the device, it has to be recognized and handled by the firmware, and it's such a rare thing, none do. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: How do I read result of a QR Code
Once upon a time, Tim said: > That's one of my gripes about two-factor authentication - it > (typically) uses your phone. Steal someone's phone, and it's > everything they need to pretend to be you. That's going to be true of any second-factor device. In theory, MFA is "something you know plus something you have", but we use too many passwords to "know" them all, so we use password managers. Then the "know" is just one password manager master password... but the "have" is often stored in the same password manager (because where else are you going to store it?). It still helps, because while people may re-use passwords (so one breach can lead to access at other sites), the 2FA codes are unique per site (so breaching one site won't lead to other sites). The password/MFA code master password (and encryption) is the single point of security then, but that's still usually harder to breach. Most devices have "good enough" security, so someone getting your device doesn't help them unless they get it in an unlocked state (and even then, gets ONE person breached, not a million). But at that point, you're also down to the wrench attack. https://xkcd.com/538/ tl;dr: login security is hard -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Unlock encrypted thumb drive with TPM?
I set up a thumb drive with an encrypted partition with LUKS2. When I insert it, I get prompted for the password and that works. I'd like to have it automatically opened when I insert it in my main computer, so I used clevis to add a key using TPM2. I can successfully open it without a password by running "clevis luks unlock -d /dev/sda1", but it doesn't work automatically on insert. I'm running MATE desktop, and I made sure clevis-udisks2 was installed (and I see it running); I thought that should handle it, but I see log messages like: n 18 12:01:13 audit[2424]: USER_DEVICE pid=2424 uid=0 auid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=recovered-key-for uuid=6f23603a-982d-4dd1-ac5e-50237b01 device="/dev/sda1" exe="/usr/libexec/clevis-luks-udisks2" hostname=? addr=? terminal=? res=failed' Am I misunderstanding how this should work, do I need to do something more, ?? -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: NVMe sector size ?
Once upon a time, Thomas Cameron said: > I just checked my system, and it looks like it's set for 512k blocks: > > [root@case ~]# blockdev --report /dev/nvme1n1p4 > RORA SSZ BSZStartSecSize Device > rw 256 512 51269216256964765417472 /dev/nvme1n1p4 > > I assume the installer chose the block size, since I basically did a > "next, next, next" installation. Should I have chosen something > different? The underlying NVMe sector size is not something presented for change, because it is destructive. You can see what your drive supports (and what is active) with "smartctl -c /dev/nvme0n1" (or other if you have more than one) and look at the "Supported LBA Sizes". You can use the nvme command from the nvme-cli package to change it (if your drive supports more than one), and changing it destroys all the contents of the drive. You can't necessarily just restore a filesystem image back to it either; a number of FSes have the underlying raw block size as a basic assumption that cannot be changed after the FS is created. Even if the presented raw sector size is 512, the drive can typically report the "optimal" size as 4096 (and Linux then uses that info). -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Update failed: gstreamer1-plugins-ugly
Once upon a time, Ralf Corsépius said: > IMNSHO, it's time to demand FESCO to take consequences against these > persons. On what basis? Not everybody uses RPMFusion, and there's absolutely nothing in the Fedora guidelines about RPMFusion. Someone opened a BZ that said "hey, looks like these things are now legal, can they be enabled", and after checking what was legal, things were enabled. https://bugzilla.redhat.com/show_bug.cgi?id=2236889 -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: How can you get remote access to laptops behind a NAT/firewall?
Once upon a time, Thomas Cameron said: > I suppose I could set up the laptops so that they log into the VPN > at boot, that would do the same thing and the staff on the Linux > laptops wouldn't have to do anything manual. But I don't want to > chew up that VPN bandwidth if I don't have to. If you do it as an independent network, separate IP block and no default route, there's almost no bandwidth being chewed when not in use (just keep-alives). That's probably the route I'd go - a system connection so it's always available (doesn't require user interaction, can work when user locks themselves out even :) ). -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: How can you get remote access to laptops behind a NAT/firewall?
Once upon a time, Thomas Cameron said: > So my question is, is there any sort of software which is similar to > Quick Assist we can install on our Linux laptops so that the Linux > team sysadmins can get access to laptops? I've seen folks on this > list talk about TeamViewer and AnyDesk, but both of those seem to be > paid solutions. Is there any sort of F/OSS solution? In essence, these solutions are functionally like using a VPN. The computer keeps an open connection to a server whenever it can, and that connection can then be used to allow the server to access the computer. So you could set up a separate "management" VPN system, like OpenVPN, that then isolates each client connection (so one user can't access another user's computer directly across it). Don't send a default route, just use an independent RFC1918 (or IPv6 ULA) block from any other corporate networks. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Machine locks on reboot from suspend
Once upon a time, Tim said: > I got the impression that only laptops seem to have reasonably well > working suspend, and suspect that little effort is put into designing > and testing desktops to suspend well. That may have improved with > increasing demands for so-called green technology. But, in the past > suspending was dire. And I don't recall people really wanting to > suspend desktops. Certainly the windows fraternity was forever > rebooting, and used to the idea that lots of things just don't work. I've been suspending my desktops for years with very little trouble. My only recent annoyance is that my current video card (Radeon RX570) trips something in the kernel to cause it to take 10 seconds to resume (tried to bisect but the issue popped up in the middle of an unrelated issue that broke it completely, so never resolved). And every once in a while (like maybe every couple of months of daily suspend/resume), the atlantic driver for my 10G NIC craps out. > Certain suspend modes require a suitable power supply, too. They don't > switch off fully, some power circuits are required to stay up, and > supply sufficient current to the motherboard. It also requires all the > hardware to support suspending, some will not wake up, or wake up in a > scrambled mode requiring some kind of software reset to be done. And > the drivers have to support it too, especially if the hardware requires > resetting during wake. This is all 100% standardized, not some magic extra bits as you seem to imply. And for the most part, outside of hardware only found in servers (e.g. SAS cards and high-speed NICs), the chips and drivers for notebook and desktop hardware are the same. IIRC Windows 11 defaults to suspending after a relatively brief idle time now (as does Fedora desktop), so that computer vendors can meet "green" power requirements. This means that virtually all normal desktop hardware is expected to fully handle suspend/resume. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
See USB-C charging capacity?
The "fun" with USB-C is that not all chargers, cables, and devices support the same charging power. Is there a way in Linux to see what is currently happening? E.g. when I accidentally plug my notebook into the 15W port instead of the 65W port - how can I tell? -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: USB-C cabling [resolved]
Once upon a time, fed...@eyal.emu.id.au said: > I think I figured it. The USB cables I have are all providing only minimal > connectivity, so only USB2 speed. This is how a lot of "charging" cables work - they might be able to pass 100W (or more) in power delivery mode, but only USB2 data signals. New cables/adapters/etc. are all supposed to be marked with the data rate and power delivery supported. For example, my recent cable purchases have 10G/100W and 40G/240W marked. But there's no telling with previous cables other than to plug them in with a variety of devices and see what you get. The data speeds are also confusing because of marketing... there's "USB 3.0" which does 5G (but was then retroactively renamed "USB 3.1 Gen 1" and then "USB 3.2 Gen 1x1"). "USB 3.1 Gen 2" (aka "USB 3.2 Gen 2x1") is 10G, and "USB 3.2 Gen 2x2" is 20G. And then "USB4" (no space) gets even more modes and names. Their next renaming attempt is to stop all the version games and go with speeds (like they should have done from the start), so "USB 5Gbps", "USB 10Gbps", "USB 20Gbps", and so on. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: New CD drive fails - opinions?
Once upon a time, Geoffrey Leach said: > Nothing so fancy. Just a plain old audio CD. three of them. Audio CDs don't have a mountable filesystem. ISO9660 is a data filesystem for CDs, DVDs, etc. (extended in various ways over time), but regular audio CDs use a different data format. The kernel doesn't know anything about that format (it's just a stream of bits to the kernel); you have to use software that knows how to read the disc directly and play/extract the audio. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: F38 adding user to dialout group without reboot
Once upon a time, Robert Moskowitz said: > I have added me to group dialout: > > $ groups rgm > rgm : rgm wheel dialout > > But I cannot access /dev/ttyUSB0 > > screen /dev/ttyUSB0 115200 > > Does not work but: > > sudo screen /dev/ttyUSB0 115200 > > does. > > Dr. Google seems to think I need a reboot for this to work. I have > too many things running to want to reboot. No, you don't need to reboot... but you do need to logout (which might be close to the same thing). Group modifications are only applied to new user sessions; you can see this with the "id" command. For terminal stuff, you can get away with re-authenticating that terminal, like "exec sudo -su $(id -un)". -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Modern Dual-Boot Setup Prcoedure (Dell XPS)
Once upon a time, Samuel Sieb said: > On 12/2/23 13:02, Chris Adams wrote: > >Also, after installing Fedora (which made GRUB the default UEFI boot > >option), booting Windows from GRUB gave an error because of the > >Bitlocker disk encryption and measured boot. I had to enter the key > >(logged in to my mandatory MS account to get it, I think you can also > >copy it to a USB drive from within Windows first) to get it to boot, and > >then it adjusted the security to handle booting from GRUB (with no error > >or key entry) after that. > > I thought Windows was no longer added to the grub menu because of > this. You're expected to use the UEFI boot menu instead. Like I said, this is what I saw (with Fedora 39). -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Modern Dual-Boot Setup Prcoedure (Dell XPS)
Once upon a time, Tim Evans said: > Brand New Dell XPS 15 coming tomorrow, to replace my venerable > Lenovo T530. (Looking forward to something a little lighter to lug > around.) > > It's been 10 years since I set the T530 up to dual-boot Fedora and Windows. > > I'm sure I can figure out how to reduce the size of the Windows > partition to make space for Fedora, but am unsure of the process for > current PC BIOS and grub setup for dual boot. Or is the Fedora > installer smart enough to handle it for me? I just got a new Thinkpad and went through this. The only extra step I had for installing Fedora was that the UEFI settings had the "Microsoft 3rd-party OS" certificate for Secure Boot disabled by default - went into the settings and enabled that, and then the Fedora installer would run. Also, after installing Fedora (which made GRUB the default UEFI boot option), booting Windows from GRUB gave an error because of the Bitlocker disk encryption and measured boot. I had to enter the key (logged in to my mandatory MS account to get it, I think you can also copy it to a USB drive from within Windows first) to get it to boot, and then it adjusted the security to handle booting from GRUB (with no error or key entry) after that. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
USB ethernet wake-on-LAN?
I have a new ThinkPad T14s AMD 4th gen notebook, and a USB-C ethernet adapter. I would like to be able to send wake-on-LAN to the notebook for some uses. The ethernet adapter also has a USB-C port for power delivery (so it can also charge the notebook). When the notebook is suspended, the ethernet link stays up (LEDs are lit on both it and the switch port). It also shows support for wake-on-LAN, defaulting to magic packet mode. I tried the "old-style" /proc/acpi/wakeup (which shows enabled for the USB in question) as well as /sys/bus/usb/devices/*/power/wakeup (which all defaulted to disabled, but I enabled them too). However, nothing seemed to work. I have other systems with built-in/PCIe NICs that I can wake; it's just this one with the USB (because no built-in NIC) that's a problem. The BIOS has a setting for USB wake-on-LAN with the official dock (which was enabled), but I didn't see anything else that looked relevant. Any suggestions? -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Obscure rsyslog question on remote logging
Once upon a time, Tom Horsley said:
> I found some obscure text about needing to use a $ in front of
> system variables and since $myhostname is a system variable
> I need to type it as $$myhostname in the condition (I think :-)
So an alternate approach that might help... you can assign a ruleset to
an input, and the UDP input is separate from the local input. I put
this in /etc/rsyslog.d/net.conf:
template(name="Remote" type="list") {
constant(value="/var/log/remote/")
property(name="hostname")
constant(value=".log")
}
module(load="imudp")
$umask 0022
ruleset(name="remote") {
*.* action(type="omfile" DynaFile="Remote" fileCreateMode="0644")
}
input(type="imudp" port="514" ruleset="remote")
My template is a simple /var/log/remote/.log (I use the really
redundant .log extension so I can have a logrotate config to get
/var/log/remote/*.log). I set the umask to 0022 and the file create
mode to 0644 because I have the group permissions on the /var/log/remote
directory to allow certain non-root users to read these logs.
--
Chris Adams
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: freaking TFTP
Once upon a time, lejeczek said: > 2nd meanwhile - I'm trying _dnsmasq_ which I'm new to thus errors > are possible but... it seems that the same issue remains. > > with _dnsmasq_. tftp client - as with in.tftp as the server - "times > out" but _dnsmasq_ server thinks and says that: I use dnsmasq's TFTP server on a bridge, with this config: bind-interfaces interface=br0 port=0 enable-tftp tftp-root=/srv/tftpboot "port=0" disables DNS, and I then don't configure DHCP, so it's just a TFTP server. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Google Chrome Update Question
Once upon a time, Tim Evans said: > Usually, dnf updates take care of updating Google Chrome. Lately, > for the past week or so, however, there's a big pink button in > Chrome's status bar labeled "Update," but dnf insists I have the > latest version (google-chrome-stable-115.0.5790.110-1.x86_64). Looks like you have some issue with the Google Chrome repo - the latest version is in fact google-chrome-stable-117.0.5938.149-1.x86_64. Does "dnf --refresh list updates" show any errors when fetching the repo data? -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: EFI and fedora
Once upon a time, Bill Cunningham said: > On 9/25/2023 4:44 PM, Chris Adams wrote: > >Once upon a time, Bill Cunningham said: > >... > >There's no magic reserved space outside partitions that is used for > >booting anymore. The firmware finds the device, reads the partition > >table to find the correct partition, mounts that partition and reads the > >configured executables from it. > > OK I see, thanks exactly what I was asking. So if for some reason > you wanted to save boot code, I guess, you would save partitions and > files? Yes. And maybe I guess dump out the EFI boot variables somewhere (output of "efibootmgr"). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: EFI and fedora
Once upon a time, Bill Cunningham said: > In the days of mbr bios we could save the 512 of the HDD sector. > Now is all this gone with UEFI? Is the bootsector of the partition, > 512 to 1024 or so bytes no longer valid? IS there specific locations > that uefi files are stored in binary of the drive? Or, is that all > gone now and we are just looking at files in text in partitions like > boot/efi ? UEFI uses GPT partitioning, and uses a partition to store the files needed for booting (which Fedora usually mounts at /boot/efi). The partition has a special assigned GPT type, but is typically a VFAT filesystem. There's no magic reserved space outside partitions that is used for booting anymore. The firmware finds the device, reads the partition table to find the correct partition, mounts that partition and reads the configured executables from it. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Cloning disk with dd give me "Error while writing to /dev/sdc: Unit full"
Once upon a time, Jon Ingason said: > I am trying to clone /dev/sdb, Hitachi HTS545050A7E380, 465.76 GiB, > to /dev/sbc, Samsung SSD 870 EVO 500G, 465.76 GiB. > > $ sudo dd if=/dev/sdb bs=4MB of=/dev/sbc bs=4MB conv=noerror,sync Is it really "sbc", or is it "sdc"? I expect it's the latter, and you just wrote a new file called "sbc" in /dev, which is a special filesystem (that's only 4M) and you just filled it up. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Upgraded machine to Fedora 38 and now suspending after 15 minues??
Once upon a time, Joe Zeff said: > On 08/20/2023 01:56 PM, Tim via users wrote: > >Quite an assumption, that's completely wrong for a large number of > >people. And considering the number of PCs that don't get hibernation > >and suspending working right, that's yet another problem to deal with. > > "But it works for us!" That, and the assumption that everybody > wants their desktop to look the way the devs do are two of the main > reasons I don't use Gnome. This wasn't just some developer's idea... IIRC the request for this change came from someone who sells systems with Linux pre-installed (Lenovo?), because this is a requirement for meeting power certifications needed for desktop/notebook systems. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Screen casting - help wanted
Once upon a time, Peter Boy said: > We have a new Quick Docs article about comparison of various screen casting > tools in Fedora: > > https://docs.fedoraproject.org/en-US/quick-docs/screencast-apps-comparison/ The title is "ScreenCast", but then the page is all about screen recorders. These are two related but different things. Casting is considered to be live sending of screen contents to other displays, which may or may not be recorded. Listing info about screen recorders is good, but it shouldn't be a page titled "ScreenCast". -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Getting help for a kernel/video issue?
I have a system with an AMD RX 570, and the various kernel 6.4 releases I've tried all kill video output - it looks like the kernel DRM doesn't see the monitor at all. Even before it gets to X, if I take "rhdb quiet" off the boot line, I get kernel messages up until it tries to switch to the framebuffer mode, I lose video then. I filed a RHBZ bug against the kernel (since that's where I think the problem is): https://bugzilla.redhat.com/show_bug.cgi?id=2224594 But I haven't gotten any response; I understand kernel devs are busy, not complaining about them, but I was wondering if there might be a better place to go. I can test things, share more logs/info/etc., just need some direction. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: libvirtd.service won't start
Once upon a time, ToddAndMargo said: > # rpm -qa libvirt-libs > libvirt-libs-9.0.0-3.fc38.x86_64 > > Removing and reinstalling both libvirt-daemon and > libvirt-libs did not change the symptom. > > I tried downgrading. That did not help either. If I had to guess, I'd say you have some other libvirt.so.0 somewhere that is preempting the Fedora libvirt-libs provided copy. No idea how you'd get that though. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: LIBVIRT_PRIVATE missing
Once upon a time, ToddAndMargo said: > # libvirtd --deamon > libvirtd: /lib64/libvirt.so.0: version `LIBVIRT_PRIVATE_9.0.0' not > found (required by libvirtd) > > I have reinstalled libvirt-daemon. No joy. Seems like somehow you don't have libvirt-libs installed, which is odd since dnf knows it provides the required dependency of libvirt.so.0(LIBVIRT_PRIVATE_9.0.0)(64bit). Don't know what you did to get to that state. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Mounting host directory on VM to load on VM startup
Once upon a time, Robert McBroom said: > I don't see virtiofs as a file type in man fstab. Is there documentation? The fstab man page is not an exhaustive list of filesystems or options, just the format of the file itself. There's lots more in the mount(8) man page (as referenced in the fstab man page), although I don't think there's much about virtiofs there. The server side (that libvirt manages for you) comes from this site, which has more info about using it: https://gitlab.com/virtio-fs/virtiofsd -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Mounting host directory on VM to load on VM startup
Once upon a time, Robert McBroom said: > Put the mount command > > mount -t virtiofs hostfiles /user/local/src > > in /etc/profile.d/mnthst.sh > > to connect when the virtual machine is started. Every time I start a > terminal session in the VM I get the message Yeah, that's not at all right. /etc/profile.d is intended for shell snippets that are run when shells start (so every login and also when you start additional shells). You don't need a script at all to mount a filesystem at boot, you need to put it in /etc/fstab. For this, add an entry like: hostfiles /user/local/src virtiofs defaults 0 0 -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: logging in as root
Once upon a time, Mike Wright said: > You want to use "sudo su" and use your personal password. There's no reason to "sudo su" (don't know why this gets recommended). You can "sudo -s" (similar to plain "su", stays in current directory, doesn't act like a login shell) or "sudo -i" (similar to "su -", initializes like a login). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: firewalld question
Once upon a time, Tim said: > We're more used to controls doing something immediately. This is more > akin to editing a configuration file, then restarting the service. When you think about changing firewall rules, especially on a remote system, it makes sense - you may need to batch up changes and apply them all at once to avoid locking yourself out for example. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: What causes mailing list bounce?
Once upon a time, Thomas Cameron said: > As far as I can tell, the Fedora mailing list doesn't do this, > either. I think it only does the rewrite for p=reject and p=quarantine, not p=none, since by definition, p=none is for monitoring. If you don't want to monitor, then don't set DMARC or set a policy that would require rewrites. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: firewalld question
Once upon a time, Amadeus WM said: > 2. The command that I tried > > firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol > value="tcp" destination address='aa.bb.0.0/16' reject" One quirk of fireall-cmd is that there are two distinct modes - one that operates on the stored configuration (with --permanent) and one that operates on the running config (without --permanent). When you make a change with --permanent, it is stored, and will take effect on future boots, but it is not applied to the current config. You need to run the same command without the --permanent to apply to the current running config. Alternately, you can make all your changes to the running config (no --permanent), and then store them all at once with firewall-cmd --runtime-to-permanent (but if you have something making dynamic changes, like fail2ban for example, that would get stored as well). Or you can make all your changes to the permanent config and then load them to running all at once with firewall-cmd --reload. > didn't put anything in iptables, i.e. iptables --list shows no rules. On > the other hand, I do have this reject rule in /etc/firewalld/zones/ > FedoraWorkstation.xml. iptables only exists as a compat layer on top of nftables, and not everything in nftables will be reflected in the output of iptables. To see the full nftables running config use "nft list ruleset". If you are going to use firewalld, you need to either _only_ use firewalld, or use nft with separate rulesets along side the firewalld managed rulesets. Trying to mix in iptables rules is unlikely to work how you'd like. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: GRUB Issue? Console Fonts and messages?
Once upon a time, Stephen Morris said: > I was under the impression that for UEFI boots Fedora loaded > /boot/efi/EFI/fedora/grub.cfg which loads /boot/grub2/grub.cfg, so > when you run grub2-mkconfig you need to specify grub2-mkconfig -o > /boot/grub2/grub.cfg, as I do, to get you font changes into the grub > boot menus. /etc/grub2.cfg (and the legacy /etc/grub2-efi.cfg) are symlinks to the right place... wherever that place may be. So it's generally listed as "grub2-mkconfig -o /etc/grub2.cfg", because that should just do the right thing. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: gimmicks for most & a question networking curious/experts - ? MACSEC
Once upon a time, lejeczek said: > To start with the most basic of what I ponder over - basic in my > mind though I get, that it does not have to be that or > simple/obvious - is MACSEC with 'bond' as parent or in other words: > macsec "on" a 'bond' network interface. > Should such a "thing" work, does it work? My understanding is that you do MACsec on physical interfaces, so you would configure it on each member of a LAG, not the virtual LAG interface (e.g. bond0) itself. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: How to set up dhcpd.conf to serve different UEFI files per OS
Once upon a time, Thomas Cameron said: > I really wish that there was something in the OS that would identify > itself when it sends a DHCP broadcast. Again, the DHCP request that gets a response "use this file" comes from the firmware, not the OS. It goes something like: - BIOS/UEFI configured for network boot sends DHCP request - DHCP server says "use this file (aka shim)" - BIOS/UEFI loads that file and runs it - shim loads grub2 or pxelinux, they get their configs/menus - you choose an OS to load - grub2/pxelinux fetches kernel and checks the signature and fails it it doesn't match The step that has to change between Fedora and RHEL is step #2, when the DHCP says "use this file", and at that point, the only thing involved is the BIOS/UEFI firmware. The only available info at that point is some very minimal hardware info like the MAC address. After that, it's too late to change. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: How to set up dhcpd.conf to serve different UEFI files per OS
Once upon a time, Joe Zeff said: > On 06/04/2023 01:40 PM, Chris Adams wrote: > >It'd be nice if there was a way to chainload one shim from another > > If memory serves, you could have GRUB boot Windows by giving it the > command chainload +X, where X represented the number of sectors to > load. I've no idea if GRUB2 still does this, but if so, it might be > what's needed. I poked around at that at one point, and couldn't find a way to get it to chainload another shim from the network. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: How to set up dhcpd.conf to serve different UEFI files per OS
Once upon a time, Thomas Cameron said: > Yeah, that's why I was hoping there was maybe some magic in the > vendor-class-identifier response that I could use. It would make > life a LOT easier. All the DHCP communication happens before shim is loaded (and then it's too late to change), so all you can see is the base hardware info. If you know your hardware, you could configure MAC addresses in your DHCP config to control the response, pointing to a different shim/config depending on which MAC is requesting. Otherwise, I suppose you might be able to do something odd like serve up one shim/config via TFTP and a different one via HTTP, so you could choose UEFI PXE for one OS and UEFI HTTP for the other. It would probably be confusing after the fact though. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: How to set up dhcpd.conf to serve different UEFI files per OS
Once upon a time, Thomas Cameron said: > Is it that the shim.efi file is signed for UEFI environments, and > the RHEL kernel is expecting the signature for the RHEL shim.efi > file? If so, how do I specify which shim.efi file I want to use > based on the kernel? I would assume I'd need to add the correct > shim.efi file in /var/lib/tftpboot/images/[kickstart_os] the same as > I add the vmlinuz and initrd.img. But how do I tell the machine > being kickstarted where to get the correct shim.efi? Is there a > vendor-class-identifier I can check to see what the OS is, and then > point the machine being kickstarted to that file? As far as I can tell, you cannot configure network boot for different OSes in a UEFI Secure Boot environment. The shim is loaded first, before you get to the point of choosing which kernel to boot, and a given distribution's shim will only load other Linux things signed by that distribution's key. It'd be nice if there was a way to chainload one shim from another (they're all signed by the MS firmware-trusted key, so it seems like this should be possible and still meet the security requirements), so you could have a menu option "Switch to RHEL" that would load the RHEL shim+bootloader, but I don't think that's possible today. I'm using grub2 for network book rather than syslinux, but I couldn't figure out a way to make that work. The only way to handle it would be to distinguish the clients at the DHCP server (use separate VLANs, pre-configure MAC addresses, etc.). Once the DHCP server sends an answer, it's too late to change. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: randomization
Once upon a time, Samuel Sieb said: > On 5/25/23 18:18, Bill Cunningham wrote: > > How would you access randomization at the system level? No > >via srand or rand, but the randomization the system offers through > >/dev/random. Would this be a fedora level system call ? > > > > I intend to take a 512 or 1024, for example, size chunk and > >fill that with system randomization. Not what you get with srand > >and rand I believe they are inferior to system randomization. > > Open /dev/random as a binary file and read however many bytes you want. > I assume you know that the amount of data available from there is > limited and if you ask for too much, you might have to wait a while > for it to get generated. There's also /dev/urandom (which should never "run out" of randomness), but IIRC they're the basically same now and neither will block (except possibly during boot). But if you're writing a program, there's the getrandom() call. https://man7.org/linux/man-pages/man2/getrandom.2.html -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: ide editor??
Once upon a time, Sam Varshavchik said: > Everything else is a pale imitation of emacs' awesomeness. Oh, did the emacs OS finally implement an editor? :) -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: System upgrade verification
Once upon a time, Jeffrey Walton said: > This always baffles me... Fedora includes irrelevant keys. For > example, old keys and keys for different arches. Something feels wrong > about trusting them. The arch-specific keys are symlinks. The files in /etc/pki/rpm-gpg are not all in your RPM database either; they're just made available (so more just kind of a history thing). They're normally only installed if a repo file in /etc/yum.repos.d references one and you try to install a package from the repo (and so accept the key when prompted). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Experience with 10Gb ethernet adapters?
Once upon a time, Samuel Sieb said: > If you have two gigabit interfaces and a managed switch, you can > also team the interfaces for double the bandwidth. Still much > cheaper than going to 10Gb. You do not get double the bandwidth from a LAG, except under the most ideal circumstances; you probably get an increase in overall traffic, but usually not at all for something like NFS (which uses a single TCP socket for communication). LAGs don't balance or round-robin traffic; they hash some selection of packet info (sometimes just source/destination MAC, sometimes adding IP, sometimes also TCP/UDP src/dest port) and select a LAG member to use based on the hash. All packets of a single stream go down the same LAG member, because otherwise you introduce jitter and out-of-order packet arrival. Also, 10G has lower latency than 1G, which helps NFS performance as well. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Experience with 10Gb ethernet adapters?
Once upon a time, Ian Pilcher said: > For short runs, you can use DAC cables; no need for separate SFP+ > modules. FS.com has 2m 10G DAC cables for $14. It's a trade-off... cards that take SFP+s tend to cost more than cards with just an RJ-45 jack. I do have a DAC cable between my router and switch (because both are SFP+), but then I have RJ-45 SFP+s in the switch for the computer ports (because the computers are just RJ-45). > (Just make sure that their coded properly for the hardware that you're > going to use them with.) This is sooo stupid. Even as network vendors have mostly backed off this crap, Intel's drivers in the Linux kernel enforce vendor coding. The driver for older chips has a module option to disable it, but the more recent driver for newer chips doesn't even have that. I was very surprised when I got bit by this at a previous job - we tended to get FiberStore "generic" coded modules, which work just fine in equipment from multiple vendors, but then newer Dell servers with newer Intel 10G chips rejected them. We shipped out servers to a customer, who only after shipment said they wanted 10G rather than 1G connections, and asked if they could install an SFP+ they had on hand (it was a telephone company ISP, they had lots), and we said "sure" and proceeded to go through lots of troubleshooting, with them swapping modules, before it got to me and I checked and saw the Linux kernel rejecting the modules. Embarrassing for us. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Experience with 10Gb ethernet adapters?
Once upon a time, Roger Heflin said: > To use a 10Gbit interface you will have to have multiple machines > doing large file sequential io (assuming they are wireless or gbit > interfaces) at the same time. I disagree. Both my home "server" and desktop are regular desktop motherboards (well, "gaming" models because those usually have more ports), with Ryzen CPUs (nothing particularly fancy). The server has 3 NAS-type SATA drives in Linux md RAID5, with an NVMe read cache on the LVM pool. I just picked a random large file that wasn't in the cache and did a dd over the NFS and got 199 MB/s - hot cache it was 1.2 GB/s. This is with zero effort at tuning the network interfaces (managing interrupts or any ethtool-type settings), or even really doing much to try to improve NAS speed (like using more and/or faster drives). Modern systems can easily surpass what a 1 gigabit NIC can do. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Experience with 10Gb ethernet adapters?
Once upon a time, Thomas Cameron said: > Do you just use a copper SFP+ module like > https://www.ebay.com/itm/164322691847 in the Microtik? I'd love to > know what you use. I used QFPTEK modules from Amazon, but any should do. The Mikrotik does run a little hot with them (it's passively cooled), but I have it vertically mounted and it seems fine. > I was leaning towards this switch: > https://www.amazon.com/TP-Link-TL-SX105-Wall-Mount-Protection-Auto-Negotiation/dp/B09CYNHL4S. > It looks super simple, it already has the copper interfaces so I > don't need SFP+ modules. I went with the Mikrotik because I wanted a managed switch so I could have VLANs. > My preference is to use plain old cat7 ethernet, like 10 foot cables > or so: > https://www.amazon.com/AmazonBasics-High-Speed-Gigabit-Ethernet-Internet/dp/B07ZTQY9DD/ I went with some CableCreation "ultra thin" cat6A cables (makes for easier cable routing and bundling). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Experience with 10Gb ethernet adapters?
Once upon a time, Thomas Cameron said: > I use an NFS server export to mount my /home directory on my > desktop. I've got the itch to go to 10Gb ethernet, but I am reading > that the tp-link tx401 has a problem with bridging, and I use > bridging for KVM virtual machines on my desktop. I *think* that you > can just disable using the command "ethtool -K lro off," but > I wondered if anyone had any experience with NICs that work with > bridging out of the box. I have a couple of these, one in my home server (which includes NFS) and one in my primary desktop, connected through a Mikrotik CRS305 switch, and the setup works fine. I am using bridging on both systems (for VMs), and that works fine as well. Checking my interfaces, it looks like LRO is already disabled (I'm guessing by the "atlantic" kernel driver, as I haven't set any ethtool options). I have experienced a couple of issues, both related to putting my desktop to sleep when I'm not using it: - Every once in a while, when I resume, the network is dead. There's a kernel oops (that's kind of vague) and I have to reboot. This isn't a huge problem, because it only seems to happen after a bunch of suspend/resume cycles, and I typically reboot for updates more often than it happens. - I also run jumbo frames, and after a suspend/resume cycle, the MTU on the NIC resets to 1500 (while the bridge interface stays jumbo). This breaks communication. I don't know if the driver is expected to restore the MTU and isn't, but NetworkManager also doesn't seem to handle bridge+suspend/resume right; NICs show "connected (externally)" in nmcli after a suspend/resume, like NM loses management of them. I've just hacked around this by adding a dispatcher script to reset the MTU. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: whence USB 2?
Once upon a time, Michael Hennebry said: > BTW whatever happened to the B connectors? They're still around for "classic" devices, but USB-C includes support for both ends being the same (so now the cable doesn't care "host" vs. "device", like most HDMI, DisplayPort, ethernet, classic RS-232 serial, etc.). There are even the oddball USB 3.0 USB-B connectors (with the extra piggyback that won't fit in a regular USB-B port). They've overloaded the uses of USB-C, and made the USB 3 and 4 specs confusing and misleading, but the "USB-C everywhere" bit replacing A, B, extended B, mini B, micro B, and more is a definite improvement. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: More fun with SSL certificates
Once upon a time, Jeffrey Walton said:
> Re, the info about a fake server:
>
> As a workaround, configure a fake server that is never used but is
> just a decoy for httpd to associate with the default server
> configured in /etc/httpd/conf.d/ssl.conf...
>
> ServerName neverused.org
>
> IANA reserves example.com for this sort of thing. I strongly encourage
> you to use the reserved name.
example.com is not supposed to go in real systems, it's more for
documentation and such.
I'm not very familiar with Apache anymore, as I rarely touch have to
touch it, but with nginx, I do this on Internet-accessible servers:
server {
server_name "";
listen 80 default_server;
listen [::]:80 default_server;
return 404;
}
server {
server_name "" _;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_reject_handshake on;
return 404;
}
--
Chris Adams
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: More fun with SSL certificates
Once upon a time, Jeffrey Walton said: > On Tue, May 2, 2023 at 6:22 AM Patrick O'Callaghan > wrote: > > # openssl x509 -in cert.pem -noout -text > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > 04:ff:0e:50:c1:ee:21:26:7d:96:d1:97:5e:45:5a:d3:74:09 > > Signature Algorithm: sha256WithRSAEncryption > > Issuer: C = US, O = Let's Encrypt, CN = R3 > > Validity > > Not Before: May 1 21:20:11 2023 GMT > > Not After : Jul 30 21:20:10 2023 GMT > > Subject: CN = bree.org.uk > > Subject Public Key Info: > > Public Key Algorithm: id-ecPublicKey > > Public-Key: (256 bit) > > pub: > > 04:68:eb:44:a1:68:a8:f9:a0:54:ee:6e:ec:15:02: > > 5c:e8:a7:39:d0:32:11:9d:d4:71:52:85:64:49:74: > > ca:cf:f3:ed:b5:c3:3c:45:cb:62:0d:4a:9b:cb:ae: > > 27:51:aa:f8:22:65:dc:6d:8f:e7:5c:39:bd:28:a4: > > 5e:d8:10:18:0b > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > ... > > CN = R3 does not match Apache's ServerName. You are looking at the Issuer field (i.e. the cert that was used to sign this cert). And also, the Subject CN is not referenced by browsers anymore, only the subjectAltName DNS: entries (which were not shown). However, checking the public certificate transparency logs, the above cert is this one: https://crt.sh/?id=9283300806 That has subjectAltName field of "DNS:bree.org.uk", which appears correct. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Systemd Unit Fails at Boot, but Succeeds when Started from the Console
Once upon a time, Jonathan Ryshpan said: > This unit >$ cat /etc/systemd/system/noip-duc.service >[Unit] >Description=No-IP Dynamic Update Client >After=network.target auditd.service This should probably be network-online.target. > always fails at boot time with the message status=2/INVALIDARGUMENT That's the exit code from the program. It is probably the return code from a system call made within the program, not in response to some command-line argument. But if the program runs before the network is up and doesn't handle waiting, that's the most likely culprit. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: saving backward compatibility :-)
Once upon a time, Patrick O'Callaghan said: > On Sat, 2023-04-29 at 10:23 -0400, Tom Horsley wrote: > > I'd wager there are shell scripts using fgrep that were written on > > the first pdp-11 unix and are still in use today > > IIRC early PDP-11 UNIX (pre System V) only had grep. fgrep and egrep > are later additions. (Not trying to counter your argument). The warning (and presumably eventual removal) of egrep/fgrep is really pretty dumb. In most cases, the idea of removing deprecated functionality is to remove stale code and/or reduce code complexity. But there's zero benefit to removing egrep/fgrep, since the functionality will still be there (as grep -E and grep -F), and the "complexity" of each is a one-liner shell script (arguably, this could just be a couple of lines in grep to detect argv[0] and use symlinks). When running commands, egrep and fgrep are easier/shorter to type than grep -E and grep -F (espcially since the options are capitalized). I can easily work around the stupidity by just making egrep/fgrep shell aliases instead, bypassing the warning for interactive use, but that doesn't make it any less dumb. There is absolutely zero demonstrable benefit to this warning (and eventual removal), except to break old scripts and old typing habits. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: F38 and NUT
Once upon a time, Greg Woods said: > Looks like I spoke too soon; I noticed that the nut-monitor service had > stopped running. I restarted it, and: NUT is a bit of a bear to get configured, but as far as the systemd portion, I only have nut.target enabled. It looks like that pulls in all the rest of the necessary bits. The config files I have edited under /etc/ups are: - nut.conf set "MODE=standalone" - ups.conf add a section for the UPS - upsd.conf add "LISTEN ::" (not needed for most, I'm monitoring UPS status remotely) - upsd.users add a section for a monitoring user - upsmon.conf add a MONITOR line for the UPS+user -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Certbot error - SOLVED (?)
Once upon a time, Mike Wright said: > I don't understand how his logs are accessible to the web. They are > not under the DocumentRoot. error.log is above it and access.log is > next to it. Is it somehow possible for a client to reach above / ? I didn't look at the posted configs (I haven't run Apache in ages, switched to nginx), so I didn't know the DocumentRoot. I just saw the directory path as /var/www/, which I've seen lots of people use as their DocumentRoot. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Certbot error - SOLVED (?)
Once upon a time, Patrick O'Callaghan said: > httpd: could not open error log file /var/www/bree.org.uk/error.log Putting the log under /var/www is very bad practice, as that could be remotely accessible now (and share all kinds of useful information to attackers). Rather than do that, and disable SELinux protections, you should put your logs under the log directory, /var/log. If you don't like the default permissions on /var/log/httpd, you can make another directory, but still under /var/log (and not accessible over the web). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Broken by the grub startup after have move whole the system from one SSHDD more small to a SSD more big by a software acronis
I'm not sure exactly where your system is stopping, but I just went through an issue moving a system yesterday, so maybe this will help. If your system is booting in UEFI mode (running "efibootmgr" shows boot entires), there's an extra file that needs to be updated that I don't think is clearly documented anywhere, nor is there a command to updated it. That is /boot/efi/EFI/fedora/grub.cfg. It searches for the /boot partition by UUID. To find the correct UUID, I believe this will work: - boot a Live image from USB - select Troubleshooting at the boot menu and choose Rescue - at the prompt, choose to mount the system - in the shell, run: chroot /mnt/sysimage - find the correct UUID with: lsblk -o UUID,MOUNTPOINT | grep ' /boot$' - edit /boot/efi/EFI/fedora/grub.cfg and put that UUID on the "search" line I'm not sure that this is clearly documented anywhere, and I don't think there's any command to update that file easily (unlike regenerating the main grub.cfg with "grub2-mkconfig -o /etc/grub2.cfg"). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Certbot error
Once upon a time, Patrick O'Callaghan said: > BTW 'certbot certonly ..." also failed. I'm 99% sure this is a problem > with my Apache installation. I think others have mentioned it, but I would highly suggest using --webroot rather than --apache. You have control of the Apache config that way and can get it right (once) and be done with it, just pointing certbot to your chosen and configured directory. The validation step does use port 80, due to pre-SNI shared hosting servers sometimes serving site A's content on port 443 for site B's URL (allowing site A to impersonate site B for ACME purposes). Especially if you aren't otherwise using port 80, you can just configure an Apache virtual host on port 80 and point it to an otherwise-unused directory, to use with --webroot. I do most of my Let's Encrypt cert validation with DNS these days (to allow for wildcard certs and/or hosts on private networks), so that's about it for ideas from me. :) -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Is there some way of getting interactive access to a Fedora boot menu to a computer on the same LAN?
Once upon a time, Tom Horsley said: > I believe grub has support for VNC access I don't believe that exists, no. grub2 can have local consoles of a few types: various local graphics and serial, which can be connected to another system. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Is there some way of getting interactive access to a Fedora boot menu to a computer on the same LAN?
Once upon a time, p...@pricom.com.au said: > I am guessing this is not possible since the network is not even > running yet . . could a mini-network of some kind be possible for > the menu? In general, no. This is usually a function of server hardware, using IPMI (a separate little microcontroller with its own IP address and protocol), implemented by things like iDRAC (Dell) and iLO (HP). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: MongoDB for fedora37?
Once upon a time, Alex said: > I don't see mongodb in the default fedora37 repo. Anyone know where I might > find a maintained package? I've been using the one from centos7, I believe, > but it's dated and would like to find a more current version. Upstream changed their license to non-Free, so Fedora dropped it. Last time I needed it, upstream had some yum repos, although I don't know how well they are maintained. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: software or hardware raid?
Once upon a time, George N. White III said: > Some data can be replaced, but there are also real-time data flows > where data are lost forever when the system does down. I recall a > lost-of-data incident where the system was on UPS+ generator but > IT hadn't received the replacement for a failed UPS battery in the > network closet. Lots of the time, UPSes and generators are not actively monitored and tested. An untested backup system is not a backup system, it's just another point of failure! I have seen failures of big UPSes, generators, transfer switches... you name it, even if it is "redundant", it can (and will) still fail. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: software or hardware raid?
Once upon a time, Ranjan Maitra said: > Thanks, this will be a fairly high uptime machine (not allowed to call it a > server here, because that is central IT's role to have and administer:-), > running lots of jobs at least a large part of the time, but the RAID will be > on the /. It is more to keep the machine going if one of the two / drives > fail (and till such time as I can get and put in a new one). That's a good target for RAID (I just like to remind people RAID is not backups, because double drive failures happen, filesystem corruption happens, somebody deletes the wrong file happens, and so on). > I see, so your recommendation is to go for xfs? It's what I use, in part because I also run RHEL and CentOS servers, where XFS is the default and preferred filesystem by Red Hat for a while now. I think the pros and cons of XFS vs ext4 probably aren't that significant in most use. XFS doesn't currently support any kind of shrink operation (more of an issue if you are using LVM but not LVM thin pools, and there is some work on adding this). ext4 can also journal data (doesn't by default by can be enabled), which gives additional protection (at an additional performance cost). XFS is higher performance for some uses, but that probably gets into specifics about your use cases to know if it really is (or if it matters). XFS supports reflinks while ext4 does not, which again can be useful for certain things. If you are familiar and happy with ext4 though, there's no reason to switch unless you see something in particular that XFS would do better in your use. ext4 is not going away any time soon, and both ext4 and XFS are mature and stable filesystems (and both are still getting development). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: software or hardware raid?
Once upon a time, Ranjan Maitra said: > Thanks to everybody. I recall discussion from several years ago on the > benefits of software over hardware RAID. I had completely forgotten about UPS > for this new machine. Btw, what happens if power goes out (and I do not have > UPS)? Linux software RAID keeps a bitmap of pending writes by default, which is an okay (but not perfect) mechanism to recover from unexpected shutdown. There's also an option to keep a write journal instead, but unless you put that on a separate fast device (e.g. quality SSD with long write lifetime), it'll impact performance significantly. There are trade-offs between various types of SW and HW RAID, so really the first question would be "what are your requirements and expectations". Are you talking about a high-uptime server, or a desktop where you just want to make hardware failure less annoying? RAID (HW or SW) is NOT backups, so you shouldn't depend on it for saving your data. HW RAID has some advantages - quality controllers will have battery-backed cache, so things like write journaling don't impact performance and recovery from unexpected power failures is basically instantaneous. For high performance requirements, there's less overhead with HW RAID (because data only has to transit the bus once, then the RAID controller has its own paths to the drives). But HW RAID typically requires odd and/or proprietary software to manage, detect failures, etc. Depending on the RAID level you are using, recovery from a failure of the controller itself can be harder too. > Btw, I still stick to ext4, largely because of inertia (and because I have > used lvm in the past and hated its naming conventions, I think, but there > were also other limitations that I do not now recall) and have stayed away > from zfs or btrfs or lvm. I am not sure what to do now. Clearly, things have > moved far on. I'm generally in the XFS on LVM (on SW mdraid when needed) camp myself... LVM adds a significant layer of flexibility and ability, but still using more "traditional" filesystems like XFS and ext4. I had poor experiences with ZFS at a former job, and am still a little leery of some of the approach BTRFS takes. I'm playing with adding the dm-integrity layer for my SW mdraid (so then XFS on LVM on mdraid on integrity on drive) setup as an additional check against silent drive failures, but again, unless you put that data on a separate fast SSD, it slows down performance a lot. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: tar
Once upon a time, Patrick O'Callaghan said: > So Fedora can supply the executable (and source) but not the > documentation? Is there something wrong with this picture? The executable/source doesn't come from POSIX, it comes from glibc. It just implements the interface defined by POSIX (which is freely reimplementable). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: tar
Once upon a time, Jon LaBadie said: > I'd also like to see some docs on the meanings of the > variables. For example, is ARG_MAX the maximum NUMBER of > args or the maximum total length? I assume the former. It's the max total length (and includes the environment variable size). The difference in man page availability is due to this coming from the POSIX spec, which is in the man-pages-posix package. However, The Open Group changed the license to something not compatible with Fedora, so that package was moved to RPM Fusion. You can also see the POSIX/Single Unix Specification here: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/ ARG_MAX is defined in the limits.h header (click on Headers at the bottom left to find it). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: vim question - how to stop auto comments
Once upon a time, Sbob said: > Anyone know how to disable the vim feature where it auto comments > all lines after a comment, meaning if I add a comment line and then > hit enter for a new line I do not want the new line to automatically > hace a comment (#) char... it's driving me nuts! What you want is "set formatoptions-=o"..., but it's actually a little tricky to change this behavior, because of how vim loads config (file type config comes after ~/.vimrc, and after ~/.vim/after/* files). The most common way is to use an autocmd, so something like: autocmd FileType * set formatoptions-=o in ~/.vimrc. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Tip: how to make your own resolv.conf
Once upon a time, Tim said: > But being serious, I did start looking through the man files for the > new networking schemes (man systemd-resolved). And supposedly, > /etc/resolv.conf is a link to /run/systemd/resolve/stub-resolv.conf > And when it is, it controls the file its linked to. Yeah, if you just edit /etc/resolv.conf without reading it (leaving it a symlink to /run), your edits will get lost. All you have to do is remove the symlink and replace it with a file, and systemd-resolved will stop touching it (again, as documented in the file). It's not some mystery, or difficult problem to solve, if you read the comments and referenced documentation. > It is all a bit of a maze, and I don't really see how this was an > improvement on the previous methodology. A single system-wide resolv.conf cannot handle more complicated setups, such as a VPN where lookups for certain domains should be sent to a server across the VPN. You have to run some form of local DNS server to handle that (which could be BIND, Unbound, dnsmasq, etc.). Each of those have their own configuration quirks that can make it more complicated to programmatically manage, so systemd-resolved was created. I'm not entirely satisfied with systemd-resolved, but it solves things for a majority of cases. > Likewise with network configuration. If the previous config files > actually did the job, why didn't they keep on using them, and just > update the tools that set them up? The previous ifcfg files had many quirks, starting from being created as shell variable lists to feed to bash scripts for network config. They were also specific to Red Hat Linux derived OSes (e.g. Fedora, RHEL, CentOS, etc.). NetworkManager was created to solve multiple things, one of which was standardizing network configuration across distributions. The NM plugin to support the RHL-style ifcfg files has been there as a backwards-compatibility wedge, but it was time to move on from using that by default (and deprecate the old network-scripts pile of shell code). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Heads-up: Google Chrome repo disabled on Fedora upgrade
I upgraded several systems from Fedora 35 to 37 a few weeks ago. I realized yesterday that one (my primary desktop of course) was not getting updates to Google Chrome, which has had some important security fixes recently. I realized that the Google Chrome yum repo had been disabled - checking my backups, it was disabled when I did the upgrade from 35 to 37. I'm not sure why that happened (and why only on one system, out of at least four with that repo enabled and Chrome installed), but others that have done Fedora release upgrades (via dnf system-upgrade) and use Chrome from the yum repo might want to check that it's still enabled (so they're still getting security updates). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Firefox and WebAuthn?
I can use my Android phone with Google Chrome (connected with Bluetooth) as a WebAuthn security device. When I try to register a WebAuthn device with Firefox, I get a pop-up that says: wants to register an account with one of your security keys. You can connect and authorized one now, or cancel. And the only option is "Cancel" - I don't see a way to actually register anything. Is there a way to use WebAuthn with Firefox on Fedora? -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora on a Mac Book Pro
Once upon a time, Terry Polzin said: > I've come across a circa 2011 Mac Book Pro. It appears to be in decent > condition save for the power adapter which appears to have been chewed by a > pet, so it doesn't flame on. > > Has anyone had success installing fedora on one of these? Just curious > before I put money into a power adapter, I'm guessing someone ran the > battery flat (its probably shot anyway) and didn't pursue getting a new > power adapter. I ran Fedora on an early-2011 MBP (think there was a slightly different late-2011 model). Fedora worked okay, but it was a kind of crappy computer. The cooling was terrible, so anything you did that used CPU would make it sound like a jet rolling for takeoff, while at the same time throttling the CPUs because apparently all the fan was good for was making noise. A co-worker had the same model but running Mac OS, and it had basically the same behavior. IIRC the only hardware issue was that it used one of the Broadcom wifi chips that had non-redistributable firmware, so I had to use the fwcutter thing to get it working (but then it was fine I think). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Question on bad links?
Once upon a time, Robert Nichols said: > It's a problem that crops up occasionally, and makes people wonder why they > get a "No space on filesystem" error when the df command shows that plenty of > space is available. That's why the df command has a "-i" option to report > inode usage. A filesystem that's being used for things like a news spool, > which holds lots of small files, needs to be created with more than the > default allocation of inodes. Heh, I haven't run a Usenet server in just over 23 years, but even then, server software was moving away from the file-per-article storage to avoid this issue (and others). Mail servers, on the other hand, were jumping to the file-per-message method just as fast as Usenet servers discarded it, and are still using it. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Monitor speakers change which "device" they are
I have a notebook (AMD chips) connected to a hub (via USB-C), with two monitors hooked up to the hub (via HDMI). The monitors have built-in speakers, and I use one monitor's speakers for default audio. I'm running Fedora 35 MATE desktop (with Pipewire). The problem is that which monitor's speakers are which flips around. Right now, the main monitor is "Renoir Radeon High Definition Audio Controller HDMI / DisplayPort 1 Output" and the second monitor is " 4 Output". After a suspend/resume cycle though, they randomly swap, so I have to go into Sound Preferences and change the default output device. The video side always keeps the correct monitor mapped as the correct part of the display layout, so it seems either there's a unique ID or something that keeps them in the right order. Is there something similar to keep it right for audio? -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Disable rpcbind on NFS server
Once upon a time, Ian Pilcher said: > I don't need rpcbind, as I only use NFSv4. Is there any way to set up > or configure the NFS server-related units (nfs-server.service, etc.) to > not start rpcbind? This is from Red Hat's RHEL 8 docs, but works the same on Fedora (at least version 35). Set 'vers3=n' in the '[nfsd]' section of /etc/nfs.conf, mask the RPC services, and restart NFS: systemctl mask --now rpc-statd.service rpcbind.service rpcbind.socket systemctl restart nfs-server https://access.redhat.com/documentation/zh-cn/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/configuring-an-nfsv4-only-server_exporting-nfs-shares -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: bluetooth mic input support on f35
Once upon a time, Alex said: > The "Configuration" tab shows the BH-M9 headset, and I've selected "High > Fidelity Playback (A2DP Sink: SBC)" as the option. The others are > "unavailable." The playback (A2DP) profiles are all output-only. You need a Headset Head Unit (HSP/HFP) profile to enable input. I'm not sure why you might not see any though. I have several Bluetooth headsets (one ear with boom mic, earbuds, and full headphones with a mic), and they all show HSP/HFP profiles. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: bluetooth mic input support on f35
Once upon a time, Alex said: > I can connect the the device to bluetooth, but it apparently doesn't detect > it as a potential input device. Bluetooth headsets typically offer multiple profiles, and usually Linux defaults to the headphone (output only) profile. The easiest thing I've found is to install pavucontrol, because it puts everything necessary in one panel. There's a configuration tab - you can switch to a headset profile there, then you can switch to the input tab to check the level. And then when you have an application trying to record, you can switch to the recording and playback tabs to make sure it's using the correct devices. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Fedora Scientific Lab : Forbidden
Once upon a time, olivares33561 said: > Dear Fedora users, > > I am trying to download the Fedora Scientific Lab iso, but cannot. > > I click on it : Forbidden > > You don't have permission to access this resource. > > https://labs.fedoraproject.org/scientific/download/scientific-download-splash?file=https://download.fedoraproject.org/pub/alt/releases/36/Labs/x86_64/iso/Fedora-Scientific_KDE-Live-x86_64-36-1.5.iso It seems like there's some missing permissions on the Fedora 36 release in general - did somebody miss a step? I rsync parts of Fedora to a private mirror, and when I was looking last night (12 hours after release), a bunch of the rsync mirrors I checked had not yet opened the releases/36 directory. That includes download-ib01.fedoraproject.org, which still doesn't have Fedora 36 available this morning. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Can new Fedora changes help users ?
Once upon a time, George N. White III said: > In my view, https://docs.fedoraproject.org/en-US/quick-docs/raspberry-pi/ > should > be encouraged (see: > https://www.reddit.com/r/Fedora/comments/n5aew0/fedora_on_raspberry_pi_4/). > Many older as well as potential new users can benefit from modern low-cost > hardware, > but work is needed to make installation on RPi4 as easy and robust as it is > on > current amd64 hardware. Raspberry Pi in particular is problematic and outside Fedora's control, somewhat similar to nVidia GPUs. There are undocumented things, closed source blobs, etc. that make it hard to reliably support Pi. It's really unfortunate that the Pi dominates the small board space. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: ssh resolving with systemd.resolved
Once upon a time, Gordon Messmer said: > systemctl disable systemd-resolved && systemctl stop systemd-resolved BTW for quite some time, this can just be "systemctl disable --now ". > rm /etc/resolv.conf > systemctl restart NetworkManager > > As documented in the original change proposal: > https://fedoraproject.org/wiki/Changes/systemd-resolved If that's what required, then an update to systemd-resolved is in order, since the generated resolv.conf says: # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a # different way, replace this symlink by a static file or a different symlink. Nothing about disabling/stopping/restarting any services. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Script for making a KVM VM from a kickstart
I have been building up a script to quickly and easily make CentOS/RHEL and Fedora VMs from kickstart files for a long time, and thought I'd see if anyone else was interested. It's especially useful IMHO if you are working on building kickstarts, because you can fairly rapidly iterate and test. I've got it built as an RPM, so if others think this is useful, I might submit it to Fedora and EPEL. Let me know what you think! https://github.com/cmadamsgit/ks-install -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: OT: Linux kernel version in fiber modem
Once upon a time, Slade Watkins said: > goes without saying but… old versions of the kernel are certainly way more > prone to these attacks and 100% shouldn’t be included on hardware meant to > be connected to the internet. (let alone send that connection to other > devices and otherwise manage the network…) The kernel is generally not a security issue on most of these devices; there haven't been many remotely-exploitable kernel vulnerabilities over time (at most, they're typically denial-of-service type attacks). I wouldn't really worry too much about just an old kernel version. The security issues with embedded/IoT type things tend to be more in the vendor software, often something that was slapped together with no thought to security and never well maintained. They have debugging passwords accidentally left enabled, poor input processing, etc., and they often run everything as root, losing the key protections of a Unix/Linux environment (so there's no need for kernel security holes to gain privilege). Often, when the vendors do any security updates, they'll do just the minimum needed (which does make sense, since it's also the least likely to break devices that can be difficult or impossible to recover from an update failure). If the kernel doesn't have any known and exploitable security issues, it'll be left as-is. So, an old kernel version can indicate unmaintained software, or it can also indicate conservative update practices. Unforunately, the first case is much more likely. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Building a USB maintenance drive instead of using Live USB drives ?
Once upon a time, linux guy said: > The USB flash recovery OS is extremely slow compared to a Live OS. It is > slow even when I ssh into it and not run a window manager. Why ? What > can I change to make it faster ? IIRC the LiveOS image is run from a squashfs-compressed filesystem, which probably reduces USB accesses (at a cost of a little more CPU, but most of the time, there's CPU to spare). The filesystem type on top of that probably also matters; I'm not sure which general-purpose FS has the better access patterns for USB. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Slack dropping Fedora support
Proprietary applications tend to have trouble with the wide variety of Linux distributions and their variance. That's probably why more are going to Flatpak and/or Snap for distribution, to be able to distribute a single image that runs on Linux. Those also have an advantage of running applications in a limited-access sandbox (so you don't have to trust the proprietay applications as much). It does look like Slack has an official Snap distribution, so that's an alternative to their RPM/yum repo. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Simple home floor plan software?
Once upon a time, Dave Stevens via users said: > On Sat, 13 Nov 2021 17:26:36 -0600 > Chris Adams wrote: > > I'd like to draw a floor plan of my house. Nothing fancy, but I want > > to include all the electrical info (switches, outlets, lights, etc.) > > so I can map out and label the circuit each thing is on. > > > > Any suggestions for something free on Linux for this? > > this was my first hit: > > https://www.edrawsoft.com/linuxdiagram/floor-plan-software-linux.html That's demo-ware, free for 15 days, and then kind of expensive for small-time use. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Simple home floor plan software?
I'd like to draw a floor plan of my house. Nothing fancy, but I want to include all the electrical info (switches, outlets, lights, etc.) so I can map out and label the circuit each thing is on. Any suggestions for something free on Linux for this? -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Envelope printing software -- not LibreOffice
Once upon a time, ToddAndMargo via users said: > The bug is years and years and years old and they > IGNORED IT due to the lack of a payment. Open source software developers typically work on things that interest them or that somebody pays them to. If this is something important to your business (that presumably makes some money), then maybe it has some value to you to contract someone to fix it. Otherwise, you are expecting someone to fix something that they don't use, and/or expecting people on the Internet to do free research for you to find an alternative. That's not really how the open source software world gets along. My father and I wrote software to print envelopes from a CSV list back in the DOS days, and it was a PITA to get it consistently right (the same printer and envelopes seemed to change from month to month). I haven't printed an envelope in decades though, so I'd be in no position to help with this. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: OT: RGB mechanical keyboard
Once upon a time, Douglas McGarrett said: > If you can find an IBM model M keyboard somewhere, you'll never look > for another. They haven't been made in years, AFAIK, but The original IBM keyboard team got spun off with Lexmark, and then spun off as independent company (IIRC owned by the original team from IBM). They still sell the old keyboards, as well as newer models with USB, the newer "logo" and menu keys, etc. They're still buckling spring and feel basically the same (a well-used Model M feels a little different than a brand new keyboard, but I think that's just springs breaking in). https://www.pckeyboard.com/ I have an original (made in 1985 or 1986 IIRC) Model M with the old school coiled-up detachable cable that I used for years, and a couple of the Unicomp USB versions that I use now, and they're great. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: resizing qemu image
A couple of comments... if this VM is managed by libvirt (recent enough version is several years old IIRC), you don't need to shut the VM down or ever touch the image file directly. To resize a running VM image, you can do: virsh blockresize vmname /var/lib/libvirt/images/vmname.qcow2 20G If the VM is using virtio or virtio-scsi drivers, it should see the change immediately. If you are running LVM, on recent enough Fedora (I don't know, at least the last several years), you can then resize without a reboot too. Find the partition (usually 2 on BIOS or 3 for UEFI boot systems with a fairly default setup) and device (usually /dev/vda for virtio or /dev/sda for virtio-scsi), and do (adjusting dev/part): parted /dev/vda resizepart 2 100% quit pvresize /dev/vda2 Then you need to know your filesystem LV name (like "fedora/root") and filesystem type (usually ext4, could be xfs if a Server install) and do: lvresize -l +100%FREE fedora/root resize2fs /dev/fedora/root -or- xfs_growfs / And you have more space! I do this all the time with libvirt-managed Linux VMs. I haven't yet gone through th necessary steps for the more recent btrfs setup. There's also the possibility of LVM set up with thin pools... can't remember if that works the same or needs additional steps. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Windows 11 VMs
Once upon a time, Stephen Morris said: > I thought the TPM was in the cpu, because someone I work with was > indicating it was in the cpu, and in my motherboard's bios the > activation/deactivation of the fTPM is in the cpu configuration > section. There are different implementations of the TPM spec. Both Intel and AMD have CPU-based versions in more recent models; for AMD, this is called fTPM. It's also possible to have a discrete TPM module, which a bunch of motherboards include a header for. The rush to buy modules is uninformed; probably a lot of those systems could just enable the CPU-based TPM in their BIOS. I don't remember when Intel added it (5 years ago?) and don't know if they added it for all CPU models or just some. I think AMD added their fTPM when they introduced socket AM4 (almost 5 years ago). I think the advantage of a discrete and socketed module would be that you can take it with you; either literally (unplug it when you leave the house for example) or just when you replace the motherboard. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: My FC33->FC34 bind-chroot upgrade notes
Once upon a time, Tim via users said: > I think if you want to modify *anything* in the zone files, you'll > first need to stop the service then delete their journal files, before > editing them. Or just freeze/thaw them - no need to stop the server, and you should never delete the journal files. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: How to tell why Firefox won't connect
Once upon a time, Ed Greshko said: > On 06/01/2021 08:03, Chris Adams wrote: > >Off to file a bug, against crypto-policies I guess to start. > > Well, I don't know why you'd do that. > > I just did "sudo update-crypto-policies --set LEGACY" on an F33 system, > restarted the system as > suggested, and I was able to access that site just fine. Because that's not supposed to be necessary. The site's crypto appears to be okay (as far as I can tell), and so weakening all crypto on my system to access it is not a legitimate solution. And the whole point of having system crypto policies is that they are supposed to be consistently applied, yet they are not (it's pretty evenly split that some clients work and some do not). There is something broken - that's why I filed a bug. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: How to tell why Firefox won't connect
Once upon a time, Ed Greshko said: > On 06/01/2021 04:10, Chris Adams wrote: > >I'm getting an error connecting to an HTTPS website with Firefox of > >SSL_ERROR_NO_CYPHER_OVERLAP on Fedora 33. How do I see what ciphers > >Firefox is configured to use? > > > >When I use a public scanner to see what the site supports, it appears > >that there are multiple secure ciphers available, so I don't know why > >Firefox doesn't like them (and it doesn't provide any more information). > > > >The site in question is https://support.juniper.net/. > > > >I understand adjusting Fedora settings to require good security, and I > >know I can lower security system-wide, but no debugging info is not > >good. And really - having to lower system-wide security settings to > >allow connection to one site is a poor design. > > See https://bugzilla.redhat.com/show_bug.cgi?id=1893581 and > https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 > > In the second link, see the section on " Upgrade/compatibility impact" Yeah, I see that, but I don't see what is wrong with support.juniper.net. If I set the system policy to LEGACY and run openssl s_client, I see: Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 6642 bytes and written 485 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit I can't see what is wrong; I think that all meets the policy. And that's a problem with the single all-encompassing policy... except oh by the way it isn't all-encompassing. Midori and Chromium both connect just fine; so can gnutls-cli (I don't know of a corresponding NSS client). So this appears to stop OpenSSL and NSS but not GnuTLS. Off to file a bug, against crypto-policies I guess to start. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: How to tell why Firefox won't connect
Once upon a time, Joe Zeff said: > On 1/5/21 1:10 PM, Chris Adams wrote: > >And really - having to lower system-wide security settings to > >allow connection to one site is a poor design. > > Yes! Poor design by that site, unless it's dumping malware or > otherwise stealing data. For many reasons, this is wrong. You don't know the security of every device or server I need to connect to (I've had to lower system security policy before to connect to older hardware for example). And since you can't tell me why the site I cited is "bad", I can't even suggest a fix. So the poor design is Firefox and the Fedora crypto policy implementation. Using a scanner, I can see that the site supports TLS 1.2. The first server-preferred cipher is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDH secp256r1), which I think should still be considered secure. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
How to tell why Firefox won't connect
I'm getting an error connecting to an HTTPS website with Firefox of SSL_ERROR_NO_CYPHER_OVERLAP on Fedora 33. How do I see what ciphers Firefox is configured to use? When I use a public scanner to see what the site supports, it appears that there are multiple secure ciphers available, so I don't know why Firefox doesn't like them (and it doesn't provide any more information). The site in question is https://support.juniper.net/. I understand adjusting Fedora settings to require good security, and I know I can lower security system-wide, but no debugging info is not good. And really - having to lower system-wide security settings to allow connection to one site is a poor design. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
Once upon a time, Tim via users said: > On Tue, 2020-12-29 at 08:32 -0600, Chris Adams wrote: > > There is no NAT for IPv6, but that's a feature. NAT doesn't really > > add any security; NAT is a combination of two things: a stateful > > firewall (which gives you the protection) and a packet mangler (which > > causes no end of problems). You can still have a stateful firewall > > with IPv6, you just don't need the packet mangler anymore. > > That's the first time I've ever seen anyone say a stateful firewall is > a part of NAT. Sure, systems may have both, but I wouldn't call one > part of the other. I've certainly used systems with NAT, going back to > Win98SE days, that had no firewall. Anything that does IPv4 NAT is performing the functions of a stateful firewall, plus packet mangling. You may not have control of the firewall, but it is inherently there. You cannot have NAT without the exact same state tracking and ALGs of a stateful firewall. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Do you disable IPV6? - Fedora Workstation
Once upon a time, Neal Becker said: > Let me say up front I'm not very knowledgeable about v6 yet. One reason I > don't want to enable it is the exact flip side of the address scarcity of > v4. Because of that, external connections are nat'd. That seems to me to > offer an additional layer of protection for devices on my network, they > don't have externally routeable addresses. I think that is not true if I > turn on v6. Is this correct? There is no NAT for IPv6, but that's a feature. NAT doesn't really add any security; NAT is a combination of two things: a stateful firewall (which gives you the protection) and a packet mangler (which causes no end of problems). You can still have a stateful firewall with IPv6, you just don't need the packet mangler anymore. Returning to end-to-end addressing is nice - for example, I can open up SSH on my home firewall and connect to home systems from my cell phone (because both my home and cell Internet providers have native IPv6). No more silly port mappings and having to remember which port is mapped to which device. On business networks, the death of NAT is way overdue - my company has VPN tunnels to a bunch of customer networks, and we're forever running into the same NAT networks (10.0.0.0, 192.168.1.0, etc.). If everybody would just get on the IPv6 train, address conflicts would be gone. NAT just gives the feeling of security, when it's just the firewall part that is the actual security layer. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: systemd-resolved switching DNS servers
Once upon a time, Tom Seewald said: > Yeah I'm not very happy that systemd-resolved seemingly does this silently > and that I have to just restart the service for it to try again. My server is > just a consumer router running OpenWRT which uses Dnsmasq. So, outside of classic Unix/Linux /etc/resolv.conf... most software does not treat a list of multiple DNS servers as explicitly "primary" and "secondary" (and so on). Some software will start with the first, then at any error or timeout (which can happen due to errors up the recursive line, not necessarily with the server itself), go to the second, and continue using it until there's an error/timeout, when it'll go to the third (and so on until it starts back at the top). Some software sends to multiple servers at first and then watches which one is faster and uses it for a while, checking all again periodically. Some software rotates through the list for each request. And really... almost all of these behaviors work out better in practice than the classic resolv.conf behavior of each program having its own query list, trying the first server with lots of retries and timeouts, then the second, etc. That behavior means that whenever the first server is down, all kinds of stuff times out, and keeps timing out because each thing starts a new process (which starts with the first server again). A local cache or even basic resolver to manage queries is better behavior, and what other OSes have used for years. I'm not a fan of how systemd-resolved does some things, but having something like that is long overdue. As for logging... this is something that has the potential to bounce around a bunch under some conditions, so I don't think logging it is a great idea (can easily cause log spam). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: modifications to sshd_config for security/hardening
Once upon a time, Cameron Simpson said: > The UseDNS one is only slightly security - by disabling DNS lookup > of incoming clients we (a) speed things up, particularly on high > latency links and (b) stop leaking information about who is > connecting to use to upstream DNS servers (from the DNS query). FYI: "UseDNS no" has been the default in OpenSSH for a while now. -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Tip: dhcp lease file under Fedora32
Once upon a time, Samuel Sieb said: > I still make my own iptables scripts, mostly using fwbuilder. I > think it might be possible to add the dynamic rules I would like to > have if I switch to firewalld, but I haven't had the time for that > yet. And then there's nftables which is the new replacement for > iptables. Just to clear up some misconception: firewalld is not a replacement for iptables. firewalld is a front-end to iptables, similar to shorewall and some other firewall management tools. firewalld (and shorewall and so on) is a replacement for manually writing rules and putting them in /etc/sysconfig/iptables though. However, iptables is being replaced by nftables (similar to how iptables replaced ipchains in the past). firewalld can use either as a back end. nftables can also be configured using an iptables front-end translator (so if all you want to do is manually write iptables-style rules, that will actually still work with the nftables back-end). -- Chris Adams ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
