Posted on Leave a comment

How to turn on an LED with Fedora IoT

Do you enjoy running Fedora, containers, and have a Raspberry Pi? What about using all three together to play with LEDs? This article introduces Fedora IoT and shows you how to install a preview image on a Raspberry Pi. You’ll also learn how to interact with GPIO in order to light up an LED.

What is Fedora IoT?

Fedora IoT is one of the current Fedora Project objectives, with a plan to become a full Fedora Edition. The result will be a system that runs on ARM (aarch64 only at the moment) devices such as the Raspberry Pi, as well as on the x86_64 architecture.

Fedora IoT is based on OSTree, like Fedora Silverblue and the former Atomic Host.

Download and install Fedora IoT

The official Fedora IoT images are coming with the Fedora 29 release. However, in the meantime you can download a Fedora 28-based image for this experiment.

You have two options to install the system: either flash the SD card using a dd command, or use a fedora-arm-installer tool. The Fedora Wiki offers more information about setting up a physical device for IoT. Also, remember that you might need to resize the third partition.

Once you insert the SD card into the device, you’ll need to complete the installation by creating a user. This step requires either a serial connection, or a HDMI display with a keyboard to interact with the device.

When the system is installed and ready, the next step is to configure a network connection. Log in to the system with the user you have just created choose one of the following options:

  • If you need to configure your network manually, run a command similar to the following. Remember to use the right addresses for your network:
    $ nmcli connection add con-name cable ipv4.addresses \ 192.168.0.10/24 ipv4.gateway 192.168.0.1 \ connection.autoconnect true ipv4.dns "8.8.8.8,1.1.1.1" \ type ethernet ifname eth0 ipv4.method manual
  • If there’s a DHCP service on your network, run a command like this:
    $ nmcli con add type ethernet con-name cable ifname eth0

The GPIO interface in Fedora

Many tutorials about GPIO on Linux focus on a legacy GPIO sysfis interface. This interface is deprecated, and the upstream Linux kernel community plan to remove it completely, due to security and other issues.

The Fedora kernel is already compiled without this legacy interface, so there’s no /sys/class/gpio on the system. This tutorial uses a new character device /dev/gpiochipN provided by the upstream kernel. This is the current way of interacting with GPIO.

To interact with this new device, you need to use a library and a set of command line interface tools. The common command line tools such as echo or cat won’t work with this device.

You can install the CLI tools by installing the libgpiod-utils package. A corresponding Python library is provided by the python3-libgpiod package.

Creating a container with Podman

Podman is a container runtime with a command line interface similar to Docker. The big advantage of Podman is it doesn’t run any daemon in the background. That’s especially useful for devices with limited resources. Podman also allows you to start containerized services with systemd unit files. Plus, it has many additional features.

We’ll create a container in these two steps:

  1. Create a layered image containing the required packages.
  2. Create a new container starting from our image.

First, create a file Dockerfile with the content below. This tells podman to build an image based on the latest Fedora image available in the registry. Then it updates the system inside and installs some packages:

FROM fedora:latest RUN  dnf -y update RUN  dnf -y install libgpiod-utils python3-libgpiod

You have created a build recipe of a container image based on the latest Fedora with updates, plus packages to interact with GPIO.

Now, run the following command to build your base image:

$ sudo podman build --tag fedora:gpiobase -f ./Dockerfile

You have just created your custom image with all the bits in place. You can play with this base container images as many times as you want without installing the packages every time you run it.

Working with Podman

To verify the image is present, run the following command:

$ sudo podman images REPOSITORY                 TAG        IMAGE ID       CREATED          SIZE localhost/fedora           gpiobase   67a2b2b93b4b   10 minutes ago  488MB docker.io/library/fedora   latest     c18042d7fac6   2 days ago     300MB

Now, start the container and do some actual experiments. Containers are normally isolated and don’t have an access to the host system, including the GPIO interface. Therefore, you need to mount it inside while starting the container. To do this, use the –device option in the following command:

$ sudo podman run -it --name gpioexperiment --device=/dev/gpiochip0 localhost/fedora:gpiobase /bin/bash

You are now inside the running container. Before you move on, here are some more container commands. For now, exit the container by typing exit or pressing Ctrl+D.

To list the the existing containers, including those not currently running, such as the one you just created, run:

$ sudo podman container ls -a CONTAINER ID   IMAGE             COMMAND     CREATED          STATUS                              PORTS   NAMES 64e661d5d4e8   localhost/fedora:gpiobase   /bin/bash 37 seconds ago Exited (0) Less than a second ago           gpioexperiment

To create a new container, run this command:

$ sudo podman run -it --name newexperiment --device=/dev/gpiochip0 localhost/fedora:gpiobase /bin/bash

Delete it with the following command:

$ sudo podman rm newexperiment

Turn on an LED

Now you can use the container you already created. If you exited from the container, start it again with this command:

$ sudo podman start -ia gpioexperiment

As already discussed, you can use the CLI tools provided by the libgpiod-utils package in Fedora. To list the available GPIO chips, run:

$ gpiodetect gpiochip0 [pinctrl-bcm2835] (54 lines)

To get the list of the lines exposed by a specific chip, run:

$ gpioinfo gpiochip0

Notice there’s no correlation between the number of physical pins and the number of lines printed by the previous command. What’s important is the BCM number, as shown on pinout.xyz. It is not advised to play with the lines that don’t have a corresponding BCM number.

Now, connect an LED to the physical pin 40, that is BCM 21. Remember: the shorter leg of the LED (the negative leg, called the cathode) must be connected to a GND pin of the Raspberry Pi with a 330 ohm resistor, and the long leg (the anode) to the physical pin 40.

To turn the LED on, run the following command. It will stay on until you press Ctrl+C:

$ gpioset --mode=wait gpiochip0 21=1

To light it up for a certain period of time, add the -b (run in the background) and -s NUM (how many seconds) parameters, as shown below. For example, to light the LED for 5 seconds, run:

$ gpioset -b -s 5 --mode=time gpiochip0 21=1

Another useful command is gpioget. It gets the status of a pin (high or low), and can be useful to detect buttons and switches.

Closeup of LED connection with GPIO

Conclusion

You can also play with LEDs using Python — there are some examples here. And you can also use the i2c devices inside the container as well. In addition, Podman is not strictly related to this Fedora edition. You can install it on any existing Fedora Edition, or try it on the two new OSTree-based systems in Fedora: Fedora Silverblue and Fedora CoreOS.

Posted on Leave a comment

GNOME 3.30 released & coming to Fedora 29

Today, the GNOME project announced the release of GNOME 3.30.

The release of the GNOME desktop is the default desktop environment in the upcoming release of Fedora 29 Workstation. GNOME 3.30 includes a wide range of enhancements, including:

  • Better performance in the overall desktop and system libraries
  • Numerous improvements to the Files, Web, and Boxes applications
  • A new Podcasts application to help manage and listen to podcasts

The new Podcasts application in GNOME 3.30

Application updates in GNOME 3.30

GNOME 3.30 includes some updates to many standard applications. Files has a combined search and file path bar interface, making searching more prominent and integrated into the navigation experience. Boxes can now connect to Windows Servers over RDP, resulting in a much better remote desktop experience.

Comparison of normal web view and reader mode

Web now includes a content reader mode. When viewing a compatible web page, Web can toggle between the normal view and the clean, minimal reader view. The minimal view strips out all extraneous menus, images, and content not related to the article or document, making for a more pleasant reading experience.

Read more about this release

There are many more changes and enhancements in this major version of GNOME. Check out the release announcement and the release notes from the GNOME Project for more information.


Screenshots in this post are from the GNOME 3.30 release notes and screenshot pack.

Posted on Leave a comment

Upscale bitmap images with better results

Most images on the Web are small or medium sized, since otherwise users need to wait longer before their favorite web pages load. However, sometimes you need to find a larger version of an image, but the search doesn’t bear fruit. Any bitmap image can be scaled up or down in an image editor (such as Gimp). But obviously upscaling would not add any detail to the image. Instead, the result will usually be blurred, pixelated and noticeably stretched-up. In this brief roundup we’ll try to upscale bitmap images with a little better result.

There’s no magic in it, just a few advanced scaling algorithms that help produce better-looking pictures. Everything is open source and works great in Fedora. The results will be tested against the Cubic interpolation method, which Gimp applies by default.

Filters in ImageMagick

This is the most famous and widely used open source software for manipulating images from the command line. Fedora, like the majority of other Linux distributions, already includes ImageMagick. Fedora even installs it by default in Fedora Workstation. ImageMagick provides  the convert command, which can also change dimensions of input images.

The trick is that convert supports filters, and ImageMagick provides a rich selection of such filters, some of which work really good for upscaling. You can check out the full list here. For instance, the point filter works well for upscaling pixel art and screen shots, as it preserves clarity and sharpness at the cost of emphasized pixels. Still, this can look better than the blurred results of the convenient Cubic algorithm.

Use it with the following syntax:

convert input.png -filter point -resize 600% output.png

The PNG file format as well as the 600% scaling factor are just examples.

Hiding pixels in Cubic is not really good for upscaling. Use something without anti-aliasing, such as the Point filter in ImageMagick.

Although it’s possible to get the same result in Gimp by choosing the None interpolation method, working with ImageMagick is sometimes easier. Not only it is installed in Fedora Workstation by default (Gimp is available, but not installed), it provides command-line tools which are ideal for scripting.

Xbrzscale

Xbrzscale is a command-line utility that implements the xBR scaling method. In brief, xBR is based on pattern recognition and interpolation, and it’s perfect for magnifying pixel art. xBRZ is an enhanced version of xBR, with a focus on preserving very small details. Therefore, xBRZ delivers pleasing results on both pixel art and photographic images, such as portraits.

In the following side-by-side comparison, the left part definitely looks preferable thanks to the superb clarity.

The Xbrzscale version features sharper edges and looks as if it had more details than the version to the right.

Install Xbrzscale in Fedora

To build this tool from source, you must install some prerequisites first:

sudo dnf -y install gcc-c++ SDL2-devel SDL2_image-devel

Let’s go ahead with Xbrzscale now:

git clone https://github.com/atheros/xbrzscale.git cd xbrzscale make

The command line syntax to upscale with this software is:

./xbrzscale X input.png output.png

…where X is the scale factor, a number within the range of 2 to 6.

Note that Xbrzscale always outputs PNG images, no matter what you feed it with. If the input file format is different, Xbrzscale will convert it to PNG.

Smilla Enlarger

Smilla Enlarger has a user-friendly graphical interface. It makes use of yet another different technology, this time based on fractal-based interpolation algorithms. The main goal is to produce sharper results when you upscale photographic images. The enlarged image usually preserves more details than the Cubic interpolation can.

Install Smilla Enlarger in Fedora

Again, start by installing the build dependencies:

sudo dnf -y install qt5-qtbase-devel

Now, build and run Smilla Enlarger:

git clone https://github.com/lupoDharkael/smilla-enlarger.git cd smilla-enlarger qmake-qt5 && make ./smilla-enlarger

The application window has numerous advanced controls and extra parameters that put a user in control of upscaling details.

Smilla Enlarger lets you choose a zoom factor, configure cropping and, more importantly, preview the result before hitting the Enlarge & Save button.

The upscale version of the sample image looks noticeably different from both the decent Xbrzscale version and the cubic-enlarged version.

Smill Enlarger adds a subtle amount of grain, which seems to effectively hide artifacts and make a picture look cleaner. Try this application on a photo to get the best results.

It’s hard to recommend the plethora of ImageMagick filters over Xbrzscale and Smilla Enlarger. The actual results will vary across different sorts of images, and of course different user preferences.

Posted on Leave a comment

Decentralize common Fedora apps with Cjdns

Are you worried about a few huge corporations controlling the web? Don’t like censorship on centralized social media sites like facebook and twitter? You need to decentralize! The internet was designed to be decentralized. Many common activities, from social media to email to voice calls, don’t actually require a centralized service.

The basic requirement for any peer to peer application is that the peers be able to reach each other. This is impossible today for most people using IP4 behind NAT (as with most household routers). The IP4 address space was exhausted over a decade ago. Most people are in “IP4 NAT Jail.”

Your device is assigned a private IP, and translated to the public IP by the router. Without port forwarding to a specific private IP, incoming TCP connections or UDP sessions can’t tell where to forward to, and are dropped. As a result, nothing can connect to your device. You must connect to various public servers to do anything. IP4 NAT Jail forces centralization.

The simplest solution to this problem is IPv6. However, most US consumer internet providers do not offer usable IPv6. For instance, if the IPv6 prefix changes every few days, the devices are not addressable except via a dynamic DNS server. Furthermore, on a mobile device like a laptop, most WiFi does not offer IPv6 either. So you can’t use Mobile IP6 to have a stable address.

You can work around this using a VPN like OpenVPN (included in Fedora) to a centralized server with a public IP4 — perhaps one you provide yourself by renting a Virtual Personal Server. But then packets to and from your device have to travel to and from the VPN server first. You can also use a tunnel broker like he.net.

If you and your peers already have stable IPv6 addresses, you can use these for the sample applications to be showcased. But most people need to use something else.

DNS is also essentially a centrally controlled service, so this article’s two sample applications avoid the use of DNS.  Email and SIP applications have built-in address books that work just as well.  Think of your stable IPv6 address as a “phone number.”

IPv6 Overlay Mesh VPN with Cjdns

The Cjdns package (included in Fedora) implements a global IPv6 mesh by connecting to several peers instead of a centralized server. Each node has a public/private key pair. The IPv6 is the truncated SHA512 hash of the public key, preventing spoofing.

  • Packets are end to end encrypted — relays can be untrusted.
  • Packets are source routed, allowing seamless upgrades of and experimentation with routing algorithms.  (This is safe thanks to anti-spoofing.)
  • The data for routing comes from a Distributed Hash Table listing the peers of each node.
  • Peers can be explicitly configured as UDP tunnels, or auto-configured on ethernet via layer 2 protocol 0xfc00.

With Cjdns installed, you have a stable, “unspoofable” (standard cryptographic caveats apply) IPv6 address that can be used with any IPv6 ready application. Your recipient must also use the Cjdns protocol, but this isn’t much of an obstacle since it’s easier to install Cjdns than convince US ISPs to provide usable IPv6.

Install Cjdns

To install and enable the Cjdns service persistently, run these commands:

$ sudo dnf install cjdns cjdns-tools cjdns-selinux $ sudo systemctl enable --now cjdns
$ peerStats 18:03:14:56:c2:1e v20.0000.0000.0000.0019.681v1s7k3af1q2cf09txpw309zdf4q0mn7mtq0wr544dz98stwr0.k ESTABLISHED in 6kb/s out 15kb/s LOS 8 "outer"

This generates a /etc/cjdroute.conf file, pre-populated with random keys and passwords. If there’s already a Cjdns node on your LAN as above, you’re done. But more likely, there was no output from peerStats. In that case you now need to configure one or more UDP tunnels. First, you must discover the random UDP port used.

$ sudo grep bind /etc/cjdroute.conf // Port to bind the admin RPC server to. "bind": "127.0.0.1:11234", "bind": "0.0.0.0:26041", "bind": "[::]:26041", // Alternatively bind to just one device "bind": "all",

In this example, the random UDP port is 26041 for both IPv6 and IPv4. Your port will be different. Allow incoming sessions for this port.

$ sudo firewall-cmd --zone=public --add-port=26041/udp success $ sudo firewall-cmd --runtime-to-permanent success

Now you need to edit the config to add a peer. Hopefully, you are somewhat familiar with configs using JSON syntax. You must add an entry for a UDP peer using your favorite text editor, such as vim. Here is one provided on a VPS. Search for IPv4, and add the indicated stanza after connectTo, inside the braces:

$ sudo vim /etc/cjdroute.conf "168.235.90.18:26041": { "login": "fedora", "password":"zvkxv604fqx0zn9trhw5hjxwp3u4v2u", "publicKey":"lhj54c2xnczfurpw42d0h1bvc4qquclb4dw72q50tc83ucmm9zt0.k", "peerName":"nyc.gathman.org" },

For the changes to take effect, restart cjdns.

$ sudo systemctl restart cjdns $ peerStats 168.235.90.18:26041 v20.0000.0000.0000.0017.lhj54c2xnczfurpw42d0h1bvc4qquclb4dw72q50tc83ucmm9zt0.k ESTABLISHED in 0kb/s out 0kb/s "nyc.gathman.org" $ ping h.sea.gathman.org PING h.sea.gathman.org(h.sea.gathman.org (fceb:7fc0:c62c:9cd9:2971:e3ff:aee2:6e08)) 56 data bytes 64 bytes from h.sea.gathman.org (fceb:7fc0:c62c:9cd9:2971:e3ff:aee2:6e08): icmp_seq=1 ttl=42 time=87.6 ms

You can now ping any node in the global IPv6 mesh. CAUTION: All those nodes can now directly connect to your device. The default Fedora firewall will block all incoming connections be default — but be careful what you allow in. Be sure to consult the package README for additional security notes.

The fedora password to this nyc VPS may not be up indefinitely, so you need some more peers. Consult a list of public peers or peer with your Fedora friends.

Decentralize Email applications

You can decentralize almost any email client included in Fedora that supports IPv6, such as alpine or Thunderbird. This example uses mailx, a bare bones CLI mail client designed for teletypes. This makes configuration and use easy to show.

Similarly, you can use any of the MTAs supplied with Fedora, but this example uses opensmtpd, as it is simple, small, and secure. By default, opensmtpd stores incoming email in /var/spool/mail, which is perfect for personal decentralized use. You can, of course, use any mail store and client you prefer.

$ sudo dnf install mailx opensmtpd $ cat >~/.mailrc <<EOF set from="mylogin@[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678] (Real Name)" set smtp=localhost EOF

Of course, you need to use your own local login, IPv6 and name.

To receive email, you will need to edit the opensmtpd config in /etc/opensmtpd/smtpd.conf. Here is a sample. (Note this article may wrap some of the “preformatted” lines, so use your head):

# This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. # To accept external mail, replace with: listen on all listen on fc02:fefe:dead:beef:cafe:babe:1234:5678 hostname "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]" listen on localhost # If you edit the file, you have to run "smtpctl update table aliases" table aliases file:/etc/aliases # Uncomment the following to accept external mail for domain "example.org" #accept from any for domain "example.org" alias deliver to mbox accept from any for domain "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]" alias deliver to mbox accept for local alias deliver to mbox accept for any relay hostname "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]" 

Use your actual Cjdns IP, of course. When the opensmtpd config is ready, start it so you can receive emails. If your recipient is offline, opensmtpd stores your letter and retries periodically.

$ sudo systemctl enable --now opensmtpd $ sudo firewall-cmd --zone=public --add-service=smtp $ sudo firewall-cmd --runtime-to-permanent

Now send the author a dex (decentralized) email:

$ mailx -s "Fedora Article" \ "stuart@[IPv6:fcbc:b27:be6f:94dd:4225:792:c988:8ace]" <<EOF > Great article! > EOF

That sends an email to the author’s nyc vps — so don’t be surprised if you get a reply!

Alpine is a full featured console email client. After you install and run it the first time, you can decentralize it by editing ~/.pinerc and changing these basic config items:

# Sets domain part of From: and local addresses in outgoing. user-domain=[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678] # List of SMTP servers for sending mail. smtp-server=localhost

Decentralize SIP applications

Linphone call screen

Linphone call screen

Using Cjdns for your voice calls gives you privacy and authentication. You can use any sip client that supports IP6. This example uses the linphone app included in Fedora.

$ sudo dnf install linphone $ sudo firewall-cmd --zone=public --add-service=sip --add-port=7078/udp --add-port=9078/udp $ sudo firewall-cmd --runtime-to-permanent
Linphone network config screen

Linphone network config screen

Run linphone on your desktop, and skip the account wizard. You don’t need logins and accounts with peer to peer. Select Options, Preferences and select Use IPv6 instead of IPv4 and Direct connection to internet. Enter your Cjdns IPv6 in Public IP address. Now select Options, Quit to completely exit linphone.

The version in Fedora doesn’t provide a way to configure your peer to peer contact, so you need to edit the config file. Find the [sip] section and change guess_hostname and contact:

$ vim ~/.linphonerc guess_hostname=0 contact="Real Name" <sip:mylogin@[fc02:fefe:dead:beef:cafe:babe:1234:5678]>

Now start linphone again, and add a Fedora friend with Cjdns to the addressbook using the same address syntax. Try a text message first, then give them a call.

Of course, there are many potential issues with audio and video in a VoIP app, which are not covered here. Usually, however, linphone just works. If you don’t have any friends, you can reach out to the author via dex email at the nyc node above.

Posted on Leave a comment

Lennart Jern: How Do You Fedora?

The Fedora Magazine recently interviewed Lennart Jern on how he uses Fedora. This is part of a series  on the Fedora Magazine. This series profiles Fedora users and how they use Fedora to get things done. Contact us on the feedback form to express your interest in becoming a interviewee.

Who is Lennart Jern?

Lennart Jern is a Swedish-speaking Finn, who has been living in Umeå, Sweden, for about three years. He was born and raised in southern Finland where he obtained his master’s degree in applied mathematics. His time at university exposed Lennart’s true passion.  “While at the university, I realized that computer science was really what I wanted to work with.” In order to follow his dream of working in computer science he moved to Sweden with his wife to pursue a master’s program in computer science. After a short while he had learned enough to land a job with a local startup. “I’m working with cloud/distributed systems, specifically with tools like kubernetes and OpenShift.

Lennart’s first contact with Linux was in 2006. Some of the computers in his high school were running OpenSuse. He installed Ubuntu’s Hardy Heron in 2008 and has been using Linux ever since.

The Hobbit: An Unexpected Journey and Star Wars: The Force Awakens are his two favorite movies. Lennart likes simplicity. “I generally don’t like fancy food. Nothing beats a homemade pesto-mozzarella pizza.

Lennart Jern and his two dogs

Self hosting is one of Jern’s hobbies. He hosts a private blog and a git service running on a cluster of Raspberry Pi computers. “For my blog I am using Jeckll and the git service is gogs.” The Raspberry PI cluster makes use of Kubernetes. Lennart uses several other open source tools to maintain the hosted environment. “I use for the self hosting environment are certbot for certificates, ansible for automation and parallelization of tasks.”

The Fedora Community

Lennart became active with the Fedora Community when his friend introduced him to Fedora. “A friend of mine, Ludvig, was running Fedora on his laptop and I got curious. I wanted to know more about the differences between Linux distros so I simply tried it out.” His friend, Ludvig, also convinced him to get involved with the open source world. “He was using Fedora when we were in high school, probably because it was what Linus Torvalds was using at the time.”

Lennart’s first interactions with the Fedora Community came when he was looking for solutions to issues with Pulse Audio. He found the community friendly and welcoming. “It is nothing to be afraid of, just try it! You don’t have to commit all your free time to it, nobody expects that. If you stumble across something that you can fix or report, do it! It will feel great!

When asked what he would like people to know about Fedora Lennart was quick to mention stability. “I feel that many still have the impression of Fedora being a bleeding edge distro with problems and broken applications every new release. Bleeding edge might still be true, but I find Fedora very well polished and stable these days.” Lennart would also like to see Fedora more well know in Nordic countries.

What Hardware?

Jern has five machines running Fedora. One desktop, one laptop and three Raspberry Pi computers. The desktop is a custom computer with an AMD Ryzen 5 1600 CPU and 16 GB of ram. The desktop makes use of two graphics cards for multi seating. The video cards are both made by Asus. The first is a Radeon 6870 and the second is a Radeon RX 550. The laptop is a refurbished HP ProBook 430 G2. It is equipped with an Intel Core i5-4210U and 4 GB or ram. Two of the Rasberry Pi computers are model 3 B+ and the other is a model 3B.

What Software?

All of Lennart’s computers run Fedora 28. “The laptop and desktop are both on the Workstation edition while the raspberries have minimal installations.”

One of the raspberries (the model B) is still running ARMv7, while the other two are running the newer aarch64 images. Jern’s laptop and desktop are close to the base workstation edition. “I just add a couple of GNOME extensions specifically the Drop Down Terminal and the Dash to Dock extensions.” Notable applications that Lennart uses include:

  • Chrome as browser,
  • Atom as text editor/IDE,
  • Gedit or vim for ad hoc text editing,
  • Slack and Telegram for chatting.

Lennart also use git for version control, occasionally with gitg and meld as helping tools. He makes use of Gnome Boxes and vagrant for experimenting with things in virtual machines and docker for his container needs. “Finally, an important piece of software that I have come to rely on is pass and QtPass for password management.” Jern also uses syncthing for synchronizing files between my computers.

When I’m done geeking around, I relax with some Steam games. And, when I do not need the full power of my desktop I let it contribute to the World Community Grid.

Posted on Leave a comment

Convert file systems with Fstransform

Few people know that they can convert their filesystems from one type to another without losing data, i.e. non-destructively. It may sound like magic, but Fstransform can convert an ext2, ext3, ext4, jfs, reiserfs or xfs partition to another type from the list in almost any combination. More importantly, it does so in-place, without formatting or copying data anywhere. Atop of all this goodness, there is a little bonus: Fstransform can also handle ntfs, btrfs, fat and exfat partitions as well.

Before you run it

There are certain caveats and limitations in Fstransform, so it is strongly advised to back up before attempting a conversion. Additionally, there are some limitations to be aware of when using Fstransform:

  • Both the source and target filesystems must be supported by your Linux kernel. Sounds like an obvious thing and exposes zero risk in case you want to use ext2, ext3, ext4, reiserfs, jfs and xfs partitions. Fedora supports all of that just fine.
  • Upgrading ext2 to ext3 or ext4 does not require Fstransform. Use the Tune2fs utility instead.
  • The device with source file system must have at least 5% of free space.
  • You need to be able to unmount the source filesystem before you begin.
  • The more data your source file system stores, the longer the conversion will last. The actual speed depends on your device, but expect it to be around one gigabyte per minute. The large amount of hard links can also slow down the conversion.
  • Although Fstransform is proved to be stable, please back up data on your source filesystem.

Installation instructions

Fstransform is already a part of Fedora. Install with the command:

sudo dnf install fstransform

Time to convert something

Converting one file system to another in-place can take a while

The syntax of the fstransform command is very simple: fstransform <source device> <target file system>. Keep in mind that it needs root privileges to run, so don’t forget to add sudo in the beginning. Here goes an example:

sudo fstransform /dev/sdb1 ext4

Note that it is not possible to convert a root file system, which is a security measure. Use a test partition or an experimental thumb drive instead. In the meantime, Fstransform will through a lot of auxiliary output in the console. The most useful part is the estimated time of completion, which keep you informed about how long  the process will take. Again, few small files on an almost empty drive will make Fstransform do its job in a minute or so, whereas more real-world tasks may involve hours of wait time.

More file systems are supported

As mentioned above, it is possible to try Fstransform with ntfs, btrfs, fat and exfat partitions. These types are very experimental, and nobody can guarantee that the converion will flow perfect. Still, there are many success stories, and you can add your own by testing Fstransform with a sample data set on a test partition. Those additional file systems can be enabled by the use of the –force-untested-file-systems parameter:

sudo fstransform /dev/sdb1 ntfs --force-untested-file-systems

Sometimes the process may iterrupt with an error. Feel free to repeat the command again — it may eventually complete the conversion from second or third attempt.

Posted on Leave a comment

Image creation applications for Fedora

Feeling creative? There are a multitude of applications available for Fedora to aid your creativity. From digital painting, vectors, to pixel art there is something for everyone to get creative this weekend. This article highlights a selection of the applications available for Fedora for creating awesome images.

Vector graphics: Inkscape

Inkscape is a well known and loved Open Source vector graphics editor. SVG is the primary file format of Inkscape, so all your drawings will scale no-problems! Inkscape has been around for many years, so there is a solid community and mountains of tutorials and other resources for getting started.

Being a vector graphics editor, Inkscape is better suited towards simpler illustrations (for example a simple comics style). However, using vector blurs, some artists create some amazing vector drawings.

Install Krita from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install inkscape

Digital Painting: Krita & Mypaint

Krita is a popular image creation application for digital painting, raster illustration, and texturing. Additionally, Krita is an active project, with a vibrant community — so lots of tutorials to get started. Krita features multiple brush engines, a UI with pop-up palletes, a wrap-around mode for creating seamless patterns, filters, layers, and much more.

Krita with artwork from the Pepper and Carrot webcomic (CC-BY 4.0)

Install Krita from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install krita

Mypaint is another amazing digital painting application available for Fedora. Like Krita, it has multiple brushes and the ability to use layers.

Install Mypaint from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install mypaint

Pixel Art: Libresprite

Libresprite is an application designed for the creation of pixel art and pixel animations. It supports a range of colour modes and exports to many formats (including animated GIF). Additionally, Libresprite has drawing tools designed for the creation of pixel art: the polygon tool, and contour & shading tools.

Libresprite is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.

 

 

Posted on Leave a comment

5 applications to manage your to-do list on Fedora

Effective management of your to-do list can do wonders for your productivity. Some prefer just keeping a to-do list in a text file, or even just using a notepad and pen. For users that want more out of their to-do list, they often turn to an application. In this article we highlight 4 graphical applications and a terminal-based tool for managing your to-do list.

GNOME To Do

GNOME To Do is a personal task manager designed specifically for the GNOME desktop (Fedora Workstation’s default desktop). When comparing GNOME To Do with some others in this list, it is has a range of neat features.

GNOME To Do provides organization of tasks by lists, and the ability to assign a colour to that list. Additionally, individual tasks can be assigned due dates & priorities, and notes for each task. Futhermore, GNOME To Do has extensions, allowing even more features, including support for todo.txt and syncing with online services such as todoist.

Install GNOME To Do either by using the Software application, or using the following command in the Terminal:

sudo dnf install gnome-todo

Getting things GNOME!

Before GNOME To Do existed, the go-to application for tracking tasks on GNOME was Getting things GNOME! This older-style GNOME application has a multiple window layout, allowing you to show the details of multiple tasks at the same time. Rather than having lists of tasks, GTG has the ability to add sub-tasks to tasks and even to sub-tasks. GTG also has the ability to add due dates and start dates. Syncing to other apps and services is also possible in GTG via plugins.

Install Getting Things GNOME either by using the Software application, or using the following command in the Terminal:

sudo dnf install gtg

Go For It!

Go For It! is a super-simple task management application. It is used to simply create a list of tasks, and mark them as done when completed. It does not have the ability to group tasks, or create sub-tasks. By default, Go For It! stored tasks in the todo.txt format, allowing simpler syncing to online services and other applications. Additionally, Go For It! contains a simple timer to track how much time you have spent on the current task.

Go For It is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.

Agenda

If you are looking for a no-fuss super simple to-do application, look no further than Agenda. Create tasks, mark them as complete, and then delete them from your list. Agenda shows all tasks (completed or open) until you remove them.

Agenda is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.

Taskwarrior

Taskwarrior is a flexible command-line task management program. It is highly customizable, but can also be used “right out of the box.”   Using simple commands, you can create tasks, mark them as complete, and list current open tasks. Additionally, tasks can be tagged, added to projects, searched and filtered. Furthermore, you can set up recurring tasks, and apply due dates to tasks.

This previous article on the Fedora Magazine provides a good overview of getting started with Taskwarrior.

Install Taskwarrior with this command in the Terminal:

sudo dnf install task
Posted on Leave a comment

How to use Fedora Server to create a router / gateway

Building a router (or gateway) using Fedora Server is an interesting project for users wanting to learn more about Linux system administration and networking. In this article, learn how to configure a Fedora Server minimal install to act as an internet router / gateway.

This guide is based on Fedora 28 and assumes you have already installed Fedora Server (minimal install). Additionally, you require a suitable network card / modem for the incoming internet connection. In this example, the  DrayTek VigorNIC 132 NIC was used to create the router.

Why build your own router

There are many benefits for building your own router over buying a standalone box (or using the one supplied by your internet provider):

  • Easily update and run latest software versions
  • May be less prone to be part of larger hacking campaign as its not a common consumer device
  • Run your own VMs or containers on same host/router
  • Build OpenShift on top of router (future story in this series)
  • Include your own VPN, Tor, or other tunnel paths along with correct routing

The downside is related to time and knowledge.

  • You have to manage your own security
  • You need to have the knowledge to troubleshoot if an issue happens or find it through the web (no support calls)
  • Costs more in most cases than hardware provided by an internet provider

Basic network topology

The diagram below describes the basic topology used in this setup. The machine running Fedora Server has a PCI Express modem for VDSL. Alternatively, if you use a Raspberry Pi with external modem the configuration is mostly similar.

topology

Initial Setup

First of all, install the packages needed to make the router. Bash auto-complete is included to make things easier when later configuring. Additionally, install packages to allow you to host your own VMs on the same router/hosts via KVM-QEMU.

dnf install -y bash-completion NetworkManager-ppp qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer 

Next, use nmcli to set the MTU on the WAN(PPPoE) interfaces to align with DSL/ATM MTU and create pppoe interface. This link has a great explanation on how this works. The username and password will be provided by your internet provider.

nmcli connection add type pppoe ifname enp2s0 username 00xxx5511yyy0001@t-online.de password XXXXXX 802-3-ethernet.mtu 1452

Now, set up the firewall with the default zone as external and remove incoming SSH access.

firewall-cmd --set-default-zone=external firewall-cmd --permanent --zone=external --remove-service=ssh

Add LAN interface(br0) along with preferred LAN IP address and then add your physical LAN interface to the bridge.

nmcli connection add ifname br0 type bridge con-name br0 bridge.stp no ipv4.addresses 10.0.0.1/24 ipv4.method manual nmcli connection add type bridge-slave ifname enp1s0 master br0

Remember to use a subnet that does not overlap with your works VPN subnet. For example my work provides a 10.32.0.0/16 subnet when I VPN into the office so I need to avoid using this in my home network. If you overlap addressing then the route provided by your VPN will likely have lower priority and you will not route through the VPN tunnel.

Now create a file called bridge.xml, containing a bridge definition that virsh will consume to create a bridge in QEMU.

cat > bridge.xml <<EOF <network>     <name>host-bridge</name>     <forward mode="bridge"/>     <bridge name="br0"/> </network> EOF

Start and enable your libvirt-guests service so you can add the bridge in your virtual environment for the VMs to use.

systemctl start libvirt-guests.service systemctl enable libvirt-guests.service 

Add your “host-bridge” to QEMU via virsh command and the XML file you created earlier.

virsh net-define bridge.xml

virsh net-start host-bridge virsh net-autostart host-bridge

Add br0 to internal zone and allow DNS and DHCP as we will be setting up our own services on this router.

firewall-cmd --permanent --zone=internal --add-interface=br0 firewall-cmd --permanent --zone=internal --add-service=dhcp firewall-cmd --permanent --zone=internal --add-service=dns

Since many DHCP clients including Windows and Linux don’t take into account the MTU attribute in DHCP, we will need to allow TCP based protocols to set MSS based on PMTU size.

firewall-cmd --permanent --direct --add-passthrough ipv4 -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Now we reload the firewall to take permanent changes into account.

nmcli connection reload

Install and Configure DHCP

DHCP configuration depends on your home network setup. Use your own desired domain name and and the subnet was defined during the creation of br0. Be sure to note the MAC address in the config file below can either be capture from the command below once you have DHCP services up and running or you can pull it off the label externally on the device you want to set to static addressing.

cat /var/lib/dhcpd/dhcpd.leases
dnf -y install dhcp vi /etc/dhcp/dhcpd.conf 
option domain-name "lajoie.org"; option domain-name-servers 10.0.0.1; default-lease-time 600; max-lease-time 7200; authoritative; subnet 10.0.0.0 netmask 255.255.255.0 { range dynamic-bootp 10.0.0.100 10.0.0.254; option broadcast-address 10.0.0.255; option routers 10.0.0.1; option interface-mtu 1452; } host ubifi { option host-name "ubifi.lajoie.org"; hardware ethernet f0:9f:c2:1f:c1:12; fixed-address 10.0.0.2; }

Now enable and start your DHCP server

systemctl start dhcpd systemctl enable dhcpd

DNS Install and Configure

Next, install bind and and bind-utils for tools like nslookup and dig.

dnf -y install bind bind-utils

Configure your bind server with listening address (LAN interface in this case) and the forward/reverse zones.

$ vi /etc/named.conf
options { listen-on port 53 { 10.0.0.1; }; listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { 10.0.0.0/24; }; recursion yes; forwarders {8.8.8.8; 8.8.4.4; }; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; include "/etc/crypto-policies/back-ends/bind.config"; }; controls { }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view "internal" { match-clients { localhost; 10.0.0.0/24; }; zone "lajoie.org" IN { type master; file "lajoie.org.db"; allow-update { none; }; }; zone "0.0.10.in-addr.arpa" IN { type master; file "0.0.10.db"; allow-update { none; }; }; };

Here is a zone file for example and make sure to update the serial number after each edit of the bind service will assume no changes took place.

$ vi /var/named/lajoie.org.db
$TTL 86400 @ IN SOA gw.lajoie.org. root.lajoie.org. ( 2018040801 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NS gw.lajoie.org. IN A 10.0.0.1 gw IN A 10.0.0.1 ubifi IN A 10.0.0.2

Here is a reverse zone file for example and make sure to update the serial number after each edit of the bind service will assume no changes took place.

$ vi /var/named/0.0.10.db
$TTL 86400 @ IN SOA gw.lajoie.org. root.lajoie.org. ( 2018040801 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NS gw.lajoie.org. IN PTR lajoie.org. IN A 255.255.255.0 1 IN PTR gw.lajoie.org. 2 IN PTR ubifi.lajoie.org.

Now enable and start your DNS server

systemctl start named systemctl enable named

Secure SSH

Last simple step is to make SSH service listen only on your LAN segment. Run this command to see whats listening at this moment. Remember we did not allow SSH on the external firewall zone but this step is still best practice in my opinion.

ss -lnp4

Now edit the SSH service to only listen on your LAN segment.

vi /etc/ssh/sshd_config
AddressFamily inet ListenAddress 10.0.0.1

Restart your SSH service for changes to take effect.

systemctl restart sshd.service
<!–

Optional WiFi Configuration

In this optional section we have the configuration for Wireless AP and 4G WAN. I used Ubiquiti wireless in my setup as I needed multi AP and seamless handover. For WiFi you probably want WPA2 pre-shared key, RSN security protocol, and CCMP group as shown below. We also set the AP to run as 5GHz band via “802-11-wireless.band a”.

dnf install NetworkManager-wifi nmcli connection add type wifi ifname wlp6s0 con-name ap0 autoconnect yes ssid HOMENET 802-11-wireless.mode ap 802-11-wireless.band a 802-11-wireless-security.proto rsn 802-11-wireless-security.pairwise ccmp 802-11-wireless-security.group ccmp 802-11-wireless-security.psk xxxxxxxxx 802-11-wireless-security.key-mgmt wpa-psk ipv4.method shared

Optional  4G Configuration

Now install wwan support and if you have a WWAN USB modem like me that needs to be switched to modem mode vs. storage.

dnf install NetworkManager-wwan ModemManager
Enable and start the ModemManager
systemctl start ModemManager  systemctl enable ModemManager
Plug your device in and make sure ModemManager and NetworkManager both see the wwan device.
mmcli -M nmcli dev
If you don’t see your device I recommend you go to this link and open a bug report.

Now configure your 3GPP WAN connection and reload to make sure everything auto-starts.

nmcli connection add type gsm con-name Telekom gsm.apn web.vodafone.de ifname ttyUSB0 

Since we have the default zone for our firewall set to external, this wwan interface will be put into the correct zone.–>

Thank you

Thanks and please leave a comment below if you have any ideas, edits or questions.

Posted on Leave a comment

4 cool apps for your terminal

Many Linux users think that working in a terminal is either too complex or boring, and try to escape it. Here is a fix, though — four great open source apps for your terminal. They’re fun and easy to use, and may even brighten up your life when you need to spend a time in the command line.

No More Secrets

This is a simple command line tool that recreates the famous data decryption effect seen in the 1992 movie Sneakers. The project lets you compile the nms command, which works with piped data and prints the output in the form of messed characters. Once it does so, you can press any key,  and see the live “deciphering” of the output with a cool Hollywood-style effect.

This GIF animation briefly shows the No More Secrets effect

Installation instructions

A fresh Fedora Workstation system already includes everything you need to build No More Secrets from source. Just enter the following command in your terminal:

git clone https://github.com/bartobri/no-more-secrets.git cd ./no-more-secrets make nms make sneakers ## Optional sudo make install

The sneakers command is a little bonus for those who remember the original movie, but the main hero is nms. Use a pipe to redirect any Linux command to nms, like this:

systemctl list-units --type=target | nms

Once the text stops flickering, hit any key to “decrypt” it. The systemctl command above is only an example — you can replace it with virtually anything!

Lolcat

Here’s a command that colorizes the terminal output with rainbows. Nothing can be more useless, but boy, it looks awesome!

Let your Linux command output look jolly!

Installation instructions

Lolcat is a Ruby package available from the official Ruby Gems hosting. So, you’ll need the gem client first:

sudo dnf install -y rubygems

And then install Lolcat itself:

gem install lolcat

Again, use the lolcat command in for piping any other command and enjoy rainbows (and unicorns!) right in your Fedora terminal.

Chafa

Zoom out your terminal view to increase resolution for Chafa

Chafa is a command line image converter and viewer. It helps you enjoy your images without leaving your lovely terminal. The syntax is very straightforward:

chafa /path/to/your/image

You can throw almost any sort of image to Chafa, including JPG, PNG, TIFF, BMP or virtually anything that ImageMagick supports — this is the engine that Chafa uses for parsing input files. The coolest part is that Chafa can also show very smooth and fluid GIF animations right inside your terminal!

Installation instructions

Chafa isn’t packaged for Fedora yet, but it’s quite easy to build it from source. First, get the necessary build dependencies:

sudo dnf install -y autoconf automake libtool gtk-doc glib2-devel ImageMagick-devel

Next, clone the code or download a snapshot from the project’s Github page and cd to the Chafa directory. After that, you’re ready to go:

git clone https://github.com/hpjansson/chafa ./autogen.sh make sudo make install

Large images can take a while to process at the first run, but Chafa caches everything you load with it. Next runs will be nearly instantaneous.

Browsh

Browsh is a fully-fledged web browser for the terminal. It’s more powerful than Lynx and certainly more eye-catching. Browsh launches the Firefox web browser in a headless mode (so that you can’t see it) and connects it with your terminal with the help of special web extension. Therefore, Browsh renders all rich media content just like Firefox, only in a bit pixelated  style.

Fedora Magazine still looks awesome in Browsh

Installation instructions

The project provides packages for various Linux distributions, including Fedora. Install it this way:

sudo dnf install -y https://github.com/browsh-org/browsh/releases/download/v1.4.6/browsh_1.4.6_linux_amd64.rpm

After that, launch the browsh command and give it a couple of seconds to load up. Press Ctrl+L to switch focus to the address bar and start browsing the Web like you never did before! Use Ctrl+Q to get back to your terminal.