Language Selection

English French German Italian Portuguese Spanish

Fedora Magazine

Syndicate content
Guides, information, and news about the Fedora operating system for users, developers, system administrators, and community members.
Updated: 11 hours 59 min ago

How to get MongoDB Server on Fedora

Monday 17th of February 2020 02:09:00 PM

Mongo (from “humongous”) is a high-performance, open source, schema-free document-oriented database, which is one of the most favorite so-called NoSQL databases. It uses JSON as a document format, and it is designed to be scalable and replicable across multiple server nodes.

Story about license change

It’s been more than a year when the upstream MongoDB decided to change the license of the Server code. The previous license was GNU Affero General Public License v3 (AGPLv3). However, upstream wrote a new license designed to make companies running MongoDB as a service contribute back to the community. The new license is called Server Side Public License (SSPLv1) and more about this step and its rationale can be found at MongoDB SSPL FAQ.

Fedora has always included only free (as in “freedom”) software. When SSPL was released, Fedora determined that it is not a free software license in this meaning. All versions of MongoDB released before the license change date (October 2018) could be potentially kept in Fedora, but never updating the packages in the future would bring security issues. Hence the Fedora community decided to remove the MongoDB server entirely, starting Fedora 30.

What options are left to developers?

Well, alternatives exist, for example PostgreSQL also supports JSON in the recent versions, and it can be used in cases when MongoDB cannot be used any more. With JSONB type, indexing works very well in PostgreSQL with performance comparable with MongoDB, and even without any compromises from ACID.

The technical reasons that a developer may have chosen MongoDB did not change with the license, so many still want to use it. What is important to realize is that the SSPL license was only changed to the MongoDB server. There are other projects that MongoDB upstream develops, like MongoDB tools, C and C++ client libraries and connectors for various dynamic languages, that are used on the client side (in applications that want to communicate with the server over the network). Since the license is kept free (Apache License mostly) for those packages, they are staying in Fedora repositories, so users can use them for the application development.

The only change is really the server package itself, which was removed entirely from Fedora repos. Let’s see what a Fedora user can do to get the non-free packages.

How to install MongoDB server from the upstream

When Fedora users want to install a MongoDB server, they need to approach MongoDB upstream directly. However, the upstream does not ship RPM packages for Fedora itself. Instead, the MongoDB server is either available as the source tarball, that users need to compile themselves (which requires some developer knowledge), or Fedora user can use some compatible packages. From the compatible options, the best choice is the RHEL-8 RPMs at this point. The following steps describe, how to install them and how to start the daemon.

1. Create a repository with upstream RPMs (RHEL-8 builds) $ sudo cat > /etc/yum.repos.d/mongodb.repo <<EOF
name=MongoDB Upstream Repository

2. Install the meta-package, that pulls the server and tools packages $ sudo dnf install mongodb-org
  mongodb-org-4.2.3-1.el8.x86_64           mongodb-org-mongos-4.2.3-1.el8.x86_64  
  mongodb-org-server-4.2.3-1.el8.x86_64    mongodb-org-shell-4.2.3-1.el8.x86_64

Complete! 3. Start the MongoDB daemon $ sudo systemctl status mongod
● mongod.service - MongoDB Database Server
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-02-08 12:33:45 EST; 2s ago
  Process: 15768 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 15769 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 15770 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 15771 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 15773 (mongod)
   Memory: 70.4M
      CPU: 611ms
   CGroup: /system.slice/mongod.service
           └─15773 /usr/bin/mongod -f /etc/mongod.conf 4. Verify that the server runs by connecting to it from the mongo shell $ mongo
MongoDB shell version v4.2.3
connecting to: mongodb://
Implicit session: session { "id" : UUID("20b6e61f-c7cc-4e9b-a25e-5e306d60482f") }
MongoDB server version: 4.2.3
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see

> _

That’s all. As you see, the RHEL-8 packages are pretty compatible and it should stay that way for as long as the Fedora packages remain compatible with what’s in RHEL-8. Just be careful that you comply with the SSPLv1 license in your use.

PHP Development on Fedora with Eclipse

Friday 14th of February 2020 08:00:00 AM

Eclipse is a full-featured free and open source IDE developed by the Eclipse Foundation. It has been around since 2001. You can write anything from C/C++ and Java to PHP, Python, HTML, JavaScript, Kotlin, and more in this IDE.


The software is available from Fedora’s official repository. To install it, invoke:

sudo dnf install eclipse

This will install the base IDE and Eclipse platform, which enables you to develop Java applications. In order to add PHP development support to the IDE, run this command:

sudo dnf install eclipse-pdt

This will install PHP development tools like PHP project wizard, PHP server configurations, composer support, etc.


This IDE has many features that make PHP development easier. For example, it has a comprehensive project wizard (where you can configure many options for your new projects). It also has built-in features like composer support, debugging support, a browser,a terminal, and more.

Sample project

Now that the IDE is installed, let’s create a simple PHP project. Go to File →New → Project. From the resulting dialog, select PHP project. Enter a name for your project. There are some other options you might want to change, like changing the project’s default location, enabling JavaScript, and changing PHP version. See the following screenshot.

Create A New PHP Project in Eclipse

You can click the Finish button to create the project or press Next to configure other options like adding include and build paths. You don’t need to change those in most cases.

Once the project is created, right click on the project folder and select New → PHP File to add a new PHP file to the project. For this tutorial I named it index.php, the conventionally-recognized default file in every PHP project.

Then add the your code to the new file.

Demo PHP code

In the example above, I used CSS, JavaScript, and PHP tags on the same page mainly to show that the IDE is capable of supporting all of them together.

Once your page is ready, you can see the result output by moving the file to your web server document root or by creating a development PHP server in the project directory.

Thanks to the built-in terminal in Eclipse, we can launch a PHP development server right from within the IDE. Simply click the terminal icon on the toolbar () and click OK. In the new terminal, change to the project directory and run the following command:

php -S localhost:8080 -t . index.php Terminal output

Now, open a browser and head over to http://localhost:8080. If everything has been done correctly per instructions and your code is error-free, you will see the output of your PHP script in the browser.

PHP output in Fedora

Playing Music on your Fedora Terminal with MPD and ncmpcpp

Monday 10th of February 2020 08:00:00 AM

MPD, as the name implies, is a Music Playing Daemon. It can play music but, being a daemon, any piece of software can interface with it and play sounds, including some CLI clients.

One of them is called ncmpcpp, which is an improvement over the pre-existing ncmpc tool. The name change doesn’t have much to do with the language they’re written in: they’re both C++, but ncmpcpp is called that because it’s the NCurses Music Playing Client Plus Plus.

Installing MPD and ncmpcpp

The ncmpmpcc client can be installed from the official Fedora repositories with DNF directly with

$ sudo dnf install ncmpcpp

On the other hand, MPD has to be installed from the RPMFusion free repositories, which you can enable, as per the official installation instructions, by running

$ sudo dnf install$(rpm -E %fedora).noarch.rpm

and then you can install MPD by running

$ sudo dnf install mpd Configuring and Starting MPD

The most painless way to set up MPD is to run it as a regular user. The default is to run it as the dedicated mpd user, but that causes all sorts of issues with permissions.

Before we can run it, we need to create a local config file that will allow it to run as a regular user.

To do that, create a subdirectory called mpd in ~/.config:

$ mkdir ~/.config/mpd

copy the default config file into this directory:

$ cp /etc/mpd.conf ~/.config/mpd

and then edit it with a text editor like vim, nano or gedit:

$ nano ~/.config/mpd/mpd.conf

I recommend you read through all of it to check if there’s anything you need to do, but for most setups you can delete everything and just leave the following:

db_file "~/.config/mpd/mpd.db" log_file "syslog"

At this point you should be able to just run

$ mpd

with no errors, which will start the MPD daemon in the background.

Using ncmpcpp

Simply run

$ ncmpcpp

and you’ll see a ncurses-powered graphical user interface in your terminal.

Press 4 and you should see your local music library, be able to change the selection using the arrow keys and press Enter to play a song.

Doing this multiple times will create a playlist, which allows you to move to the next track using the > button (not the right arrow, the > closing angle bracket character) and go back to the previous track with <. The + and – buttons increase and decrease volume. The Q button quits ncmpcpp but it doesn’t stop the music. You can play and pause with P.

You can see the current playlist by pressing the 1 button (this is the default view). From this view you can press i to look at the information (tags) about the current song. You can change the tags of the currently playing (or paused) song by pressing 6.

Pressing the \ button will add (or remove) an informative panel at the top of the view. In the top left, you should see something that looks like this:


Pressing the r, z, y, R, x buttons will respectively toggle the repeat, random, single, consume and crossfade playback modes and will replace one of the characters in that little indicator to the initial of the selected mode.

Pressing the F1 button will display some help text, which contains a list of keybindings, so there’s no need to write a complete list here. So now go on, be geeky, and play all your music from your terminal!

Contribute at the Fedora Test Week for Kernel 5.5

Saturday 8th of February 2020 08:00:00 AM

The kernel team is working on final integration for kernel 5.5. This version was just recently released, and will arrive soon in Fedora. This version has many security fixes included. As a result, the Fedora kernel and QA teams have organized a test week from Monday, February 10, 2020 through Monday, February 17, 2020. Refer to the wiki page for links to the test images you’ll need to participate. Read below for details.

How does a test week work?

A test day/week is an event where anyone can help make sure changes in Fedora work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed before, this is a perfect way to get started.

To contribute, you only need to be able to do the following things:

  • Download test materials, which include some large files
  • Read and follow directions step by step

The wiki page for the kernel test day has a lot of good information on what and how to test. After you’ve done some testing, you can log your results in the test day web application. If you’re available on or around the day of the event, please do some testing and report your results.

Happy testing, and we hope to see you in the Test Week.

Connect Fedora to your Android phone with GSConnect

Friday 7th of February 2020 08:00:00 AM

Both Apple and Microsoft offer varying levels of integration of their desktop offerings with your mobile devices. Fedora offers a similar if not greater degree of integration with GSConnect. It lets you pair your Android phone with your Fedora desktop and opens up a lot of possibilities. Keep reading to discover more about what it is and how it works.

What is GSConnect?

GSConnect is an implementation of the KDE Connect project tailored for the GNOME desktop. KDE Connect makes it possible for your devices to communicate with each other. However, installing it on Fedora’s default GNOME desktop requires pulling in a large number of KDE dependencies.

GSConnect is a complete implementation of KDE Connect, but in the form of a GNOME shell extension. Once installed, GSConnect lets you do the following and a lot more:

  • Receive phone notifications on your desktop and reply to messages
  • Use your phone as a remote control for your desktop
  • Share files and links between devices
  • Check your phone’s battery level from the desktop
  • Ring your phone to help find it
Setting up the GSConnect extension

Setting up GSConnect requires installing two components: the GSConnect extension on your desktop and the KDE Connect app on your Android device.

First, install the GSConnect extension from the GNOME Shell extensions website: GSConnect. (Fedora Magazine has a handy article on How to install a GNOME Shell extension to help you with this step.)

The KDE Connect app is available on Google’s Play Store. It’s also available on the FOSS Android apps repository, F-Droid.

Once you have installed both these components, you can pair your two devices. Installing the extension makes it show up in your system menu as Mobile Devices. Clicking on it displays a drop down menu, from which you can access Mobile Settings.

Here’s where you can view your paired devices and manage the features offered by GSConnect. Once you are on this screen, launch the app on your Android device.

You can initiate pairing from either device, but here you’ll be connecting to your desktop from the Android device. Simply hit refresh on the app, and as long as both devices are on the same wireless network, your desktop shows up in your Android device. You can now send a pair request to the desktop. Accept the pair request on your desktop to complete the pairing.

Using GSConnect

Once paired, you’ll need to grant permissions on your Android device to make use of the many features available on GSConnect. Click on the paired device in the list of devices to see all available functions and enable or disable them according to your preferences.

Remember that you’ll also need to grant corresponding permissions in the Android app to be able to use these functions. Depending upon the features you’ve enabled and the permissions you’ve granted, you can now access your mobile contacts on your desktop, get notified of messages and reply to them, and even sync the desktop and Android device clipboards.

Integration with Files and your web browsers

GSConnect allows you to directly send files to your Android device from your desktop file explorer’s context menu.

On Fedora’s default GNOME desktop, you will need to install the nautilus-python package in order to make your paired devices show up in the context menu. Installing this is as straightforward as running the following command from your preferred terminal:

$ sudo dnf install nautilus-python

Once done, the Send to Mobile Device entry appears in the context menu of the Files app.

Similarly, install the corresponding WebExtension for your browser, be it Firefox or Chrome, to send links to your Android device. You have the option to send the link to launch directly in your browser or to deliver it as SMS.

Running Commands

GSConnect lets you define commands which you can then run on your desktop, from your remote device. This allows you to do things such as take a screenshot of your desktop, or lock and unlock your desktop from your Android device, remotely.

To make use of this feature, you can use standard shell commands and the CLI exposed by GSConnect. Documentation on this is provided in the project’s GitHub repository: CLI Scripting.

The KDE UserBase Wiki has a list of example commands. These examples cover controlling the brightness and volume on your desktop, locking the mouse and keyboard, and even changing the desktop theme. Some of the commands are specific for KDE Plasma, and modifications are necessary to make it run on the GNOME desktop.

Explore and have fun

GSConnect makes it possible to enjoy a great degree of convenience and comfort. Dive into the preferences to see all that you can do and get creative with the commands function. Feel free to share all the possibilities this utility unlocked in your workflow in the comments below.

Photo by Pathum Danthanarayana on Unsplash.

Enable remote collaboration with on Fedora

Monday 3rd of February 2020 09:36:48 AM

Being able to collaborate on task remotely is an increasing need in today’s world. Contributing to Open Source project ? Working remotely ? tmate is a tmux fork that makes it easy to share a terminal session with others. It can save you hours of lonely debugging or programming.

tmate, being a tmux fork, supports all of tmux features and configuration. Also tmux and tmate can co-exist on the same system. To learn more about tmux, you can read the following article

Use tmux for a more powerful terminal Installing tmate on Fedora

tmate is available in the Fedora repository, making it really easy to install.

$ sudo dnf install tmate $ tmate Connecting to… Note: clear your terminal before sharing readonly access web session read only: ssh session read only: ssh web session: ssh session: ssh

After starting tmate, different ways to share your session will be available. You have the choice between ssh (read-only, read-write) or web (read-only, read-write).

The web client is known to have a few issues and is still work in progress, for example the tmux key bindings are not yet supported.

On the host running tmate, you start a new pane by hitting “Ctrl+b, c”. The new pane will then be available with anyone connected to your session.

You can easily keep track of how many clients are connected to your session, using the tmate control pane. To access it hit “Ctrl+b, 0 (zero)” you will then see something like this.

A mate has joined ( -- 1 client currently connected A mate has left ( -- 0 client currently connected A mate has joined ( -- 1 client currently connected

To close a session you can simply close tmate “Ctrl+c, Ctrl+d“.

Running your own server

By default tmate is using a remote server hosted on If you prefer you have the possibility to run your own server. For convenience a container image is provided and instruction are available on

It is important to remember that sharing your terminal session in read-write mode will give full access to your system to the connected client. So make sure you trust the persons you sharing you session with or use the read-only mode.

4 cool new projects to try in COPR for January 2020

Wednesday 29th of January 2020 12:10:02 PM

COPR is a collection of personal repositories for software that isn’t carried in Fedora. Some software doesn’t conform to standards that allow easy packaging. Or it may not meet other Fedora standards, despite being free and open source. COPR can offer these projects outside the Fedora set of packages. Software in COPR isn’t supported by Fedora infrastructure or signed by the project. However, it can be a neat way to try new or experimental software.

This article presents a few new and interesting projects in COPR. If you’re new to using COPR, see the COPR User Documentation for how to get started.


Contrast is a small app used for checking contrast between two colors and to determine if it meets the requirements specified in WCAG. The colors can be selected either using their RGB hex codes or with a color picker tool. In addition to showing the contrast ratio, Contrast displays a short text on a background in selected colors to demonstrate comparison.

Installation instructions

The repo currently provides contrast for Fedora 31 and Rawhide. To install Contrast, use these commands:

sudo dnf copr enable atim/contrast sudo dnf install contrast Pamixer

Pamixer is a command-line tool for adjusting and monitoring volume levels of sound devices using PulseAudio. You can display the current volume of a device and either set it directly or increase/decrease it, or (un)mute it. Pamixer can list all sources and sinks.

Installation instructions

The repo currently provides Pamixer for Fedora 31 and Rawhide. To install Pamixer, use these commands:

sudo dnf copr enable opuk/pamixer sudo dnf install pamixer PhotoFlare

PhotoFlare is an image editor. It has a simple and well-arranged user interface, where most of the features are available in the toolbars. PhotoFlare provides features such as various color adjustments, image transformations, filters, brushes and automatic cropping, although it doesn’t support working with layers. Also, PhotoFlare can edit pictures in batches, applying the same filters and transformations on all pictures and storing the results in a specified directory.

Installation instructions

The repo currently provides PhotoFlare for Fedora 31. To install Photoflare, use these commands:

sudo dnf copr enable adriend/photoflare sudo dnf install photoflare Tdiff

Tdiff is a command-line tool for comparing two file trees. In addition to showing that some files or directories exist in one tree only, tdiff shows differences in file sizes, types and contents, owner user and group ids, permissions, modification time and more.

Installation instructions

The repo currently provides tdiff for Fedora 29-31 and Rawhide, EPEL 6-8 and other distributions. To install tdiff, use these commands:

sudo dnf copr enable fif/tdiff sudo dnf install tdiff

Build your own cloud with Fedora 31 and Nextcloud Server

Monday 27th of January 2020 08:00:00 AM

Nextcloud is a software suite for storing and syncing your data across multiple devices. You can learn more about Nextcloud Server’s features from

This article demonstrates how to build a personal cloud using Fedora and Nextcloud in a few simple steps. For this tutorial you will need a dedicated computer or a virtual machine running Fedora 31 server edition and an internet connection.

Step 1: Install the prerequisites

Before installing and configuring Nextcloud, a few prerequisites must be satisfied.

First, install Apache web server:

# dnf install httpd

Next, install PHP and some additional modules. Make sure that the PHP version being installed meets Nextcloud’s requirements:

# dnf install php php-gd php-mbstring php-intl php-pecl-apcu php-mysqlnd php-pecl-redis php-opcache php-imagick php-zip php-process

After PHP is installed enable and start the Apache web server:

# systemctl enable --now httpd

Next, allow HTTP traffic through the firewall:

# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload

Next, install the MariaDB server and client:

# dnf install mariadb mariadb-server

Then enable and start the MariaDB server:

# systemctl enable --now mariadb

Now that MariaDB is running on your server, you can run the mysql_secure_installation command to secure it:

# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): <ENTER> OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorization. Set root password? [Y/n] <ENTER> New password: Your_Password_Here Re-enter new password: Your_Password_Here Password updated successfully! Reloading privilege tables... ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] <ENTER> ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] <ENTER> ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] <ENTER> - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] <ENTER> ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!

Next, create a dedicated user and database for your Nextcloud instance:

# mysql -p > create database nextcloud; > create user 'nc_admin'@'localhost' identified by 'SeCrEt'; > grant all privileges on nextcloud.* to 'nc_admin'@'localhost'; > flush privileges; > exit; Step 2: Install Nextcloud Server

Now that the prerequisites for your Nextcloud installation have been satisfied, download and unzip the Nextcloud archive:

# wget # unzip -d /var/www/html/

Next, create a data folder and grant Apache read and write access to the nextcloud directory tree:

# mkdir /var/www/html/nextcloud/data # chown -R apache:apache /var/www/html/nextcloud

SELinux must be configured to work with Nextcloud. The basic commands are those bellow, but a lot more, by features used on nexcloud installation, are posted here: Nextcloud SELinux configuration

# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' # semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' # semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?' # semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' # semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?' # restorecon -Rv '/var/www/html/nextcloud/' Step 3: Configure Nextcloud

Nextcloud can be configured using its web interface or from the command line.

Using the web interface

From your favorite browser, access http://your_server_ip/nextcloud and fill the fields:

Using the command line

From the command line, just enter the following, substituting the values you used when you created a dedicated Nextcloud user in MariaDB earlier:

# sudo -u apache php occ maintenance:install --data-dir /var/www/html/nextcloud/data/ --database "mysql" --database-name "nextcloud" --database-user "nc_admin" --database-pass "DB_SeCuRe_PaSsWoRd" --admin-user "admin" --admin-pass "Admin_SeCuRe_PaSsWoRd" Final Notes
  • I used the http protocol, but Nextcloud also works over https. I might write a follow-up about securing Nextcloud in a future article.
  • I disabled SELinux, but your server will be more secure if you configure it.
  • The recommend PHP memory limit for Nextcloud is 512M. To change it, edit the memory_limit variable in the /etc/php.ini configuration file and restart your httpd service.
  • By default, the web interface can only be accessed using the http://localhost/ URL. If you want to allow access using other domain names, you can do so by editing the /var/www/html/nextcloud/config/config.php file. The * character can be used to bypass the domain name restriction and allow the use of any URL that resolves to one of your server’s IP addresses.
'trusted_domains' => array ( 0 => 'localhost', 1 => '*', ),

— Updated on January 28th, 2020 to include SELinux configuration —

Thunderbolt – how to use keyboard during boot time

Friday 24th of January 2020 08:00:00 AM
Problem statement

Imagine you bought a new laptop with a shiny new USB-C docking station. You install fresh Fedora, encrypt your hard drive because laptop is a travel equipment and you do not want to travel around with non-ecrypted hard drive. You finish the installation, close the lid because you have external monitor, reboot the machine, and finally you would like to enter the LUKS password using the external keyboard attached using USB 2.0 to the USB-C docking station but it does not work!

The keyboard does not respond at all. So you open the lid, try the built-in keyboard which works just fine and once the machine boots the external keyboard works just fine as well. What is the problem?

What is this Thunderbolt anyway and why would anyone want it?

Thunderbolt is a hardware interface to connect peripherals such as monitors, external network cards [1] or even graphic cards [1]. The physical connector is the same as USB-C, but there is usually a label with a little lightning right next to the port to differentiate “plain” USB-C from Thunderbolt ports.

Of course it comes with very high transmission speed to support such demanding peripherals, but it also comes with a certain security risks. To achieve transmission speed like this, Thunderbolt uses Direct Memory Access (DMA) for the peripheral devices. As the name suggests, this method allows the external device to read and write memory directly without talking to the running operating system.

I guess you can already spot the problem here. If some stranger is walking around my laptop (even with the screen locked), is it really possible to just attach a device and read content of my computer memory? Let’s discuss it in more detail.

User facing solution for Thunderbolt security

In the recent versions, Gnome settings include a tab for Thunderbolt device configuration. You can enable and disable DMA access for external devices and you can also verify identity of the devices.

bolt is the component responsible for managing thunderbolt devices. See man 8 boltd for more information.

CLI tools

Of course it is possible to control the same via command line. I suggest you to read man boltctl or check the upstream repository directly:

Pre-boot support – solution to the keyboard problem

In pre-boot environment, the situation is slightly different. The userspace service responsible for device verification is not yet running so if a device is to be allowed, the firmware must to it. In order to enable this feature go to your BIOS and look for “support in pre boot environment”. For example this is how it looks on a Lenovo laptop:

Once you enable this feature, bolt will add any verified device to a list of allowed devices. The next time you boot your machine, you should be able to use your external keyboard.

Run boltctl a look for “bootacl”. Make sure that the list of allowed devices contains the one you wish to use.

Also note the “security: secure” line. If you see anything else, for instance “security: user” I recommend to reconfigure BIOS.

Technical details of the pre-boot support

There is one unfortunate technical detail about this solution. Thunderbolt support different security levels. For running Fedora, I recommend you to use “secure” level to verify that the device is indeed the one that it claims to be by using a per-device key generated by the host and stored in the device. Firmware, on the other hand, will only use “user” level which uses simple UUID that is provided by the device. The difference is that a malicious device could claim to be a different one by providing the same UUID as a legitimate one. Anyway this should not be a problem as the memory does not contain any sensitive data yet.

You can find more technical details in this blog post:


As you can see, in recent enough Fedora version the solution is a simple switch in BIOS. So if you are still opening your laptop during boot, go ahead and configure it so you don’t have to do it next time. Meanwhile check that the default security level is “secure” instead of “user” [5].







Set up an offline command line dictionary in Fedora

Wednesday 22nd of January 2020 08:00:00 AM

You don’t need an internet connection to have an easily searchable and extendable dictionary on your Fedora computer. You can use sdcv (StarDict under Console Version) and the public Stardict files on the default repositories to keep a local record for offline use. This article shows you how.

What is sdcv?

sdcv is a command line variant of Stardict. Stardict is a part of a long legacy of GUI offline dictionaries. The “dic” files it uses are formatted as a colon delimited file, with the word in first column and the definition in the second column. You can have multiple lines with the same word and different definitions. sdcv will provide you with a search function and formatted display of your results.

Installing sdcv

You can get started quickly with sdcv and the English dictionary by installing them from the default repos:

sudo dnf install sdcv stardict-dic-en

sdcv will be ready for use right away. If you want to see what other languages are available, use this command:

dnf search stardict How to use sdcv

sdcv has an interactive and non-interactive mode. You can perform a quick search on a word or term using this command:

sdcv word

For example, you could search sdcv linux. Alternately, you can run sdcv by itself to activate interactive mode.

Customizing sdcv

sdcv has a –color option that adds coloring to the words and source of the definition. You can also use an alias to enable –color by default. Simply edit your shell resource file (default on Fedora is ~/.bashrc) to add this command:

alias sdcv="sdcv --color"

You can also use a more friendly name like this: 

alias describe="sdcv --color"

sdcv references /usr/share/stardic/dic by default, or it uses the path located in the shell variable STARDICT_DATA_DIR. You can also set up a personal dictionary in the file $HOME/.stardict/dic.

Fun facts

Believe it or not, the dict network protocol is still alive to this day. You can use it with the curl command by using a command like this to search for a word:

curl dict://<word>

This pull definitions straight from the internet via your command line. Enjoy using sdcv!

Photo by Pisit Heng on Unsplash.

Learning about Partitions and How to Create Them for Fedora

Monday 20th of January 2020 08:00:00 AM

Operating system distributions try to craft a one size fits all partition layout for their file systems. Distributions cannot know the details about how your hardware is configured or how you use your system though. Do you have more than one storage drive? If so, you might be able to get a performance benefit by putting the write-heavy partitions (var and swap for example) on a separate drive from the others that tend to be more read-intensive since most drives cannot read and write at the same time. Or maybe you are running a database and have a small solid-state drive that would improve the database’s performance if its files are stored on the SSD.

The following sections attempt to describe in brief some of the historical reasons for separating some parts of the file system out into separate partitions so that you can make a more informed decision when you install your Linux operating system.

If you know more (or contradictory) historical details about the partitioning decisions that shaped the Linux operating systems used today, contribute what you know below in the comments section!

Common partitions and why or why not to create them The boot partition

One of the reasons for putting the /boot directory on a separate partition was to ensure that the boot loader and kernel were located within the first 1024 cylinders of the disk. Most modern computers do not have the 1024 cylinder restriction. So for most people, this concern is no longer relevant. However, modern UEFI-based computers have a different restriction that makes it necessary to have a separate partition for the boot loader. UEFI-based computers require that the boot loader (which can be the Linux kernel directly) be on a FAT-formatted file system. The Linux operating system, however, requires a POSIX-compliant file system that can designate access permissions to individual files. Since FAT file systems do not support access permissions, the boot loader must be on a separate file system than the rest of the operating system on modern UEFI-based computers. A single partition cannot be formatted with more than one type of file system.

The var partition

One of the historical reasons for putting the /var directory on a separate partition was to prevent files that were frequently written to (/var/log/* for example) from filling up the entire drive. Since modern drives tend to be much larger and since other means like log rotation and disk quotas are available to manage storage utilization, putting /var on a separate partition may not be necessary. It is much easier to change a disk quota than it is to re-partition a drive.

Another reason for isolating /var was that file system corruption was much more common in the original version of the Linux Extended File System (EXT). The file systems that had more write activity were much more likely to be irreversibly corrupted by a power outage than those that did not. By partitioning the disk into separate file systems, one could limit the scope of the damage in the event of file system corruption. This concern is no longer as significant because modern file systems support journaling.

The home partition

Having /home on a separate partition makes it possible to re-format the other partitions without overwriting your home directories. However, because modern Linux distributions are much better at doing in-place operating system upgrades, re-formatting shouldn’t be needed as frequently as it might have been in the past.

It can still be useful to have /home on a separate partition if you have a dual-boot setup and want both operating systems to share the same home directories. Or if your operating system is installed on a file system that supports snapshots and rollbacks and you want to be able to rollback your operating system to an older snapshot without reverting the content in your user profiles. Even then, some file systems allow their descendant file systems to be rolled back independently, so it still may not be necessary to have a separate partition for /home. On ZFS, for example, one pool/partition can have multiple descendant file systems.

The swap partition

The swap partition reserves space for the contents of RAM to be written to permanent storage. There are pros and cons to having a swap partition. A pro of having swap memory is that it theoretically gives you time to gracefully shutdown unneeded applications before the OOM killer takes matters into its own hands. This might be important if the system is running mission-critical software that you don’t want abruptly terminated. A con might be that your system runs so slow when it starts swapping memory to disk that you’d rather the OOM killer take care of the problem for you.

Another use for swap memory is hibernation mode. This might be where the rule that the swap partition should be twice the size of your computer’s RAM originated. Ideally, you should be able to put a system into hibernation even if nearly all of its RAM is in use. Beware that Linux’s support for hibernation is not perfect. It is not uncommon that after a Linux system is resumed from hibernation some hardware devices are left in an inoperable state (for example, no video from the video card or no internet from the WiFi card).

In any case, having a swap partition is more a matter of taste. It is not required.

The root partition

The root partition (/) is the catch-all for all directories that have not been assigned to a separate partition. There is always at least one root partition. BIOS-based systems that are new enough to not have the 1024 cylinder limit can be configured with only a root partition and no others so that there is never a need to resize a partition or file system if space requirements change.

The EFI system partition

The EFI System Partition (ESP) serves the same purpose on UEFI-based computers as the boot partition did on the older BIOS-based computers. It contains the boot loader and kernel. Because the files on the ESP need to be accessible by the computer’s firmware, the ESP has a few restrictions that the older boot partition did not have. The restrictions are:

  1. The ESP must be formatted with a FAT file system (vfat in Anaconda)
  2. The ESP must have a special type-code (EF00 when using gdisk)

Because the older boot partition did not have file system or type-code restrictions, it is permissible to apply the above properties to the boot partition and use it as your ESP. Note, however, that the GRUB boot loader does not support combining the boot and ESP partitions. If you use GRUB, you will have to create a separate partition and mount it beneath the /boot directory.

The Boot Loader Specification (BLS) lists several reasons why it is ideal to use the legacy boot partition as your ESP. The reasons include:

  1. The UEFI firmware should be able to load the kernel directly. Having a separate, non-ESP compliant boot partition for the kernel prevents the UEFI firmware from being able to directly load the kernel.
  2. Nesting the ESP mount point three mount levels deep increases the likelihood that an intermediate mount could fail or otherwise be unavailable when needed. That is, requiring root (/), then boot (/boot), then efi (/efi) to be consecutively mounted is unnecessarily complex and prone to error.
  3. Requiring the boot loader to be able to read other partitions/disks which may be formatted with arbitrary file systems is non-trivial. Even when the boot loader does contain such code, the code that works at installation time can become outdated and fail to access the kernel/initrd after a file system update. This is currently true of GRUB’s ZFS file system driver, for example. You must be careful not to update your ZFS file system if you use the GRUB boot loader or else your system may not come back up the next time you reboot.

Besides the concerns listed above, it is a good idea to have your startup environment — up to and including your initramfs — on a single self-contained file system for recovery purposes. Suppose, for example, that you need to rollback your root file system because it has become corrupted or it has become infected with malware. If your kernel and initramfs are on the root file system, you may be unable to perform the recovery. By having the boot loader, kernel, and initramfs all on a single file system that is rarely accessed or updated, you can increase your chances of being able to recover the rest of your system.

In summary, there are many ways that you can layout your partitions and the type of hardware (BIOS or UEFI) and the brand of boot loader (GRUB, Syslinux or systemd-boot) are among the factors that will influence which layouts will work.

Other considerations MBR vs. GPT

GUID Partition Table (GPT) is the newer partition format that supports larger disks. GPT was designed to work with the newer UEFI firmware. It is backward-compatible with the older Master Boot Record (MBR) partition format but not all boot loaders support the MBR boot method. GRUB and Syslinux support both MBR and UEFI, but systemd-boot only supports the newer UEFI boot method.

By using GPT now, you can increase the likelihood that your storage device, or an image of it, can be transferred over to a newer computer in the future should you wish to do so. If you have an older computer that natively supports only MBR-partitioned drives, you may need to add the inst.gpt parameter to Anaconda when starting the installer to get it to use the newer format. How to add the inst.gpt parameter is shown in the below video titled “Partitioning a BIOS Computer”.

If you use the GPT partition format on a BIOS-based computer, and you use the GRUB boot loader, you must additionally create a one megabyte biosboot partition at the start of your storage device. The biosboot partition is not needed by any other brand of boot loader. How to create the biosboot partition is demonstrated in the below video titled “Partitioning a BIOS Computer”.


One last thing to consider when manually partitioning your Linux system is whether to use standard partitions or logical volumes. Logical volumes are managed by the Logical Volume Manager (LVM). You can setup LVM volumes directly on your disk without first creating standard partitions to hold them. However, most computers still require that the boot partition be a standard partition and not an LVM volume. Consequently, having LVM volumes only increases the complexity of the system because the LVM volumes must be created within standard partitions.

The main features of LVM — online storage resizing and clustering — are not really applicable to the typical end user. Most laptops do not have hot-swappable drive bays for adding or reconfiguring storage while the system is running. And not many laptop or desktop users have clvmd configured so they can access a centralized storage device concurrently from multiple client computers.

LVM is great for servers and clusters. But it adds extra complexity for the typical end user. Go with standard partitions unless you are a server admin who needs the more advanced features.

Video demonstrations

Now that you know which partitions you need, you can watch the sort video demonstrations below to see how to manually partition a Fedora Linux computer from the Anaconda installer.

These videos demonstrate creating only the minimally required partitions. You can add more if you choose.

Because the GRUB boot loader requires a more complex partition layout on UEFI systems, the below video titled “Partitioning a UEFI Computer” additionally demonstrates how to install the systemd-boot boot loader. By using the systemd-boot boot loader, you can reduce the number of needed partitions to just two — boot and root. How to use a boot loader other than the default (GRUB) with Fedora’s Anaconda installer is officially documented here.

Partitioning a UEFI Computer Partitioning a BIOS Computer

Fedora CoreOS out of preview

Friday 17th of January 2020 10:40:00 AM

The Fedora CoreOS team is pleased to announce that Fedora CoreOS is now available for general use. Here are some more details about this exciting delivery.

Fedora CoreOS is a new Fedora Edition built specifically for running containerized workloads securely and at scale. It’s the successor to both Fedora Atomic Host and CoreOS Container Linux and is part of our effort to explore new ways of assembling and updating an OS. Fedora CoreOS combines the provisioning tools and automatic update model of Container Linux with the packaging technology, OCI support, and SELinux security of Atomic Host.  For more on the Fedora CoreOS philosophy, goals, and design, see the announcement of the preview release.

Some highlights of the current Fedora CoreOS release:

  • Automatic updates, with staged deployments and phased rollouts
  • Built from Fedora 31, featuring:
    • Linux 5.4
    • systemd 243
    • Ignition 2.1
  • OCI and Docker Container support via Podman 1.7 and Moby 18.09
  • cgroups v1 enabled by default for broader compatibility; cgroups v2 available via configuration

Fedora CoreOS is available on a variety of platforms:

  • Bare metal, QEMU, OpenStack, and VMware
  • Images available in all public AWS regions
  • Downloadable cloud images for Alibaba, AWS, Azure, and GCP
  • Can run live from RAM via ISO and PXE (netboot) images

Fedora CoreOS is under active development.  Planned future enhancements include:

  • Addition of the next release stream for extended testing of upcoming Fedora releases.
  • Support for additional cloud and virtualization platforms, and processor architectures other than x86_64.
  • Closer integration with Kubernetes distributions, including OKD.
  • Aggregate statistics collection.
  • Additional documentation.
Where do I get it?

To try out the new release, head over to the download page to get OS images or cloud image IDs.  Then use the quick start guide to get a machine running quickly.

How do I get involved?

It’s easy!  You can report bugs and missing features to the issue tracker. You can also discuss Fedora CoreOS in Fedora Discourse, the development mailing list, in #fedora-coreos on Freenode, or at our weekly IRC meetings.

Are there stability guarantees?

In general, the Fedora Project does not make any guarantees around stability.  While Fedora CoreOS strives for a high level of stability, this can be challenging to achieve in the rapidly evolving Linux and container ecosystems.  We’ve found that the incremental, exploratory, forward-looking development required for Fedora CoreOS — which is also a cornerstone of the Fedora Project as a whole — is difficult to reconcile with the iron-clad stability guarantee that ideally exists when automatically updating systems.

We’ll continue to do our best not to break existing systems over time, and to give users the tools to manage the impact of any regressions.  Nevertheless, automatic updates may produce regressions or breaking changes for some use cases. You should make your own decisions about where and how to run Fedora CoreOS based on your risk tolerance, operational needs, and experience with the OS.  We will continue to announce any major planned or unplanned breakage to the coreos-status mailing list, along with recommended mitigations.

How do I migrate from CoreOS Container Linux?

Container Linux machines cannot be migrated in place to Fedora CoreOS.  We recommend writing a new Fedora CoreOS Config to provision Fedora CoreOS machines.  Fedora CoreOS Configs are similar to Container Linux Configs, and must be passed through the Fedora CoreOS Config Transpiler to produce an Ignition config for provisioning a Fedora CoreOS machine.

Whether you’re currently provisioning your Container Linux machines using a Container Linux Config, handwritten Ignition config, or cloud-config, you’ll need to adjust your configs for differences between Container Linux and Fedora CoreOS.  For example, on Fedora CoreOS network configuration is performed with NetworkManager key files instead of systemd-networkd, and time synchronization is performed by chrony rather than systemd-timesyncd.  Initial migration documentation will be available soon and a skeleton list of differences between the two OSes is available in this issue.

CoreOS Container Linux will be maintained for a few more months, and then will be declared end-of-life.  We’ll announce the exact end-of-life date later this month.

How do I migrate from Fedora Atomic Host?

Fedora Atomic Host has already reached end-of-life, and you should migrate to Fedora CoreOS as soon as possible.  We do not recommend in-place migration of Atomic Host machines to Fedora CoreOS. Instead, we recommend writing a Fedora CoreOS Config and using it to provision new Fedora CoreOS machines.  As with CoreOS Container Linux, you’ll need to adjust your existing cloud-configs for differences between Fedora Atomic Host and Fedora CoreOS.

Welcome to Fedora CoreOS.  Deploy it, launch your apps, and let us know what you think!

Develop GUI apps using Flutter on Fedora

Wednesday 15th of January 2020 08:00:00 AM

When it comes to app development frameworks, Flutter is the latest and greatest. Google seems to be planning to take over the entire GUI app development world with Flutter, starting with mobile devices, which are already perfectly supported. Flutter allows you to develop cross-platform GUI apps for multiple targets — mobile, web, and desktop — from a single codebase.

This post will go through how to install the Flutter SDK and tools on Fedora, as well as how to use them both for mobile development and web/desktop development.

Installing Flutter and Android SDKs on Fedora

To get started building apps with Flutter, you need to install

  • the Android SDK;
  • the Flutter SDK itself; and,
  • optionally, an IDE and its Flutter plugins.
Installing the Android SDK

Flutter requires the installation of the Android SDK with the entire Android Studio suite of tools. Google provides a tar.gz archive. The Android Studio executable can be found in the android-studio/bin directory and is called To run it, open a terminal, cd into the aforementioned directory, and then run:

$ ./ Installing the Flutter SDK

Before you install Flutter you may want to consider what release channel you want to be on.

The stable channel is least likely to give you a headache if you just want to build a mobile app using mainstream Flutter features.

On the other hand, you may want to use the latest features, especially for desktop and web app development. In that case, you might be better off installing either the latest version of the beta or even the dev channel.

Either way, you can switch between channels after you install using the flutter channel command explained later in the article.

Head over to the official SDK archive page and download the latest installation bundle for the release channel most appropriate for your use case.

The installation bundle is simply a xz-compressed tarball (.tar.xz extension). You can extract it wherever you want, given that you add the flutter/bin subdirectory to the PATH environment variable.

Installing the IDE plugins

To install the plugin for Visual Studio Code, you need to search for Flutter in the Extensions tab. Installing it will also install the Dart plugin.

The same will happen when you install the plugin for Android Studio by opening the Settings, then the Plugins tab and installing the Flutter plugin.

Using the Flutter and Android CLI Tools on Fedora

Now that you’ve installed Flutter, here’s how to use the CLI tool.

Upgrading and Maintaining Your Flutter Installations

The flutter doctor command is used to check whether your installation and related tools are complete and don’t require any further action.

For example, the output you may get from flutter doctor right after installing on Fedora is:

Doctor summary (to see all details, run flutter doctor -v): [✓] Flutter (Channel stable, v1.12.13+hotfix.5, on Linux, locale it_IT.UTF-8) [!] Android toolchain - develop for Android devices (Android SDK version 29.0.2) ✗ Android licenses not accepted. To resolve this, run: flutter doctor --android-licenses [!] Android Studio (version 3.5) ✗ Flutter plugin not installed; this adds Flutter specific functionality. ✗ Dart plugin not installed; this adds Dart specific functionality. [!] Connected device ! No devices available ! Doctor found issues in 3 categories.

Of course the issue with the Android toolchain has to be resolved in order to build for Android. Run this command to accept the licenses:

$ flutter doctor --android-licenses

Use the flutter channel command to switch channels after installation. It’s just like switching branches on Git (and that’s actually what it does). You use it in the following way:

$ flutter channel <channel_name>

…where you’d replace <channel_name> with the release channel you want to switch to.

After doing that, or whenever you feel the need to do it, you need to update your installation. You might consider running this every once in a while or when a major update comes out if you follow Flutter news. Run this command:

$ flutter upgrade Building for Mobile

You can build for Android very easily: the flutter build command supports it by default, and it allows you to build both APKs and newfangled app bundles.

All you need to do is to create a project with flutter create, which will generate some code for an example app and the necessary android and ios folders.

When you’re done coding you can either run:

  • flutter build apk or flutter build appbundle to generate the necessary app files to distribute, or
  • flutter run to run the app on a connected device or emulator directly.

When you run the app on a phone or emulator with flutter run, you can use the R button on the keyboard to use stateful hot reload. This feature updates what’s displayed on the phone or emulator to reflect the changes you’ve made to the code without requiring a full rebuild.

If you input a capital R character to the debug console, you trigger a hot restart. This restart doesn’t preserve state and is necessary for bigger changes to the app.

If you’re using a GUI IDE, you can trigger a hot reload using the bolt icon button and a hot restart with the typical refresh button.

Building for the Desktop

To build apps for the desktop on Fedora, use the flutter-desktop-embedding repository. The flutter create command doesn’t have templates for desktop Linux apps yet. That repository contains examples of desktop apps and files required to build on desktop, as well as examples of plugins for desktop apps.

To build or run apps for Linux, you also need to be on the master release channel and enable Linux desktop app development. To do this, run:

$ flutter config --enable-linux-desktop

After that, you can use flutter run to run the app on your development workstation directly, or run flutter build linux to build a binary file in the build/ directory.

If those commands don’t work, run this command in the project directory to generate the required files to build in the linux/ directory:

$ flutter create . Building for the Web

Starting with Flutter 1.12, you can build Web apps using Flutter with the mainline codebase, without having to use the flutter_web forked libraries, but you have to be running on the beta channel.

If you are (you can switch to it using flutter channel beta and flutter upgrade as we’ve seen earlier), you need to enable web development by running flutter config –enable-web.

After doing that, you can run flutter run -d web and a local web server will be started from which you can access your app. The command returns the URL at which the server is listening, including the port number.

You can also run flutter build web to build the static website files in the build/ directory.

If those commands don’t work, run this command in the project directory to generate the required files to build in the web/ directory:

$ flutter create . Packages for Installing Flutter

Other distributions have packages or community repositories to install and update in a more straightforward and intuitive way. However, at the time of writing, no such thing exists for Flutter. If you have experience packaging RPMs for Fedora, consider contributing to this GitHub repository for this COPR package.

The next step is learning Flutter. You can do that in a number of ways:

  • Read the good API reference documentation on the official site
  • Watching some of the introductory video courses available online
  • Read one of the many books out there today. [Check out the author’s bio for a suggestion! — Ed.]

Photo by Randall Ruiz on Unsplash.

How to setup a DNS server with bind

Monday 13th of January 2020 09:00:00 AM

The Domain Name System, or DNS, as it’s more commonly known, translates or converts domain names into the IP addresses associated with that domain. DNS is the reason you are able to find your favorite website by name instead of typing an IP address into your browser. This guide shows you how to configure a Master DNS system and one client.

Here are system details for the example used in this article:

dns01.fedora.local ( ) - Master DNS server client.fedora.local ( ) - Client DNS server configuration

Install the bind packages using sudo:

$ sudo dnf install bind bind-utils -y

The /etc/named.conf configuration file is provided by the bind package to allow you to configure the DNS server.

Edit the /etc/named.conf file:

sudo vi /etc/named.conf

Look for the following line:

listen-on port 53 {; };

Add the IP address of your Master DNS server as follows:

listen-on port 53 {;; };

Look for the next line:

allow-query  { localhost; };

Add your local network range. The example system uses IP addresses in the 192.168.1.X range. This is specified as follows:

allow-query  { localhost;; };

Specify a forward and reverse zone. Zone files are simply text files that have the DNS information, such as IP addresses and host-names, on your system. The forward zone file makes it possible for the translation of a host-name to its IP address. The reverse zone file does the opposite. It allows a remote system to translate an IP address to the host name.

Look for the following line at the bottom of the /etc/named.conf file:

include "/etc/named.rfc1912.zones";

Here, you’ll specify the zone file information directly above that line as follows:

zone "dns01.fedora.local" IN { type master; file "forward.fedora.local"; allow-update { none; }; }; zone "" IN { type master; file "reverse.fedora.local"; allow-update { none; }; };

The forward.fedora.local and the file reverse.fedora.local are just the names of the zone files you will be creating. They can be called anything you like.

Save and exit.

Create the zone files

Create the forward and reverse zone files you specified in the /etc/named.conf file:

$ sudo vi /var/named/forward.fedora.local

Add the following lines:

$TTL 86400 @   IN  SOA     dns01.fedora.local. root.fedora.local. (         2011071001  ;Serial         3600        ;Refresh         1800        ;Retry         604800      ;Expire         86400       ;Minimum TTL ) @       IN  NS          dns01.fedora.local. @       IN  A  dns01       IN  A client          IN  A

Everything in bold is specific to your environment. Save the file and exit. Next, edit the reverse.fedora.local file:

$ sudo vi /var/named/reverse.fedora.local

Add the following lines:

$TTL 86400 @   IN  SOA     dns01.fedora.local. root.fedora.local. (         2011071001  ;Serial         3600        ;Refresh         1800        ;Retry         604800      ;Expire         86400       ;Minimum TTL ) @       IN  NS          dns01.fedora.local. @       IN  PTR         fedora.local. dns01       IN  A client          IN  A 160     IN  PTR         dns01.fedora.local. 136     IN  PTR         client.fedora.local.

Everything in bold is also specific to your environment. Save the file and exit.

You’ll also need to configure SELinux and add the correct ownership for the configuration files.

sudo chgrp named -R /var/named sudo chown -v root:named /etc/named.conf sudo restorecon -rv /var/named sudo restorecon /etc/named.conf

Configure the firewall:

sudo firewall-cmd --add-service=dns --perm sudo firewall-cmd --reload Check the configuration for any syntax errors sudo named-checkconf /etc/named.conf

Your configuration is valid if no output or errors are returned.

Check the forward and reverse zone files.

$ sudo named-checkzone forward.fedora.local /var/named/forward.fedora.local $ sudo named-checkzone reverse.fedora.local /var/named/reverse.fedora.local

You should see a response of OK:

zone forward.fedora.local/IN: loaded serial 2011071001 OK zone reverse.fedora.local/IN: loaded serial 2011071001 OK Enable and start the DNS service $ sudo systemctl enable named $ sudo systemctl start named Configuring the resolv.conf file

Edit the /etc/resolv.conf file:

$ sudo vi /etc/resolv.conf

Look for your current name server line or lines. On the example system, a cable modem/router is serving as the name server and so it currently looks like this:


This needs to be changed to the IP address of the Master DNS server:


Save your changes and exit.

Unfortunately there is one caveat to be aware of. NetworkManager overwrites the /etc/resolv.conf file if the system is rebooted or networking gets restarted. This means you will lose all of the changes that you made.

To prevent this from happening, make /etc/resolv.conf immutable:

$ sudo chattr +i /etc/resolv.conf

If you want to set it back and allow it to be overwritten again:

$ sudo chattr -i /etc/resolv.conf Testing the DNS server $ dig ; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good) ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 50 IN A ;; AUTHORITY SECTION: 86150 IN NS 86150 IN NS 86150 IN NS ;; ADDITIONAL SECTION: 86150 IN A 86150 IN A 86150 IN A 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5 ;; Query time: 830 msec ;; SERVER: ;; WHEN: Mon Jan 06 08:46:05 CST 2020 ;; MSG SIZE rcvd: 266

There are a few things to look at to verify that the DNS server is working correctly. Obviously getting the results back are important, but that by itself doesn’t mean the DNS server is actually doing the work.

The QUERY, ANSWER, and AUTHORITY fields at the top should show non-zero as it in does in our example:

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6

And the SERVER field should have the IP address of your DNS server:


In case this is the first time you’ve run the dig command, notice how it took 830 milliseconds for the query to complete:

;; Query time: 830 msec

If you run it again, the query will run much quicker:

$ dig ;; Query time: 0 msec ;; SERVER: Client configuration

The client configuration will be a lot simpler.

Install the bind utilities:

$ sudo dnf install bind-utils -y

Edit the /etc/resolv.conf file and configure the Master DNS as the only name server:

$ sudo vi /etc/resolv.conf

This is how it should look:


Save your changes and exit. Then, make the /etc/resolv.conf file immutable to prevent it from be overwritten and going back to its default settings:

$ sudo chattr +i /etc/resolv.conf Testing the client

You should get the same results as you did from the DNS server:

$ dig ; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8391 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c7350d07f8efaa1286c670ab5e13482d600f82274871195a (good) ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 50 IN A ;; AUTHORITY SECTION: 86150 IN NS 86150 IN NS 86150 IN NS ;; ADDITIONAL SECTION: 86150 IN A 86150 IN A 86150 IN A 86150 IN AAAA 2610:28:3090:3001:dead:beef:cafe:fed5 86150 IN AAAA 2001:4178:2:1269:dead:beef:cafe:fed5 ;; Query time: 1 msec ;; SERVER: ;; WHEN: Mon Jan 06 08:46:05 CST 2020 ;; MSG SIZE rcvd: 266

Make sure the SERVER output has the IP Address of your DNS server.

Your DNS server is now ready to use and all requests from the client should be going through your DNS server now!

How to setup multiple monitors in sway

Wednesday 8th of January 2020 09:00:00 AM

Sway is a tiling Wayland compositor which has mostly the same features, look and workflow as the i3 X11 window manager. Because Sway uses Wayland instead of X11, the tools to setup X11 don’t always work in sway. This includes tools like xrandr, which are used in X11 window managers or desktops to setup monitors. This is why monitors have to be setup by editing the sway config file, and that’s what this article is about.

Getting your monitor ID’s

First, you have to get the names sway uses to refer to your monitors. You can do this by running:

$ swaymsg -t get_outputs

You will get information about all of your monitors, every monitor separated by an empty line.

You have to look for the first line of every section, and for what’s after “Output”. For example, when you see a line like “Output DVI-D-1 ‘Philips Consumer Electronics Company’”, the output ID is “DVI-D-1”. Note these ID’s and which physical monitors they belong to.

Editing the config file

If you haven’t edited the Sway config file before, you have to copy it to your home directory by running this command:

cp -r /etc/sway/config ~/.config/sway/config

Now the default config file is located in ~/.config/sway and called “config”. You can edit it using any text editor.

Now you have to do a little bit of math. Imagine a grid with the origin in the top left corner. The units of the X and Y coordinates are pixels. The Y axis is inverted. This means that if you, for example, start at the origin and you move 100 pixels to the right and 80 pixels down, your coordinates will be (100, 80).

You have to calculate where your displays are going to end up on this grid. The locations of the displays are specified with the top left pixel. For example, if we want to have a monitor with name HDMI1 and a resolution of 1920×1080, and to the right of it a laptop monitor with name eDP1 and a resolution of 1600×900, you have to type this in your config file:

output HDMI1 pos 0 0 output eDP1 pos 1920 0

You can also specify the resolutions manually by using the res option: 

output HDMI1 pos 0 0 res 1920x1080 output eDP1 pos 1920 0 res 1600x900 Binding workspaces to monitors

Using sway with multiple monitors can be a little bit tricky with workspace management. Luckily, you can bind workspaces to a specific monitor, so you can easily switch to that monitor and use your displays more efficiently. This can simply be done by the workspace command in your config file. For example, if you want to bind workspace 1 and 2 to monitor DVI-D-1 and workspace 8 and 9 to monitor HDMI-A-1, you can do that by using:

workspace 1 output DVI-D-1 workspace 2 output DVI-D-1 workspace 8 output HDMI-A-1 workspace 9 output HDMI-A-1

That’s it! These are the basics of multi monitor setup in sway. A more detailed guide can be found at

Most read articles in 2019 not from 2019

Monday 6th of January 2020 10:00:00 AM

Some topics are very popular, no matter when they’re first mentioned. And Fedora Magazine has a few articles that have proven to be popular for a long time.

You’re reading the last article from the “best of 2019” series. But this time, it’s about articles written before 2019, but being very popular in 2019.

All of the articles below have been checked and updated to be correct even now, in early 2020. Let’s dive in!

i3 tiling window manager

Wish to try an alternative desktop? The following article introduces i3 — a tiling window manager that doesn’t require high-end hardware, but is powerful and highly customizable. You’ll learn about the installation process, some initial setup, and a few tricks to get you started.

Getting started with the i3 tiling window manager Powerline

Would you like to have your shell a bit more organized? Then you might want to try Powerline — a utility that gives you status information, and some visual tweaks to your shell to make it more pleasant and organized.

Add power to your terminal with powerline Monospace fonts

Do you spend a lot of your time in terminal or a code editor? And is your font making you happy? Discover some beautiful monospace fonts available in the Fedora repositories.

6 great monospaced fonts for code and terminal in Fedora Image viewers

Is the default image viewer on your desktop not working the way you want? The following article shows 17 image viewers available in Fedora — varying from simpler to ones full of features.

17 alternatives to your default image viewer on Fedora Fedora as a VirtualBox guest

Love Fedora but your machine runs Windows or macOS? One option to get Fedora running on your machine is virtualization. Your system keeps running and you’ll be able to access Fedora at the same time in a virtual machine. The following article introduces VirtualBox that can do just that.

How to install Fedora as a VirtualBox guest

Tracking Translations with Transtats

Friday 3rd of January 2020 08:00:00 AM

Translation is an important step in software localization which helps make software more popular globally, and impacts international user experience. In recent years, localization processes have been evolving worldwide to become more continuous, faster, efficient with automation. In Fedora, the development of the Zanata platform and its plugins, then Transtats, and now the migration to the Weblate platform are part of this common ongoing goal. The localization of a desktop OS like Fedora is highly complex because it depends on many factors of the individual upstream projects which are packaged in Fedora. For example, different translation timelines, resources, and tooling.

What is Transtats?

Transtats is a web application which tries to tie up upstream repositories, translation platforms, build system, and product release schedule together to solve problems of mismatch, out-of-sync conditions and to assist the timely packaging of quality translations. Actually, it collects translation data, analyzes them, and creates meaningful representations.

Fedora Transtats is hosted at

How to see the translation status of my package?

Just select Packages tab from left hand side navigation bar. This takes us to the packages list view. Then, search for the package and click on its name.

For example anaconda. On package details page, locate following:

Here, we have translation statistics from translation platform: Zanata and Koji build system. Syncs with the platform and build system are scheduled, which update differences periodically. Languages in red color indicate that there are translated strings remaining in the Translation Platform to be pulled and packaged, whereas, blue denote translated messages could not make 100% in the built package.

String breakage (or changes?)

In translation of software packages, one of the challenges is to prevent string breakage. Package maintainers should strive to abide by the scheduled Fedora release String Freeze. However, in some circumstances it could be necessary to break the string freeze and to inform the translation team on the mailing list. As well as, to update latest translation template (POT) file in the translation platform. Just in case these actions seem missing – translators may get new strings to translate very late or the application may have some strings untranslated. In the worst case, an outdated translation string mismatch may result in a crash. Sync and automation pipelines are there to prevent this, nevertheless it depends on the push or pull methods followed by package developers or maintainers.

To deal with the same context, we can use a job template in Transtats to detect this string change – particularly useful after string freeze in Fedora release schedule. This would be really helpful for the folks who look for packaging translations without string breakage, keeping translation template (POT) file in sync with translation platform, and testing localized form of the application for translation completeness to back trace.

How to detect string changes?

One of the options in Jobs tab is ‘YML based Jobs’. Where we can see available job templates.

The jobs framework executes all the tasks mentioned in the YAML, create appropriate logs and store results. Track String Change job basically:

  1. Clones the source repository of respective package.
  2. Tries to generate translation template (POT) file.
  3. Downloads POT file from respective translation platform.
  4. And, finds differences between both the POT files.

Actually, Transtats maintains mapping of upstream repository, Translation Platform project and respective build tag for every package.

Let’s take a closer look into this YAML. We can provide value for %PACKAGE_NAME% and %RELEASE_SLUG% in the next step – Set Values! For example: anaconda and fedora-32. Furthermore, a couple of things seek attention are:

  • In case the upstream software repository maintains separate git branch for fedora release, please edit ‘branch: master’ to ‘branch: <fedora-release-branch>’
  • In ‘generate’ block, mention the command to generate POT file. Default one should work for ‘intltool-update’ only, however, many packages do have their own.
  • A few packages may have gettext domain name different than that of package name. If this is the case, mention the gettext domain too.

As soon as the job is triggered, logs should be populated. If this is not a scratch run, a unique URL shall also be created at the end.

Left hand side is the input YAML and right hand side is respective log for each task. Here we can find the differences and figure out string mismatch.

In Transtats, we can create solutions to different problems in the form of job templates. And, scheduling of these jobs could be a step towards automation.

Top articles of 2019: Editors’ choice

Monday 30th of December 2019 08:00:00 AM

The year is still ending and the perfect time to reflect and look back at some Magazine articles continues. This time, let’s see if the editors chose some interesting ones from 2019. Yes, they did!

Red Hat, IBM, and Fedora

IBM acquired Red Hat in July 2019, and this article discusses how nothing changes for the Fedora project.

Red Hat, IBM, and Fedora Some tips for the Workstation users

Using Fedora Workstation? This article gives you some tips including enhancing photos, coding, or getting more wallpapers right from the repositories.

5 quick tips for Fedora Workstation users Fedora and CentOS Stream

In this article, the Fedora Project Leader discusses the CentOS Stream announcement from September 2019 — including the relationship of Fedora, Red Hat Enterprise Linux, and CentOS.

Fedora and CentOS Stream Contribute to Fedora Magazine

Fedora Magazine exists thanks to our great contributors. And you (yes, you!) can become one, too! Contributions include topic proposals, writing, and editorial tasks. This article shows you how to join the team and help people learn about Linux.

Contribute to Fedora Magazine

Top articles of 2019: For desktop users

Friday 27th of December 2019 08:00:00 AM

It’s this time of the year again — the time to reflect, and look back at some Fedora Magazine’s most popular articles in 2019. This time it’s all about desktop users. Let’s highlight a few of the many articles written by our great contributors in 2019, focusing on Fedora as a desktop OS.

Dash to Dock extension for Workstation

When you’re serious about your desktop, and perhaps using many applications, you might want to see what’s going on at all times. Or at least the icons. The article below shows you how to have a dock at the bottom of your screen, with all your apps — both running and favourites — visible at all times.

Try the Dash to Dock extension for Fedora Workstation Tweaking the look of Workstation with themes

When you like how your Linux desktop works, but not so much how it looks, there is a solution. The following article shows you how to tweak the look of your windows, icons, the mouse cursor, and the whole environment as well — all that within GNOME, the Workstation’s default environment.

Tweaking the look of Fedora Workstation with themes i3 with multiple monitors

One of the great things about Linux desktop is the never ending possibilities of customisation. And that includes window managers, too! The following article shows how to use one of the very popular ones — i3 — with multiple monitors.

Using i3 with multiple monitors IceWM

If you’re looking for speed, simplicity, and getting out of the user’s way, you might like IceWM. The following article introduces this minimal window manager, and helps you install it, too, should you be interested.

IceWM – A really cool desktop

Stay tuned for even more upcoming “Best of 2019” articles. All of us at the Magazine hope you have a relaxing holiday season, and wish you a happy new year.

Best of 2019: Fedora for developers

Wednesday 25th of December 2019 08:00:00 AM

With the end of the year approaching fast, it is a good time to look back at 2019 and go through the most popular articles on Fedora Magazine written by our contributors.

In this article of the “Best of 2019” series, we are looking at developers and how to use Fedora to be a great developer workstation

Make your Python code look good with Black on Fedora

Black made quite a big impact in the Python ecosystem this year. The project is now part of the Python Software Foundation and it is used by many different projects. So if you write or maintain some Python code and want to stop having to care about code style and code formatting you should check out this article.

Make your Python code look good with Black on Fedora How to run virtual machines with virt-manager

Setting up a development environment, running integration tests, testing a new feature, or running an older version of software for all these use cases being able to create and run a virtual machine is a must have knowledge for a developer. This article will walk you through how you can achieve that using virt-manager on your Fedora workstation.

How to run virtual machines with virt-manager Jupyter and data science in Fedora

With the rise of Data science and machine learning, the Jupyter IDE has become of very popular choice to share or present a program and its results. This article goes into the details of installing and using Jupyter and the different libraries and tools useful for data science.

Jupyter and data science in Fedora Building Smaller Container Images

Fedora provides different container images, one of which is a minimal base image. The following article demonstrate how one can use this image to build smaller container images.

Building Smaller Container Images Getting Started with Go on Fedora

In 2019 the Go programming language turned 10 year old. In ten years the language has managed to become the default choice for cloud native applications and the cloud ecosystems. Fedora is providing an easy way to start developing in Go, this article takes you through the first step needed to get started.

Getting Started with Go on Fedora

Stay tuned to the Magazine for other upcoming “Best of 2019” categories. All of us at the Magazine hope you have a great end of year and holiday season.

More in Tux Machines

Fedora and Red Hat: Test Day This Thursday, Report on State of Enterprise Open Source 2020 and More

  • Fedora 32 Gnome 3.36 Test Day 2020-02-20

    Thursday, 2020-02-20 is the Fedora 32 Gnome Test Day! As part of changes Gnome 3.36 in Fedora 32, we need your help to test if everything runs smoothly!

  • The State of Enterprise Open Source 2020: Enterprise open source use rises, proprietary software declines

    Last year we set out to determine how IT leaders think about open source, why they choose it and what they intend to do with it in the future. The result was The 2019 State of Enterprise Open Source: A Red Hat Report, and the findings were clear and confirmed what we see happening in the industry. Enterprise open source has become a default choice of IT departments around the world and organizations are using open source in categories that have historically been more associated with proprietary technology. Headed into the second year of the survey, we had a new directive in mind. We wanted to dive deeper into how IT leaders’ intentions and usage have changed. We surveyed 950 IT leaders in four regions. Respondents had to have some familiarity with enterprise open source and have at least 1% Linux installed at their organization. Respondents were not necessarily Red Hat customers and were unaware that Red Hat was the sponsor of this survey. This allowed us to get a more honest and broad view of the true state of enterprise open source.

  • Manage application programming interfaces to drive new revenue for service providers

    Telecommunications service providers have valuable assets that can be exposed, secured, and monetized via API-centric agile integration. They can derive additional value from new assets, developed internally or through partners and third parties and integrated in a similar way with OSS and BSS systems. Service providers can open new revenue paths if they enhance the value they deliver to customers and to their partner- and developer-ecosystems. APIs can help them accomplish this goal. Services that providers can potentially offer with APIs include direct carrier billing, mobile health services, augmented reality, geofencing, IoT applications, and more. Mobile connectivity, for example, is key to powering IoT applications and devices, giving service providers an inside track to provide APIs to access network information for IoT services. In mobile health, APIs can serve as the link between the customer and healthcare partners through the user’s smartphone. Embracing this API-centric approach, service providers can realize increased agility by treating OSS/BSS building blocks as components that can be reused again and again. They may also innovate faster by giving partners controlled access to data and services, expand their ecosystem by improving partner and third-party collaboration, and generate more revenue through new direct and indirect channels.

today's howtos

  • Autostart Tmux Session On Remote System When Logging In Via SSH

    It is always a good practice to run a long running process inside a Tmux session when working with remote systems via SSH. Because, it prevents you from losing the control of the running process when the network connection suddenly drops. Just in case the network connection gets dropped for any reason, the processes inside the Tmux session will keep running on the remote systems, so you can re-attach to the Tmux session using “tmux attach” command once the network connection is back online. What if you forgot to start the Tmux session in the first place? No matter how careful you’re, sometimes you may forget to start Tmux session. Here is a simple way to avoid this problem. You can autostart Tmux session on the remote systems when logging via SSH. This is especially helpful if you lost the network connection when upgrading a remote Linux server via SSH from your local system.

  • Setup Static IP on Ubuntu 18.04 LTS Desktop and Server Operating System

    In this article, I am going to show you how to configure a static IP on Ubuntu 18.04 LTS server and desktop operating systems. So, let’s get started.

  • Amiga floppy recovery project scope

    The main goal of my Amiga project is to read the data from my old floppy disks. After a bit of hiatus (and after some gentle encouragement from friends at FOSDEM) I'm nearly done, 150/200 disks attempted so far. Ultimately I intend to get rid of the disks to free up space in my house, and probably the Amiga, too. In the meantime, what could I do with it?

  • Part 1: How to Enable Hardware Accelerators on OpenShift

    Managing hardware accelerator cards like GPUs or high-performance NICs in Kubernetes is hard. The special payload (driver, device-plugin, monitoring stack deployment and advanced feature discovery), updates and upgrades, are tedious and error-prone tasks, and often third-party vendor knowledge is needed to accomplish these steps. The Special Resource Operator (SRO) is a template for exposing and managing accelerator cards in a Kubernetes cluster. It handles the hardware seamlessly from bootstrapping to update and upgrades fully managed. The first part will describe the SRO in general where the second part will describe the building blocks in SRO and how to enable a different hardware accelerator step by step.

  • Everthing you need to know about tmux – Windows

    What are tmux Windows? tmux window is the entity that holds panes and resides within the tmux session. Think of a window in tmux as a tab in your notebook. Tabs (windows) help organize your work and group your individual pages (panes) based on some topic of your choice. By default, when tmux starts, a session is initialized. Within this session, tmux initializes a single window (by default) which occupies the entire area of the terminal. This window will contain one single pane (by default).

Screencasts/Audiocasts/Shows: MX Linux 19.1 Run Through, Late Night Linux, Linux Headlines and More

  • MX Linux 19.1 Run Through

    In this video, we are looking at MX Linux 19.1.

  • Late Night Linux – Episode 83

    Joe has been playing with a PinePhone for a week and gives an honest appraisal. Plus Will’s simple solution to his Mac woes, switching to Linux and a community crowdfunder in the news, and a packed KDE Korner.

  • 2020-02-17 | Linux Headlines

    Two separate VPN companies have recently open-sourced client software, and updates to some beloved projects.

  • Change Desktop Environments on Linux

    Let's go over what it takes to switch your desktop on Linux change it from KDE, GNOME, XFCE, MATE, Cinnamon, LXQt, etc.

Second Shortwave Beta

Today I can finally announce the second Shortwave Beta release! I planned to release it earlier, but unfortunately the last few weeks were a bit busy for me. Read more