-
Notifications
You must be signed in to change notification settings - Fork 0
Linux
- check which kernel is running:
uname -r - list available kernels:
sudo grubby --info=ALL | grep ^kernel - check default index of kernel to use:
sudo grubby --default-index, mine was2instead of0 - change default index, will pre-select a different kernel to use on boot:
sudo grubby --set-default-index=0 - update the default kernel when a new one is installed:
/etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel-core
ref: red hat docs
Observed in Fedora 43.
Laptop screen freezes, external monitor still works.
To remedy for now, reload amd drivers: sudo cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover
To fix, disable PSR:
sudo grubby --update-kernel=DEFAULT --args="amdgpu.dcdebugmask=0x10" and reboot.
use --update-kernel=ALL to apply to all current and future kernels.
Check amdgpu logs: journalctl -k -g amdgpu
Check current running kernal params: cat /proc/cmdline
Check current grub settings: sudo grubby --info DEFAULT
ref: gitlab issue
When editing an HTML website you can get a live-reloading preview using live-server
npx live-server <dir>
If you have a build-step, combine it with entr to rebuild when the source changes.
find <src>/ | entr -s '<build cmd>'
Fedora includes podman, which can be set up to act like docker.
I added a symlink ~/.local/bin/docker -> /usr/bin/podman
To run podman compose, there needs to be a wrapper to handle the compose files.
podman-compose would do it, if it had support for the --wait option.
To use the "offical" docker-compose, dnf install docker-compose.
This will install the docker-compose plugin (in /usr/libexec/docker/cli-plugins/docker-compose)
and docker-compose-switch which adds /usr/bin/docker-compose and translates docker-compose commands
to the docker compose variant.
Since docker translates to /usr/bin/podman this will run podman compose which in turn picks up the
plugin. One downside is that the podman compose wrapper hardcode disables BUILDKIT.
So if my project needs buildkit, I invoke the plugin directly through an alias docker-compose="/usr/libexec/docker/cli-plugins/docker-compose" allowing me to set DOCKER_BUILDKIT=1.
Note that this will spin up a builkit container to do the build.
Using the docker plugin directly means docker is the one looking up the credentials, not podman.
if you docker login, this translates to podman login which puts your your credentials in $XDG_RUNTIME_DIR/containers/auth.json instead of $HOME/.docker/config.json so docker won't know how to authenticate.
To solve this, copy $XDG_RUNTIME_DIR/containers/auth.json to $HOME/.docker/config.json, or simlink them.
Another option is to set REGISTRY_AUTH_FILE="$HOME/.docker/config.json" podman login to tell podman to use that file instead when authenticating.
ref: https://docs.podman.io/en/latest/markdown/podman-login.1.html
If your containers connect to the host using host.containers.internal or host.docker.internal this connection can fail once the host IP changes.
The IP used is the IP when pasta is started, which is started as part of the network bridge.
To remedy this, remove all containers that use the network and the network itself, the recreate them.
or when using docker-compose files: docker compose down && docker compose up -d
ref: https://github.com/containers/podman/issues/24970
To auto-start the podman daemon whenever something connects to a socket ,you'll need to enable the podman.socket service systemctl enable --user podman.socket.
This will trigger podman.service.
To check it's status: systemctl status --user podman.service
To point regular docker-compose to the podman socket:
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
When run non-privileged containers, accessing mounted volumes will cause a permission denied error.
To verify if this is the case, check sudo ausearch -m avc -ts recent.
To remedy we can tell docker/podman to relabel the volumes: https://docs.docker.com/engine/storage/bind-mounts/#configure-the-selinux-label
Rootless containers with non-root user causes extra issues for bind mounts since the owner does not match.
using :U lets podman chown all files/dirs in the mount: https://docs.podman.io/en/latest/markdown/podman-run.1.html#volume-v-source-volume-host-dir-container-dir-options
Then, to make matters worse, if you need to move files into a mounted volume from the host, for example when downloading a file,
this file will not be properly relabeled, since it is moved.
To check if this is what is happening, check the labels of the old and new files using ll -Z.
I've not found a proper solution for this one so if I need to replace/add files in a mounted volume, like when developing grafana dashboards, I run the container privileged..
https://www.redhat.com/en/blog/debug-rootless-podman-mounted-volumes
On Fedora gnome-keyring is installed and it's ssh-agent is running on startup.
If you also have openssh installed this will results in an agent refused operation error when using an SSH host which you have both private and public key for in ~/.ssh/.
To stop the gnome-keyring from messing up, disable its autostart entry:
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/- Add
Hidden=trueto the~/.config/autostart/gnome-keyring-ssh.desktop
https://wiki.gnome.org/Projects(2f)GnomeKeyring(2f)Ssh.html https://askubuntu.com/questions/580783/cant-get-rid-of-gnome-ssh-agent/585212#585212
the ssh-agent is now moved to gcr in the form of gcr-ssh-agent started by the user-service gcr-ssh-agent.service, triggered by gcr-ssh-agent.socket.
The above is no longer needed, instead this socket/service needs to not start.
To to so in a persistant way you'll need to mask both (systemctl mask --user gcr-ssh-agent.service)
Newer openssl versions disallow some older key types/lengths. Some errors I encountered:
Unable to negotiate with 192.168.0.12 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dssBad server host key: Invalid key lengthssh_dispatch_run_fatal: Connection to 192.168.0.12 port 22: error in libcrypto
To solve (1), allow ssh-rsa using -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa.
To solve (2), check the keylength: ssh-keyscan 192.168.2.18 | ssh-keygen -lf - then use -oRSAMinSize=<key length>
To solve (3), create a openssl.cnf:
.include /etc/ssl/openssl.cnf
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = yes
And run ssh with OPENSSL_CONF=<path to file>/openssl.cnf ssh
Enter ~ .
powertop tab to "tunables" tab, this shows the devices that don't have their power management set to auto.
https://www.kernel.org/doc/html/v4.12/driver-api/pm/devices.html#sys-devices-power-control-files
You can use udev to set power/control settings:
/etc/udev/rules.d/10-runtime-pm.rules:
SUBSYSTEM!="pci", GOTO="power_runtime_rules_end"
ACTION!="add", GOTO="power_runtime_rules_end"
ATTR{power/control}=="*", ATTR{power/control}="auto"
LABEL="power_runtime_rules_end"
#Scan wifi channels
nmcli dev wifi list
Add additional IP to interface, for example to connect to a device with static IP in different subnet.
ip addr add <ip>/24 dev <network device name>
Scan for IPs on a subnet, no port scan.
nmap -sn <ip>/24
after running this, arp -a will show a lot more devices since we had recent contact.
watch "ps afx -p $PPID | grep $PPID -m 1 -A 10"
or
pstree $PPID -Tp
guvcview install using dnf, not flatpack.
Fixes the red face of the hardware defaults in a framework laptop.
ls -v | cat -n | while read n f; do mv -n "$f" "$(printf "%02d" $n) $f"; done
ls | vim -:%s/.*/mv "&" "&"/- make edits as needed
:%!sh
lsblk
There are a whole bunch of tiling gnome extensions and window managers, but I like the Tactile GNOME extension due to its simplicity.