forked from rrrgh/exercise
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfedora-postinst
196 lines (153 loc) · 8.77 KB
/
fedora-postinst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
Use the /usr/sbin/getenforce or /usr/sbin/sestatus commands to check the status of SELinux. The getenforce command returns Enforcing, Permissive, or Disabled. The getenforce command returns Enforcing when SELinux is enabled (SELinux policy rules are enforced).
/usr/sbin/getenforce
/usr/sbin/sestatus
sudo dnf config-manager --set-disabled updates-testing
sudo /etc/cron.daily/logrotate
/etc/crontab
0 */2 * * * root script &> /var/log/upgrd.log
#hrdwr info
lspci -v | grep -i wireless
#rpmfusion
su -c 'dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm'
#remove flash
sudo find / -xdev -iname "*macromedia*" -o -iname "*flashplayer*" -execdir rm -ri {} \; #"find: ‘/run/user/1000/gvfs’: Permission denied" even for root #http://unix.stackexchange.com/questions/77453/why-cannot-find-read-run-user-1000-gvfs-even-though-it-is-running-as-root
sudo dnf remove flash-plugin flashplugin-installer
firefox: about:config about:plugins
sudo dnf remove rhythmbox totem thunderbird nano
sudo rpm -e --nodeps gedit totem totem-devel totem-pl-parser totem-pl-parser-devel; echo $?
dnf upgrade -y
dnf install -y glibc binutils autoconf gcc gcc-c++ libstdc++ libstdc++-devel gdb ccache valgrind anki tlp tlp-rdw htop wireshark gnome-tweak-tool vim vim-enhanced tmux p7zip p7zip-plugins bzip2 lzip evince zsh vlc gimp ffmpeg lynx java-1.8.0-openjdk-devel gnome-sudoku gnuchess xboard ShellCheck
#mosh zbar
#dnf install ncurses-devel ncurses libselinux-devel dkms acl kernel-devel kernel-headers
#dnf install pycryptopp python-crypto python-cryptography libffi-devel python-devel openssl-devel python-pip
#VirtualBox
Creating group 'vboxusers'. VM users must be member of that group!
sudo usermod -a -G vboxusers r
#VirtualBox & VMware in SecureBoot(UEFI) Linux
http://gorka.eguileor.com/category/technology/linux/
a. systemctl status vboxdrv
b. modprobe -v vboxdrv
c. Creating an X.509 Key Pair to sign the driver
openssl req -new -x509 -newkey rsa:2048 -keyout vboxdrv_X.509.priv -outform DER -out vboxdrv_X.509.der -nodes -days 36500 -subj "/CN=vboxdrv_X.509_Org/"
In the above command, replace vboxdrv_X.509 with the name of the file you want for the key and vboxdrv_X.509_Org with the Common Name you want to use. It's usually the organization that signs it.
Now you just need to sign the driver, but where's the driver located?
d. modinfo vboxdrv
e.g.
filename: /lib/modules/4.0.7-300.fc22.x86_64/extra/vboxdrv.ko
version: 5.0.0 (0x00230001)
license: GPL
description: Oracle VM VirtualBox Support Driver
author: Oracle Corporation
srcversion: BB52120EF916D88D829D91E
depends:
vermagic: 4.0.7-300.fc22.x86_64 SMP mod_unload
parm: force_async_tsc:force the asynchronous TSC mode (int)
e. sign the module using modinfo to locate the driver:
/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./vboxdrv_X.509.priv ./vboxdrv_X.509.der $(modinfo -n vboxdrv)
to confirm that the module has been signed:
modinfo vboxdrv
e.g.
filename: /lib/modules/4.0.7-300.fc22.x86_64/extra/vboxdrv.ko
version: 5.0.0 (0x00230001)
license: GPL
description: Oracle VM VirtualBox Support Driver
author: Oracle Corporation
srcversion: BB52120EF916D88D829D91E
depends:
vermagic: 4.0.7-300.fc22.x86_64 SMP mod_unload
signer: vboxdrv_X.509_Org
sig_key: C9:50:B6:C1:A3:05:BC:9C:4D:64:65:49:2F:CC:E5:8A:69:9B:17:E2
sig_hashalgo: sha256
parm: force_async_tsc:force the asynchronous TSC mode (int)
f. To enroll the public key in the vboxdrv_X.509 (Module owned Key), the UEFI partition must have MokManager.efi installed.
Now add the public key to shim's vboxdrv_X.509 list:
mokutil --import vboxdrv_X.509.der
input password:
input password again:
g. after reboot you can check that the key is in the system:
user@localhost:$ keyctl list %:.system_keyring
112560593: ---lswrv 0 0 asymmetric: Fedora kernel signing key: e948c9015e04bd4cd5879fe2f9230a1d70859c7d
489921950: ---lswrv 0 0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42
98641885: ---lswrv 0 0 asymmetric: vboxdrv_X.509_Org: d5d3e2008907a7cebc8914780bd29b03fecc214b
525156767: ---lswrv 0 0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
1001714488: ---lswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53
h. And that it was EFI who loaded it:
user@localhost:$ dmesg | grep 'EFI: Loaded cert'
[ 0.456158] EFI: Loaded cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' linked to '.system_keyring'
[ 0.456194] EFI: Loaded cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' linked to '.system_keyring'
[ 0.457111] EFI: Loaded cert 'vboxdrv_X.509_Org: d5d3e2008907a7cebc8914780bd29b03fecc214b' linked to '.system_keyring'
[ 0.457768] EFI: Loaded cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to '.system_keyring'
#https://github.com/goagent/goagent
#cp prxpy /etc/init.d/
#chkconfig --level 35 prxpy on
cp shtdwnscrpt-fedora /etc/init.d/
ln -s /etc/init.d/shtdwnscrpt-fedora /etc/rc0.d/k99shtdwnscrpt-fedora
ln -s /etc/init.d/shtdwnscrpt-fedora /etc/rc6.d/k99shtdwnscrpt-fedora
#err:
Peer's Certificate issuer is not recognized
Peer's certificate issuer has been marked as not trusted by the user
gnutls-cli -p 443 github.com
#check current shell in linux
$ ps -fp $$
UID PID PPID C STIME TTY TIME CMD
r 2262 2202 0 10:43 pts/0 00:00:00 bash
$ echo $0
bash
$ echo $SHELL
/bin/bash
# default shell --> zsh
chsh -s /usr/bin/zsh
file /usr/bin/sh
/usr/bin/sh: symbolic link to `bash'
git branch
git branch -r
git status
# reassign PRNTSCRN to open screenshot dialog
gnome-screenshot -p -i
#turn off screen
xset dpms force off
#turn off and lock screen
#disable Adobe Flash Player in Chrome:
chrome://plugins
#fcitx mozc
#https://srobb.net/jpninpt.html#Fedora
dnf search fcitx mozc
sudo dnf install -y fcitx fcitx-data fcitx-m17n fcitx-anthy fcitx-cloudpinyin fcitx-libs fcitx-configtool mozc
#font
sudo dnf install -y vlgothic-fonts vlgothic-p-fonts sazanami-mincho-fonts sazanami-gothic-fonts
#.bashrc
export LC_CTYPE=en_US.UTF-8
#$HOME/.xinitrc
export XMODIFIERS="@im=fcitx"
export GTK_IM_MODULE=fcitx
export QT_IM_MODULE=fcitx
#$HOME/.config/fcitx/profile
anthy:true
#disable ibus integration in Gnome
gsettings set org.gnome.settings-daemon.plugins.keyboard active false
#switch im-settings
imsettings-switch fcitx
#turn off ibus
su -c 'mv /usr/bin/ibus-daemon /usr/bin/ibus-daemon.bak'
#clean up old packages
https://fedoraproject.org/wiki/DNF_system_upgrade#Clean_up_old_packages
You can see list of packages with broken dependencies like this:
$ sudo dnf repoquery --unsatisfied
Ideally there should be none. If there are some, consider removing them, because they are not likely to work properly anyway.
You can see duplicated packages (packages with multiple versions installed) like this:
$ sudo dnf repoquery --duplicated
For ordinary packages, just the latest version should be installed. But there can be exceptions to the rule, only remove what you are sure you no longer need.
Some packages might stay on your system while they have been removed from the repositories. See them using:
$ sudo dnf list extras
If you don't use these, you can consider removing them. Please note that this list is only valid if you have a fully updated system. Otherwise you'll see all installed packages which are no longer in the repositories, because there is a newer update available. So before acting on these, make sure you have run sudo dnf update and generate the list of extra packages again. Also, this list might contain packages installed from third-party repositories for which an updated repository hasn't been published yet. This often involves e.g. RPM Fusion or Dropbox.
You can remove no-longer-needed packages using:
$ sudo dnf autoremove
but beware that dnf decides that a package is no longer needed if you haven't explicitly asked to install it and nothing else requires it. That doesn't mean that package is not useful or that you don't use it. Only remove what you are certain you don't need. There's a known bug in PackageKit which doesn't mark packages as user-installed, see bug 1259865. If you use PackageKit (or GNOME Software, Apper, etc) for installation, this output might list even important apps and system packages, so beware.
#Disable and Remove Unwanted Services on RHEL/CentOS
systemctl stop chronyd
systemctl disable chronyd
systemctl status httpd
systemctl stop httpd
sudo find /var/cache/PackageKit/ -name "*.rpm" -execdir rm {} \;
vim /etc/PackageKit/PackageKit.conf
KeepCache=false