Skip to content

Fedora

Jump to bottom
Gabor Szarnyas edited this page Aug 8, 2021 · 112 revisions

Notes for configuring Fedora and also GNOME.

Packages

Some important packages for an initial install:

sudo dnf install -y \
  boost-devel cargo clang cloc cmake code compat-openssl10 dconf docker-compose ffmpeg \
  gimp gitk go gparted gthumb guile22 hexedit htop inkscape julia maven mc meld mercurial neofetch \
  nodejs npm ocaml okular pandoc powerline-fonts qbittorrent qdirstat recode remmina rust \
  simplescreenrecorder slack snapd subversion texlive-scheme-full the_silver_searcher \
  vim vlc wdiff wondershaper xclip xmlstarlet zsh zstd R R-Rcpp-devel Rstudio-desktop \
  smartmontools tldr pv ntpdate fzf wl-clipboard sysstat \
  BibTool \
  glibc-devel-static \
  python3-pip virtualenv \
  linux-libertine-fonts \
  ftp

Hungarian language pack for LibreOffice:

sudo dnf install -y libreoffice-langpack-hu

Wayland

Things that do no work on Wayland:

  • The Dropbox desktop app says "Connecting..." but otherwise it works and shows notifications for changes.
  • Screenshots and screen sharing might be problematic out-of-the-box (e.g. Zoom screensharing only allows sharing a desktop but not an individual window).

GNOME

Drag and drop does not work under Wayland for decompressing archive (file roller)

It indeed doesn't work, see: https://gitlab.gnome.org/GNOME/file-roller/-/issues/4

Show hidden files

Nautilus does not show hidden files by default and Ctrl + H only reveals them temporarily. To change this, run:

gsettings set org.gnome.nautilus.preferences show-hidden-files true

Switching between windows

By default, Alt + Tab does not cycle between windows of the same application. To amend this, install dconf-editor and follow this guide.

$ sudo dnf install -y dconf-editor

Search for org/gnome/desktop/wm/keybindings, then delete '<Alt>Tab' under switch-applications and add it to switch-windows.

Screenshot (Shutter/Collabshot/... alternative)

As suggested, install xclip and try the following in the console:

TIMESTAMP=$(date "+%F %H-%M-%S"); gnome-screenshot -acf "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" && cat "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" | xclip -i -selection clipboard -target image/png

If this works, go to Keyboard shortcuts and assign the following command to a hotkey such as Ctrl + Shift + P:

bash -c 'TIMESTAMP=$(date "+%F %H-%M-%S"); gnome-screenshot -acf "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" && cat "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" | xclip -i -selection clipboard -target image/png'

On Wayland, use wl-copy:

bash -c 'TIMESTAMP=$(date "+%F %H-%M-%S"); gnome-screenshot -acf "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" && cat "/home/dir/path/Pictures/Screenshot from $TIMESTAMP.png" | wl-copy'

Screen has a blue tint

  • Problem: The entire desktop has a blue-ish tint which is painted on every window.
  • Solution: It seems to be that the problem is that when resizing an application to full screen (which is foreshadowed by a blue rectangular on the desktop), it isn't resized but gets stuck in an illegal state. The solution is to try resizing another window, which usually causes the window manager to jump out of the illegal state. See also: source.

Skype

Webcam/microphone are not detected -- solution:

sudo sysctl -w fs.inotify.max_user_watches=12288

If it works, also provide it as a configuration file:

sudo vim /etc/sysctl.conf

Add:

fs.inotify.max_user_watches=12288

Zoom

Using the default configuration with a single full HD display, Zoom started magnified to 2x. As suggested, edit the Zoom configuration file (depending on the installation, might be at ~/.config/zoomus.conf or under ~/.local/share/applications/us.zoom.Zoom.desktop) and set:

autoScale=false

Then, restart the application.

SELinux

To access files (such as certificate and key files for OpenVPN), you might have to relabel (bits of) your home directory with: restorecon -R ~

OpenVPN

SELinux blocks OpenVPN. As suggested:

First, check the logs with.

sudo journalctl -f

Jul 15 23:31:21 localhost.localdomain nm-openvpn[53696]: Options error: --ca fails with 'cert-file.crt': Permission denied (errno=13)

The logs have suggestions on how to fix the problem. I ran:

sudo semanage fcontext -a -t home_cert_t cert-file.crt
restorecon -R -v cert-file.crt

And did the same for the .key file as well.

Mounting files for Docker

SELinux prevents Docker from mounting files. To fix this:

chcon -Rt svirt_sandbox_file_t file_or_dir_to_mount

Or add the :z modifier as described in the Docker documentation:

docker run ... -v "$(pwd)"/target:/app:z ...

(Where /app is the directory on the host machine to mount.)

Snap gets blocked

Snap commands such as sudo snap refresh can get blocked by SELinux:

SELinux is preventing snapd from read access on the directory /home/runner.

Solution:

sudo chcon -Rt user_home_dir_t /home/runner
restorecon /home/runner

Change filetype associations

For example, suppose you want to open all video files with VLC:

sudo sed -i 's/vlc.desktop;//g' /usr/share/applications/mimeapps.list
sudo sed -i 's/org.gnome.Totem.desktop;/vlc.desktop;/g' /usr/share/applications/mimeapps.list
sudo sed -i 's/totem.desktop/vlc.desktop/g' /usr/share/applications/mimeapps.list
sudo dnf remove -y totem

PostgreSQL

Before running the database first, you have to initialize it with:

sudo /usr/bin/postgresql-setup --initdb

ldconfig does not find files under /usr/local

A process might return cannot open shared object file: No such file or directory even though the compilation went fine and sudo ldconfig was issued. As per this answer, the problem is that Fedora does not index this directory by default. To amend this, add the following lines to /etc/ld.so.conf, then rerun sudo ldconfig:

/usr/local/lib
/usr/local/lib64

Firewall

I had trouble setting up the network for QEMU virtual machines:

Could not start virtual network 'default': error from service: changeZoneOfInterface: COMMAND_FAILED: 'python-nftables' failed: ...

The problem can be reproduced from the command line by simply issuing:

sudo firewall-cmd --reload

This results in:

Error: COMMAND_FAILED: 'python-nftables' failed: 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld_policy_drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_input", "type": "filter", "hook": "input", "prio": 9, "policy": "drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_forward", "type": "filter", "hook": "forward", "prio": 9, "policy": "drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_output", "type": "filter", "hook": "output", "prio": 9, "policy": "drop"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_input", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_forward", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_output", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}]}

It seems that the conflict is introduced by Docker/Moby. Of course, uninstalling Docker is not an option for most users. So, a solution to the problem, as suggested in the Red Hat Bugzilla is the following:

  • Delete or move the firewalld trusted zone configuration file /etc/firewalld/zones/trusted.xml:

    sudo mv /etc/firewalld/zones/trusted.xml /etc/firewalld/zones/trusted.xml.bkp

  • Restart the firewalld and libvirtd services:

    sudo systemctl restart firewalld
sudo systemctl restart libvirtd

  • The virtual network should now start.

Chromium applications claim the profile is locked

Chromium-based applications claim the profile is locked and ask the user to claim Unlock profile and relaunch to continue. This can be traced back to them putting the hostname in the title. By default, the hostname is not set on Fedora, so the solution to this problem is to set it using:

sudo hostnamectl set-hostname ...

ElanTech touchpad does not work after rebooting

On my T480s running Fedora 32 and GNOME 3.36.5, the touchpad did not work after a full reboot. (However, I had no problems after suspend.) The solution, as per Ask Ubuntu, was to run:

sudo sh -c 'echo -n "elantech" > /sys/bus/serio/devices/serio1/protocol'

Sound

Volume control

If you have sound issues, use PulseAudio Volume Control:

sudo dnf install -y pavucontrol

Pipewire issues

Fedora 34 introduced Pipewire as a default audio-video daemon. Unfortunately, it has some problems (changing the output between speakers and headphones is difficult, sound mixing for some video files can be suboptimal, high CPU usage causes the sound to crackle, etc.). If these occur, consider reverting to PulseAudio using the following command:

sudo dnf swap --allowerasing pipewire-pulseaudio pulseaudio

Alt + Shift + Tab tab does work (should cycle windows backwards)

For me, the combination of unsetting the Switch windows keyboard shortcut, rebooting, and running gsettings as suggested at gnome.org helped:

gsettings set org.gnome.desktop.wm.keybindings switch-applications "[]"
gsettings set org.gnome.desktop.wm.keybindings switch-applications-backward "[]"
gsettings set org.gnome.desktop.wm.keybindings switch-windows "['<Alt>Tab', '<Super>Tab']"
gsettings set org.gnome.desktop.wm.keybindings switch-windows-backward  "['<Alt><Shift>Tab', '<Super><Shift>Tab']"

Virtualization

VirtualBox

$ sudo vboxconfig 
vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.
This system is currently not set up to build kernel modules.
Please install the Linux kernel "header" files matching the current kernel
for adding new hardware support to the system.
The distribution packages containing the headers are probably:
    kernel-devel kernel-devel-5.7.7-200.fc32.x86_64
This system is currently not set up to build kernel modules.
Please install the Linux kernel "header" files matching the current kernel
for adding new hardware support to the system.
The distribution packages containing the headers are probably:
    kernel-devel kernel-devel-5.7.7-200.fc32.x86_64

Solution (source):

sudo dnf install -y "kernel-devel-$(uname -r)"

Neo4j ulimit problem

Problem:

WARNING: Max 1000 open files allowed, minimum of 40000 recommended. See the Neo4j manual.

Solution: As suggested in this blogpost, to work around this, edit /etc/systemd/user.conf:

sudo vim /etc/systemd/user.conf

And add:

DefaultLimitNOFILE=40000

Some suggest to also edit /etc/systemd/system.conf and add the same variable.

Once you're done with the edits, reboot your system.

Update: See also the recent official documentation.

Wifi timeout issues

MAC address randomization

Problem: After upgrading to Fedora 33, wifi repeatedly prompts for password and prompts for password (even though the password is correct). The journalctl log shows:

NetworkManager[...]: <warn>  [1604657333.4499] device (wlp61s0): Activation: (wifi) association took too long
NetworkManager[...]: <info>  [1604657333.4499] device (wlp61s0): state change: config -> failed (reason 'no-secrets', sys-iface-state: 'managed')
NetworkManager[...]: <warn>  [1604657333.4554] device (wlp61s0): Activation: failed for connection '...'

Solution: As suggested in the Fedora Magazine, edit /etc/NetworkManager/conf.d/00-macrandomize.conf and add the following:

sudo vim /etc/NetworkManager/conf.d/00-macrandomize.conf
[connection]
wifi.cloned-mac-address=stable

Restart the network manager:

sudo service NetworkManager restart

This setting can also be changed specifically for each connection:

nmcli c modify <guid> 802-11-wireless.cloned-mac-address permanent

Trouble connecting to APs using old encryption algorithms

In Fedora 33, wifi connection times out for some APs even with the previous issue tackled. This can be a problem with e.g. some eduroam APs.

The journalctl output is along the lines of:

(wlp61s0): supplicant interface state: associating -> disconnected
(p2p-dev-wlp61s0): supplicant management interface state: associating -> disconnected
(wlp61s0): Activation: (wifi) association took too long
(wlp61s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
(wlp61s0): Activation: (wifi) asking for new secrets
(wlp61s0): supplicant interface state: disconnected -> scanning
(p2p-dev-wlp61s0): supplicant management interface state: disconnected -> scanning

To fix it, revert to Fedora 32 policies as discussed in the Fedora Wiki by issuing the following command:

sudo update-crypto-policies --set DEFAULT:FEDORA32

Then, reboot your machine.

File type association

To change e.g. from Totem to VLC player, edit the gnome-mimeapps.list file (as suggested here):

sudo vim /usr/share/applications/gnome-mimeapps.list

Replace the org.gnome.Totem.desktop strings with vlc.desktop.

Disable virtual terminal keys

The keys Ctrl + Alt + F1 to Ctrl + Alt + F12 change between virtual terminals (also known as tty consoles). Sometimes, these cause crashes which can take down the whole system (this happened to me quite a few times on Fedora 32/33 and GNOME 3 when pressing Ctrl + Alt + F12). It seems it is not possible to disable these hotkeys – instead, they should be bound to a combination that is difficult to press. This website suggests adding the b key to the undesirable combinations.

for i in `seq 1 12`; do
  echo "Set terminal ${i} to ['<Primary><Alt>F${i}b']"
  gsettings set org.gnome.mutter.wayland.keybindings switch-to-session-${i} "['<Primary><Alt>F${i}b']"
done

Drop down terminal / dropdown terminal

  • On Wayland, Guake cannot bind the F12 hotkey.
    • My attempt to set guake -t to this hotkey in the GNOME settings did not work as expected – the resulting Guake window was was offset from the top left corner, a known issue.
  • Drop Down Terminal works but does not support multiple tabs.
  • Drop Down Terminal X was an extension of Drop Down Terminal with support for multiple tabs. Unfortunately, it was buggy (some tabs hung/crashed, URL highlighting didn't work reliably) and has been discontinued.
  • Yakuake is a drop down terminal for KDE. When used under GNOME, it (unsurprisingly) seems to work better with X window than with Wayland. With the latter, it has problems with the window sizes, jumping between screens (e.g. it's rendered on screen 1 with the size/shape of screen 2, it always shows the screen size when opened, and its height is fixed to 100%).
  • ddterm is a Wayland-native drop down terminal which seems to be the best option so far.

Installing HP printers

HP does not offer official drivers for Linux, so use HPLIP instead. You may have a partial hplip installation but it will not work if it has missing dependencies. To check whether all dependencies are available, run hp-check.

In my case, this revealed the following missing packages:

sudo dnf install -y cups libjpeg-devel cups-devel libusb1-devel sane-backends-devel avahi-devel net-snmp-devel python3-PyQt4
sudo dnf install -y xsane avahi-tools python3-notify2

Additionally, you may install the following package for an HPLIP GUI application:

sudo dnf install -y hplip-gui

To install your printer, run:

sudo hp-setup

If you're using the GUI and it hangs, don't forget to check the CLI – it may prompt you with a question whether to download a plug-in, accept a license, etc.

Connecting to a TP-Link Archer C6 wifi router on 2.4GHz

Fedora 32+ cannot connect to a TP-Link Archer C6 wifi router on 2.4GHz (meanwhile, the 5GHz variant works fine). The log of sudo journalctl -xe -u NetworkManager shows the following log:

Aug 07 17:04:30 t480s NetworkManager[1276]: <info>  [1628348670.0579] device (wlp61s0): supplicant interface state: disconnected -> scanning
Aug 07 17:04:30 t480s NetworkManager[1276]: <info>  [1628348670.0579] device (p2p-dev-wlp61s0): supplicant management interface state: disconnected -> scanning
Aug 07 17:04:33 t480s NetworkManager[1276]: <warn>  [1628348673.3745] device (wlp61s0): Activation: (wifi) association took too long
Aug 07 17:04:33 t480s NetworkManager[1276]: <info>  [1628348673.3746] device (wlp61s0): state change: config -> failed (reason 'no-secrets', sys-iface-state: 'managed')
Aug 07 17:04:33 t480s NetworkManager[1276]: <info>  [1628348673.3763] manager: NetworkManager state is now CONNECTED_LOCAL
Aug 07 17:04:33 t480s NetworkManager[1276]: <warn>  [1628348673.3803] device (wlp61s0): Activation: failed for connection 'TP-Link_XXX'
Aug 07 17:04:33 t480s NetworkManager[1276]: <info>  [1628348673.3817] device (wlp61s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')

(There are no errors, just <warn> entries about the lack of secrets.)

This is a frequent problem with this router type.

The solution is to replace the wpa_supplicant service with iwd. Adopting the suggestions on Ask Ubuntu and the Linux Mint Forums:

Install iwd (iNet Wireless Daemon):

sudo dnf install -y iwd

Change the wifi backend:

sudo vim /etc/NetworkManager/conf.d/wifi_backend.conf

Add:

[device]
wifi.backend=iwd

Then, issue the following commands:

sudo systemctl stop wpa_supplicant.service
sudo systemctl disable wpa_supplicant.service
sudo systemctl enable iwd.service
sudo systemctl start iwd.service
sudo systemctl restart NetworkManager.service
Clone this wiki locally