maxwellspangler.com Home > Install Guides > Fedora 20 Install Guide

Fedora 20 Install Guide

January 13, 2014 by Maxwell Spangler

This is my personal guide for transforming a fresh install of Fedora 20 Linux into a customized workstation environment tailored specifically for my needs.

The procedures listed in this guide could be scripted, but due to the constantly-changing nature of new Fedora releases, I'd spend more time updating the script than it's worth. So I update this guide and do my work by hand, for now.

First, Backup!
  1. Backup Important Files
Install Base Linux Environment
  1. Install Fedora 20 Linux
  2. Customize /etc/bashrc
  3. Customize $HOME/.vimrc
  4. Configure Basic Networking
Restore /home Filesystem
  1. Restore the separate /home filesystem
Proxies (Corporate environment)
  1. Configure Firefox Proxy
  2. Configure Bash Proxy
  3. Configure GNOME Proxy
  4. Configure Yum Proxy in /etc/yum.conf
RPMFusion Repositories and Update Packages
  1. Install yum-plugin-fastestmirror
  2. Install rpmfusion repo
  3. Update base OS install with current packages
Additional Packages
  1. Install required packages using 'fedora-desktop-packages' script
Third Party Applications
  1. Install Oracle VirtualBox
  2. Install Adobe x86_64 repo and Flash Player
  3. Install Google Applications
System Security Settings
  1. Review SELinux setting: Enforcing or Permissive?
  2. Configure Firewall
Fonts
  1. Install custom fonts
  2. Install Microsoft fonts
  3. Set default fonts in Firefox
Special installs
  1. Install Adobe Acrobat Reader
  2. Install Oracle Java 7 Runtime
  3. Install Nvidia Proprietary Graphics Drivers
  4. Install Solarized Color Palette for Gnome Terminal
  5. Install Solarized Color Palette for Vim
  6. Install a custom bash prompt
Configure Applications
  1. Configure Firefox Plugins
  2. Configure conserver client (corporate)
  3. Configure pidgin chat client (corporate)
  4. Configure OpenVPN client (corporate)
  5. Configure Samba
  6. Configure SELinux for Samba
  7. Configure VirtualBox
Configure Fixes
  1. Disable Nemo's Handling of Desktop Background
GNOME Environmental Settings
  1. Set the desktop background
  2. Configure Google and Facebook Accounts
  3. Disable Screen Lock
  4. Adjust File Usage & History Tracking
  5. Adjust Trash & Temporary File Handling
  6. Set the "Menu" key to Lower Windows
  7. Configure Wired/Wireless Network Settings
  8. Set "Dim Screen when inactive"
  9. Set "Black Screen" delay
  10. Set "Automatic Suspend" to off
  11. Set "Battery Power Critical" Handling
  12. Configure Printers
  13. Set Date/Time to use NTP
  14. Set Time Zone to use NTP
  15. Set Time Format to 24-hour
  16. Set Default Applications
  17. Configure Handling of Removable Media
  18. Verify that Screen Sharing and Media Sharing are Off
  19. Verify that Remote Login is On
  20. Configure Primary User with Real Photo
  21. Create a Guest User
Advanced Environment Settings
  1. Configure Fonts to Lucida
  2. Show Date on Top Bar
  3. Set Focus Mode to Mouse
  4. Set Titlebar Double-Click to Maximize Vertically
  5. Set Workspace Creation to Static
  6. Set Number of Workspaces to 6
  7. Set Workspaces only on Primary Display
GNOME Shell Extensions
  1. Install "Launch New Instance"
  2. Install "Weather (by Neroth)"
  3. Install "Recent Items"
  4. Install "Music Integration"
  5. Install "Advanced Volume Mixer"
  6. Install "Music Integration"
  7. Install "Monitor Status Indicator"
  8. Install "Workspace Indicator"
  9. Install "Easy Screen Cast"
Restore Custom Launchers
  1. Restore Custom Launchers
Restore Data
  1. Restore User Files

At this point, reboot the system and verify that everything comes up clean and works correctly. Share and Enjoy!

First, Backup!

Backup Important FilesTop

I usually make 2-3 copies of my data prior to a major system upgrade. There is always a chance I'll accidentally erase everything on my system, so I like having several copies on a separate file server for safety.

Custom scripts backup most of this for me:

By hand, have Evolution produce a backup .tgz file of it's mail and configuration data.

Base Linux Environment

Install Fedora 20 LinuxTop

Some basic notes on how I perform my installs:

  1. Boot the install media and begin the boot process.
    If you're installing from DVD media, use the ESC key to skip the slow media verification process.
    Fedora Installer Screen "WELCOME TO FEDORA 20"
  1. Choose Your Language. I use "English/English + English (United States)" then click "Continue"
    Fedora Installer Screen "INSTALLATION SUMMARY"
  1. Set your timezone. Click on Localization -> Date & Time to set ("Americas/Denver timezone")
  2. Set your keyboard. Click on Localization -> Keyboard to set. ("English")
  3. Set your language. Click on Localization -> language to set. ("English (United States)")
  4. Review Installation Source. It should be set properly already.
  5. Review Software Selection. It should be set to Gnome Desktop by default.
  6. Review Network Configuration. It should be configured properly already.
  7. Configure install storage. Click on System -> Installation Destination (or use the defaults.)
    Fedora Installer Screen "INSTALLATION DESTINATION"
  1. Ensure your primary boot drive is selected with a check.
  2. Click "Done" to continue.
    Fedora Installer Screen "INSTALLATION OPTIONS"
  1. Set "Partition Scheme" to LVM. This is the default
  2. Check "Encrypt my data. I'll set a passphrase later." This encrypts filesystems for safety
  3. Click "Continue" or "Custom Partitioning" - Which button is present depends on whether your disk has existing partitions in place. You may be asked to provide your storage encryption password immediately after this point.
    Physical partitioning
    # Description Mount Point Type Size
    1 Kernels and initrd images for booting /boot ext4 500 MB
    2 All remaining space (n/a) LVM2 Physical Volume All

    Volume Group filesystems:
    # Description Mount point Logical Volume Name Filesystem Label Type Size
    1 Operating System / lv_root root ext4 32 GB
    2 Log files and KVM VMs /var lv_var var ext4 4 - 128GB
    3 User files /home lv_home home ext4 Remaining
    4 Swap support swap lv_swap (n/a) swap 1x - 2x memory
    5 Unallocated LVM space for snapshots Unallocated n/a n/a n/a 5%

    These tables act as a guide for what I normally configure on my systems. I adjust partition sizes based on the available storage and the desired functionality of the system.

    There are a variety of ways to partition a Fedora system:

    • Let the Fedora partitioner choose partitions and sizes for you
      - This is easiest
    • Let the Fedora partitioner choose partitions and sizes for you then edit the sizes
      - This is easy but lets you control sizing
    • Remove all partitions and make new ones by hand
      - This is clean, simple and gives you total control
    • Re-use existing partitions by re-formatting and re-sizing some while re-using others with data intact
      - This is more complicated but good for quick re-installation of the OS without losing data in /home

    Depending on the circumstances, I do either of the last two when I'm working with a system I care about. Below is a rough guide to what I do so my system has partitions based on the tables above

    Fedora Installer Screen "MANUAL PARTITIONING"

    Add partitions using the "+" button

  1. Add a /boot partition with the mount point "/boot" and name "boot"
    - This will be a standard partition not contained within the LVM system
  2. Add a / (root) partition with the mount point "/"
    - Creating your first partition initializes the LVM system and makes this the first logical volume.
    - Select this filesystem and in the next step, modify it.
  3. Change the Volume Group name to "vg_" such as "vg_mylaptop"
    - This is the traditional naming convention of Fedora/Red Hat from past releases.
    - Set the root filesystem Name to "lv_root" and it's Label to "root"
  4. Add a /var partition with the mount point "/var"
    - Set the /var filesystem Name to "lv_var" and it's Label to "var"
  5. Add a swap partition with the mount point "swap"
    - Set the swap filesystem Name to "lv_swap". It will not have a filesystem label.
  6. Add a /home partition with the mount point "/home"
    - Set the /home filesystem Name to "lv_home" and it's Label to "home"
  7. Review all partitions to make sure all except /boot are part of the same volume group and are checked for encryption.
  8. Click on "Done" to continue
    Fedora Installer Screen "SUMMARY OF CHANGES"
  1. Review the changes that will be made - make sure no existing partitions you wish to keep will be deleted.
  2. Click "Accept Changes" if you are satisfied with your partitioning
    Fedora Installer Screen "DISK ENCRYPTION PASSPHRASE"
  1. Set a passphrase for disk encryption
  2. Click "Save Passphrase" to continue
    Fedora Installer Screen "INSTALLATION SUMMARY"
  1. Click on "Begin Installation"
    Fedora Installer Screen "CONFIGURATION - USER SETTINGS"
  1. While files are copied, set a root password by clicking "Root Password"
  2. While files are copied, create a user account by clicking "User Creation"
  3. Make your user an Administrator by checking "Make this user administrator"
    Fedora Installer Screen "CONFIGURATION - USER SETTINGS"
  1. Allow the install process to complete
  2. Reboot into the installed system.
    Fedora Screen - First Boot - Gnome Desktop
  1. Confirm your language and keyboard. Just click "Next"
  2. Configure Wireless Networks or skip if you're wired.
  3. Configure Cloud Accounts like Google and Facebook
  4. You're done with the install!

Configure system-wide /etc/bashrcTop

The following additions to /etc/bashrc configure a more comfortable command line environment for all users.

# Bash: use vi editing
set -o vi

# aliases from my Unix days
alias l="ls -l"
alias lf="ls -CF"

# uncomment this after vim-enhanced is installed
#alias vi="vim"

Maxwell's .bashrc

Install $HOME/.vimrc config file for VIM editorTop

These settings configure the vim editor to be more comfortable for my tastes.

# set tab space at 2 characters
set tabstop=2

# Allows indent/unindent based on this many characters
set shiftwidth=2

# enable line numbering
set number

syntax on

Maxwell's .vimrc (short now but expected to grow in the future)

Configure Basic NetworkingTop

For wired: Verify via Network Manager that a DHCP connection is established.

For wireless: Use Network Manager to select a wireless access point and provide WPA keys.

Both: Verify you can use Firefox to access any well known website.

If you have more than one network device, disable all except the primary interface leaving one working internet connection.

Restore Custom Launchers

Restore Custom LaunchersTop

Custom Gnome .desktop files allow me to launch programs in a customized fashion using standard Gnome methods.

For example, typing 'coding' in the Gnome overview launches a Gnome Terminal with a custom 84x90 character geometry that is well suited for editing source code files in vim with vim line-numbering enabled.

Right click on coding.desktop and save it into /usr/share/applications.

Restore /home Filesystem

Restore the Separate /home FilesystemTop

These are very technical details for one of my complicated systems, you may wish to skip over reading them.

When I use this guide to upgrade, I preserve the existing /home filesystem instead of re-formatting it.

For most users, this just means making an entry in /etc/fstab to mount a separate /home filesystem on the empty /home created during installation.

On my primary workstation things are much more complicated. The following layers must work together to make my /home data available.

Storage Layering for /home
Layer Description Details Configuration
Ext4 Linux Filesystem /home Configured to mount by /etc/fstab
LVM2 (lv) LVM Logical Volume lv_elite_home Presented by LVM
LVM2 (vg) LVM Volume Group vg_elite_home Presented by LVM
LVM2 (pv) LVM Physical Volume /dev/mapper/open_lvm_elite_home Presented by LVM
LUKS Software Encryption /dev/mapper/open_lvm_elite_home Unlocked in /etc/crypttab
mdadm Software RAID 0 - Stripe for Speed /dev/md0 Presented by md driver
Physical SATA disks 2 x 1 TB (sdb & sdc) Presented by kernel

The following commands work from the bottom up to test and configure the layers for use:

Verify that Linux sees the drives (physical), recognizes them as a raid array (mdadm) and is presenting them:

# root@elite [~] # cat /proc/mdstat
Personalities : [raid0] 
md0 : active raid0 sdb1[0] sdc1[1]
      1953520640 blocks super 1.2 512k chunks
      
unused devices: 

Verify that the RAID contains an encrypted filesystem and note its UUID:

root@elite [~] # blkid | grep md0
/dev/md0: UUID="931b4709-bc06-4c92-8ed4-1f4901256585" TYPE="crypto_LUKS" 

Configure /etc/crypttab to unlock and map this encrypted device during the boot process. I compare my backed-up copy of /etc/crypttab to the one that's running and add the missing line referencing open_lvm_elite_home.

# Configured by Fedora installer: Fedora Swap
luks-400fff3f-6024-4318-919c-c5ad707bd182 UUID=400fff3f-6024-4318-919c-c5ad707bd182 none 

# Configured by Fedora installer: Fedora LVM for root filesystem.
luks-b5052c1c-a627-4388-87b7-d294ace6f79f UUID=b5052c1c-a627-4388-87b7-d294ace6f79f none 

# Add this line for the encrypted home storage:
open_lvm_elite_home UUID=931b4709-bc06-4c92-8ed4-1f4901256585 none

While booting this device will be unlocked by LUKS and mapped to /dev/mapper/open_lvm_elite_home for other layers to use.

The LVM system should identify it as a physical volume with a volume group and logical volumes on it.

Here's the physical volume:

root@elite [~] # pvdisplay /dev/mapper/open_lvm_elite_home 
  --- Physical volume ---
  PV Name               /dev/mapper/open_lvm_elite_home
  VG Name               vg_elite_home
  PV Size               1.82 TiB / not usable 0   
  Allocatable           yes 
  PE Size               4.00 MiB
  Total PE              476933
  Free PE               162565
  Allocated PE          314368
  PV UUID               ErDNQj-gfM1-Dpzc-DeUu-Lxby-This-e5abGo

Here's the volume group:

root@elite [~] # vgdisplay vg_elite_home
  --- Volume group ---
  VG Name               vg_elite_home
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  3
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               2
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               1.82 TiB
  PE Size               4.00 MiB
  Total PE              476933
  Alloc PE / Size       314368 / 1.20 TiB
  Free  PE / Size       162565 / 635.02 GiB
  VG UUID               42z1i3-9HfE-bYL8-1A6R-yq0V-ehqm-UvxmJ5

And the the logical volume:

root@elite [~] # lvdisplay /dev/vg_elite_home/lv_elite_home
  --- Logical volume ---
  LV Path                /dev/vg_elite_home/lv_elite_home
  LV Name                lv_elite_home
  VG Name                vg_elite_home
  LV UUID                3vmu2c-MAln-rfWO-tLR9-hjEH-swo5-sh0ejb
  LV Write Access        read/write
  LV Creation host, time localhost.localdomain, 2013-08-22 16:08:11 -0600
  LV Status              available
  # open                 1
  LV Size                1.07 TiB
  Current LE             281600
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     4096
  Block device           253:6

You should now be able to simply add an entry to /etc/fstab to have your /home filesystem mounted at boot time.

/dev/mapper/vg_elite_home-lv_elite_home	/home	ext4	defaults,x-systemd.device-timeout=0 1 2

Reboot and ensure that your /home directory is the separate filesystem and not a freshly installed /home directory on the root filesystem.

root@elite [~] # mount | grep home
/dev/mapper/vg_elite_home-lv_elite_home on /home type ext4 (rw,relatime,seclabel,stripe=256,data=ordered)

If there are problems, start with the lowest layer and debug upwards to find the problem.

Proxies

Several steps are required to enable internet access when Fedora is used in an environment requiring proxy servers.

Optional - Proxy environments only!

Configure Firefox ProxyTop

Within Firefox, set http and https proxies to the local proxy that serves your traffic. Specify any local domains which should not be handled by the proxy.

B
Manual proxy configuration: my-proxy-server.network  Port: 8080
SSL Proxy: my-proxy-server.network                   Port: 8080
FTP Proxy: (blank)                                   Port: 0
SOCKS host: (blank)                                  Port: 0

No proxy for: localhost, 127.0.0.1, .mynetwork, .labnetwork

Configure Bash ProxyTop

Append these lines to /etc/bashrc when in a corporate environment requiring a proxy server. Some command line applications will observe these environment variables and use their proxy.

# proxy variables for command line programs.
export http_proxy=proxy-server-id.company.com:8080
export https_proxy=$http_proxy
export no_proxy=localhost,.subnet1,.subnet2,10.0.0.0/8
unset ftp_proxy

Of course, make sure you modify them to the proxy server and subnets of your own environment!

Configure GNOME System ProxyTop

Navigate to the GNOME Network control panel applet and configure proxies for http and https traffic. Specify any local domains which should not be handled by the proxy.

Method: Manual
HTTP Proxy:  my-proxy-server.network  Port: 8080
HTTPS Proxy: my-proxy-server.network  Port: 8080
FTP Proxy:  (blank)                   Port: 0
Socks host: (blank)                   Port: 0

No proxy for: localhost, 127.0.0.1, .mynetwork, .labnetwork

Configure yum proxy in /etc/yum.confTop

Insert the following line into the [main] section in /etc/yum.conf.

[main]
proxy=http://proxy-server-id.company.com:8080/

Configure Third-party Repositories and Update packages

Install yum-plugin-fastestmirror for speedTop

A yum plugin called "yum-plugin-fastestmirror" selects the fastest Fedora repository mirror for your location and uses that mirror for all future updates. Download it now so all future work with yum is as quick as possible.

# yum -y install yum-plugin-fastestmirror

Install rpmfusion repositoryTop

Rpmfusion.org provides repositories for packages not included in the Fedora distribution including packages with non-free components. Enable rpmfusion support now so packages can be installed from it later.

Enable the free and non-free repositories on rpmfusion.org

Click here to enable the free repository on rpmfusion.org

Click here to enable the non-free repository on rpmfusion.org

Update base OS install with current packagesTop

The packages installed using the installation media may have been replaced by updated versions with bug fixes or security enhancements. Run yum update now to update all packages.

# yum -y update

Additional Packages

Install Required Packages using "fedora-desktop-packages" script Top

After installing the base OS from the LiveCD, LiveDVD or other media source, I add additional packages and remove a few of the unwanted base packages. I've written a script called fedora-desktop-packages to automate this for me.

fedora-desktop-packages contains a set of pre-defined packages to be installed or removed to a Linux system. When it runs, it examines what is already installed and takes action to install what is missing.

Right click on fedora-desktop-packages, save it locally then make it executable in order to run it:

$ chmod u+x fedora-desktop-packages

It removes these:

  1. Package-Kit-command-not-found - Tool that attempts to automatically find packages for missing commands entered on the command line. (It triggers on every typo entered and is too slow)
  2. khmeros-fonts-common - (example) Many international fonts that go unused and clutter font menus (for me, maybe not for you!)

It installs these:

    Critical Appplications

  1. nemo - LinuxMint's NEMO File Manager (Gnome Nautilus with tree view) (Fedora20 only)
  2. nemo-extensions - Libraries for Nemo
  3. nemo-open-terminal - Opens a shell in Nemo's curent working directory

    General Applications

  4. libreoffice-writer - LibreOffice Word Processor
  5. libreoffice-calc - LibreOffice Spreadsheet
  6. libreoffice-base - LibreOffice Database
  7. libreoffice-impress - LibreOffice Presentations
  8. libreoffice-draw - LibreOffice Drawing
  9. Gimp - Photo manipulation tool similar to Photoshop
  10. gimp-data-extras - Patterns and other extra files for Gimp
  11. gnome-font-viewer - GNOME Font Viewer (TrueType & OpenType files)
  12. gcolor2 - Color selection tool (for web development)
  13. ufraw-gimp - Allows import of raw digital camera photos into Gimp
  14. gnome-music - Gnome 3.x based Music Player
  15. gnome-photos - Gnome 3.x based Photo Viewer
  16. gnome-maps - Gnome 3.x based Map Application
  17. gnome-weather - Gnome 3.x based Weather Application
  18. bijiben - Gnome 3.x based Note Application

    Multimedia

  19. lame - Open Source Audio Encoder
  20. grip - Open Source CD Audio Ripper and Encoder
  21. rhythmbox - GNOME Audio Player
  22. easytag - Absolutely brilliant MP3 id3tag editor
  23. smplayer - Powerful GUI based front-end for mplayer
  24. banshee - Alternative media player
  25. vlc - Video Player
  26. mplayer - Video player (command-line)
  27. amarok - GUI Audio Player (KDE)
  28. gstreamer-plugins-* - Streaming media backend (non-GPL plugins)
  29. gstreamer1-plugins-* - Streaming media backend (non-GPL plugins) (Additional set for Fedora20+)
  30. xine-lib-extras-freeworld - Streaming media backend (non-free plugins)
  31. mplayer-gui - Video player
  32. gecko-mediaplayer - Video player plugin for Firefox
  33. mencoder - Video encoder
  34. xine-ui - Simple GUI Video player
  35. gxine - Gnome GUI front end to Xine Video player
  36. xine-lib-extras - Streaming media backend (xine, plugins)
  37. xine-lib-extras-freeworld - Streaming media backend (xine, more plugins)

    Networking

  38. gftp - Graphical FTP client
  39. iptraf-ng - Console based network statistics
  40. jnettop - Console based network traffic visualiser
  41. ntop - Console "network traffic probe"
  42. remmina - Remote access client
  43. remmina-plugins-common - Remmina support files
  44. remmina-plugins-gnome - Remmina plugins for GNOME
  45. remmina-plugins-rdp - Remmina plugins for RDP protocol
  46. remmina-plugins-nx - Remmina plugins for NX protocol
  47. remmina-plugins-vnc - Remmina plugins for VNC protocol
  48. pidgin - Instant Messaging client
  49. pidgin-sipe - Pidgin support for Microsoft OC/Lync protocol
  50. pidgin-logviewer - Pidgin log viewer
  51. nmap - Networking tool - lists open ports on target
  52. mtr - Enhanced traceroute
  53. mtr-gtk - GUI version of mtr
  54. wget - Web content downloader
  55. openvpn - OpenVPN system
  56. NetworkManager-openvpn - Network Manager plugin for OpenVPN backend
  57. conserver-client - Client to conserver serial port server system

    Development

  58. meld - Visual diff comparision utility for files
  59. strace - Debugging utility similar to truss from Unix
  60. vim-X11 - Vim editor (X11 support)
  61. vim-enhanced - VIM editor (full feature support)
  62. kernel-headers - Kernel headers for VirtualBox
  63. kernel-devel - Kernel source for Virtualbox, others
  64. gcc - GCC for compiling
  65. dkms - Dynamic Kernel Module Support for VirtualBox
  66. lm_sensors - Hardware temperature sensors support

    Utilities

  67. alacarte - GNOME menu editor, used to change 'files' alias from Nautilus to Nemo file manager.
  68. dconf-editor - Used to edit dconf registry settings that manipulate GUI app actions.
  69. liveusb-creator - Fedora Live USB install stick creator
  70. k3b - DVD/CD burner
  71. k3b-extras-freeworld - K3B Plugins (non-free)
  72. unzip - Extracts data from zip archive files
  73. unrar - Extracts data from rar archive files
  74. minicom - Serial terminal client
  75. gnome-tweak-tool - GUI app for custom-tuning GNOME details
  76. expect - Tool for scripting automated interactions (usually with other systems)
  77. atop - An advanced version of the classic Unix 'top' program
  78. htop - Another version of the 'top' program

    Adminstration

  79. puppet - Configuration Managment System
  80. powertop - Power consumption monitor and tuning utility from Intel
  81. httpd-tools - Tools for Webserver
  82. bonnie++ - Storage benchmarking
  83. lsscsi - Block device reporting tool (scsi, sas, sata, usb, etc)
  84. sysstat - Various system performance monitoring tools
  85. gparted - Disk partitioning GUI front end

    Virtualization

  86. qemu-kvm - KVM Virtualization
  87. qemu-kvm-tools - KVM Debugging and diagnostics
  88. libvirt-daemon-qemu - Server side daemon for QEMU
  89. virt-manager - Virtualization manager
  90. virt-top - "Top" for Virtualization environments
  91. virt-whatTool to detect if we're running in a virtual machine
  92. virt-viewer - Allows viewing of KVM consoles
  93. libguestfs-tools - Allows the host to modify KVM guest storage (ex: sysprep)

    Services

  94. openssh-server - OpenSSH server
  95. samba-common - Samba server and client programs
  96. samba-client - Samba client programs
  97. openssh-clients - OpenSSH client
  98. httpd - Apache webserver
  99. tigervnc-server - VNC server to provide remote access to others

    Application Dependencies

  100. libpng12.i686 - PNG library (i686 version) for HP Virtual Rooms Dependency

Third-Party Applications

These commercial applications are provided directly from their vendors and require special steps to download and install.

Install Oracle VirtualBoxTop

VirtualBox has been my primary hypervisor for running Windows virtual machines.

  1. Download Oracle VirtualBox.
  2. Download a VirtualBox extension pack for USB support.

Install VirtualBox using yum:

# yum -y localinstall ~/Downloads/VirtualBox

To complete the installation, run the VirtualBox application and install the license pack in File->Preferences->Extensions

I've used repositories for VirtualBox in the past, but recently found problems with their packages being tied to specific kernels. Periodic downloads from virtualbox.org is a simple way around this.

Install Adobe x86_64 repo for Flash PlayerTop

Install the Adobe x86_64 repo to enable easy access to flash player updates.

  1. Enable the Adobe x86_64 repository. (Click here)

Or perform these two steps on the command line:

# rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
  1. Use yum to download and install the Adobe Flash plugin from the repository.
# yum -y install flash-plugin
  1. Restart Firefox
  2. Visit the Adobe Flash Version page to verify flash is working

Install Google ApplicationsTop

  1. Right click and save this link for the Google Signing Key or
# wget https://dl-ssl.google.com/linux/linux_signing_key.pub
  1. Import the key into the rpm database
# rpm --import linux_signing_key.pub
  1. Download the Chrome package (which also enables the chrome repository.)
# yum localinstall google-chrome-stable*
  1. Download the Google Earth package

Update: Looks like Google Earth has some Fedora 20 issues so as of January 2014, I'm leaving this one off my systems for a bit.

# yum localinstall google-earth*

System Security Settings

Review SELinux setting: Enforcing or Permissive?Top

Fedoraproject SELinux Project Pages with links to more information.

Fedoraproject: SELinux for Dummies with presentations on SELinux basics.

SELinux is a policy based security system included with Fedora and enabled by default in a restrictive mode called "Enforcing."

It has three modes: Enforcing, Permissive and Disabled. For years I ran in permissive so it would catch security issues and report them but not actually block anything. This let me watch and learn but not hit any obstacles. Users who didn't want to know could simply set SELinux to 'disabled' and not be bothered with it.

With Fedora 20, I'm going to keep SELinux in enforcing mode on my desktop in order to try it. If I can adapt to using it I'm sure it'll stick and it's a good thing to learn if you want secure systems.

You can change the configuration of SELinux simply by editing /etc/selinux/config and replace "enforcing" with "permissive" or "disabled":

SELINUX=permissive

SELinux will be in permissive mode when the system is rebooted.

Configure FirewallTop

Leave the firewall enabled if you can and open ports as needed.

Run the Firewall GUI application, select "Configuration: Permanent" and make these changes:

  1. "ssh" - inbound shell access (should be set by installer)
  2. "Samba" - allows serving files via CIFS (primarily to Windows VMs)

Then, Select Options -> Reload Firewall to make them active.

Fonts

Install Custom FontsTop

I use a variety of commercial fonts in addition to open source fonts provided by the installer.

To restore these, simply scp them from another system to /usr/share/Core Fonts and they will be automatically identified.

maxwell@elite [~] $ ls /usr/share/fonts
abattis-cantarell  gnu-free                  liberation   stix
Core Fonts         google-crosextra-caladea  msttcore     tabish-eeyek
default            google-crosextra-carlito  opensymbol   vlgothic
dejavu             google-noto               sil-mingzat

Install Microsoft FontsTop

Having standard Windows fonts helps websites designed for Windows look accurate and helps with importing Microsoft Office documents.

Download this archive and place the contents in /usr/share/fonts

Please do not link directly to this file!

Set Minimum Fonts Size in Firefox Top

You may skip this if you're restoring a home directory where this is already set.

Set the minimum font size in firefox to between 14 and 16 points to make it easier to view small text on high resolution displays (especially laptops.)

Run Firefox. Go to Edit -> Preferences -> Content -> Fonts & Colors -> Advanced and configure what works best for you.

Special Installs

Install Adobe Acrobat ReaderTop

Install the official Adobe Acrobat Reader program to overcome small incompatabilities observed with the open source PDF readers.

Download the rpm from Adobe:

wget http://ardownload.adobe.com/pub/adobe/reader/unix/9.x/9.5.5/enu/AdbeRdr9.5.5-1_i486linux_enu.rpm

Install the rpm using yum:

# yum -y localinstall AdbeRdr9.5.5-1_i486linux_enu.rpm

Install Oracle Java Top

Due to a few rare problems with OpenJDK in the past, I install Oracle Java and use it instead.

Use Firefox to download the 64-bit RPM version of Oracle Java from the Oracle JavaSE download page.

I prefer to download it and then use this command to install it:

# yum -y localinstall jre-7u45-linux-x64.rpm

Use these commands to configure Linux to use Oracle Java instead of OpenJDK Java:

# alternatives --install /usr/bin/java java /usr/java/latest/bin/java 200000

# alternatives --install /usr/bin/javaws javaws /usr/java/latest/bin/javaws 200000

# alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/latest/lib/amd64/libnpjp2.so 200000

Restart Firefox to make the plugin active then go to this Verify Java Version to verify Java is installed and working in your browser.

Also, append this to your /etc/bashrc file:

export JAVA_HOME="/usr/java/latest"

Java is regularly being updated to fix security issues, so revisit this step on a regular basis to keep your Java updated.

Install Nvidia Proprietary Graphics (Optional) Top

I have one system, an older laptop with an Nvidia graphics card, that overheats when I use the open source nouveau drivers. To overcome this obstacle, I install the Nvidia proprietary drivers which lowers the CPU speed and keeps it from overheating.

I use the akmod-nvidia package from the rpmfusion.org repository to easily disable the nouveau driver and replace it with the nvidia driver. This is much easier than installing the driver from nVidia's own website.

# yum -y install akmod-nvidia

When the driver is installed, reboot and test your graphics.

You'll notice the attractive, kernel-mode based graphical bootup is gone and your prompt for specifying storage system passwords is simple text instead of a nice graphical box.

Install Solarized Color Palette for Gnome Terminal Top

You may skip this if you're restoring a home directory where this is already set.

I prefer to replace the default color schemes of Gnome Terminal and Vim with Solarized, a meticulously crafted low-contast color palette designed by Ethan Schoonover.

I roughly follow this guide to install it.

As my user, maxwell, not root, I make a projects directory where I can git clone solarized:

$ mkdir -p ~/projects/solarized

In that directory, git clone solarized:

$ cd ~/projects/solarized
$ git clone https://github.com/sigurdga/gnome-terminal-colors-solarized.git

Run this script to configure Gnome Terminal for the Solarized "dark" theme.

$ gnome-terminal-colors-solarized/install.sh

This script will allow you to choose a light or dark theme and apply it to the default Gnome Terminal profile called 'Default'.

Install Solarized Color Palette for Vim Top

You may skip this if you're restoring a home directory where this is already set.

These steps will configure vim for Solarized based vim syntax highlighting.

These steps download the solarized file for vim and copy it in place.

$ mkdir -p ~/projects/solarized/vim
$ cd ~/projects/solarized/vim

$ git clone https://github.com/altercation/vim-colors-solarized.git

$ mkdir -p ~/.vim/colors

$ cp vim-colors-solarized/colors/solarized.vim ~/.vim/colors/

Then add the following to your ~/.vimrc

syntax enable
set background=dark
colorscheme solarized

Install a custom bash prompt Top

I use a custom bash prompt that offers a simple design with subtle colors. If I'm in a directory that has a .git repository, it will show the current branch of that git repo's development.

My custom prompt is implemented as a variety of COLOR_ variables (for readability), two git functions borrowed from others on the web, and a function which lets me set the prompt to four styles of slight variation.

As my user, maxwell, I git clone a copy of my custom bash prompt:

$ mkdir -p ~/projects/
$ cd ~/projects/

$ git clone https://github.com/maxwax/prompt

Then, append it to my system's /etc/bashrc so all users (presumably this means 'maxwell' and 'root') get it:

# cat ~/projects/prompt/prompt >> /etc/bashrc

Login to a new terminal and you should see a new prompt.

Configure Applications

Configure Firefox Plug-ins) Top

Install the following Firefox plug-ins for a better firefox experience:

  1. Video Download Helper - Allows downloading web videos for offline viewing.
  2. Download Status Bar - Monitor downloads via statusbar strip instead of separate window.
  3. Flashblock - Hide Flash advertisements that waste laptop CPU cycles.

Configure conserver client (corporate) Top

I install a Conserver client that can access a conserver server. The conserver system uses a central server to monitor production systems serial port output and brokers access from simultaneous clients. I only need the client on my Fedora systems. This was downloaded earlier and needs

Create a /etc/conserver/console.conf with the following information:

# default config for console
config * {
  master  my-conserver.company.com;
  port    3109;
}

Configure Pidgin Chat client Top

You may skip this if you're restoring a home directory where this is already set.

Pidgin provides me with a single chat client to all the accounts I use at home and work:

  1. Google Chat
  2. IRC
  3. Microsoft Office Communicator/Lync

Run Pidgin, then use Accounts -> Manage Accounts to set these up individually through Pidgin's user interface.

OR, copy a previously created $HOME/.purple directory into the new home directory and see if Pidgin uses the old settings.

Configure OpenVPN client (corporate) Top

OpenVPN is used to access a variety of secure networks in my life. Configuration is simple:

  1. Copy the existing openvpn.conf configuration file and cert key file to /etc/openvpn
  2. Launch openvpn to verify

Configure Samba Top

Samba provides network file sharing services to Windows clients. A Samba server running on a host enables Windows virtual machines to access the host's files.

First, set a samba password for your user:

$ smbpasswd -a
New SMB password: ********
Retype new SMB password: *******

Next, edit /etc/samba/smb.conf and make the following changes:

  1. Set the workgroup name
  2. Set the server string
  3. Allow Samba traffic on selected interfaces including VirtualBox and KVM host only networks
  4. Set security to simple user passwords on the host
  5. Configure access to users home directories via Samba
  6. Configure access to specific directories on the host (outside of users' homes)
[global]
workgroup = MY-SERVER-NAME-GROUP
server string = My Fedora Samba Server
interfaces = lo eth0 192.168.122.0/24 192.168.56.0/24
security = user

Remove eth0 from above if you wish to ONLY share files with the virtual machines on your host and not with other computers on your network.

[homes]
comment = Home Directories
browseable = no
writeable = yes

Note that in Fedora 20, externally mounted drives are now at /run/media/(user)/(medianame) instead of /media/(medianame) so edit your old Samba files accordingly.

Music files shared from the host to others:

[music]
comment = Music share
path = /run/media/maxwell/music/
browseable = yes
writeable = yes
valid users = maxwell

This is a single folder in my home directory shared to VMs when I don't want to share my full home directory:

[vmxfer]
comment = Virtual Machine Transfer folder
path = /home/maxwell/vmxfer
browseable = yes
writeable = yes
valid users = maxwell

As root, use systemctl to configure the system to start samba upon boot and issue two commands to start the services immediately for use.

# Configure the services to start 

# systemctl enable smb
# systemctl enable nmb

# Start the services

# systemctl start smb
# systemctl start nmb

Configure SELinux for Samba

I had to do the following adjustments to get Samba and SELinux to work on my Fedora 20 system:

  1. Enable /home directories to be shared with Samba by setting the SELInux boolean:
# setsebool -P samba_enable_home_dirs 1
  1. Ensure that /home has the proper SELinux context label to be understood as a /home directory.
# restorecon -R -v /home

With a fresh install of Fedora 20 making a new /home directory, you shouldn't need to do step two.

In my case, my /home directory is a filesystem on a pair of separate disks using raid+luks+lvm and it was created by hand. So when it was created, I didn't label it with the proper SELinux context.

I used these simple Fedora docs on configuring SELinux with Samba

Configure VirtualBox Top

The following list finishes confguring VirtualBox for use. You'll need to reboot the system to activate its full networking and other features before testing restored virtual machines that use those host-only networking and USB support.

  1. Add my user, maxwell, to the vboxusers group.
  2. Run the VirtualBox GUI and use it install an extensions pack.
  3. Restore any virtual machine images to the $HOME/VirtualBox directory.
  4. Run each VM and verify proper operation
    • Test access to the internet from within a VM
    • Test access to the host-only based Samba file sharing from within a VM

You can download the VirtualBox extensions pack from here then use Virtualbox -> Preferences -> Extensions to install it.

After you reboot to active all features, ensure that Virtualbox's internal network is working: The host 'vhostnet' device should have an IP address of 192.168.56.1:

# ifconfig

Configure Fixes

Disable Nemo's Handling of Desktop Backgrounds Top

The Nemo file manager is a fork of the Gnome 2.x file manager that has featurs -- a tree view! -- that Gnome 3.x's Nautilus file manager does not. Naturally, I use Nemo.

When Nemo is run, it attempts to replace Gnome 3's desktop background with one of its own and ends up presenting a black desktop instead.

Fix this by changing a simple gnome registry setting:

$ dconf write /org/nemo/desktop/show-desktop-icons false

You can also use the dconf GUI to find this key and explore related values interactively.

Gnome Environmental Settings

These configuration changes can be made while the previous 'yum update' activity or 'packages' script activites are in progress.

The following activities can be performed interactively while other programs are being installed.

Run the System Settings program to make these changes:

Run the Advanced System Settings (aka Gnome Tweak Tool) program to make these changes:

If you restore a home directory where this is already set these may be set for you.

GNOME Alias Changes

If you restore a home directory where this is already set these may be set for you.

I use the Gnome 2.x based Nemo file manager because the Gnome 3.x based Nautilus file manager doesn't have a Tree View. How can you now have a tree view in a file manager?

Use the Alacarte (aka GNOME "Main Menu") editor to use Nemo as the default file manager.

  1. Run Alacarte
  2. Select Accessories group
  3. Find the "Files" entry whose icon is a grey file cabinet. Uncheck this item.
  4. Find the "Files" entry whose icon is a tan file folder. Check this item.

GNOME Shell Extensions

Overview

Gnome Shell Extensions are small but powerful javascript programs that change and enhance the Gnome Shell environment to suit your specific needs.

The right set of extensions turns a frustrating default Gnome Shell graphical environment into a highly tailored, powerful, graphical environment that is a true pleasure to use.

Extensions can be installed, enabled and disabled via the Gnome Extensions web page.

"Launch New Instance"

This extension modifies the Gnome Dash (App dock) to launch new instances of each program when you click on an icon. The normal behavior is only launch one and focus on it if additional clicks occur.

For many users like myself, this is vital to making Gnome comfortable

Enable Launch New Instance

"Weather by Neroth"

Weather places a summary of the weather ("Clear Sky, 32 F") on the top bar and provides a well presented weather summary when you click on it.

Enable Weather (by Neroth)

"Recent Items"

Recent Items provides a small icon on the top bar that shows a list of recently used files when clicked. The quick access to a just-used file is very satisfying.

Enable Recent Items

"Media Player Indicator"

This provides a top-bar drop down icon with information on media playing from programs like Rhythmbox

Enable Media Player Indicator

"Advanced Volume Mixer"

This provides quick access to mixer controls beyond just volume. It allows me to easily switch between HDMI speakers and headphone speakers very easily.

Enable Advanced Volume Mixer

"Music Integration"

(Desired): Music Integration provides subtle notifications of tracks playing from several Linux audio players.

Enable Music Integration.

"Monitor Status Indicator"

(Optional): Monitor status provides a drop down menu for changing monitor layout from portrait to landscape. You might like this if you have a tilt-able monitor and occasionally switch from one mode to another.

Enable Monitor Status Indicator

"Workspace Indicator"

(Optional): Workspace Indicator shows the workspace your desktop is focused on as a numbered icon on the top right panel. I've been a heavy user of workspaces for years and I'm used to having a simple way to tell which workspace my desktop is currently focused on.

Enable Workspace Indicator

"Easy Screen Cast"

(Optional): Workspace Indicator shows the workspace your desktop is focused on as a numbered icon on the top right panel. I've been a heavy user of workspaces for years and I'm used to having a simple way to tell which workspace my desktop is currently focused on.

Enable Easy Screen Cast



Restore Data

Restore User Files Top

At this point, I've built and configured a Fedora workstation with all the tools and settings to let me be comfortable and productive.

I'll now carefully copy or restore user files to my home directory and begin using the system.

For the first time, with Fedora 20, I've restored my entire /home directory from Fedora 19 and dropped it in place with all the new systems and applications of Fedora 20.

This is a common practice for other users but I've been reluctant to use this method in the past for fear that some new or bleeding edge application or system in Fedora will not like my old, existing config files.

So far with Fedora 20, dropping my old /home in place has worked wonderfully and saved a lot of time. Many of the configuration steps above can be completely skipped as their configurations are inherited from the old config files.

Done! Now I actually get to use my new Fedora system!