Fedora Project community – Page 14

Posted on January 27, 2020 by — Leave a comment

Build your own cloud with Fedora 31 and Nextcloud Server

Nextcloud is a software suite for storing and syncing your data across multiple devices. You can learn more about Nextcloud Server’s features from https://github.com/nextcloud/server.

This article demonstrates how to build a personal cloud using Fedora and Nextcloud in a few simple steps. For this tutorial you will need a dedicated computer or a virtual machine running Fedora 31 server edition and an internet connection.

Step 1: Configure the server

Start by updating your system and rebooting:

$ sudo -i
# dnf upgrade
# reboot

Next, disable SELinux by changing enforcing to disabled in /etc/selinux/config and then rebooting to activate the new setting:

# vi /etc/selinux/config
# reboot

If you don’t want to reboot right away, you can use the setenforce command to disable SELinux in the current session.

# setenforce 0

Alternatively, you can follow the directions here to configure SELinux to work with Nextcloud.

Step 2: Install the prerequisites

Before installing and configuring Nextcloud, a few prerequisites must be satisfied.

First, install Apache web server:

# dnf install httpd

Next, install PHP and some additional modules. Make sure that the PHP version being installed meets Nextcloud’s requirements:

# dnf install php php-gd php-mbstring php-intl php-pecl-apcu php-mysqlnd php-pecl-redis php-opcache php-imagick php-zip php-process

After PHP is installed enable and start the Apache web server:

# systemctl enable --now httpd

Next, allow HTTP traffic through the firewall:

# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload

Next, install the MariaDB server and client:

# dnf install mariadb mariadb-server

Then enable and start the MariaDB server:

# systemctl enable --now mariadb

Now that MariaDB is running on your server, you can run the mysql_secure_installation command to secure it:

# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the
current password for the root user. If you've just installed
MariaDB, and you haven't set the root password yet, the password
will be blank, so you should just press enter here. Enter current password for root (enter for none): <ENTER>
OK, successfully used password, moving on... Setting the root password ensures that nobody can log into
the MariaDB root user without the proper authorization. Set root password? [Y/n] <ENTER>
New password: Your_Password_Here
Re-enter new password: Your_Password_Here Password updated successfully! Reloading privilege tables... ... Success! By default, a MariaDB installation has an anonymous user,
allowing anyone to log into MariaDB without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother. You
should remove them before moving into a production environment. Remove anonymous users? [Y/n] <ENTER> ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the
root password from the network. Disallow root login remotely? [Y/n] <ENTER> ... Success! By default, MariaDB comes with a database named 'test' that
anyone can access. This is also intended only for testing, and
should be removed before moving into a production environment. Remove test database and access to it? [Y/n] <ENTER> - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes
made so far will take effect immediately. Reload privilege tables now? [Y/n] <ENTER> ... Success! Cleaning up... All done! If you've completed all of the above steps, your
MariaDB installation should now be secure. Thanks for using MariaDB!

Step 3: Install Nextcloud Server

Now that the prerequisites for your Nextcloud installation have been satisfied, download and unzip the Nextcloud archive:

# wget https://download.nextcloud.com/server/releases/nextcloud-17.0.2.zip
# unzip nextcloud-17.0.2.zip -d /var/www/html/

Next, create a data folder and grant Apache read and write access to the nextcloud directory tree:

# mkdir /var/www/html/nextcloud/data
# chown -R apache:apache /var/www/html/nextcloud

Next, create a dedicated user and database for your Nextcloud instance:

# mysql -p
> create database nextcloud;
> create user 'nc_admin'@'localhost' identified by 'SeCrEt';
> grant all privileges on nextcloud.* to 'nc_admin'@'localhost';
> flush privileges;
> exit;

Step 4: Configure Nextcloud

Nextcloud can be configured using its web interface or from the command line.

Using the web interface

From your favorite browser, access http://your_server_ip/nextcloud and fill the fields:

Using the command line

From the command line, just enter the following, substituting the values you used when you created a dedicated Nextcloud user in MariaDB earlier:

# sudo -u apache php occ maintenance:install --data-dir /var/www/html/nextcloud/data/ --database "mysql" --database-name "nextcloud" --database-user "nc_admin" --database-pass "DB_SeCuRe_PaSsWoRd" --admin-user "admin" --admin-pass "Admin_SeCuRe_PaSsWoRd"

Final Notes

I used the http protocol, but Nextcloud also works over https. I might write a follow-up about securing Nextcloud in a future article.
I disabled SELinux, but your server will be more secure if you configure it.
The recommend PHP memory limit for Nextcloud is 512M. To change it, edit the memory_limit variable in the /etc/php.ini configuration file and restart your httpd service.
By default, the web interface can only be accessed using the http://localhost/ URL. If you want to allow access using other domain names, you can do so by editing the /var/www/html/nextcloud/config/config.php file. The * character can be used to bypass the domain name restriction and allow the use of any URL that resolves to one of your server’s IP addresses.

'trusted_domains' => array ( 0 => 'localhost', 1 => '*', ),

Posted on January 24, 2020 by — Leave a comment

Thunderbolt – how to use keyboard during boot time

Problem statement

Imagine you bought a new laptop with a shiny new USB-C docking station. You install fresh Fedora, encrypt your hard drive because laptop is a travel equipment and you do not want to travel around with non-ecrypted hard drive. You finish the installation, close the lid because you have external monitor, reboot the machine, and finally you would like to enter the LUKS password using the external keyboard attached using USB 2.0 to the USB-C docking station but it does not work!

The keyboard does not respond at all. So you open the lid, try the built-in keyboard which works just fine and once the machine boots the external keyboard works just fine as well. What is the problem?

What is this Thunderbolt anyway and why would anyone want it?

Thunderbolt is a hardware interface to connect peripherals such as monitors, external network cards [1] or even graphic cards [1]. The physical connector is the same as USB-C, but there is usually a label with a little lightning right next to the port to differentiate “plain” USB-C from Thunderbolt ports.

Of course it comes with very high transmission speed to support such demanding peripherals, but it also comes with a certain security risks. To achieve transmission speed like this, Thunderbolt uses Direct Memory Access (DMA) for the peripheral devices. As the name suggests, this method allows the external device to read and write memory directly without talking to the running operating system.

I guess you can already spot the problem here. If some stranger is walking around my laptop (even with the screen locked), is it really possible to just attach a device and read content of my computer memory? Let’s discuss it in more detail.

User facing solution for Thunderbolt security

In the recent versions, Gnome settings include a tab for Thunderbolt device configuration. You can enable and disable DMA access for external devices and you can also verify identity of the devices.

bolt is the component responsible for managing thunderbolt devices. See man 8 boltd for more information.

CLI tools

Of course it is possible to control the same via command line. I suggest you to read man boltctl or check the upstream repository directly: https://gitlab.freedesktop.org/bolt/bolt

Pre-boot support – solution to the keyboard problem

In pre-boot environment, the situation is slightly different. The userspace service responsible for device verification is not yet running so if a device is to be allowed, the firmware must to it. In order to enable this feature go to your BIOS and look for “support in pre boot environment”. For example this is how it looks on a Lenovo laptop:

Once you enable this feature, bolt will add any verified device to a list of allowed devices. The next time you boot your machine, you should be able to use your external keyboard.

Run boltctl a look for “bootacl”. Make sure that the list of allowed devices contains the one you wish to use.

Also note the “security: secure” line. If you see anything else, for instance “security: user” I recommend to reconfigure BIOS.

Technical details of the pre-boot support

There is one unfortunate technical detail about this solution. Thunderbolt support different security levels. For running Fedora, I recommend you to use “secure” level to verify that the device is indeed the one that it claims to be by using a per-device key generated by the host and stored in the device. Firmware, on the other hand, will only use “user” level which uses simple UUID that is provided by the device. The difference is that a malicious device could claim to be a different one by providing the same UUID as a legitimate one. Anyway this should not be a problem as the memory does not contain any sensitive data yet.

You can find more technical details in this blog post: https://christian.kellner.me/2019/02/11/thunderbolt-preboot-access-control-list-support-in-bolt/

Conclusion

As you can see, in recent enough Fedora version the solution is a simple switch in BIOS. So if you are still opening your laptop during boot, go ahead and configure it so you don’t have to do it next time. Meanwhile check that the default security level is “secure” instead of “user” [5].

Sources:

[1] https://www.intel.com/content/www/us/en/products/docs/io/thunderbolt/thunderbolt-technology-developer.html

[2] https://christian.kellner.me/2019/02/11/thunderbolt-preboot-access-control-list-support-in-bolt/

[3] https://gitlab.freedesktop.org/bolt/bolt

[4] https://wiki.gnome.org/Design/Whiteboards/ThunderboltAccess

[5] https://christian.kellner.me/2019/02/27/thunderclap-and-linux/

Posted on January 17, 2020 by — Leave a comment

Fedora CoreOS out of preview

The Fedora CoreOS team is pleased to announce that Fedora CoreOS is now available for general use. Here are some more details about this exciting delivery.

Fedora CoreOS is a new Fedora Edition built specifically for running containerized workloads securely and at scale. It’s the successor to both Fedora Atomic Host and CoreOS Container Linux and is part of our effort to explore new ways of assembling and updating an OS. Fedora CoreOS combines the provisioning tools and automatic update model of Container Linux with the packaging technology, OCI support, and SELinux security of Atomic Host. For more on the Fedora CoreOS philosophy, goals, and design, see the announcement of the preview release.

Some highlights of the current Fedora CoreOS release:

Automatic updates, with staged deployments and phased rollouts
Built from Fedora 31, featuring:
- Linux 5.4
- systemd 243
- Ignition 2.1
OCI and Docker Container support via Podman 1.7 and Moby 18.09
cgroups v1 enabled by default for broader compatibility; cgroups v2 available via configuration

Fedora CoreOS is available on a variety of platforms:

Bare metal, QEMU, OpenStack, and VMware
Images available in all public AWS regions
Downloadable cloud images for Alibaba, AWS, Azure, and GCP
Can run live from RAM via ISO and PXE (netboot) images

Fedora CoreOS is under active development. Planned future enhancements include:

Addition of the next release stream for extended testing of upcoming Fedora releases.
Support for additional cloud and virtualization platforms, and processor architectures other than x86_64.
Closer integration with Kubernetes distributions, including OKD.
Aggregate statistics collection.
Additional documentation.

Where do I get it?

To try out the new release, head over to the download page to get OS images or cloud image IDs. Then use the quick start guide to get a machine running quickly.

How do I get involved?

It’s easy! You can report bugs and missing features to the issue tracker. You can also discuss Fedora CoreOS in Fedora Discourse, the development mailing list, in #fedora-coreos on Freenode, or at our weekly IRC meetings.

Are there stability guarantees?

In general, the Fedora Project does not make any guarantees around stability. While Fedora CoreOS strives for a high level of stability, this can be challenging to achieve in the rapidly evolving Linux and container ecosystems. We’ve found that the incremental, exploratory, forward-looking development required for Fedora CoreOS — which is also a cornerstone of the Fedora Project as a whole — is difficult to reconcile with the iron-clad stability guarantee that ideally exists when automatically updating systems.

We’ll continue to do our best not to break existing systems over time, and to give users the tools to manage the impact of any regressions. Nevertheless, automatic updates may produce regressions or breaking changes for some use cases. You should make your own decisions about where and how to run Fedora CoreOS based on your risk tolerance, operational needs, and experience with the OS. We will continue to announce any major planned or unplanned breakage to the coreos-status mailing list, along with recommended mitigations.

How do I migrate from CoreOS Container Linux?

Container Linux machines cannot be migrated in place to Fedora CoreOS. We recommend writing a new Fedora CoreOS Config to provision Fedora CoreOS machines. Fedora CoreOS Configs are similar to Container Linux Configs, and must be passed through the Fedora CoreOS Config Transpiler to produce an Ignition config for provisioning a Fedora CoreOS machine.

Whether you’re currently provisioning your Container Linux machines using a Container Linux Config, handwritten Ignition config, or cloud-config, you’ll need to adjust your configs for differences between Container Linux and Fedora CoreOS. For example, on Fedora CoreOS network configuration is performed with NetworkManager key files instead of systemd-networkd, and time synchronization is performed by chrony rather than systemd-timesyncd. Initial migration documentation will be available soon and a skeleton list of differences between the two OSes is available in this issue.

CoreOS Container Linux will be maintained for a few more months, and then will be declared end-of-life. We’ll announce the exact end-of-life date later this month.

How do I migrate from Fedora Atomic Host?

Fedora Atomic Host has already reached end-of-life, and you should migrate to Fedora CoreOS as soon as possible. We do not recommend in-place migration of Atomic Host machines to Fedora CoreOS. Instead, we recommend writing a Fedora CoreOS Config and using it to provision new Fedora CoreOS machines. As with CoreOS Container Linux, you’ll need to adjust your existing cloud-configs for differences between Fedora Atomic Host and Fedora CoreOS.

Welcome to Fedora CoreOS. Deploy it, launch your apps, and let us know what you think!

Posted on January 13, 2020 by — Leave a comment

How to setup a DNS server with bind

The Domain Name System, or DNS, as it’s more commonly known, translates or converts domain names into the IP addresses associated with that domain. DNS is the reason you are able to find your favorite website by name instead of typing an IP address into your browser. This guide shows you how to configure a Master DNS system and one client.

Here are system details for the example used in this article:

dns01.fedora.local (192.168.1.160 ) - Master DNS server
client.fedora.local (192.168.1.136 ) - Client

DNS server configuration

Install the bind packages using sudo:

$ sudo dnf install bind bind-utils -y

The /etc/named.conf configuration file is provided by the bind package to allow you to configure the DNS server.

Edit the /etc/named.conf file:

sudo vi /etc/named.conf

Look for the following line:

listen-on port 53 { 127.0.0.1; };

Add the IP address of your Master DNS server as follows:

listen-on port 53 { 127.0.0.1; 192.168.1.160; };

Look for the next line:

allow-query  { localhost; };

Add your local network range. The example system uses IP addresses in the 192.168.1.X range. This is specified as follows:

allow-query  { localhost; 192.168.1.0/24; };

Specify a forward and reverse zone. Zone files are simply text files that have the DNS information, such as IP addresses and host-names, on your system. The forward zone file makes it possible for the translation of a host-name to its IP address. The reverse zone file does the opposite. It allows a remote system to translate an IP address to the host name.

Look for the following line at the bottom of the /etc/named.conf file:

include "/etc/named.rfc1912.zones";

Here, you’ll specify the zone file information directly above that line as follows:

zone "dns01.fedora.local" IN {
type master;
file "forward.fedora.local";
allow-update { none; };
}; zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.fedora.local";
allow-update { none; };
};

The forward.fedora.local and the file reverse.fedora.local are just the names of the zone files you will be creating. They can be called anything you like.

Save and exit.

Create the zone files

Create the forward and reverse zone files you specified in the /etc/named.conf file:

$ sudo vi /var/named/forward.fedora.local

Add the following lines:

$TTL 86400
@   IN  SOA     dns01.fedora.local. root.fedora.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          dns01.fedora.local.
@       IN  A           192.168.1.160
dns01        IN  A   192.168.1.160
client          IN  A   192.168.1.136

Everything in bold is specific to your environment. Save the file and exit. Next, edit the reverse.fedora.local file:

$ sudo vi /var/named/reverse.fedora.local

Add the following lines:

$TTL 86400
@   IN  SOA     dns01.fedora.local. root.fedora.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          dns01.fedora.local.
@       IN  PTR         fedora.local.
dns01       IN  A   192.168.1.160
client          IN  A   192.168.1.136
160     IN  PTR         dns01.fedora.local.
136     IN  PTR         client.fedora.local.

Everything in bold is also specific to your environment. Save the file and exit.

You’ll also need to configure SELinux and add the correct ownership for the configuration files.

sudo chgrp named -R /var/named
sudo chown -v root:named /etc/named.conf
sudo restorecon -rv /var/named
sudo restorecon /etc/named.conf

Configure the firewall:

sudo firewall-cmd --add-service=dns --perm
sudo firewall-cmd --reload

Check the configuration for any syntax errors

sudo named-checkconf /etc/named.conf

Your configuration is valid if no output or errors are returned.

Check the forward and reverse zone files.

$ sudo named-checkzone forward.fedora.local /var/named/forward.fedora.local $ sudo named-checkzone reverse.fedora.local /var/named/reverse.fedora.local

You should see a response of OK:

zone forward.fedora.local/IN: loaded serial 2011071001
OK zone reverse.fedora.local/IN: loaded serial 2011071001
OK

Enable and start the DNS service

$ sudo systemctl enable named
$ sudo systemctl start named

Configuring the resolv.conf file

Edit the /etc/resolv.conf file:

$ sudo vi /etc/resolv.conf

Look for your current name server line or lines. On the example system, a cable modem/router is serving as the name server and so it currently looks like this:

nameserver 192.168.1.1

This needs to be changed to the IP address of the Master DNS server:

nameserver 192.168.1.160

Save your changes and exit.

Unfortunately there is one caveat to be aware of. NetworkManager overwrites the /etc/resolv.conf file if the system is rebooted or networking gets restarted. This means you will lose all of the changes that you made.

To prevent this from happening, make /etc/resolv.conf immutable:

$ sudo chattr +i /etc/resolv.conf

If you want to set it back and allow it to be overwritten again:

$ sudo chattr -i /etc/resolv.conf

Testing the DNS server

$ dig fedoramagazine.org

; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good) ;; QUESTION SECTION: ;fedoramagazine.org. IN A ;; ANSWER SECTION: fedoramagazine.org. 50 IN A 35.197.52.145 ;; AUTHORITY SECTION: fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org. fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org. fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org. ;; ADDITIONAL SECTION: ns02.fedoraproject.org. 86150 IN A 152.19.134.139 ns04.fedoraproject.org. 86150 IN A 209.132.181.17 ns05.fedoraproject.org. 86150 IN A 85.236.55.10 ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5 ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5 ;; Query time: 830 msec ;; SERVER: 192.168.1.160#53(192.168.1.160) ;; WHEN: Mon Jan 06 08:46:05 CST 2020 ;; MSG SIZE rcvd: 266

There are a few things to look at to verify that the DNS server is working correctly. Obviously getting the results back are important, but that by itself doesn’t mean the DNS server is actually doing the work.

The QUERY, ANSWER, and AUTHORITY fields at the top should show non-zero as it in does in our example:

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6

And the SERVER field should have the IP address of your DNS server:

;; SERVER: 192.168.1.160#53(192.168.1.160)

In case this is the first time you’ve run the dig command, notice how it took 830 milliseconds for the query to complete:

;; Query time: 830 msec

If you run it again, the query will run much quicker:

$ dig fedoramagazine.org

;; Query time: 0 msec
;; SERVER: 192.168.1.160#53(192.168.1.160)

Client configuration

The client configuration will be a lot simpler.

Install the bind utilities:

$ sudo dnf install bind-utils -y

Edit the /etc/resolv.conf file and configure the Master DNS as the only name server:

$ sudo vi /etc/resolv.conf

This is how it should look:

nameserver 192.168.1.160

Save your changes and exit. Then, make the /etc/resolv.conf file immutable to prevent it from be overwritten and going back to its default settings:

$ sudo chattr +i /etc/resolv.conf

Testing the client

You should get the same results as you did from the DNS server:

$ dig fedoramagazine.org

; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> fedoramagazine.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good) ;; QUESTION SECTION: ;fedoramagazine.org. IN A ;; ANSWER SECTION: fedoramagazine.org. 50 IN A 35.197.52.145 ;; AUTHORITY SECTION: fedoramagazine.org. 86150 IN NS ns05.fedoraproject.org. fedoramagazine.org. 86150 IN NS ns02.fedoraproject.org. fedoramagazine.org. 86150 IN NS ns04.fedoraproject.org. ;; ADDITIONAL SECTION: ns02.fedoraproject.org. 86150 IN A 152.19.134.139 ns04.fedoraproject.org. 86150 IN A 209.132.181.17 ns05.fedoraproject.org. 86150 IN A 85.236.55.10 ns02.fedoraproject.org. 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5 ns05.fedoraproject.org. 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5 ;; Query time: 1 msec ;; SERVER: 192.168.1.160#53(192.168.1.160) ;; WHEN: Mon Jan 06 08:46:05 CST 2020 ;; MSG SIZE rcvd: 266

Make sure the SERVER output has the IP Address of your DNS server.

Your DNS server is now ready to use and all requests from the client should be going through your DNS server now!

Posted on January 8, 2020 by — Leave a comment

How to setup multiple monitors in sway

Sway is a tiling Wayland compositor which has mostly the same features, look and workflow as the i3 X11 window manager. Because Sway uses Wayland instead of X11, the tools to setup X11 don’t always work in sway. This includes tools like xrandr, which are used in X11 window managers or desktops to setup monitors. This is why monitors have to be setup by editing the sway config file, and that’s what this article is about.

Getting your monitor ID’s

First, you have to get the names sway uses to refer to your monitors. You can do this by running:

$ swaymsg -t get_outputs

You will get information about all of your monitors, every monitor separated by an empty line.

You have to look for the first line of every section, and for what’s after “Output”. For example, when you see a line like “Output DVI-D-1 ‘Philips Consumer Electronics Company’”, the output ID is “DVI-D-1”. Note these ID’s and which physical monitors they belong to.

Editing the config file

If you haven’t edited the Sway config file before, you have to copy it to your home directory by running this command:

cp -r /etc/sway/config ~/.config/sway/config

Now the default config file is located in ~/.config/sway and called “config”. You can edit it using any text editor.

Now you have to do a little bit of math. Imagine a grid with the origin in the top left corner. The units of the X and Y coordinates are pixels. The Y axis is inverted. This means that if you, for example, start at the origin and you move 100 pixels to the right and 80 pixels down, your coordinates will be (100, 80).

You have to calculate where your displays are going to end up on this grid. The locations of the displays are specified with the top left pixel. For example, if we want to have a monitor with name HDMI1 and a resolution of 1920×1080, and to the right of it a laptop monitor with name eDP1 and a resolution of 1600×900, you have to type this in your config file:

output HDMI1 pos 0 0
output eDP1 pos 1920 0

You can also specify the resolutions manually by using the res option:

output HDMI1 pos 0 0 res 1920x1080
output eDP1 pos 1920 0 res 1600x900

Binding workspaces to monitors

Using sway with multiple monitors can be a little bit tricky with workspace management. Luckily, you can bind workspaces to a specific monitor, so you can easily switch to that monitor and use your displays more efficiently. This can simply be done by the workspace command in your config file. For example, if you want to bind workspace 1 and 2 to monitor DVI-D-1 and workspace 8 and 9 to monitor HDMI-A-1, you can do that by using:

workspace 1 output DVI-D-1
workspace 2 output DVI-D-1

workspace 8 output HDMI-A-1
workspace 9 output HDMI-A-1

That’s it! These are the basics of multi monitor setup in sway. A more detailed guide can be found at https://github.com/swaywm/sway/wiki#Multihead.

Posted on January 6, 2020 by — Leave a comment

Most read articles in 2019 not from 2019

Some topics are very popular, no matter when they’re first mentioned. And Fedora Magazine has a few articles that have proven to be popular for a long time.

You’re reading the last article from the “best of 2019” series. But this time, it’s about articles written before 2019, but being very popular in 2019.

All of the articles below have been checked and updated to be correct even now, in early 2020. Let’s dive in!

i3 tiling window manager

Wish to try an alternative desktop? The following article introduces i3 — a tiling window manager that doesn’t require high-end hardware, but is powerful and highly customizable. You’ll learn about the installation process, some initial setup, and a few tricks to get you started.

Getting started with the i3 tiling window manager

Powerline

Would you like to have your shell a bit more organized? Then you might want to try Powerline — a utility that gives you status information, and some visual tweaks to your shell to make it more pleasant and organized.

Add power to your terminal with powerline

Monospace fonts

Do you spend a lot of your time in terminal or a code editor? And is your font making you happy? Discover some beautiful monospace fonts available in the Fedora repositories.

6 great monospaced fonts for code and terminal in Fedora

Image viewers

Is the default image viewer on your desktop not working the way you want? The following article shows 17 image viewers available in Fedora — varying from simpler to ones full of features.

17 alternatives to your default image viewer on Fedora

Fedora as a VirtualBox guest

Love Fedora but your machine runs Windows or macOS? One option to get Fedora running on your machine is virtualization. Your system keeps running and you’ll be able to access Fedora at the same time in a virtual machine. The following article introduces VirtualBox that can do just that.

How to install Fedora as a VirtualBox guest

Posted on January 3, 2020 by — Leave a comment

Tracking Translations with Transtats

Translation is an important step in software localization which helps make software more popular globally, and impacts international user experience. In recent years, localization processes have been evolving worldwide to become more continuous, faster, efficient with automation. In Fedora, the development of the Zanata platform and its plugins, then Transtats, and now the migration to the Weblate platform are part of this common ongoing goal. The localization of a desktop OS like Fedora is highly complex because it depends on many factors of the individual upstream projects which are packaged in Fedora. For example, different translation timelines, resources, and tooling.

What is Transtats?

Transtats is a web application which tries to tie up upstream repositories, translation platforms, build system, and product release schedule together to solve problems of mismatch, out-of-sync conditions and to assist the timely packaging of quality translations. Actually, it collects translation data, analyzes them, and creates meaningful representations.

Fedora Transtats is hosted at https://transtats.fedoraproject.org/

How to see the translation status of my package?

Just select Packages tab from left hand side navigation bar. This takes us to the packages list view. Then, search for the package and click on its name.

For example anaconda. On package details page, locate following:

Here, we have translation statistics from translation platform: Zanata and Koji build system. Syncs with the platform and build system are scheduled, which update differences periodically. Languages in red color indicate that there are translated strings remaining in the Translation Platform to be pulled and packaged, whereas, blue denote translated messages could not make 100% in the built package.

String breakage (or changes?)

In translation of software packages, one of the challenges is to prevent string breakage. Package maintainers should strive to abide by the scheduled Fedora release String Freeze. However, in some circumstances it could be necessary to break the string freeze and to inform the translation team on the mailing list. As well as, to update latest translation template (POT) file in the translation platform. Just in case these actions seem missing – translators may get new strings to translate very late or the application may have some strings untranslated. In the worst case, an outdated translation string mismatch may result in a crash. Sync and automation pipelines are there to prevent this, nevertheless it depends on the push or pull methods followed by package developers or maintainers.

To deal with the same context, we can use a job template in Transtats to detect this string change – particularly useful after string freeze in Fedora release schedule. This would be really helpful for the folks who look for packaging translations without string breakage, keeping translation template (POT) file in sync with translation platform, and testing localized form of the application for translation completeness to back trace.

How to detect string changes?

One of the options in Jobs tab is ‘YML based Jobs’. Where we can see available job templates.

The jobs framework executes all the tasks mentioned in the YAML, create appropriate logs and store results. Track String Change job basically:

Clones the source repository of respective package.
Tries to generate translation template (POT) file.
Downloads POT file from respective translation platform.
And, finds differences between both the POT files.

Actually, Transtats maintains mapping of upstream repository, Translation Platform project and respective build tag for every package.

Let’s take a closer look into this YAML. We can provide value for %PACKAGE_NAME% and %RELEASE_SLUG% in the next step – Set Values! For example: anaconda and fedora-32. Furthermore, a couple of things seek attention are:

In case the upstream software repository maintains separate git branch for fedora release, please edit ‘branch: master’ to ‘branch: <fedora-release-branch>’
In ‘generate’ block, mention the command to generate POT file. Default one should work for ‘intltool-update’ only, however, many packages do have their own.
A few packages may have gettext domain name different than that of package name. If this is the case, mention the gettext domain too.

As soon as the job is triggered, logs should be populated. If this is not a scratch run, a unique URL shall also be created at the end.

Left hand side is the input YAML and right hand side is respective log for each task. Here we can find the differences and figure out string mismatch.

In Transtats, we can create solutions to different problems in the form of job templates. And, scheduling of these jobs could be a step towards automation.

Posted on December 30, 2019 by — Leave a comment

Red Hat, IBM, and Fedora

IBM acquired Red Hat in July 2019, and this article discusses how nothing changes for the Fedora project.

Red Hat, IBM, and Fedora

Some tips for the Workstation users

Using Fedora Workstation? This article gives you some tips including enhancing photos, coding, or getting more wallpapers right from the repositories.

5 quick tips for Fedora Workstation users

Fedora and CentOS Stream

In this article, the Fedora Project Leader discusses the CentOS Stream announcement from September 2019 — including the relationship of Fedora, Red Hat Enterprise Linux, and CentOS.

Fedora and CentOS Stream

Contribute to Fedora Magazine

Fedora Magazine exists thanks to our great contributors. And you (yes, you!) can become one, too! Contributions include topic proposals, writing, and editorial tasks. This article shows you how to join the team and help people learn about Linux.

Contribute to Fedora Magazine

Posted on December 27, 2019 by — Leave a comment

Dash to Dock extension for Workstation

When you’re serious about your desktop, and perhaps using many applications, you might want to see what’s going on at all times. Or at least the icons. The article below shows you how to have a dock at the bottom of your screen, with all your apps — both running and favourites — visible at all times.

Try the Dash to Dock extension for Fedora Workstation

Tweaking the look of Workstation with themes

When you like how your Linux desktop works, but not so much how it looks, there is a solution. The following article shows you how to tweak the look of your windows, icons, the mouse cursor, and the whole environment as well — all that within GNOME, the Workstation’s default environment.

Tweaking the look of Fedora Workstation with themes

i3 with multiple monitors

One of the great things about Linux desktop is the never ending possibilities of customisation. And that includes window managers, too! The following article shows how to use one of the very popular ones — i3 — with multiple monitors.

Using i3 with multiple monitors

IceWM

If you’re looking for speed, simplicity, and getting out of the user’s way, you might like IceWM. The following article introduces this minimal window manager, and helps you install it, too, should you be interested.

IceWM – A really cool desktop

Stay tuned for even more upcoming “Best of 2019” articles. All of us at the Magazine hope you have a relaxing holiday season, and wish you a happy new year.

Posted on December 25, 2019 by — Leave a comment

Best of 2019: Fedora for developers

With the end of the year approaching fast, it is a good time to look back at 2019 and go through the most popular articles on Fedora Magazine written by our contributors.

In this article of the “Best of 2019” series, we are looking at developers and how to use Fedora to be a great developer workstation

Make your Python code look good with Black on Fedora

Black made quite a big impact in the Python ecosystem this year. The project is now part of the Python Software Foundation and it is used by many different projects. So if you write or maintain some Python code and want to stop having to care about code style and code formatting you should check out this article.

Make your Python code look good with Black on Fedora

How to run virtual machines with virt-manager

Setting up a development environment, running integration tests, testing a new feature, or running an older version of software for all these use cases being able to create and run a virtual machine is a must have knowledge for a developer. This article will walk you through how you can achieve that using virt-manager on your Fedora workstation.

How to run virtual machines with virt-manager

Jupyter and data science in Fedora

With the rise of Data science and machine learning, the Jupyter IDE has become of very popular choice to share or present a program and its results. This article goes into the details of installing and using Jupyter and the different libraries and tools useful for data science.

Jupyter and data science in Fedora

Building Smaller Container Images

Fedora provides different container images, one of which is a minimal base image. The following article demonstrate how one can use this image to build smaller container images.

Building Smaller Container Images

Getting Started with Go on Fedora

In 2019 the Go programming language turned 10 year old. In ten years the language has managed to become the default choice for cloud native applications and the cloud ecosystems. Fedora is providing an easy way to start developing in Go, this article takes you through the first step needed to get started.

Getting Started with Go on Fedora

Stay tuned to the Magazine for other upcoming “Best of 2019” categories. All of us at the Magazine hope you have a great end of year and holiday season.