Tag: Fedora Project community

Posted on by Leave a comment

Storage management with Cockpit

Cockpit is a very useful utility allowing you to manage a compatible system over the network from the comfort of a web browser (See the list of supported web browsers and Linux distributions). One such feature is the ability to manage storage configuration. Cockpit contains a frontend for udisks2 – it allows you to create new partitions or format, resize, mount, unmount or delete existing partitions without the need to do it manually from a terminal.

Note: please exercise caution when managing your system disk and it’s partitions – incorrectly handling them may leave your system in unbootable state or incur data loss.

Installing Cockpit

If you don’t have Cockpit installed yet you can do so by issuing:

sudo dnf install cockpit

Note: Depending on your install profile, Cockpit might already be installed and you can skip the installation step! Also, some users may need to install cockpit-storaged package along with it’s dependencies if it has not been installed:

sudo dnf install cockpit-storaged

Add the service to the firewall:

sudo firewall-cmd –add-service=cockpit –permanent

Afterwards enable and start the service:

sudo systemctl enable cockpit.socket –now

And after this everything should be ready and cockpit should be accessible by entering the computers IP address or network domain name in the browser followed by the port 9090. For example: https://cockpit-example.localdomain:9090

Note: you will need to authenticate as privileged user to be able to modify your storage configuration, so tick the “Reuse my password for privileged tasks” checkbox on the Cockpit login page.

Basic provisioning of the storage device

Visiting the “Storage” section will display various statistics and information about the state of the system storage. You can find information about the partitions, their respective mountpoints, realtime disk read/write stats and storage related log information. Also, you can format and partition any newly attached internal/external storage device or attach an NFS mount.

To format and partition a blank storage device, select the device under “Devices” section by clicking on it. This will bring you to the screen of the selected storage device. Here you’ll be able to create a new partition table or format and create new partitions. if the device is empty Cockpit will describe the content of the storage device as unknown.

Click on “Create New Partition Table” to prepare the device.
After the partition table has been created, create one or more partitions by clicking “Create Partition” – here you’ll be able to specify the size, name, mountpoint and mount options.

When partitioning the storage device you have the choice between “Don’t owerwrite exiting data” and “Overwrite existing data with zeroes” – this will take slightly longer but is useful if you want to confidently erase the content of the storage device. Please note that this may not be enough for a substitute if your organisation has regulations in place how securely storage data must be erased. If needed, you can also specify custom mount options if defaults don’t suit your needs.

To simply create a single partition taking up all the storage space on the device just specify the name, for example, use “test” then specify it’s mountpoint, such as “/mnt/test” and click “Ok”. If you don’t want it to be immediately mounted uncheck the “Mount Now” checkbox. Specifying the name is optional, but will help you to identify the partition when inspecting the mountpoints. This will create a new XFS (the default recommended filesystem format) formatted partition “test” and mount it to “/mnt/test”.

Here’s an example how that would look like :

$ df -h
Filesystem Size Used Avail Use% Mounted on /dev/mapper/fedora-root 15G 2.3G 13G 16% / /dev/vda2 1014M 185M 830M 19% /boot /dev/vda1 599M 8.3M 591M 2% /boot/efi /dev/vdb1 20G 175M 20G 1% /mnt/test

It will also add the necessary entry to your /etc/fstab so that the partition gets mounted at boot.

Logical Volume Management

Cockpit also offers users to easily create and manage LVM and RAID storage devices. To create new Logical Volume Group, click on the burger menu button in the devices section and select the “Create Volume Group”. Select the available storage device (only devices with unmounted or no partitions will show up) to finish the process and afterwards return to the storage section and select the newly created volume group. From here on you’ll be able to create individual logical volumes by clicking “Create new Logical Volume”. Similarly to individual partitions, you can specify the size of the logical volume during creation if you don’t want to use all the available space of the volume group. After creating the logical volumes you’ll still need to format them and specify mountpoints. This can be done just like creating individual partitions was described earlier only instead of specifying individual disk devices you’re selecting logical volumes.

Here’s how a Logical Volume Group named “vgroup” with two Logical Volumes (lvol0 and lvol1) named “test” mounted on /mnt/test and named “data” mounted on /mnt/data would look like:

$ df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/fedora-root 15G 2.3G 13G 16% / /dev/vda2 1014M 185M 830M 19% /boot /dev/vda1 599M 8.3M 591M 2% /boot/efi /dev/mapper/vgroup0-lvol0 10G 104M 9.9G 2% /mnt/test /dev/mapper/vgroup0-lvol1 10G 104M 9.9G 2% /mnt/data

Just like before – all the necessary information has been added to the configuration and should persist between system reboots.

Other storage related Cockpit features

Apart from the described features above Cockpit also allows you to mount iscsi disks and nfs mounts located on the network. However, these resources are usually hosted on a dedicated server and require additional configuration going beyond this article. At this time Cockpit itself doesn’t offer the ability for users to configure and serve iscsi and nfs mounts but this may subject to change as Cockpit is an open source project under active development.

Posted on by Leave a comment

Announcing the release of Fedora 32 Beta

The Fedora Project is pleased to announce the immediate availability of Fedora 32 Beta, the next step towards our planned Fedora 32 release at the end of April.

Download the prerelease from our Get Fedora site:

Or, check out one of our popular variants, including KDE Plasma, Xfce, and other desktop environments, as well as images for ARM devices like the Raspberry Pi 2 and 3:

Beta Release Highlights

Fedora Workstation

New in Fedora 32 Workstation Beta is EarlyOOM enabled by default. EarlyOOM enables users to more quickly recover and regain control over their system in low-memory situations with heavy swap usage. Fedora 32 Workstation Beta also enables the fs.trim timer by default, which improves performance and wear leveling for solid state drives.

Fedora 32 Workstation Beta includes GNOME 3.36, the newest release of the GNOME desktop environment. It is full of performance enhancements and improvements. GNOME 3.36 adds a Do Not Disturb button in the notifications, improved setup for parental controls and virtualization, and tweaks to Settings. For a full list of GNOME 3.36 highlights, see the release notes.

Other updates

Fedora 32 Beta includes updated versions of many popular packages like Ruby, Python, and Perl. It also includes version 10 of the popular GNU Compiler Collection (GCC). We also have the customary updates to underlying infrastructure software, like the GNU C Library. For a full list, see the Change set on the Fedora Wiki.

Testing needed

Since this is a Beta release, we expect that you may encounter bugs or missing features. To report issues encountered during testing, contact the Fedora QA team via the mailing list or in the #fedora-qa channel on IRC Freenode. As testing progresses, common issues are tracked on the Common F32 Bugs page.

For tips on reporting a bug effectively, read how to file a bug.

What is the Beta Release?

A Beta release is code-complete and bears a very strong resemblance to the final release. If you take the time to download and try out the Beta, you can check and make sure the things that are important to you are working. Every bug you find and report doesn’t just help you, it improves the experience of millions of Fedora users worldwide! Together, we can make Fedora rock-solid. We have a culture of coordinating new features and pushing fixes upstream as much as we can. Your feedback improves not only Fedora, but Linux and free software as a whole.

More information

For more detailed information about what’s new on Fedora 32 Beta release, you can consult the Fedora 32 Change set. It contains more technical information about the new packages and improvements shipped with this release.

Photo by Josh Calabrese on Unsplash.

Posted on by Leave a comment

Fedora community and the COVID-19 crisis

[This message comes directly from the desk of Matthew Miller, the Fedora Project Leader.  — Ed.] 

Congratulations to the Fedora community for the upcoming on-time release of Fedora 32 Beta. While we’ve gotten better at hitting our schedule over the years, it’s always nice to celebrate  a little bit each time we do. But that may not be what’s on your mind this week. Like you, I’ve been thinking a lot about the global COVID-19 pandemic. During the Beta period, many of us were unaffected by this outbreak, but as the effects intensify around the world, the month between now and the final release will be different.

“Friends” is the first of our Four Foundations for a reason: Fedora is a community. The most important Fedora concerns right now are your health and safety. Many of you are asked to work from home, to practice social distancing, or even to remain under quarantine. For some of you, this will mean more time to contribute to your favorite open source projects. For others, you have additional stress as partners, kids, and others in your life require additional care. For all of us, the uncertainty weighs on our minds.

I want to make one thing very clear: do not feel bad if you cannot contribute to the level you want to. We always appreciate what you do for the Fedora community, but your health — both physical and mental — is more important than shipping a release. As of right now, we’re planning to continue on schedule, but we understand that the situation is changing rapidly. We’re working on contingency plans and the option of delaying the Fedora 32 release remains on the table.

As you may already know, the Fedora Council has decided to refrain from sponsoring events through the end of the May. We will continue to re-evaluate this as the global situation changes. Please follow the directions of your local public health authorities and keep yourself safe.

Posted on by Leave a comment

Submit a supplemental wallpaper for Fedora 32

Attention Fedora community members: Fedora is seeking submissions for supplemental wallpapers to be included with the Fedora 32 release. Whether you’re an active contributor, or have been looking for a easy way to get started contributing, submitting a wallpaper is a great way to help. Read on for more details.

Each release, the Fedora Design Team works with the community on a set of 16 additional wallpapers. Users can install and use these to supplement the standard wallpaper.

Dates and deadlines

The submission phase opened as of March 7, 2020 and ends March 21, 2020 at 23:59 UTC.

Important note: In some circumstances, submissions during the final hours may not get into the election, if there is insufficient time to do legal research. Please help by following the guidelines correctly, and submit only work under a correct license.

The voting phase will open the Monday following the close of submissions, March 23, 2020, and will be open until the end of the month on March 31, 2020 at 23:59 UTC.

How to contribute a wallpaper

Fedora uses the Nuancier application to manage the submissions and the voting process. To submit, you need a Fedora account. If you don’t have one, create one here in the Fedora Account System (FAS). To vote you must have a signed contributor agreement (also accessible in FAS) which only takes a few moments.

You can access Nuancier here along with detailed instructions for submissions.

Posted on by Leave a comment

Fish – A Friendly Interactive Shell

Are you looking for an alternative to bash? Are you looking for something more user-friendly? Then look no further because you just found the golden fish!

Fish (friendly interactive shell) is a smart and user-friendly command line shell that works on Linux, MacOS, and other operating systems. Use it for everyday work in your terminal and for scripting. Scripts written in fish are less cryptic than their equivalent bash versions.

Fish’s user-friendly features

  • Suggestions
    Fish will suggest commands that you have written before. This boosts productivity when typing same commands often.
  • Sane scripting
    Fish avoids using cryptic characters. This provides a clearer and friendlier syntax.
  • Completion based on man pages
    Fish will autocomplete parameters based on the the command’s man page.
  • Syntax highlighting
    Fish will highlight command syntax to make it visually friendly.

Installation

Fedora Workstation

Use the dnf command to install fish:

$ sudo dnf install fish

Make fish your default shell by installing the util-linux-user package and then running the chsh (change shell) command with the appropriate parameters:

$ sudo dnf install util-linux-user
$ chsh -s /usr/bin/fish

You will need to log out and back in for this change to take effect.

Fedora Silverblue

Because this is not GUI application, you will need to layer it using rpm-ostree. Use the following command to install fish on Fedora Silverblue:

$ rpm-ostree install fish

On Fedora Silverblue you will need to reboot your PC to switch to the new ostree image.

If you want to make fish your main shell on Fedora Silverblue, the easiest way is to update the /etc/passwd file. Find your user and change /bin/bash to /usr/bin/fish.

You will need root privileges to edit the /etc/passwd file. Also you will need to log out and back in for this change to take effect.

Configuration

The per-user configuration file for fish is ~/.config/fish/config.fish. To make configuration changes for all users, edit /etc/fish/config.fish instead.

The per-user configuration file must be created manually. The installation scripts will not create ~/.config/fish/config.fish.

Here are a couple configuration examples shown alongside their bash equivalents to get you started:

Creating aliases

  • ~/.bashrc:
    alias ll=’ls -lh’
  • ~/.config/fish/config.fish:
    alias ll=’ls -lh’

Setting environment variables

  • ~/.bashrc:
    export PATH=$PATH:~/bin
  • ~/.config/fish/config.fish:
    set -gx PATH $PATH ~/bin

Working with fish

When fish is configured as your default shell, the command prompt will look similar to what is shown in the below image. If you haven’t configured fish to be your default shell, just run the fish command to start it in your current terminal session.

As you start typing commands, you will notice the syntax highlighting:

Cool, isn’t it? 🙂

You will also see commands being suggested as you type. For example, start typing the previous command a second time:

Notice the gray text that appears as you type. The gray text is fish suggesting the command you wrote before. To autocomplete it, just press CTRL+F.

Get argument suggestions based on the preceding command’s man page by typing a dash () and then the TAB key:

If you press TAB once, it will show you the first few suggestions (or every suggestion, if there are only a few arguments available). If you press TAB a second time, it will show you all suggestions. If you press TAB three times consecutively, it will switch to interactive mode and you can select an argument using the arrow keys.

Otherwise, fish works similar to most other shells. The remaining differences are well documented. So it shouldn’t be difficult to find other features that you may be interested in.

Make fish even more powerful

Make the fish even more powerful with powerline. Powerline adds command execution time, colored git status, current git branch and much more to fish’s interface.

Before installing powerline for fish, you must install Oh My Fish. Oh My Fish extends fish’s core infrastructure to enable the installation of additional plugins. The easiest way to install Oh My Fish is to use the curl command:

> curl -L https://get.oh-my.fish | fish

If you don’t want to pipe the installation commands directly to curl, see the installation section of Oh My Fish’s README for alternative installation methods.

Fish’s powerline plugin is bobthefish. Bobthefish requires the powerline-fonts package.

On Fedora Workstation:

> sudo dnf install powerline-fonts

On Fedora Silverblue:

> rpm-ostree install powerline-fonts

On Fedora Silverblue you will have to reboot to complete the installation of the fonts.

After you have installed the powerline-fonts package, install bobthefish:

> omf install bobthefish

Now you can experience the full awesomeness of fish with powerline:

Additional resources

Check out these web pages to learn even more about fish:

Posted on by Leave a comment

Fedora’s gaggle of desktops

There are 38 different desktops or window managers in Fedora 31. You could try a different one every day for a month, and still have some left over. Some have very few features. Some have so many features they are called a desktop environment. This article can’t go into detail on each, but it’s interesting to see the whole list in one place.

Criteria for desktops

To be on this list, the desktop must show up on the desktop manager’s selection list. If the desktop has more than one entry in the desktop manager list, they are counted just as that one desktop. An example is “GNOME”, “GNOME Classic” and “GNOME (Wayland).” These all show up on the desktop manager list, but they are still just GNOME.

List of desktops

9wm
Emulation of the Plan 9 window manager 8 1/2 dnf install 9wm

awesome
Highly configurable, framework window manager for X. Fast, light and extensible
https://fedoramagazine.org/5-cool-tiling-window-managers/ dnf install awesome

blackbox
Very small and fast Window Manager
Fedora uses the maintained fork on github dnf install blackbox

bspwm
A tiling window manager based on binary space partitioning
https://github.com/windelicato/dotfiles/wiki/bspwm-for-dummies dnf install bspwm

byobu
Light-weight, configurable window manager built upon GNU screen dnf install byobu

Cinnamon
Cinnamon provides a desktop with a traditional layout, advanced features, easy to use, powerful and flexible.
https://projects.linuxmint.com/cinnamon/
https://opensource.com/article/19/12/cinnamon-linux-desktop dnf group install "Cinnamon Desktop"

cwm
Calm Window Manager by OpenBSD project
https://steemit.com/technology/@jamesdeagle/the-calm-window-manager-cwm-a-quick-start-guide dnf install cwm

Deepin
Deepin desktop is the desktop environment released with deepin (the linux distribution). It aims at being elegant and easy to use. dnf group install "Deepin Desktop" (optional) dnf group install "Deepin Desktop Office" "Media packages for Deepin Desktop"

dwm
Dynamic window manager for X
https://fedoramagazine.org/lets-try-dwm-dynamic-window-manger/
https://fedoramagazine.org/5-cool-tiling-window-managers/ dnf install dwm (optional) dnf install dwm-user

enlightenment
Enlightenment window manager
https://opensource.com/article/19/12/linux-enlightenment-desktop dnf install enlightenment

e16
The Enlightenment window manager, DR16 dnf install e16 (optional) dnf install e16-epplets e16-keyedit e16-themes

fluxbox
Window Manager based on Blackbox  dnf install fluxbox (optional) dnf install fluxbox-pulseaudio fluxbox-vim-syntax

fvwm
Highly configurable multiple virtual desktop window manager
http://www.fvwm.org/
https://opensource.com/article/19/12/fvwm-linux-desktop dnf install fvwm

GNOME
GNOME is a highly intuitive and user friendly desktop environment.
* both X11 and wayland
https://opensource.com/article/19/12/gnome-linux-desktop
https://fedoramagazine.org/3-simple-and-useful-gnome-shell-extensions/ dnf group install "GNOME" (optional but large) dnf group install "Fedora Workstation" 
herbstluftwm
A manual tiling window manager
https://opensource.com/article/19/12/herbstluftwm-linux-desktop dnf install herbstluftwm (optional) dnf install herbstluftwm-zsh herbstluftwm-fish

i3
Improved tiling window manager
https://fedoramagazine.org/getting-started-i3-window-manager/
https://fedoramagazine.org/using-i3-with-multiple-monitors/ dnf install i3 (optional) dnf install i3-doc i3-ipc

icewm
Window manager designed for speed, usability, and consistency
https://fedoramagazine.org/icewm-a-really-cool-desktop/ dnf install icewm (optional) dnf install icewm-minimal-session

jwm
Joe's Window Manager
https://opensource.com/article/19/12/joes-window-manager-linux-desktop dnf install jwm

KDE Plasma Desktop
The KDE Plasma Workspaces, a highly-configurable graphical user interface which includes a panel, desktop, system icons and desktop widgets, and many powerful KDE applications.
* both X11 and wayland
https://opensource.com/article/19/12/linux-kde-plasma
https://fedoramagazine.org/installing-kde-plasma-5/ dnf group install "KDE Plasma Workspaces" (optional) dnf group install "KDE Applications" "KDE Educational applications" "KDE Multimedia support" "KDE Office" "KDE Telepathy" (optional for wayland) dnf install kwin-wayland plasma-workspace-wayland

lumina
A lightweight, portable desktop environment
https://opensource.com/article/19/12/linux-lumina-desktop dnf install lumina-desktop (optional) dnf install lumina-*

LXDE
LXDE is a lightweight X11 desktop environment designed for computers with low hardware specifications like netbooks, mobile devices or older computers.
https://opensource.com/article/19/12/lxqt-lxde-linux-desktop dnf group install "LXDE Desktop" (optional) dnf group install "LXDE Office" "Multimedia support for LXDE"

LXQt
LXQt is a lightweight X11 desktop environment designed for computers with low hardware specifications like netbooks, mobile devices or older computers.
https://opensource.com/article/19/12/lxqt-lxde-linux-desktop dnf group install "LXQt Desktop" (optional) dnf group install "LXQt Office" "Multimedia support for LXQt"

MATE
MATE Desktop is based on GNOME 2 and provides a powerful graphical user interface for users who seek a simple easy to use traditional desktop interface.
https://opensource.com/article/19/12/mate-linux-desktop
https://fedoramagazine.org/installing-another-desktop/ dnf group install "MATE Desktop" (optional) dnf group install "MATE Applications"

musca
A simple dynamic window manager fox X dnf install musca

openbox
A highly configurable and standards-compliant X11 window manager
https://opensource.com/article/19/12/openbox-linux-desktop
https://fedoramagazine.org/openbox-fedora/ dnf install openbox (optional) dnf install openbox-kde openbox-theme-mistral-thin-dark

Pantheon
The Pantheon desktop environment is the DE that powers elementaryOS.
https://github.com/elementary
https://opensource.com/article/19/12/pantheon-linux-desktop dnf group install "Pantheon Desktop" (optional) dnf install elementary-capnet-assist elementary-greeter elementary-shortcut-overlay

pekwm
A small and flexible window manager
https://opensource.com/article/19/12/pekwm-linux-desktop dnf install pekwm

qtile
A pure-Python tiling window manager
https://fedoramagazine.org/5-cool-tiling-window-managers/ dnf install qtile

ratpoison
Minimalistic window manager
https://opensource.com/article/19/12/ratpoison-linux-desktop dnf install ratpoison

sawfish
An extensible window manager for the X Window System dnf install sawfish (optional) dnf install sawfish-pager

spectrwm
Minimalist tiling window manager written in C dnf install spectrwm

Sugar
A software playground for learning about learning.
* Possibly the most unique desktop of this list. dnf group install "Sugar Desktop Environment" (optional) dnf group install "Additional Sugar Activities"

sway
i3-compatible window manager for Wayland
* Wayland only
https://fedoramagazine.org/setting-up-the-sway-window-manager-on-fedora/
https://fedoramagazine.org/5-cool-tiling-window-managers/ dnf install sway

twm
X.Org X11 twm window manager
https://en.wikipedia.org/wiki/Twm
https://opensource.com/article/19/12/twm-linux-desktop dnf install xorg-x11-twm

WindowMaker
A fast, feature rich Window Manager
https://opensource.com/article/19/12/linux-window-maker-desktop dnf install WindowMaker (optional) dnf install WindowMaker-extra

wmx
A really simple window manager for X dnf install wmx

XFCE
A lightweight desktop environment that works well on low end machines.
https://opensource.com/article/19/12/xfce-linux-desktop dnf group install "Xfce Desktop" (optional) dnf group install "Applications for the Xfce Desktop" "Extra plugins for the Xfce panel" "Multimedia support for Xfce" "Xfce Office"

xmonad
A tiling window manager dnf install xmonad (optional) dnf install xmonad-mate

Photo by Annie Spratt on Unsplash.

Posted on by Leave a comment

PHP Development on Fedora with Eclipse

Eclipse is a full-featured free and open source IDE developed by the Eclipse Foundation. It has been around since 2001. You can write anything from C/C++ and Java to PHP, Python, HTML, JavaScript, Kotlin, and more in this IDE.

Installation

The software is available from Fedora’s official repository. To install it, invoke: 

sudo dnf install eclipse

This will install the base IDE and Eclipse platform, which enables you to develop Java applications. In order to add PHP development support to the IDE, run this command: 

sudo dnf install eclipse-pdt

This will install PHP development tools like PHP project wizard, PHP server configurations, composer support, etc.

Features

This IDE has many features that make PHP development easier. For example, it has a comprehensive project wizard (where you can configure many options for your new projects). It also has built-in features like composer support, debugging support, a browser,a terminal, and more.

Sample project

Now that the IDE is installed, let’s create a simple PHP project. Go to File →New → Project. From the resulting dialog, select PHP project. Enter a name for your project. There are some other options you might want to change, like changing the project’s default location, enabling JavaScript, and changing PHP version. See the following screenshot.

Create A New PHP Project in Eclipse

You can click the Finish button to create the project or press Next to configure other options like adding include and build paths. You don’t need to change those in most cases.

Once the project is created, right click on the project folder and select New → PHP File to add a new PHP file to the project. For this tutorial I named it index.php, the conventionally-recognized default file in every PHP project.

Then add the your code to the new file.

Demo PHP code

In the example above, I used CSS, JavaScript, and PHP tags on the same page mainly to show that the IDE is capable of supporting all of them together.

Once your page is ready, you can see the result output by moving the file to your web server document root or by creating a development PHP server in the project directory.

Thanks to the built-in terminal in Eclipse, we can launch a PHP development server right from within the IDE. Simply click the terminal icon on the toolbar (Terminal Icon) and click OK. In the new terminal, change to the project directory and run the following command:

php -S localhost:8080 -t . index.php
Terminal output

Now, open a browser and head over to http://localhost:8080. If everything has been done correctly per instructions and your code is error-free, you will see the output of your PHP script in the browser.

PHP output in Fedora
Posted on by Leave a comment

Contribute at the Fedora Test Week for Kernel 5.5

The kernel team is working on final integration for kernel 5.5. This version was just recently released, and will arrive soon in Fedora. This version has many security fixes included. As a result, the Fedora kernel and QA teams have organized a test week from Monday, February 10, 2020 through Monday, February 17, 2020. Refer to the wiki page for links to the test images you’ll need to participate. Read below for details.

How does a test week work?

A test day/week is an event where anyone can help make sure changes in Fedora work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed before, this is a perfect way to get started.

To contribute, you only need to be able to do the following things:

  • Download test materials, which include some large files
  • Read and follow directions step by step

The wiki page for the kernel test day has a lot of good information on what and how to test. After you’ve done some testing, you can log your results in the test day web application. If you’re available on or around the day of the event, please do some testing and report your results.

Happy testing, and we hope to see you in the Test Week.

Posted on by Leave a comment

Build your own cloud with Fedora 31 and Nextcloud Server

Nextcloud is a software suite for storing and syncing your data across multiple devices. You can learn more about Nextcloud Server’s features from https://github.com/nextcloud/server.

This article demonstrates how to build a personal cloud using Fedora and Nextcloud in a few simple steps. For this tutorial you will need a dedicated computer or a virtual machine running Fedora 31 server edition and an internet connection.

Step 1: Configure the server

Start by updating your system and rebooting:

$ sudo -i
# dnf upgrade
# reboot

Next, disable SELinux by changing enforcing to disabled in /etc/selinux/config and then rebooting to activate the new setting:

# vi /etc/selinux/config
# reboot

If you don’t want to reboot right away, you can use the setenforce command to disable SELinux in the current session.

# setenforce 0

Alternatively, you can follow the directions here to configure SELinux to work with Nextcloud.

Step 2: Install the prerequisites

Before installing and configuring Nextcloud, a few prerequisites must be satisfied.

First, install Apache web server:

# dnf install httpd

Next, install PHP and some additional modules. Make sure that the PHP version being installed meets Nextcloud’s requirements:

# dnf install php php-gd php-mbstring php-intl php-pecl-apcu php-mysqlnd php-pecl-redis php-opcache php-imagick php-zip php-process

After PHP is installed enable and start the Apache web server:

# systemctl enable --now httpd

Next, allow HTTP traffic through the firewall:

# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload

Next, install the MariaDB server and client:

# dnf install mariadb mariadb-server

Then enable and start the MariaDB server:

# systemctl enable --now mariadb

Now that MariaDB is running on your server, you can run the mysql_secure_installation command to secure it:

# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the
current password for the root user. If you've just installed
MariaDB, and you haven't set the root password yet, the password
will be blank, so you should just press enter here. Enter current password for root (enter for none): <ENTER>
OK, successfully used password, moving on... Setting the root password ensures that nobody can log into
the MariaDB root user without the proper authorization. Set root password? [Y/n] <ENTER>
New password: Your_Password_Here
Re-enter new password: Your_Password_Here Password updated successfully! Reloading privilege tables... ... Success! By default, a MariaDB installation has an anonymous user,
allowing anyone to log into MariaDB without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother. You
should remove them before moving into a production environment. Remove anonymous users? [Y/n] <ENTER> ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the
root password from the network. Disallow root login remotely? [Y/n] <ENTER> ... Success! By default, MariaDB comes with a database named 'test' that
anyone can access. This is also intended only for testing, and
should be removed before moving into a production environment. Remove test database and access to it? [Y/n] <ENTER> - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes
made so far will take effect immediately. Reload privilege tables now? [Y/n] <ENTER> ... Success! Cleaning up... All done! If you've completed all of the above steps, your
MariaDB installation should now be secure. Thanks for using MariaDB!

Step 3: Install Nextcloud Server

Now that the prerequisites for your Nextcloud installation have been satisfied, download and unzip the Nextcloud archive:

# wget https://download.nextcloud.com/server/releases/nextcloud-17.0.2.zip
# unzip nextcloud-17.0.2.zip -d /var/www/html/

Next, create a data folder and grant Apache read and write access to the nextcloud directory tree:

# mkdir /var/www/html/nextcloud/data
# chown -R apache:apache /var/www/html/nextcloud

Next, create a dedicated user and database for your Nextcloud instance:

# mysql -p
> create database nextcloud;
> create user 'nc_admin'@'localhost' identified by 'SeCrEt';
> grant all privileges on nextcloud.* to 'nc_admin'@'localhost';
> flush privileges;
> exit;

Step 4: Configure Nextcloud

Nextcloud can be configured using its web interface or from the command line.

Using the web interface

From your favorite browser, access http://your_server_ip/nextcloud and fill the fields:

Using the command line

From the command line, just enter the following, substituting the values you used when you created a dedicated Nextcloud user in MariaDB earlier:

# sudo -u apache php occ maintenance:install --data-dir /var/www/html/nextcloud/data/ --database "mysql" --database-name "nextcloud" --database-user "nc_admin" --database-pass "DB_SeCuRe_PaSsWoRd" --admin-user "admin" --admin-pass "Admin_SeCuRe_PaSsWoRd"

Final Notes

  • I used the http protocol, but Nextcloud also works over https. I might write a follow-up about securing Nextcloud in a future article.
  • I disabled SELinux, but your server will be more secure if you configure it.
  • The recommend PHP memory limit for Nextcloud is 512M. To change it, edit the memory_limit variable in the /etc/php.ini configuration file and restart your httpd service.
  • By default, the web interface can only be accessed using the http://localhost/ URL. If you want to allow access using other domain names, you can do so by editing the /var/www/html/nextcloud/config/config.php file. The * character can be used to bypass the domain name restriction and allow the use of any URL that resolves to one of your server’s IP addresses.
'trusted_domains' => array ( 0 => 'localhost', 1 => '*', ),
Posted on by Leave a comment

Thunderbolt – how to use keyboard during boot time

Problem statement

Imagine you bought a new laptop with a shiny new USB-C docking station. You install fresh Fedora, encrypt your hard drive because laptop is a travel equipment and you do not want to travel around with non-ecrypted hard drive. You finish the installation, close the lid because you have external monitor, reboot the machine, and finally you would like to enter the LUKS password using the external keyboard attached using USB 2.0 to the USB-C docking station but it does not work!

The keyboard does not respond at all. So you open the lid, try the built-in keyboard which works just fine and once the machine boots the external keyboard works just fine as well. What is the problem?

What is this Thunderbolt anyway and why would anyone want it?

Thunderbolt is a hardware interface to connect peripherals such as monitors, external network cards [1] or even graphic cards [1]. The physical connector is the same as USB-C, but there is usually a label with a little lightning right next to the port to differentiate “plain” USB-C from Thunderbolt ports.

Of course it comes with very high transmission speed to support such demanding peripherals, but it also comes with a certain security risks. To achieve transmission speed like this, Thunderbolt uses Direct Memory Access (DMA) for the peripheral devices. As the name suggests, this method allows the external device to read and write memory directly without talking to the running operating system.

I guess you can already spot the problem here. If some stranger is walking around my laptop (even with the screen locked), is it really possible to just attach a device and read content of my computer memory? Let’s discuss it in more detail.

User facing solution for Thunderbolt security

In the recent versions, Gnome settings include a tab for Thunderbolt device configuration. You can enable and disable DMA access for external devices and you can also verify identity of the devices.

bolt is the component responsible for managing thunderbolt devices. See man 8 boltd for more information.

CLI tools

Of course it is possible to control the same via command line. I suggest you to read man boltctl or check the upstream repository directly: https://gitlab.freedesktop.org/bolt/bolt

Pre-boot support – solution to the keyboard problem

In pre-boot environment, the situation is slightly different. The userspace service responsible for device verification is not yet running so if a device is to be allowed, the firmware must to it. In order to enable this feature go to your BIOS and look for “support in pre boot environment”. For example this is how it looks on a Lenovo laptop:

Once you enable this feature, bolt will add any verified device to a list of allowed devices. The next time you boot your machine, you should be able to use your external keyboard.

Run boltctl a look for “bootacl”. Make sure that the list of allowed devices contains the one you wish to use.

Also note the “security: secure” line. If you see anything else, for instance “security: user” I recommend to reconfigure BIOS.

Technical details of the pre-boot support

There is one unfortunate technical detail about this solution. Thunderbolt support different security levels. For running Fedora, I recommend you to use “secure” level to verify that the device is indeed the one that it claims to be by using a per-device key generated by the host and stored in the device. Firmware, on the other hand, will only use “user” level which uses simple UUID that is provided by the device. The difference is that a malicious device could claim to be a different one by providing the same UUID as a legitimate one. Anyway this should not be a problem as the memory does not contain any sensitive data yet.

You can find more technical details in this blog post: https://christian.kellner.me/2019/02/11/thunderbolt-preboot-access-control-list-support-in-bolt/

Conclusion

As you can see, in recent enough Fedora version the solution is a simple switch in BIOS. So if you are still opening your laptop during boot, go ahead and configure it so you don’t have to do it next time. Meanwhile check that the default security level is “secure” instead of “user” [5].

Sources:

[1] https://www.intel.com/content/www/us/en/products/docs/io/thunderbolt/thunderbolt-technology-developer.html

[2] https://christian.kellner.me/2019/02/11/thunderbolt-preboot-access-control-list-support-in-bolt/

[3] https://gitlab.freedesktop.org/bolt/bolt

[4] https://wiki.gnome.org/Design/Whiteboards/ThunderboltAccess

[5] https://christian.kellner.me/2019/02/27/thunderclap-and-linux/