Fedora

Turning off tmpfs for /tmp and swap with systemd

systemd, by arch nemesis, strikes again. Now it wants to own various mount points, of course. This include /tmp, which is not good on boxes with little memory, like a Raspberry Pi. At least not when doing something serious. To turn this off, run

$ systemctl mask tmp.mount
$ systemctl disable zram-swap.service

Hacking: 

Cyrus IMAPD and expired objects

As part of a recent upgrade of my Linux distro, I noticed that deleted messages and mailboxes no longer got removed (expunged or expired). Upon investigation, I reliazed I have to explicitly run a cron job, using cyr_expire, to purge these deleted items. I added the following, which means it'll expire messages and folders that were deleted 2 weeks ago:

01 17 * * * /sbin/cyr_expire -E 3 -D 14 -X 14

 

For good meassure, I also rebuilt some of the mailboxes, with e.g.

$ sudo reconstruct -r -f -G -V max -u peter

Hacking: 

Fedora28 systemd-logind crashing with NIS / ypbind

So, yes, I run NIS on a few hosts, because it's still the easiest way to setup some account info in a small network. I'm I dinosaur, what can I say. After I upgraded to Fedora28, I noticed a significant delay when ssh'ing into these boxes. Of course, the problem is with systemd, which now also decides it needs to own logind... And it hangs in a way that it has to be killed via a watchdong. In my logs, I would see e.g.

Jul 16 23:43:51 x kernel: audit: type=1701 audit(y): auid=z uid=0 gid=0 ses=q pid=4025 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" sig=6 res=1
Jul 16 23:43:51 x systemd[1]: Started Process Core Dump (PID 4248/UID 0).
Jul 16 23:43:51 x audit[1]: SERVICE_START pid=1 uid=0 auid=x ses=y msg='unit=systemd-coredump@3-4248-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 16 23:43:51 x kernel: audit: type=1130 audit(x: pid=1 uid=0 auid=y ses=z msg='unit=systemd-coredump@3-4248-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 16 23:43:52 x audit[1]: SERVICE_STOP pid=1 uid=0 auid=x ses=y msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jul 16 23:43:52 x systemd[1]: systemd-logind.service: Main process exited, code=dumped, status=6/ABRT
Jul 16 23:43:52 x systemd[1]: systemd-logind.service: Failed with result 'watchdog'.
Jul 16 23:43:52 x systemd[1]: systemd-logind.service: Service has no hold-off time, scheduling restart.
Jul 16 23:43:52 x systemd[1]: systemd-logind.service: Scheduled restart job, restart counter is at 4.
Jul 16 23:43:52 x systemd[1]: Stopped Login Service.
Jul 16 23:43:52 x systemd[1]: Starting Login Service... 

The solution to this, other than trying to get rid of systemd-logind itself (which might, or might not, be doable), is to edit the two files /etc/pam.d/password-auth and /etc/pam.d/system-auth, and comment out the following (supposedly optional) line:

-session    optional                                     pam_systemd.so

There's also a Bugzilla issue which I think tracks this issue.

Hacking: 

RPi, Fedora 28, and resizing the image

Finally, Fedora 28 supports the RPi 3B+, with a functional 64-bit image! However, I had an issue with resizing the root (/) file system. THe instructions on their site did not work as documented, after running gparted on the image, the / volume was still small. I ended up running the following, as root, on the running system, and it worked fine:

$ lvextend -l +100%FREE -r /dev/fedora/root

I had of course alread run gparted which resized the PV pool, but I suspect you could do that too with 

$ pvresize /dev/mmcblk0p3

Hacking: 

Comparing RPM packages between two systems

I needed to sync two different Fedora boxes, such that they have similar (but not identical) packages installed. This turns out to be fairly straight forward with some basic command line utilities. First, create a list of all packages on each machine, with something like

$ rpm -qa --queryformat='%{NAME}\n' | sort > machine-1.txt
$ rpm -qa --queryformat='%{NAME}\n' | sort > machine-2.txt

​Then, using the -f option to grep, you can see what's missing from each system. E.g.

$ grep -v -f machine-1.txt machine-2.txt

Hacking: 

Fedora 24 issues on VirtualBox

As of some recent upgrades to my F24 VM (running under VirtualBox), my system would not boot properly any more, getting errors like

NMI watchdog: BUG: soft lockup - CPU#0 stuck

 

I couldn't find any details as to why this was, other than someone having similar issues with a bad GPU card (not under a VM). I checked my display settings for the VM, which had the minimum recommended setting of 21MB. This ought to have been plenty, since I run my Linux system in a head-less mode (no display etc.). However, Linux must have changed something, cause this no longer worked, but bumping the GPU memory to 32MB seems to have fixed it. Bizarre.

Hacking: 

firewalld and network interfaces

I have to say, firewalld and firewalld-cmd really sucks. But, since it's the default on a bunch of installations I use, and I try to "drink the koolaid", I've had the misfortune to try to set it up. Now, it mostly works, except when it doesn't, and then it really fails hard. Case in point, I wanted to reassign some network interfaces to a different zone, and naïvely thought that e.g. this would work:

$ sudo firewall-cmd --permanent --zone=public --remove-interface=eth2
$ sudo firewall-cmd --permanent --zone=internal --add-interface=eth2

 

Yeah, not so much ... What does instead work is adding lines like this to /etc/sysconfig/network-scripts/ifcfg-eth2:

ZONE=internal

WTF?

Hacking: 

Seting up sudo access with PAM and ssh-agent

For Fedora, first install the following package:

$ sudo yum install pam_ssh_agent_auth

Then edit /ets/sudoers, and add the following line:

Defaults    env_keep += "SSH_AUTH_SOCK"
Defaults    timestamp_timeout  = 0  # Not necessary, but turns off caching

Finally, edit /etc/pam.d/sudo, and add something like this (this should be adjusted to your preferences):

auth       sufficient   pam_ssh_agent_auth.so file=~/.ssh/authorized_keys

Update: On Debian 9, I installed

$ sudo apt-get install libpam-ssh-agent-auth

 

Hacking: 

Pages

Subscribe to RSS - Fedora