Fedora Project, sponsored by Red Hat

9. Package-Specific Notes
Prev		Next

9. Package-Specific Notes

The following sections contain information regarding packages that have undergone significant changes for Fedora Core 5 test2. For easier access, they are generally organized using the same groups used in Anaconda.

9.1. Basic Components

This section contains information related to basic system components.

9.1.1. Fedora Extras Repository

Fedora Extras is part of the larger Fedora Project and is a volunteer-based community effort to create a repository of packages that compliment Fedora Core. The Fedora Extras repository is enabled by default from Fedora Core 5 test2 onwards.

You can lean more about Fedora Extras from:

http://fedoraproject.org/wiki/Extras

If you would like to install any software available from Fedora extras you can use yum.

yum install <packagename>

Where <packagename> is the name of the package you want to install. For example, if you wanted to install the abiword package, the command yum install abiword automatically installs the package and all dependencies.

9.1.2. Audit Daemon `auditd` and Log Files

The audit daemon, auditd, is now enabled by default. When auditd is running, the kernel directs audit messages to /var/log/audit/audit.log. The location of this file is specified in /etc/auditd.conf.

AVC messages for SELinux are sent using the audit infrastructure. These messages are now in /var/log/audit/audit.log.

When auditd is not running, the kernel passes audit messages to syslog. These logs are typically kept in /var/log/messages and are viewable using dmesg.

Audit extensions are now compiled into PAM. All programs that do grant entry to the system or change user account attributes will generate an audit message.

To enable auditing within the kernel, you must pass the parameter audit=1 to the kernel during boot. Otherwise, you can use this command to enable auditing during run time:

auditctl -e 1

9.1.3. Enabling the `slocate` Database

The database needed by the locate utility is no longer created by default. Enable the database creation by setting DAILY_UPDATE to yes in /etc/updatedb.conf if you want to use locate.

9.1.4. Stricter Controls in `openssh`

The version of OpenSSH in Fedora Core 5 test2 is based on OpenSSH 3.9 and includes strict permission and ownership checks for the user configuration file ~/.ssh/config. If this file does not have appropriate ownership and permissions, ssh will exit.

Check that ~/.ssh/config is owned by the owner of ~/, and that its permissions are set to mode 600.

ls -l ~/.ssh/config
-rw-------  1 username username 400 May  5 18:44 /home/username/.ssh/config

The directory ~/ is command-line shorthand for the logged in user's home directory, usually /home/username/.

In addition, OpenSSH is no longer configured to request X11 forwarding by default when connecting to servers. To enable X11 forwarding, the -X or -Y option must be specified, or the ForwardX11 option must be enabled in the ~/.ssh/config file.

The behavior of ssh clients that are invoked with the -X option has changed. In OpenSSH 3.8 and later, X11 forwarding is performed in a way that applications run as untrusted clients by default. Previously, X11 forwarding was performed so that applications always ran as trusted clients. Some applications may not function properly when run as untrusted clients. To forward X11 so that applications are run as trusted clients, invoke ssh with the -Y option instead of the -X option, or set ForwardX11Trusted in the ~/.ssh/config file.

9.1.5. Server and System Configuration Tools

This section highlights changes and additions to the various GUI server and system configuration tools in Fedora Core.

system-config-printer

SMB Browsing Outside Local Network
Browsing for Samba print shares across subnets is now possible. In addition, if at least one WINS server has been specified in /etc/samba/smb.conf, the first address specified will be used when browsing.
Kerberos Support for SMB Printers
The system-config-printer application supports Kerberos authentication when adding a new SMB printer. To add the printer, the user must possess a valid Kerberos ticket and /usr/sbin/printconf-gui must be launched via sudo. No username and password is stored in /etc/cups/printers.conf. Printing is still possible if the SMB print queue permits anonymous printing.

system-config-securitylevel

Trusted Service Additions
Samba is now listed in the "Trusted services" list and can thus be enabled to permit the firewall to pass SMB traffic.
Port Ranges
When defining Other Ports in the system-config-securitylevel tool, port ranges can now be specified. For example, specifying 6881-6999:tcp results in the addition of the following line to /etc/sysconfig/iptables :
```
A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6881:6999 -j ACCEPT
```

9.1.6. Java Package Recommendations

Fedora Core 5 test2 users are advised not to use the Java RPM provided by Sun. It contains Provides that conflict with names used in packages provided as part of Fedora Core 5 test2. Because of this, Sun Java might disappear from an installed system during package upgrade operations.

Fedora Core 5 test2 users should use either the RPM from jpackage.org or manually install the Sun Java tarball into /opt.

9.2. Core

This section contains the most elemental components of Fedora Core, including the kernel.

9.2.1. Linux Kernel

9.2.1.1. Version

This distribution is based on the 2.6 series of the Linux kernel. Fedora Core may include patches for improvements, bug fixes, or additional features. For this reason, the Fedora Core kernel may not be line-for-line equivalent to the vanilla kernel from the http://www.kernel.org/ website.

You may obtain a list of any such patches by using this command on the Fedora Core package:

rpm -qpl kernel-<version>.src.rpm

9.2.1.2. Changelog

The package changelog can be retrieved using the following command

      rpm -q --changelog <kernel-version>

If you need a "user friendly" version of the changelog see http://wiki.kernelnewbies.org/LinuxChanges. A short and full diff of the kernel is available from http://kernel.org/git. The Fedora version is based on the Linus tree.

Customizations made for the Fedora version are available from http://cvs.fedora.redhat.com

9.2.1.3. Kernel Flavors

Fedora Core includes the following kernel builds:

Native kernel, in both uniprocessor and SMP (Symmetric Multi Processor) varieties. Configured sources are available in the kernel-devel-version.arch.rpm package.
Virtual kernel for use with the Xen emulator package. Configured sources are available in the kernel-xen0-devel-version.arch.rpm package.

Sources for both kernel flavors may be installed at the same time. The files are installed into the /usr/src/kernels/version[-xen0]-arch/ tree. Use the command rpm -Uvh kernel-devel[-xen0]-version.arch.rpm as appropriate.

	No separate SMP kernel for x86_64
	The default kernels in x86_64 architecture provide the SMP capability. There is no seperate SMP kernel available for this architecture in Fedora Core 5 test2.

9.2.1.4. Following Generic Textbooks

Many of the tutorials, examples, and textbooks about Linux kernel development assume the kernel sources are installed under the /usr/src/linux/ directory. If you make a symbolic link, as shown below, you should be able to use those learning materials with the Fedora Core packages. Install the appropriate kernel sources, as shown earlier, and then do this:

ln -s /usr/src/kernels/kernel-version-arch /usr/src/linux

9.2.1.5. Preparing for Kernel Development

Fedora Core 5 test2 does not include the kernel-source package provided by older versions. Instead, configured sources are available as described in Section 9.2.1.3, “Kernel Flavors”. Users that require access to Fedora Core original kernel sources can find them in the kernel .src.rpm package.

To create an exploded source tree from this file, perform the following steps:

	Instructions refer to currently-running kernel
	To simplify the following directions, it is assumed that you want to configure the kernel sources to match your currently-running kernel. In the steps below, the phrase `version` refers to the kernel version shown by the command `uname -r`.

Obtain the kernel-version.src.rpm file from one of the following sources:
- The SRPMS directory on the appropriate SRPMS CD iso image.
- The FTP site where you got the kernel package.
Install by running this command:
```
yum install yum-utils yumdownloader --source kernel
```
Install kernel-version.src.rpm using the command rpm -Uvh kernel-version.src.rpm.
This writes the RPM contents into /usr/src/redhat/SOURCES and /usr/src/redhat/SPECS.
Prepare the kernel sources with these commands:
```
cd /usr/src/redhat/SPECS
rpmbuild -bp --target $(arch) kernel-2.6.spec
```
The kernel source tree is then located in the /usr/src/redhat/BUILD/kernel-version/ directory. It is common practice to move the resulting linux-version directory to the /usr/src/ tree; while not strictly necessary, you can do this to match the generally-available kernel documentation.
```
cd /usr/src/redhat/BUILD/kernel-version
mv linux-version /usr/src/
cd /usr/src\
ln -s ./linux-version linux
cd /usr/src/linux
```
The configurations for the specific kernels shipped in Fedora Core are in the configs/ directory. For example, the i686 SMP configuration file is named configs/kernel-version-i686-smp.config. Issue the following command to place the desired configuration file in the proper place for building: cp configs/desired-config-file .config
You can also find the .config file that matches your current kernel configuration in the /lib/modules/version/build/.config file.
Every kernel gets a name based on its version number. This is the value displayed by the command uname -r. The kernel name is defined by the first four lines of the kernel Makefile. To protect from mistakes, the Makefile has been changed to generate a kernel with a different name from that of the running kernel. Before a module can be accepted by the running kernel, that module must have been compiled for a kernel with the correct name. To do this, you must edit the kernel Makefile.
For example, if uname -r returns the string 2.6.11-1.234_FC4, change the EXTRAVERSION definition from this:
```
EXTRAVERSION = -prep
```
to this:
```
EXTRAVERSION = -1.234_FC4
```
This represents everything from the final dash onward in the package name.
Issue the following command:
```
make oldconfig
```
You can then proceed as usual.

9.2.1.6. Building Only Kernel Modules

An exploded source tree is not required to build a kernel module, such as your own device driver, against the currently in-use kernel. For example, to build the foo.ko module, create the following Makefile in the directory containing the foo.c file:

obj-m := foo.o

KDIR  := /lib/modules/$(shell uname -r)/build
PWD   := $(shell pwd)

ndefault:
      $(MAKE) -C $(KDIR) M=$(PWD) modules

Issue the make command to build the foo.ko module.

9.2.1.7. User Space Dependencies on the Kernel

Fedora Core 5 test2 has support for clustered storage through the Red Hat GFS file system. This requires a special kernel that works in conjunction with some user-space utilities, such as management daemons. Consequently, to remove such a kernel, perhaps after an update, you cannot simply use the rpm -e kernel-version command as in earlier distributions because these user space packages depend on the kernel package.

You may either list both the kernel package and its user space dependent packages on the rpm -e command, or you may wish to use the yum remove kernel-version command instead since yum automatically removes dependent packages if necessary.

9.2.2. Security

This section highlights various security items from Fedora Core.

9.2.2.1. General Information

General introduction to the many proactive security features in Fedora, current status and policies is available from the http://fedoraproject.org/wiki/Security page.

9.2.2.2. What's New

9.2.2.2.1. PAM module Deprecation

Pam_stack is deprecated in this release. Linux-PAM 0.78 and later contains the include directive, which obsoletes the pam_stack module. The pam_stack module usage is logged with a deprecation warning. It might be removed in a future release. It must not be used in individual service configurations anymore. All packages in Fedora Core using PAM were modified to not use pam_stack. However, when a system is upgraded from previous Fedora Core releases and the admininstrator previously modified some service configurations, those security configurations are not replaced. Instead they are created as .rpmnew files and continue to call upon pam_stack. Such service configurations must be fixed so the pam_stack module is not used. Refer to the .rpmnew files for the actual changes needed.

Example using /etc/pam.d/login:

#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so open
#%PAM-1.0
auth required pam_securetty.so
auth include system-auth
# no module should remain after 'include' if 'sufficient' might
# be used in the included configuration file
# pam_nologin moved to account phase - it's more appropriate there
# other modules might be moved before the system-auth 'include'
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
# the system-auth config doesn't contain sufficient modules
# in the session phase
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so open

9.2.2.2.2. Buffer Overflow detection and variable reordering

All of the software in the Fedora Core and Fedora Extras software repositories for this release are compiled using a security feature called fstack-protecter. fstack-protector puts a canary value on the stack of key functions, just before the return address and just before returning from that value. That canary value is verified and if there was a buffer overflow, the canary will no longer match and the program aborts. The canary value is random for each time the application is started, making it impossible to guess remotely. This is a security feature written by Red Hat developers as a port of the IBM ProPolice/SSP (http://www.research.ibm.com/trl/projects/security/ssp/ feature and available as part of GCC 4.1 compiler used in Fedora Core 5 test2.

This is in addition to using FORTIFY_SOURCE from Fedora Core 4 onwards.

9.2.2.2.3. SELinux Changes

Multi-Category Security (MCS) SELinux is included in Fedora Core 5 test2. For more information, read this informative article:

http://www.livejournal.com/users/james_morris/5583.html

9.3. Development Tools

9.3.1. Java-like Environment

A Java-like free and open source environment is available within the Fedora Core 5 test2 release.

It has three components: GNU Java runtime (libgcj), the Eclipse Java compiler (ecj), and a set of wrappers and links (java-gcj-compat) that present the runtime and compiler to the user in the same way as other Java environments are presented.

Several major software packages such as Openoffice.org Base, Eclipse, and Apache Tomcat, as well as several other Java software packages included in this release, are compatible with this environment.

For more information, refer to the FAQ:

http://www.fedoraproject.org/wiki/JavaFAQ

9.3.1.1. Java Development

To avoid naming conflicts the following have been renamed:
- rmic is now grmic
- rmiregistry is now grmiregistry
- jar is now fastjar
The GCJ compiler can now be used as a just-in-time (JIT) tool by using the gnu.jit facilities.
More support of the AWT and SWING packages have been added.

9.3.2. GCC Compiler Collection

Fedora Core 5 test2 has been built using GCC 4.1, which is included with the distribution.

Caveats

GDB 6.1 or newer is needed to debug binaries unless compiled using the -fno-var-tracking compilation option.
The -fwritable-strings option is no longer accepted.
English-language diagnostic messages now use Unicode quotes; if you cannot read this, set your LC_CTYPE environment variable to "C" or change your terminal emulator.
The specs file is no longer installed on most systems. Ordinary users will not notice, but developers who need to alter the file can use the -dumpspecs option to generate the file for editing.

Code Generation

The SSA code optimizer is now included and brings with it better constant propagation, partial redundancy elimination, load and store code motion, strength reduction, dead storage elimination, better detection of unreachable code, and tail recursion by accumulation.
Autovectorization is supported. This technique achieves higher performance for repetitive loop code, in some circumstances.

Language Extentions

A sentinel attribute has been added so that the compiler will now issue a warning if a function such as execl(char *path, const char *arg, ...), which requires a NULL list terminator is missing the NULL.
The cast-as-lvalue, conditional-expression-as-lvalue, and compund-expression-as-lvalue extentions have been removed.
The #pragma pack() semantics have been brought closer to those used by other compilers.
Taking the address of a variable declared with the register modifier now generates an error instead of a warning.
Arrays of incomplete element types now generate an error. This implies no forward reference to structure definitions.
The basic compiler, without any optimization (-O0), has been measured as much as 25% faster in real-world code.
Libraries may now contain function-scope static variables in multi-threaded programs. The -fno-threadsafe-statics can be used by embedded developers to turn off this feature, but ordinary users should never do this.

9.3.3. FORTRAN

The GNU FORTRAN 77 front end has been replaced by a new FORTRAN 90/95 recognizer.

9.3.4. Eclipse Development Environment

Eclipse 3.1M6 has been compiled as a native application.
The C Development Tool (CDT) has been included.

9.4. Internationalization (i18n)

SCIM has replaced all the other input methods. Major highlight.

9.4.1. Language Support

This section includes information related to the support of various languages under Fedora Core.

	IIIMF replaced
	SCIM has replaced IIIMF as the language input framework in Fedora Core.

9.5. Multimedia

Fedora Core includes applications for assorted multimedia functions, including playback, recording, and editing. Additional packages are available through the Fedora Extras repository.

Multimedia Players

By default, Fedora Core installs with rhythmbox, totem, and Helix Player (hxplay) for media playback. In addition, many other programs are available in the Fedora Core and Fedora Extras repositories, including the popular xmms package. Both GNOME and KDE also have specific sets of programs that can be used with a variety of formats. Other popular programs, such as Adobe/Macromedia's Flash Player, Real Player, VLC, MPlayer, and Xine, can also be installed, but are excluded from the Fedora repositories since they are not compatible with Fedora's licensing or are usually distributed with support for restricted formats. For more on this, refer to Section 9.5.1, “Excluded Multimedia Software”.

Fedora Core is also equipped to take full advantage of the Advanced Linux Sound Architecture (ALSA) sound system. This means that many programs can play sound simultaneously, which was once difficult on Linux systems. When all multimedia software is configured to use ALSA for sound support, this old limitation disappears. For more information about ALSA, visit the project website:

http://www.alsa-project.org/

Ogg and Xiph.Org Foundation Formats

Fedora includes complete support for the Ogg media container format, the Vorbis audio, Theora video, Speex audio, and FLAC lossless audio formats. More information on these formats and how to use them can be found at the Xiph.Org Foundation's web site:

http://www.xiph.org/

MP3 & DVD Support

Fedora Core and Fedora Extras cannot include support for MP3 or DVD playback or recording, because the MP3 and MPEG (DVD) formats are patented, and the patent owners have not provided the necessary licenses. For more information, refer to Section 9.5.1, “Excluded Multimedia Software”.

9.5.1. Excluded Multimedia Software

Several programs are excluded from Fedora Core and Fedora Extras due to licensing issues. These include programs that provide MP3 and DVD support, Flash Player and Real Player. For more on this subject, please refer to:

http://fedoraproject.org/wiki/ForbiddenItems

9.5.2. CD and DVD Authoring and Burning

Tools are included in Fedora Core and Fedora Extras for easily mastering and burning CDs and DVDs. Tools that can be used from the console include cdrecord, readcd, mkisofs, and other typical Linux applications. For GNOME users, the xcdroast package from Fedora Core and the graveman package from Fedora Extras allow easy preparation of audio and data discs. For KDE users, the k3b package provides a very robust tool for these tasks.

9.6. Web Servers

This section contains information on Web-related applications.

9.6.1. `httpd` a.k.a. Apache HTTP Server.

Version 2.2 of the Apache HTTP Server is now included in Fedora Core. This release brings a number of improvements since the 2.0 series, including:

greatly improved caching modules (mod_cache, mod_disk_cache, mod_memcache)
refactored authentication and authorization support
support for proxy load balancing (mod_proxy_balance)
large file support for 32-bit platforms (including support for >2Gb request bodies)
new modules mod_dbd and mod_filter bring SQL database support and enhanced filtering

The following changes have been made to the default httpd configuration:

the mod_cern_meta and mod_asis modules are no longer loaded by default
the mod_ext_filter module is now loaded by default

Any third-party modules compiled for httpd 2.0 must be rebuilt for httpd 2.2.

Any existing configuration files might need adapting for 2.2; refer to http://httpd.apache.org/docs/2.2/upgrading.html for more information.

9.6.2. php

Version 5.1 of PHP is now included in Fedora Core. This release brings a number of improvements since PHP 5.0, including:

improved performance
addition of the PDO database abstraction module

The following extension modules have been added:

pdo (in the php-pdo package)
pdo_sqlite (in the php-sqlite package)
pdo_mysql (in the php-mysql package)
pdo_pgsql (in the php-pgsql package)
pdo_odbc (in the php-odbc package)
xmlreader (in the php-xml package)

The following extension modules are no longer built:

dbx
dio
yp

9.7. Samba (Windows File System Compatibility)

This section contains information related to Samba, the suite of software that enables Linux to interact with Microsoft Windows systems.

9.7.1. SMB Browsing

Browsing of Windows shares (also known as SMB browsing) is now possible. In releases prior to Fedora Core 5 test2, the firewall prevented the proper function of SMB browsing. With the addition of the ip_conntrack_netbios_ns kernel module to the 2.6.14 kernel and corresponding enhancements to system-config-securitylevel, the firewall now properly tracks SMB browse broadcasts.

9.8. X Window System (Graphics)

9.8.1. X Window System (Graphics)

This section contains information related to the X Window System implementation provided with Fedora.

9.8.1.1. xorg-x11

X.org X11 is an open source implementation of the X Window System. It provides the basic low level functionality that full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon.

For more information about Xorg refer to http://xorg.freedesktop.org/wiki/

You can use ApplicationsSystem SettingsDisplay or run system-config-display to configure the settings. The configuration file for Xorg is located in /etc/X11/xorg.conf.

Modular X.Org X11R7 RC2 was released into Fedora development (rawhide) on November 16, 2005. This is the first modular release of Xorg. Among several benefits, modular Xorg enables users to receive updates at a faster pace, while helping developers to develop and release specific components in a rapid fashion.

More information on the current status of the Xorg modularization effort in Fedora is available from http://fedoraproject.org/wiki/Xorg/Modularization

9.8.1.2. Xorg X11R7 Developer Notes

X11R7 RC2 is included in this release and there are a number of things that software developers, and packagers in Fedora repositories, need to be aware of in order to ensure that their software or software packages properly compile and work with X11R7. Some are simple changes, while others may be more involved. Here is a summary of issues that may arise and where possible, suggestions on how to fix them.

9.8.1.2.1. The `/usr/X11R6` directory hierarchy

X11R7 installs into /usr directly now, and no longer uses the /usr/X11R6 hierarchy. Applications that rely on files being present at fixed paths under /usr/X11R6 at compile time or at run time, must be updated to use the system PATH, or some other mechanism, to dynamically determine where the files reside, or alternatively to hard code the new locations, possibly with fallbacks.

9.8.1.2.2. `Imake`

Imake is no longer used to build the X Window System, and as such is now officially deprecated. Imake, xmkmf and other utilities previously supplied by the X Window System, are still supplied in X11R7, however X.Org highly recommends that people migrate from Imake to using GNU autotools and pkg-config. Support for imake may vanish in a future X Window System release, so developers are strongly encouraged to transition away from it, and not to use it for any new software projects.

9.8.1.2.3. The systemwide app-defaults directory

The system app-defaults directory for X resources, is now %{_datadir}/X11/app-defaults, which expands to /usr/share/X11/app-defaults on Fedora Core 5 test2 and for future Red Hat Enterprise Linux systems.

9.8.1.2.4. `xft-config` can't be found

Modular X now uses GNU autotools, and pkg-config for its buildsystem configuration, etc. xft-config has been deprecated for two to three years, and pkgconfig *.pc files have been provided for most of this time. Applications that previously used xft-config to obtain the Cflags or libs options for building with, must now be updated to use pkg-config.

9.8.1.3. Xorg X11R7 Developer Overview

Here is a short list of some of the more developer/package visible changes that are present in X11R7:

The entire buildsystem has changed from Imake to the GNU autotools collection.
All of the libraries now install pkgconfig *.pc files, which should now always be used by software that depends on these libraries, instead of hard coding paths to them in /usr/X11R6/lib or elsewhere.
Everything is now installed directly into /usr instead of /usr/X11R6. All software that hard codes paths to anything in /usr/X11R6, must now be changed preferably to dynamically detect the proper location of the object, or to hard code the new paths that X11R7 uses by default. It is strongly advised to use autodetection methods rather than to hard code paths.
Every library has its own, private source package now, which creates a runtime binary subpackage, and a -devel subpackage.
Any software package that previously picked up the development headers, etc. for X libraries by using BuildRequires: (XFree86-devel|xorg-x11-devel), must now individually list each library dependency individually. When doing this, it is greatly preferred and strongly recommended to use virtual build dependencies instead of hard coding the library package names of the Xorg implementation.
This means you should use: BuildRequires: libXft-devel instead of using: BuildRequires: xorg-x11-Xft-devel. If your software truly does depend on the X.Org X11 implementation of a specific library, and there is no other clean/safe way to state the dependency, then use the xorg-x11--devel form. By sticking to the virtual provides/requires mechanism, this makes it painless if and when the libraries move to another location in the future.

9.9. Games and Entertainment

Fedora Core and Fedora Extras provide a selection of games that cover a variety of genres. By default, Fedora Core includes a small package of games for GNOME (called gnome-games). For a list of other games that are available for installation through yum, open a terminal and enter the following command:

yum groupinfo "Games and Entertainment"

For help using yum to install the assorted game packages, refer to the guide available at:

http://fedora.redhat.com/docs/yum/

Prev		Next
8. Networking	Home	10. Legacy Information