PEERROUTES is created by NetworkManager, controls ignore-auto-routes, controls the peer routes, use PEERROUTES=yes

PEERROUTES and IPv6_PEERROUTES is created by NetworkManager, it controls ignore-auto-routes, and the establishment of the peer routes, you want

PEERROUTES=yes
IPV6_PEERROUTES=yes

Absent those settings, there will be no peer routes (you typically want to be route to the peers on the link)
e.g.

  • Address 2001:db8::1/64
  • Route to 2001:db8::/64 via DEVICE

Specimen

/etc/sysconfig/network-scripts/ifcfg-enp2s0

# Initially generated by dracut initrd
DEVICE="enp2s0"
ONBOOT=yes
NETBOOT=yes
UUID="550adb0f-d9ba-4da3-9214-1ffdc18dae7e"
IPV6INIT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
NAME="enp2s0"
IPV4_FAILURE_FATAL=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
DEFROUTE=yes
PEERDNS=no
PEERROUTES=yes
IPv6_DEFROUTE=yes
IPV6_PEERDNS=no
IPV6_PEERROUTES=yes

Concept

Key Name Value Type DefaultValue Value Description
ignore-auto-routes boolean FALSE When the method is set to ‘auto’ and this property to TRUE, automatically configured routes are ignored and only routes specified in the ‘routes’ property, if any, are used.

Folklore

  • 1107328“PEERROUTES” can be found in “/etc/sysconfig/network-scripts/ifcfg-em1″ on new system. Isn’t that obsolete? ; In Bugzilla of Red Hat; 2014-06-09; CLOSED.

References

  • ignore-auto-routes for IPv4 (Table 11) & IPv6 (Table 12); In NetworkManager D-Bus Reference Manual, for NetworkManager v0.9

[SOLVED] rngd: read error, No entropy sources working, exiting rngd

Explanation

<quote>

rngd has three potential sources of randomness:

  • the RdRand instruction present in some x86 CPUs.
  • a system hardware random number generator at /dev/hwrng (not /dev/hwrandom).
  • a trusted platform module at /dev/tpm0

If your CPU doesn’t support RdRand and you don’t have either of those devices, rngd won’t get triggered to start (and if it did, it would fail on startup).

</quote>

Via: commentariat; Shea Levy; In archives of some mailing list; 2012-11-29

Context

Folklore

Actualities

There are enough files...

$ ls -ld /dev/*random* /dev/*rng* /dev/tpm0
ls: cannot access /dev/tpm0: No such file or directory
crw-------. 1 root root 10, 183 Dec 27 17:47 /dev/hwrng
crw-rw-rw-. 1 root root  1,   8 Dec 27 17:47 /dev/random
crw-rw-rw-. 1 root root  1,   9 Dec 27 17:47 /dev/urandom

The daemon attempts to read, but fails and then exits.

Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: read error
Dec 27 18:20:22 server rngd: No entropy sources working, exiting rngd

On modern Fedora, use iptables-services instead of firewalld for edge hosts

For when the firewall rules are terribly complex, or you need to use a nonstandard module such as geoip from xtables-addons


$ yum search iptables-service
Loaded plugins: langpacks
===================================================== N/S matched: iptables-service ======================================================
iptables-services.i686 : iptables and ip6tables services for iptables

Name and summary matches only, use "search all" for everything.
$ sudo yum install -y iptables-services
Loaded plugins: langpacks
collected-by-file                                                                                                  | 3.0 kB  00:00:00
collected-by-http                                                                                                  | 3.0 kB  00:00:00
rpmfusion-free-updates                                                                                             | 2.7 kB  00:00:00
rpmfusion-nonfree-updates                                                                                          | 2.7 kB  00:00:00
updates/21/i386/metalink                                                                                           |  12 kB  00:00:00
Package iptables-services-1.4.21-13.fc21.i686 already installed and latest version
Nothing to do

Notes on the Operation of Kerberos: Mounting NFS (vers=4) with Kerberos (sec=krb5p) segfaults rpc.gssd

Following

tl;dr

On Fedora 21

  • yum update -y nfs-utils libtirpc gssproxy kernel kernel-PAE
  • reboot

Indications

The NFS client doesn’t “work” …  with options vers=4,sec=krb5. It’s clearly a client-side thing because the server “works” with other clients. Specifically, rpc.gssd segfaults.

On Fedora 21, after a fresh reboot…

Dec 27 17:12:33 client.example.com kernel: [  340.689185] fuse init (API version 7.23)
Dec 27 17:12:33 client.example.com kernel: fuse init (API version 7.23)
Dec 27 17:13:37 client.example.com kernel: [  404.817046] FS-Cache: Loaded
Dec 27 17:13:37 client.example.com kernel: FS-Cache: Loaded
Dec 27 17:13:37 client.example.com kernel: [  404.870948] FS-Cache: Netfs 'nfs' registered for caching
Dec 27 17:13:37 client.example.com kernel: FS-Cache: Netfs 'nfs' registered for caching
Dec 27 17:13:37 client.example.com kernel: [  404.929654] Key type dns_resolver registered
Dec 27 17:13:37 client.example.com kernel: Key type dns_resolver registered
Dec 27 17:13:37 client.example.com kernel: [  405.021340] NFS: Registering the id_resolver key type
Dec 27 17:13:37 client.example.com kernel: [  405.021370] Key type id_resolver registered
Dec 27 17:13:37 client.example.com kernel: [  405.021374] Key type id_legacy registered
Dec 27 17:13:37 client.example.com kernel: NFS: Registering the id_resolver key type
Dec 27 17:13:37 client.example.com kernel: Key type id_resolver registered
Dec 27 17:13:37 client.example.com kernel: Key type id_legacy registered
Dec 27 17:13:37 client.example.com gssproxy: gssproxy[2863]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, No credentials cache found
Dec 27 17:13:37 client.example.com kernel: [ 405.167553] rpc.gssd[3833]: segfault at 2 ip b741464a sp bf7a5e00 error 4 in libc-2.20.so[b739c000+1c5000]
Dec 27 17:13:37 client.example.com kernel: rpc.gssd[3833]: segfault at 2 ip b741464a sp bf7a5e00 error 4 in libc-2.20.so[b739c000+1c5000]
Dec 27 17:13:37 client.example.com rpc.gssd[2873]: WARNING: forked child was killed with signal 11
Dec 27 17:13:40 client.example.com abrt-server: Deleting problem directory ccpp-2015-12-27-17:13:37-3833 (dup of ccpp-2015-12-23-18:52:49-2628)

With package constellation

$ rpm -q nfs-utils libtirpc gssproxy kernel kernel-PAE
nfs-utils-1.3.1-6.3.fc21.i686
libtirpc-0.2.5-2.0.fc21.i686
gssproxy-0.4.1-1.fc21.i686
kernel-3.19.4-200.fc21.i686
kernel-PAE-3.19.4-200.fc21.i686

Diagnosis

  • Versionitis between two libraries.
  • There is no workaround
    no configuration that avoids the problem.
  • You must upgrade… something.

Confounds

  • Fedora 21
    which has addressed many other issues in Kerberos operations.

    • some package constellations work flawlessly.
    • some package constellations are unworkable.
  • Fedora 18
    may have different issues (not characterized here)

Folklore

  • #755703 – libtirpc1 0.2.4-1 causes rpc.gssd to crash on nfs4 sec=krb5 mount; In Bugs of Debian; 2014-07-22.
    Mentions:

    • The exhibited error message text is similar:
      kernel: [ 285.086078] rpc.gssd[1611]: segfault at 6c ip 00007f24c8f9e72f sp 00007fff60b1df10 error 4 in libgssapi_krb5.so.2.2[7f24c8f8b000+45000
    • The library is libgssapi_krb5.so.2.2 (though our issue is consistently manifested as error 4 in libc-2.20.so)
    • Remediation
      downgrade to libtirpc-0.2.3-2
    • Repair
      • libtirpc1 0.2.4-2
      • rpcbind 0.2.1-5
      • nfs-common 1:1.2.8-7
      • nfs-kernel-server 1:1.2.8-7 (recommended, unvalidated)
  • #707960 - rpc.gssd segfaults when mounting a nfsv4 volume; In Bugs of Debian; 2013-05-12→2013-06-01.
    Mentions:

    • The exhibited error message text is similar
    • [2262594.734234] rpc.gssd[2729]: segfault at 1 ip 00000000f74714ba sp 00000000ff830170 error 4 in libgssglue.so.1.0.0[f746e000+8000]
    • The library is libgssglue.so.1.0.0 (though our issue is consistently manifested as error 4 in libc-2.20.so)
    • References
    • Remediation
      revert to nfs-utils-1.2.6-3 down from nfs-utils-1:1.2.8-2
    • Repair
      • nfs-utils-1.2.8-4
      • <quote>The configure option name is --with-gssglue, not --with-libgssglue.</quote>
  • 841788gssd crashes at rcnfs start with NFSv4 and Kerberos; In Bugzilla of Novell; 2013-09-23→2014-09-19.
    Mentions:

    • The exhibited error message text is similar:
      kernel: [348509.305940] rpc.gssd[23614]: segfault at 1 ip 00007f1a4dd69be5 sp 00007fff0f6160f0 error 4 in libgssglue.so.1.0.0[7f1a4dd66000+9000]
      rhea kernel: [ 4977.928970] NFS: nfs4_discover_server_trunking unhandled error -512. Exiting with error EIO
    • Explanation of Comment 18, Neil Brown, 2013-11-12:
      There are a collection of ‘gss’ symbols that a device in each of two libraries.
      libgssapi_krb5 and libgssglue.
      For example gss_acquire_cred().
      The cred data structure has different contents in these two libraries!!!! So it is very important that one or the other is used consistently.
      A field that is a pointer in one structure lines up with a counter with value ’1′ in the other structure. When confusion happens we try to dereference ’1′ and that crashes. <snip>this</snip> seems likely.
  • ANNOUNCE: nfs-utils-1.2.2 released.; Lukás Hejtmánek; In linux=nfsv4; 2010-03-09.
    Mentions

    • The conflict for the (function) name gss_acquire_cred
      • nm libgssapi_krb5.so | grep gss_acquire_cred
        000000000000b3a0 T gss_acquire_cred
      • nm libgssglue.so | grep gss_acquire
        00000000000004d0 T gss_acquire_cred
    • Something about autotools choosing the wrong one
    • Suggest rebuilding gssd of nfs-utils
      • use -lgssglue
      • remove -lgssapi_krb5

Actualities

1. Failing … Fedora 21

$ rpm -q nfs-utils libtirpc gssproxy kernel kernel-PAE
nfs-utils-1.3.1-6.3.fc21.i686
libtirpc-0.2.5-2.0.fc21.i686
gssproxy-0.4.1-1.fc21.i686
kernel-3.19.4-200.fc21.i686
kernel-PAE-3.19.4-200.fc21.i686

Running kernel 3.19
Reboot!

Fixed!
$ yum update -y nfs-utils libtirpc gssproxy kernel kernel-PAE
$ tail /var/log/messages
Dec 27 17:31:22 client.example.com yum[4071]: Installed: kernel-PAE-core-4.1.13-100.fc21.i686
Dec 27 17:31:30 client.example.com yum[4071]: Installed: kernel-core-4.1.13-100.fc21.i686
Dec 27 17:31:45 client.example.com yum[4071]: Installed: kernel-modules-4.1.13-100.fc21.i686
Dec 27 17:32:00 client.example.com yum[4071]: Installed: kernel-PAE-modules-4.1.13-100.fc21.i686
Dec 27 17:32:03 client.example.com yum[4071]: Updated: gssproxy-0.4.1-2.fc21.i686
Dec 27 17:32:04 client.example.com yum[4071]: Updated: libtirpc-0.2.5-2.1.fc21.i686
Dec 27 17:32:04 client.example.com yum[4071]: Updated: kernel-PAE-4.1.13-100.fc21.i686
Dec 27 17:32:04 client.example.com yum[4071]: Installed: kernel-4.1.13-100.fc21.i686
Dec 27 17:32:06 client.example.com yum[4071]: Updated: 1:nfs-utils-1.3.1-6.4.fc21.i686
$ rpm -q nfs-utils libtirpc gssproxy kernel kernel-PAE
nfs-utils-1.3.1-6.4.fc21.i686
libtirpc-0.2.5-2.1.fc21.i686
gssproxy-0.4.1-2.fc21.i686
kernel-3.19.4-200.fc21.i686
kernel-4.1.13-100.fc21.i686
kernel-PAE-4.1.13-100.fc21.i686
$ uname -a
Linux client1.example.com 4.1.13-100.fc21.i686+PAE #1 SMP Tue Nov 10 13:30:58 UTC 2015 i686 i686 i386 GNU/Linux

2. Working … Fedora 21

$ rpm -q nfs-utils libtirpc gssproxy kernel-PAE
nfs-utils-1.3.1-6.4.fc21.i686
libtirpc-0.2.5-2.0.fc21.i686
gssproxy-0.4.1-2.fc21.i686
kernel-PAE-3.19.4-200.fc21.i686

3. Working … Fedora 21

$ rpm -q nfs-utils libtirpc gssproxy kernel
nfs-utils-1.3.1-6.4.fc21.i686
libtirpc-0.2.5-2.1.fc21.i686
gssproxy-0.4.1-2.fc21.i686
kernel-4.0.7-200.fc21.i686
kernel-4.1.6-100.fc21.i686
kernel-4.1.13-100.fc21.i686

4. Failing … Fedora 21

$ rpm -q nfs-utils libtirpc gssproxy kernel kernel-PAE | sort
gssproxy-0.4.1-1.fc21.i686
kernel-PAE-3.19.4-200.fc21.i686
libtirpc-0.2.5-2.0.fc21.i686
nfs-utils-1.3.1-6.3.fc21.i686
package kernel is not installed
$ sudo yum update -y nfs-utils libtirpc gssproxy kernel-PAE

Running Kernel 3.19

$ uname -a
Linux client4.example.com 3.19.4-200.fc21.i686+PAE #1 SMP Mon Apr 13 22:00:24 UTC 2015 i686 i686 i386 GNU/Linux
reboot
$ sudo yum update -y nfs-utils libtirpc gssproxy kernel-PAE
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package gssproxy.i686 0:0.4.1-1.fc21 will be updated
---> Package gssproxy.i686 0:0.4.1-2.fc21 will be an update
---> Package kernel-PAE.i686 0:3.19.4-200.fc21 will be updated
---> Package kernel-PAE.i686 0:4.1.13-100.fc21 will be an update
--> Processing Dependency: kernel-PAE-modules-uname-r = 4.1.13-100.fc21.i686+PAE for package: kernel-PAE-4.1.13-100.fc21.i686
--> Processing Dependency: kernel-PAE-core-uname-r = 4.1.13-100.fc21.i686+PAE for package: kernel-PAE-4.1.13-100.fc21.i686
---> Package libtirpc.i686 0:0.2.5-2.0.fc21 will be updated
---> Package libtirpc.i686 0:0.2.5-2.1.fc21 will be an update
---> Package nfs-utils.i686 1:1.3.1-6.3.fc21 will be updated
---> Package nfs-utils.i686 1:1.3.1-6.4.fc21 will be an update
--> Running transaction check
---> Package kernel-PAE-core.i686 0:4.1.13-100.fc21 will be installed
---> Package kernel-PAE-modules.i686 0:4.1.13-100.fc21 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================
 Package                              Arch                   Version                            Repository                           Size
==========================================================================================================================================
Updating:
 gssproxy                             i686                   0.4.1-2.fc21                       collected-by-file                    89 k
 kernel-PAE                           i686                   4.1.13-100.fc21                    collected-by-file                    58 k
 libtirpc                             i686                   0.2.5-2.1.fc21                     collected-by-file                    91 k
 nfs-utils                            i686                   1:1.3.1-6.4.fc21                   collected-by-file                   375 k
Installing for dependencies:
 kernel-PAE-core                      i686                   4.1.13-100.fc21                    collected-by-file                    19 M
 kernel-PAE-modules                   i686                   4.1.13-100.fc21                    collected-by-file                    17 M

Transaction Summary
==========================================================================================================================================
Install             ( 2 Dependent packages)
Upgrade  4 Packages

Total download size: 36 M
Downloading packages:
------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                     4.2 MB/s |  36 MB  00:00:08     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction (shutdown inhibited)
  Installing : kernel-PAE-core-4.1.13-100.fc21.i686                                                                                  1/10 
  Installing : kernel-PAE-modules-4.1.13-100.fc21.i686                                                                               2/10 
  Updating   : gssproxy-0.4.1-2.fc21.i686                                                                                            3/10 
  Updating   : libtirpc-0.2.5-2.1.fc21.i686                                                                                          4/10 
  Updating   : kernel-PAE-4.1.13-100.fc21.i686                                                                                       5/10 
usermod: no changes
usermod: no changes
  Updating   : 1:nfs-utils-1.3.1-6.4.fc21.i686                                                                                       6/10 
  Cleanup    : 1:nfs-utils-1.3.1-6.3.fc21.i686                                                                                       7/10 
  Cleanup    : gssproxy-0.4.1-1.fc21.i686                                                                                            8/10 
  Cleanup    : libtirpc-0.2.5-2.0.fc21.i686                                                                                          9/10 
  Cleanup    : kernel-PAE-3.19.4-200.fc21.i686                                                                                      10/10 
  Verifying  : kernel-PAE-4.1.13-100.fc21.i686                                                                                       1/10 
  Verifying  : 1:nfs-utils-1.3.1-6.4.fc21.i686                                                                                       2/10 
  Verifying  : libtirpc-0.2.5-2.1.fc21.i686                                                                                          3/10 
  Verifying  : kernel-PAE-modules-4.1.13-100.fc21.i686                                                                               4/10 
  Verifying  : gssproxy-0.4.1-2.fc21.i686                                                                                            5/10 
  Verifying  : kernel-PAE-core-4.1.13-100.fc21.i686                                                                                  6/10 
  Verifying  : kernel-PAE-3.19.4-200.fc21.i686                                                                                       7/10 
  Verifying  : 1:nfs-utils-1.3.1-6.3.fc21.i686                                                                                       8/10 
  Verifying  : libtirpc-0.2.5-2.0.fc21.i686                                                                                          9/10 
  Verifying  : gssproxy-0.4.1-1.fc21.i686                                                                                           10/10 

Dependency Installed:
  kernel-PAE-core.i686 0:4.1.13-100.fc21                             kernel-PAE-modules.i686 0:4.1.13-100.fc21                            

Updated:
  gssproxy.i686 0:0.4.1-2.fc21   kernel-PAE.i686 0:4.1.13-100.fc21   libtirpc.i686 0:0.2.5-2.1.fc21   nfs-utils.i686 1:1.3.1-6.4.fc21  

Complete!

Question: But are xtables-addons and its kernel modules updated appropriately?
Answer: seems no>, the PAE variant is not installed.

$ rpm -q -a | grep kmod
kmod-19-1.fc21.i686
kmod-libs-19-1.fc21.i686
kmod-xtables-addons-2.9-1.fc21.2.i686
kmod-xtables-addons-3.19.4-200.fc21.i686+PAE-2.6-1.fc21.16.i686
kmod-xtables-addons-4.1.13-100.fc21.i686-2.9-1.fc21.2.i686
$ sudo yum install -y kmod-xtables-addons-4.1.13-100.fc21.i686+PAE-2.9-1.fc21.2.i686
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package kmod-xtables-addons-4.1.13-100.fc21.i686+PAE.i686 0:2.9-1.fc21.2 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                                         Arch    Version         Repository            Size
====================================================================================================
Installing:
 kmod-xtables-addons-4.1.13-100.fc21.i686+PAE    i686    2.9-1.fc21.2    collected-by-file    1.3 M

Transaction Summary
====================================================================================================
Install  1 Package

Total download size: 1.3 M
Installed size: 5.6 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction (shutdown inhibited)
  Installing : kmod-xtables-addons-4.1.13-100.fc21.i686+PAE-2.9-1.fc21.2.i686                   1/1 
  Verifying  : kmod-xtables-addons-4.1.13-100.fc21.i686+PAE-2.9-1.fc21.2.i686                   1/1 

Installed:
  kmod-xtables-addons-4.1.13-100.fc21.i686+PAE.i686 0:2.9-1.fc21.2                                  

Complete!

Reboot!

Fixed!

The krb5-auth-dialog for GNOME

Configuration

Seems pretty self-configuring, within the limitations

  • Launch on logon … a GNOME dialog somewhere (not on the Settings center)
    gnome-session-properties

Folklore

Packages

$ rpm -q krb5-auth-dialog
krb5-auth-dialog-3.14.0-1.fc21.x86_64
$ rpm -q krb5-auth-dialog
krb5-auth-dialog-3.2.1-7.fc20.x86_64
$ rpm -q krb5-auth-dialog
krb5-auth-dialog-3.2.1-7.fc19.x86_64

Actualties


Also: problems with the certificate on honk.sigxcpu.org are noted.

Continued, refined & summarized: Bringing up Kerberized NFSv4 on Fedora 16 through Fedora 23

Finally from

Recipe

On client.example.com

  • Establish /etc/krb5.confwith the appropriate default realm and realm-to-DNS associations
    • sudo mv /etc/krb5.conf /etc/krb5.conf.orig
    • sudo install -m 444 krb5.conf /etc/.
  • sudo kadmin -p wbaker/admin
    This will ask for the administrative principal’s password
    The sudo is required because you’ll be writing into /etc/krb5.keytab

    • Host Principals
      typically you’ll need multiple principals for all the aliases to the host

      • Create the new host principals for the client hostname, all possible names
        addprinc -randkey host/client.example.com@EXAMPLE.COM
        addprinc -randkey host/interface.client.example.com@EXAMPLE.COM
      • Add the new host principals to the system keytab on the host
        ktadd host/client.example.com
        ktadd host/interface.client.example.com
    • NFS Principal
      typically only one principal is needed

      • Create the new NFS principal for the client hostname
        addprinc -randkey nfs/interface.client.example.com@EXAMPLE.COM
      • Add the new NFS principal to the system keytab on the host
        ktadd nfs/interface.client.example.com
  • If you are on “older” Fedora, then see the subrecipe for deleting the keytab entries pertaining to  unuseable encryption algorithms See SOLVED
    • Fixup /etc/krb5.keytab, removing the unuseable algorithms
      • sudo ktutil
        • Read rkt /etc/krb5.keytab
        • Use list to show the available algorithms
        • Use list -e to exhibit the unsupported algorithms
          the command will abort/crash/stop-abruptly upon encountering an unsupported algorithm (number).  Delete that entry. Rinse.  Repeat.
        • Use delent the encryption unuseable algorithms
        • Write wkt /etc/krb5.NEWtab to a new file
          Be sure to write the updated keytab to a NEW file and move that into place; do not attempt to update the existing keytab (there is no update/overwrite operation in wkt).
      • sudo mv /etc/krb5.NEWtab /etc/krb5.keytab
    • Ensure that /etc/identd.confhas relevant entries:
      • Domain
        e.g. Domain = DEPARTMENT.EXAMPLE.COM
      • Local-Realms (may need to be a comma-list)
        e.g. Local-Realms = DEPARTMENT.EXAMPLE.COM,EXAMPLE.COM
  • Enable and start the Secure NFS client service:
    systemctl enable nfs-secure.service
    systemctl start nfs-secure.service

On server.example.com

  • Kerberos Configuration
    • Create /etc/krb5.conf, as above
  • Kerberos Principals
    • Create the host principal keys, as above.
    • If necessary, remove unsupported algorithms, as above.
  • Enable and start the Secure NFS client service
    systemctl enable nfs-secure.service nfs-secure-server.service
    systemctl start nfs-secure-server.service
  • Exporting volumes in /etc/exports
    Export the relevant volumes with appropriate security scheme

    • sec=sys (avoid)
    • sec=krb5
    • sec=krb5i
    • sec=krb5p (use)

Specimen krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 # kdc = FILE:/var/log/krb5kdc.log
 # admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_realm = EXAMPLE.COM
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
EXAMPLE.COM = {
  kdc = kerberos.example.com
  admin_server = kerberos.example.com
}

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

References

[SOLVED] Continuing the Bringup of Kerberized NFSv4 on Fedora 16 through Fedora 23

Continued from bringing up Kerberized NFSv4 on Fedora 16 through Fedora 23
Onward as continued, refined & summarized.

tl;dr

  • To make Fedora 17 clients “work,” one must remove nfs host keys encrypted with
    • camellia128-cts-cmac
    • camellia256-cts-cmac
  • To make Fedora 18 servers “work,” one must remove nfs host keys encrypted with
    • camellia128-cts-cmac
    • camellia256-cts-cmac

Also

  • Ensure that /etc/imapd.conf has appropriate definitions for
    • Domain = the domain of the NFS clinet’s address
    • Local-Realms = the Domain and any sibling or ancestor settings

Configuration

Release Packages
Fedora 16 krb5-libs-1.9.4-3.fc16.i686
krb5-workstation-1.9.4-3.fc16.i686
nfs-utils-1.2.5-8.fc16.i686
Fedora 17 krb5-libs-1.10.2-6.fc17.i686
krb5-workstation-1.10.2-6.fc17.i686
nfs-utils-1.2.6-5.fc17.i686
Fedora 18 krb5-libs-1.10.3-17.fc18.i686
krb5-workstation-1.10.3-17.fc18.i686
nfs-utils-1.2.7-6.fc18.i686
Fedora 19 krb5-libs-1.11.3-24.fc19.x86_64
krb5-workstation-1.11.3-24.fc19.x86_64
nfs-utils-1.2.8-6.3.fc19.x86_64
Fedora 20 krb5-libs-1.11.5-19.fc20.x86_64
krb5-workstation-1.11.5-19.fc20.x86_64
nfs-utils-1.3.0-2.4.fc20.x86_64
Fedora 21 krb5-libs-1.12.2-15.fc21.x86_64
krb5-workstation-1.12.2-15.fc21.x86_64
nfs-utils-1.3.1-6.3.fc21.x86_64
Fedora 22 krb5-libs-1.13.1-3.fc22.x86_64
nfs-utils
(some version)
Fedora 23 krb5-libs-1.13.2-13.fc23.x86_64
krb5-workstation-1.13.2-13.fc23.x86_64
nfs-utils-1.3.3-1.rc1.fc23.x86_64

References

Configuration

allow_weak_crypto
defaults to false starting with krb5-1.8. When false, removes single-DES enctypes (and other weak enctypes) from permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes. Do not set this to true unless the use of weak enctypes is an acceptable risk for your environment and the weak enctypes are required for backward compatibility.
permitted_enctypes
controls the set of enctypes that a service will accept as session keys.
default_tkt_enctypes
controls the default set of enctypes that the Kerberos client library requests when making an AS-REQ. Do not set this unless required for specific backward compatibility purposes; stale values of this setting can prevent clients from taking advantage of new stronger enctypes when the libraries are upgraded.
default_tgs_enctypes
controls the default set of enctypes that the Kerberos client library requests when making a TGS-REQ. Do not set this unless required for specific backward compatibility purposes; stale values of this setting can prevent clients from taking advantage of new stronger enctypes when the libraries are upgraded.

The following per-realm setting in kdc.conf affects the generation of long-term keys.

supported_enctypes
controls the default set of enctype-salttype pairs that kadmind will use for generating long-term keys, either randomly or from passwords.
enctype weak? krb5
des-cbc-crc weak all
des-cbc-md4 weak all
des-cbc-md5 weak all
des3-cbc-sha1 notyet >=1.1
arcfour-hmac notyet >=1.3
arcfour-hmac-exp weak >=1.3
aes128-cts-hmac-sha1-96 notyet >=1.3
aes256-cts-hmac-sha1-96 notyet >=1.3
camellia128-cts-cmac notyet >=1.9
camellia256-cts-cmac notyet >=1.9

AMD Catalyst is no longer supported at RPM Fusion after Fedora 21, not for Fedora 22 or Fedora 23

Availability

Documentation

AMD Radeon Software Crimson Edition Linux 15.11 Proprietary Graphics Driver Release Notes

  • Fedora is not mentioned
  • Declared support
    • Red Hat Enterprise Linux Suite 7.2, 7.1, 7.0, 6.7, 6.6, 6.5
    • Ubuntu 12.04.4 LTS, 14.04.2, 14.04.3, 15.04, 15.10
    • SUSE® Linux Enterprise 11 SP3, 12
    • OpenSuSE 13.1
  • Linux kernel 2.6 or above (up to 3.19)
    i.e. not after 3.19 and definitely not the 4.x series
  • Xorg/Xserver 7.4 and above (up to 1.17)

<quote>

Before attempting to install the AMD Radeon Software Crimson Edition Linux 15.11 Proprietary Graphics Driver, the following software must be installed:

  • Xorg/Xserver 7.4 and above (up to 1.17)
  • Linux kernel 2.6 or above (up to 3.19)
  • glibc version 2.2 or 2.3
  • POSIX Shared Memory (/dev/shm) support is required for 3D applications

</quote>

Folklore

Phoronix

  • What The Radeon “Crimson” Control Center Looks Like On Linux;

    Michael Larabel; in His Blog entitled Phoronix; 2015-11-24.
    tl;dr → reports success on Ubuntu 15.10

    • Renaming
      • Crimson Linux Driver
      • Radeon
      • AMDCCCLE (AMD Catalyst Control Center Linux Edition)
        becomes
        AMDRCCLE (AMD Radeon Control Center Linux Edition)
    • vglrx 15.30

RPMFusion

from rpmfusion-users@rpmfusion.org

From: Dario Castellarin, 2015-11-23
Afaik Catalyst has not been dropped for lack of interest, but because it doesn’t support the newer versions of kernel and xorg that Fedora ships, and it’s generally speaking a huge PITA to support. If you have a Fury card, open source support has been published recently and it should land in kernel 4.5, but you can already build your own from git, of you’re in a hurry…

From: Stephen Adler, 2015-11-23.
Guys,
I bought a Radeon Fury card and I would like to get it running with the latest fedora dist. It seems like the catalyst support has been dropped for lack of interest. Is this true? If so, is there any hope of seeing the support come back? I may offer some package maintenance cycles depending on how much time it would take. Or is the open source support for the Radeon cards sufficient and thus the reason interest in the proprietary ATI driver has dropped?
Thanks. Steve.

Enabling and configuring a static iptables firewall in Fedora 21 (Workstation or Server)

$ sudo yum install -y iptables-services
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.i686 0:1.4.21-13.fc21 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                    Arch          Version                  Repository                  Size
====================================================================================================
Installing:
 iptables-services          i686          1.4.21-13.fc21           collected-by-file           53 k

Transaction Summary
====================================================================================================
Install  1 Package

Total download size: 53 k
Installed size: 19 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction (shutdown inhibited)
  Installing : iptables-services-1.4.21-13.fc21.i686                                            1/1 
warning: /etc/sysconfig/ip6tables created as /etc/sysconfig/ip6tables.rpmnew
warning: /etc/sysconfig/iptables created as /etc/sysconfig/iptables.rpmnew
  Verifying  : iptables-services-1.4.21-13.fc21.i686                                            1/1 

Installed:
  iptables-services.i686 0:1.4.21-13.fc21                                                           

Complete!
$ sudo systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

$ sudo systemctl start iptables
Job for iptables.service failed. See "systemctl status iptables.service" and "journalctl -xe" for details.

Folklore

Continued characterization, but no solution, for the Dell M3800 with Fedora 21 and Broadcom’s Bluetooth brcm/BCM20702A0-0a5c-216f.hcd binary blob

Continuing: Bluetooth seen working on the Dell M3800 with Fedora 21 and Broadcom’s Bluetooth brcm/BCM20702A0-0a5c-216f.hcd binary blob, still not solved, or ameliorated.

An example of syslog messages from a boot trace where the firmware was loaded correctly, three suspend-resume sycles occurred with the firmware failing to (re)load on the third cycle.

Specimen

$ cat /var/log/messages | grep -i bluetooth
<snip/>
Oct  5 13:39:56 sonsie bluetoothd[1063]: Endpoint unregistered: sender=:1.56 path=/MediaEndpoint/A2DPSource
Oct  5 13:39:56 sonsie bluetoothd[1063]: Endpoint unregistered: sender=:1.56 path=/MediaEndpoint/A2DPSink
Oct  5 13:40:58 sonsie kernel: [   40.537859] Bluetooth: Core ver 2.20
Oct  5 13:40:58 sonsie kernel: [   40.537878] Bluetooth: HCI device and connection manager initialized
Oct  5 13:40:58 sonsie kernel: [   40.537882] Bluetooth: HCI socket layer initialized
Oct  5 13:40:58 sonsie kernel: [   40.537885] Bluetooth: L2CAP socket layer initialized
Oct  5 13:40:58 sonsie kernel: [   40.537891] Bluetooth: SCO socket layer initialized
Oct 5 13:40:58 sonsie kernel: [ 40.594551] Bluetooth: hci0: BCM: patching hci_ver=06 hci_rev=1000 lmp_ver=06 lmp_subver=220e Oct 5 13:40:58 sonsie kernel: [ 41.201337] Bluetooth: hci0: BCM: firmware hci_ver=06 hci_rev=1624 lmp_ver=06 lmp_subver=220e 
Oct  5 13:39:56 sonsie bluetoothd[1063]: Terminating
Oct  5 13:39:56 sonsie bluetoothd[1063]: Stopping SDP server
Oct  5 13:39:56 sonsie bluetoothd[1063]: Exit
Oct  5 13:40:58 sonsie kernel: [   41.809621] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
Oct  5 13:40:58 sonsie kernel: [   41.809625] Bluetooth: BNEP filters: protocol multicast
Oct  5 13:40:58 sonsie kernel: [   41.809629] Bluetooth: BNEP socket layer initialized
Oct  5 13:40:57 sonsie kernel: Bluetooth: Core ver 2.20
Oct  5 13:40:57 sonsie kernel: Bluetooth: HCI device and connection manager initialized
Oct  5 13:40:57 sonsie kernel: Bluetooth: HCI socket layer initialized
Oct  5 13:40:57 sonsie kernel: Bluetooth: L2CAP socket layer initialized
Oct  5 13:40:57 sonsie kernel: Bluetooth: SCO socket layer initialized
Oct  5 13:40:57 sonsie kernel: Bluetooth: hci0: BCM: patching hci_ver=06 hci_rev=1000 lmp_ver=06 lmp_subver=220e
Oct  5 13:40:57 sonsie kernel: Bluetooth: hci0: BCM: firmware hci_ver=06 hci_rev=1624 lmp_ver=06 lmp_subver=220e
Oct  5 13:40:58 sonsie bluetoothd[1341]: Bluetooth daemon 5.29
Oct  5 13:40:58 sonsie bluetoothd[1341]: Starting SDP server
Oct  5 13:40:58 sonsie kernel: Bluetooth: BNEP (Ethernet Emulation) ver 1.3
Oct  5 13:40:58 sonsie kernel: Bluetooth: BNEP filters: protocol multicast
Oct  5 13:40:58 sonsie kernel: Bluetooth: BNEP socket layer initialized
Oct  5 13:40:58 sonsie bluetoothd[1341]: Bluetooth management interface 1.8 initialized
Oct  5 13:40:58 sonsie bluetoothd[1341]: Failed to obtain handles for "Service Changed" characteristic
Oct  5 13:40:58 sonsie NetworkManager[1483]:   Loaded device plugin: /usr/lib64/NetworkManager/libnm-device-plugin-bluetooth.so
Oct  5 13:41:01 sonsie NetworkManager[1483]:   (F8:F1:B6:90:2E:D5): new Bluetooth device (driver: 'bluez' ifindex: 0)
Oct  5 13:41:13 sonsie bluetoothd[1341]: Endpoint registered: sender=:1.56 path=/MediaEndpoint/A2DPSource
Oct  5 13:41:13 sonsie bluetoothd[1341]: Endpoint registered: sender=:1.56 path=/MediaEndpoint/A2DPSink
Oct  5 13:41:13 sonsie kernel: [   56.715761] Bluetooth: RFCOMM TTY layer initialized
Oct  5 13:41:13 sonsie kernel: [   56.715769] Bluetooth: RFCOMM socket layer initialized
Oct  5 13:41:13 sonsie kernel: [   56.715812] Bluetooth: RFCOMM ver 1.11
Oct  5 13:41:13 sonsie kernel: Bluetooth: RFCOMM TTY layer initialized
Oct  5 13:41:13 sonsie kernel: Bluetooth: RFCOMM socket layer initialized
Oct  5 13:41:13 sonsie kernel: Bluetooth: RFCOMM ver 1.11
<suspending/>
Oct  5 13:45:54 sonsie bluetoothd[1341]: Unable to get io data for Object Push: getpeername: Transport endpoint is not connected (107)
<suspend/>
<resume/>
Oct 5 13:58:17 sonsie kernel: Bluetooth: hci0: BCM: patching hci_ver=06 hci_rev=1000 lmp_ver=06 lmp_subver=220e Oct 5 13:58:17 sonsie kernel: [ 695.669721] Bluetooth: hci0: BCM: patching hci_ver=06 hci_rev=1000 lmp_ver=06 lmp_subver=220e Oct 5 13:58:18 sonsie kernel: [ 696.273496] Bluetooth: hci0: BCM: firmware hci_ver=06 hci_rev=1624 lmp_ver=06 lmp_subver=220e Oct 5 13:58:18 sonsie kernel: Bluetooth: hci0: BCM: firmware hci_ver=06 hci_rev=1624 lmp_ver=06 lmp_subver=220e
Oct  5 13:58:18 sonsie bluetoothd[1341]: Endpoint unregistered: sender=:1.56 path=/MediaEndpoint/A2DPSource
Oct  5 13:58:18 sonsie bluetoothd[1341]: Endpoint unregistered: sender=:1.56 path=/MediaEndpoint/A2DPSink
Oct  5 13:58:18 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  5 13:58:18 sonsie bluetoothd[1341]: Failed to obtain handles for "Service Changed" characteristic
Oct  5 13:58:18 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  5 13:58:18 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  5 13:58:18 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  5 13:58:18 sonsie bluetoothd[1341]: Endpoint registered: sender=:1.56 path=/MediaEndpoint/A2DPSource
Oct  5 13:58:18 sonsie bluetoothd[1341]: Endpoint registered: sender=:1.56 path=/MediaEndpoint/A2DPSink
Oct  5 13:58:18 sonsie NetworkManager[1483]:   (F8:F1:B6:90:2E:D5): new Bluetooth device (driver: 'bluez' ifindex: 0)
<suspend/>
<resume/>
Oct  5 21:26:31 sonsie bluetoothd[1341]: Endpoint unregistered: sender=:1.56 path=/MediaEndpoint/A2DPSource
Oct  5 21:26:31 sonsie bluetoothd[1341]: Endpoint unregistered: sender=:1.56 path=/MediaEndpoint/A2DPSink
Oct  5 21:26:31 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  5 21:26:31 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  5 21:26:31 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  5 21:26:31 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  5 21:26:31 sonsie bluetoothd[1341]: Failed to obtain handles for "Service Changed" characteristic
Oct  5 21:26:31 sonsie bluetoothd[1341]: Endpoint registered: sender=:1.56 path=/MediaEndpoint/A2DPSource
Oct  5 21:26:31 sonsie bluetoothd[1341]: Endpoint registered: sender=:1.56 path=/MediaEndpoint/A2DPSink
<suspend/>
<resume/>
Oct 6 08:41:12 sonsie kernel: [26523.176432] bluetooth hci0: firmware: brcm/BCM20702A0-0a5c-216f.hcd will not be loaded Oct 6 08:41:13 sonsie kernel: bluetooth hci0: firmware: brcm/BCM20702A0-0a5c-216f.hcd will not be loaded
Oct  6 08:41:13 sonsie bluetoothd[1341]: Endpoint unregistered: sender=:1.56 path=/MediaEndpoint/A2DPSource
Oct  6 08:41:13 sonsie bluetoothd[1341]: Endpoint unregistered: sender=:1.56 path=/MediaEndpoint/A2DPSink
Oct  6 08:41:13 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  6 08:41:13 sonsie bluetoothd[1341]: Failed to obtain handles for "Service Changed" characteristic
Oct  6 08:41:13 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  6 08:41:13 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  6 08:41:13 sonsie dbus[1367]: [system] Rejected send message, 11 matched rules; type="error", sender=":1.56" (uid=25500 pid=3361 comm="/usr/bin/pulseaudio --start ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.2" (uid=0 pid=1341 comm="/usr/libexec/bluetooth/bluetoothd ")
Oct  6 08:41:13 sonsie bluetoothd[1341]: Endpoint registered: sender=:1.56 path=/MediaEndpoint/A2DPSource
Oct  6 08:41:13 sonsie bluetoothd[1341]: Endpoint registered: sender=:1.56 path=/MediaEndpoint/A2DPSink

Bluetooth seen working on the Dell M3800 with Fedora 21 and Broadcom’s Bluetooth brcm/BCM20702A0-0a5c-216f.hcd binary blob

tl;dr

$ cd /usr/lib/firmware/brcm
$ sudo ln -sr /usr/lib/firmware/brcm/BCM20702{A0,A1}-0a5c-216f.hcd

$ ls -l
total 9700
-r--r--r--. 1 root root  35080 Jul 25 11:25 BCM20702A0-0a5c-216f.hcd
-r--r--r--. 1 root root  34700 Jul 25 09:56 BCM20702A0-0a5c-21e8.hcd
lrwxrwxrwx. 1 root root     24 Sep 23 13:41 BCM20702A1-0a5c-216f.hcd -> BCM20702A0-0a5c-216f.hcd
<snip/>

You need the symlink.

Summary

  • When loaded, the blob seems to work (bluetooth works).
  • Yet it can fail in place; perhaps after a suspend-resume cycle.

Revision

  • Something else is going on.
  • Sometimes the firmware loads.
  • Sometimes the firmware fails to load.
  • It may have something to do with the crashes, hangs & heating observed in multiple suspend-resume cycles.

Frustration

Trending towards: Does Not Work With Linux
This is still a hobbyist’s & enthusiast’s machine; it can’t be used for production work except in the factory-install configuration.
Dell delivered a working machine.  Aftermarket conversion to Fedora is nearly unuseable.
If it weren’t for the 4K display, this machine would be AVOID.

Following up from: Experiences with the Dell M3800 with Fedora 21 and Broadcom’s Bluetooth brcm/BCM20702A0-0a5c-216f.hcd binary blob

Indeed, the gear does work with the factory-prepared Ubuntu 14.04 LTE that Dell installed.  But it has so much blobbery and idiosyncratic non-open hardware that you won’t be able to upgrade beyond what the Dell team was able to assemble.  It is unknown how they were able to assemble a working configuration.

It’s 2015 and GPUs still don’t “just work.”

I did mention it has a 4K2K display, right?  That’s why we’re here.  That’s a can’t-live-without thing nowadays.

Goal

  • “just works”
  • bluetooth “just works”
  • graphics “just works”
  • suspend “just works”

Mentions

  • There is a blob
  • You have to get the correct blob
  • You need to make a symlink nearby to the blob.
  • Debugging whether the blob loaded or was caused to load-but-failed  is murky.
  • Something about the udev subsystem.

Folklore

  • How to fix Dell XPS 13 (2015) for Ubuntu 15.04; Tiago Cogumbreiro; In His Notes; 2015-08-15.
    • Covers
      • High DPI; in Arch Linux Wiki
      • Suspend Error; kermel patch for Ubuntu bcmwl-kernel-source
      • Bluetooth Problems (relevant here)
      • TLP
    • Actualities for BIOS revision A05
      Hardware name: Dell Inc. XPS 13 9343/0310JH, BIOS A05 07/14/2015
    • Dell XPS 13 (2015) – Bluetooth; in Arch Linux Wiki
    • Especially reminding about the need to create the symlink
      ln -rs /lib/firmware/brcm/BCM20702A1-0a5c-216f.hcd /lib/firmware/brcm/BCM20702A0-0a5c-216f.hcd
      which will be /usr/lib/firmware/brcm on Fedora 21

References

  • Section 14.8Dealing with Firmware; In Some Linux Kernel Documentation.
    • Describes the upcall to userland request_firmware(…)
    • Does not describe how userland receives the upcall or acts upon it.
  • Firmware; In Ubuntu Wiki
  • Dell XPS 13 (2015) – Bluetooth; in Arch Linux Wiki

Evidences

The symlink is required to make the firmware load.

Actions

$ cd /usr/lib/firmware/brcm
$ sudo ln -sr /usr/lib/firmware/brcm/BCM20702{A0,A1}-0a5c-216f.hcd

$ ls -l
total 9700
-r--r--r--. 1 root root  35080 Jul 25 11:25 BCM20702A0-0a5c-216f.hcd
-r--r--r--. 1 root root  34700 Jul 25 09:56 BCM20702A0-0a5c-21e8.hcd
lrwxrwxrwx. 1 root root     24 Sep 23 13:41 BCM20702A1-0a5c-216f.hcd -> BCM20702A0-0a5c-216f.hcd
<snip/>

Evidences

Sep 23 10:41:37 devbox kernel: bluetooth hci0: firmware: brcm/BCM20702A0-0a5c-216f.hcd will not be loaded
Sep 23 10:41:37 devbox kernel: Bluetooth: hci0: BCM: patch brcm/BCM20702A0-0a5c-216f.hcd not found
$ find /usr/lib/firmware -name '*216f.hcd'
/usr/lib/firmware/brcm/BCM20702A0-0a5c-216f.hcd
$ ls -ldZ /usr/lib/firmware/brcm/BCM20702A0-0a5c-216f.hcd
-r--r--r--. root root system_u:object_r:lib_t:s0       /usr/lib/firmware/brcm/BCM20702A0-0a5c-216f.hcd
$ find /usr/lib -path '*brcm/BCM20702A0-0a5c-216f.hcd' -ls
660333   36 -r--r--r--   1 root     root        35080 Jul 25 11:25 /usr/lib/firmware/brcm/BCM20702A0-0a5c-216f.hcd
$ lsusb -t
/:  Bus 04.Port 1: Dev 1,, Driver=ehci-pci/2p, 480M
|__ Port 1: Dev 2, If 0,, Driver=hub/8p, 480M
/:  Bus 03.Port 1: Dev 1,, Driver=ehci-pci/2p, 480M
|__ Port 1: Dev 2, If 0,, Driver=hub/6p, 480M
/:  Bus 02.Port 1: Dev 1,, Driver=xhci_hcd/6p, 5000M
|__ Port 2: Dev 13, If 0,, Driver=hub/1p, 5000M
|__ Port 1: Dev 14, If 0, Specific Class, Driver=, 5000M
|__ Port 1: Dev 14, If 1, Specific Interface, Driver=, 5000M
|__ Port 1: Dev 14, If 2,, Driver=snd-usb-audio, 5000M
|__ Port 1: Dev 14, If 3,, Driver=snd-usb-audio, 5000M
|__ Port 1: Dev 14, If 4,, Driver=snd-usb-audio, 5000M
|__ Port 1: Dev 14, If 5,, Driver=cdc_ncm, 5000M
|__ Port 1: Dev 14, If 6, Data, Driver=cdc_ncm, 5000M
/:  Bus 01.Port 1: Dev 1,, Driver=xhci_hcd/14p, 480M
|__ Port 2: Dev 20, If 0,, Driver=hub/4p, 480M
|__ Port 3: Dev 21, If 0, Interface Device, Driver=usbhid, 1.5M
|__ Port 4: Dev 22, If 0, Interface Device, Driver=usbhid, 1.5M
|__ Port 6: Dev 5, If 0, Interface Device, Driver=usbhid, 12M
|__ Port 9: Dev 6, If 0, Specific Class, Driver=btusb, 12M
|__ Port 9: Dev 6, If 1, Specific Class, Driver=btusb, 12M
|__ Port 9: Dev 6, If 2, Specific Class, Driver=, 12M
|__ Port 9: Dev 6, If 3, Specific Interface, Driver=, 12M
|__ Port 11: Dev 7, If 0,, Driver=uvcvideo, 480M
|__ Port 11: Dev 7, If 1,, Driver=uvcvideo, 480M
$ lsusb
Bus 004 Device 002: ID 8087:8000 Intel Corp.
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 8087:8008 Intel Corp.
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 014: ID 17e9:436f DisplayLink
Bus 002 Device 013: ID 2109:0210 VIA Labs, Inc.
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 006: ID 0a5c:216f Broadcom Corp.
Bus 001 Device 005: ID 04f3:21f9 Elan Microelectronics Corp.
Bus 001 Device 022: ID 03f0:0024 Hewlett-Packard KU-0316 Keyboard
Bus 001 Device 021: ID 046d:c018 Logitech, Inc. Optical Wheel Mouse
Bus 001 Device 020: ID 2109:2210 VIA Labs, Inc.
Bus 001 Device 007: ID 0bda:573c Realtek Semiconductor Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

From /var/log/messages

Hardware name: Dell Inc. Dell Precision M3800/Dell Precision M3800, BIOS A09 01/08/2015

UNSOLVED: Dell M3800 Fedora 21 – more hangs and spews ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41 profile =00:25:9c:63:75:8b

Previously

The machine is rapidly becoming unusable. Especially delicate is that screensaver & display blanking faults require a power cycle.

  • Upon screensaver, the graphics faults and is “hung” → one must power cycle to recover control.
  • Upon suspend, the CPU (GPU?) runs hard, it gets hot and hangs → one must power down to recover control.

(UNSOLVED) Dell M3800 under Fedora 21 (but not Dell-Factory Ubuntu 14) does not suspend, runs super-hot, hangs

Indications

Sep 15 14:56:07 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:13 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:13 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:19 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:19 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:25 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:25 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:31 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:31 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:37 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:37 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:43 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:43 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:49 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:49 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:55 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:56:55 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:57:01 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:57:01 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:57:07 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:57:07 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:57:13 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:57:13 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 15 14:57:19 example.com kernel: ERROR @wl_cfg80211_get_station : Wrong Mac address, mac = c0:c1:c0:07:86:41   profile =00:25:9c:63:75:8b
Sep 16 11:06:18 sonsie kernel: [   31.704603] ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Pac
kage] (20150204/nsarguments-95)
Sep 16 11:06:18 sonsie kernel: [   31.704708] ACPI: \_SB_.PCI0.PEG0.PEGP: failed to evaluate _DSM
Sep 16 11:06:18 sonsie kernel: [   31.704713] ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Pac
kage] (20150204/nsarguments-95)
Sep 16 11:06:24 sonsie kernel: [   37.509492] nouveau E[    PBUS][0000:02:00.0] MMIO write of 0x00000002 FAULT at 0x4188ac [ IBUS ]
Sep 16 11:06:26 sonsie kernel: [   39.665225] tun: Universal TUN/TAP device driver, 1.6
Sep 16 11:06:26 sonsie kernel: [   39.665227] tun: (C) 1999-2004 Max Krasnyansky 
Sep 16 11:06:30 sonsie kernel: [   43.707905] ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Pac
kage] (20150204/nsarguments-95)
Sep 16 11:06:30 sonsie kernel: [   43.707989] ACPI: \_SB_.PCI0.PEG0.PEGP: failed to evaluate _DSM
Sep 16 11:06:30 sonsie kernel: [   43.707992] ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Pac
kage] (20150204/nsarguments-95)
Sep 16 11:06:32 sonsie kernel: [   46.042587] Adjusting tsc more than 11% (6262765 vs 8115577)
Sep 16 11:06:35 sonsie kernel: [   48.859093] fuse init (API version 7.23)
Sep 16 11:06:35 sonsie kernel: [   49.724054] nouveau E[    PBUS][0000:02:00.0] MMIO write of 0x00000002 FAULT at 0x4188ac [ IBUS ]
Sep 16 11:06:36 sonsie kernel: [   50.561330] Bluetooth: RFCOMM TTY layer initialized
Sep 16 11:06:36 sonsie kernel: [   50.561337] Bluetooth: RFCOMM socket layer initialized
Sep 16 11:06:36 sonsie kernel: [   50.561382] Bluetooth: RFCOMM ver 1.11
Sep 16 11:06:41 sonsie kernel: [   55.150323] ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Pac
kage] (20150204/nsarguments-95)
Sep 16 11:06:41 sonsie kernel: [   55.150423] ACPI: \_SB_.PCI0.PEG0.PEGP: failed to evaluate _DSM
Sep 16 11:06:41 sonsie kernel: [   55.150429] ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Pac
kage] (20150204/nsarguments-95)
Sep 16 11:19:33 sonsie rsyslogd-2177: imjournal: 584788 messages lost due to rate-limiting

Context

$ lspci -v | grep Broad
06:00.0 Network controller: Broadcom Corporation BCM4352 802.11ac Wireless Network Adapter (rev 03)
$ rpm -q -a | grep -i broadc
broadcom-wl-6.30.223.248-3.fc21.noarch
$ uname -a
Linux box.example.com 4.0.7-200.fc21.x86_64 #1 SMP Mon Jun 29 22:11:52 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ dmesg | grep Broadcom
[ 2.953312] usb 1-9: Manufacturer: Broadcom Corp
[ 25.747449] eth0: Broadcom BCM43b1 802.11 Hybrid Wireless Controller 6.30.223.248 (r487574)

Reports

  • 914975@wl_cfg80211_get_station : Wrong Mac address; In Red Hat Bugzilla; 2013-02.
    tl;dr → CLOSED CANTFIX → Broadcom is not FOSS, it is not supported; was reported against Fedora 18.
  • 1163401[11125.005426] ERROR @wl_cfg80211_get_station : Wrong Mac address ; In Ubuntu Launchpad; 2013-04-02.
    tl;dr → declared a duplicate of 1097519
  • 1097519bcmwl-kernel-source_6.20 update breaks for BCM4313; In Ubuntu Launchpad; 2013-01-08.

Folklore

  • Nick Groenen; Fixing the Broadcom BCM4331 wireless drivers on Ubuntu 13.10; In His Blog; 2013-11-09.
    tl;dr → covers bcmwl-kernel-source_6.20.155.1+bdcom-0ubuntu6_amd64.deb
  • bcmwl-kernel-source of Ubuntu Packages
  • Something about two drivers that almost work …
    • brcmsmac
    • wl
  • Something about the broadcoam-sta-* package(s).
  • Something about the b43driver which is “in tree”
    • that it could or should work or should be made to work
    • Comment 7Re: Use brcmsmac driver for BCM4313

Does PiTiVi even work? For any media format? On any platform? For any purpose? At all?

Betteridge’s Law: no.

PiTiVi:  Does. Not. Work.  Avoid.
There are no known success scenarios on any platform, any hardware, any media format.

Scenario

Simple: copyin/copyout.  The simplest possible test case.

  • load a video ~1 min.
  • render that video.

Must be playable, with audio. No crashes, no fried hardware.

This cannot be done.

Common

in increasing order of severity, all are common

  • Cryptic messages about codes & drivers not available.
  • Python exceptions, uncaught
  • X11 client terminations & segfaults
  • Xorg server segfaults
  • Scrambled hardware (hard powercycle required)

Success

Fedora 21

  • input → mp4

  • output → ogg

Failures

Fedora 21

  • hangs in rendering at “Initializing…”
    • input → mp4

    • output → mp4

Fedora 20

  • incomprehensible python messages & exceptions

Fedora 19

  • When executing PiTiVi locally
    • X11 client termination & segfault
  • When executing PiTiVi remotely
    • Xorg server segfaults
    • Hardware required power cycle.

Fedora 19, Catalyst 14.4

$ rpm -q -a | grep -Ee '(xorg|cataly)' | sort
abrt-addon-xorg-2.2.0-1.fc19.x86_64
akmod-catalyst-14.4-1.fc19.x86_64
kmod-catalyst-14.4-1.fc19.1.x86_64
kmod-catalyst-3.13.9-100.fc19.x86_64-14.4-1.fc19.x86_64
kmod-catalyst-3.14.4-100.fc19.x86_64-14.4-1.fc19.1.x86_64
kmod-catalyst-3.9.5-301.fc19.x86_64-13.6-0.1.beta.fc19.3.x86_64
xorg-x11-drv-catalyst-14.4-1.fc19.x86_64
xorg-x11-drv-catalyst-libs-14.4-1.fc19.x86_64
<snip/>
xorg-x11-server-common-1.14.4-3.fc19.x86_64
xorg-x11-server-Xorg-1.14.4-3.fc19.x86_64
/var/log/Xorg.0.log
[1275119.878] Loading extension ATIFGLRXDRI
[1275119.878] (II) fglrx(0): doing swlDriScreenInit
[1275119.878] (II) fglrx(0): swlDriScreenInit for fglrx driver
[1275119.878] ukiDynamicMajor: found major device number 246
[1275119.878] ukiDynamicMajor: found major device number 246
[1275119.878] ukiDynamicMajor: found major device number 246
[1275119.878] ukiOpenByBusid: Searching for BusID PCI:1:0:0
[1275119.878] ukiOpenDevice: node name is /dev/ati/card0
[1275119.878] ukiOpenDevice: open result is 12, (OK)
[1275119.878] ukiOpenByBusid: ukiOpenMinor returns 12
[1275119.878] ukiOpenByBusid: ukiGetBusid reports PCI:1:0:0
[1275119.878] (II) fglrx(0): [uki] DRM interface version 1.0
[1275119.878] (II) fglrx(0): [uki] created "fglrx" driver at busid "PCI:1:0:0"
[1275119.878] (II) fglrx(0): [uki] added 8192 byte SAREA at 0x3f5b4000
[1275119.879] (II) fglrx(0): [uki] mapped SAREA 0x3f5b4000 to 0x7f5cdadd0000
[1275119.879] (II) fglrx(0): [uki] framebuffer handle = 0x3f5b5000
[1275119.879] (II) fglrx(0): [uki] added 1 reserved context for kernel
[1275119.879] (II) fglrx(0): swlDriScreenInit done
[1275119.879] (II) fglrx(0): Kernel Module Version Information:
[1275119.879] (II) fglrx(0):     Name: fglrx
[1275119.879] (II) fglrx(0):     Version: 14.10.2
[1275119.879] (II) fglrx(0):     Date: Apr 17 2014
[1275119.879] (II) fglrx(0):     Desc: AMD FireGL DRM kernel module
[1275119.879] (II) fglrx(0): Kernel Module version matches driver.
[1275119.879] (II) fglrx(0): Kernel Module Build Time Information:
[1275119.879] (II) fglrx(0):     Build-Kernel UTS_RELEASE:        3.14.4-100.fc19.x86_64
[1275119.879] (II) fglrx(0):     Build-Kernel MODVERSIONS:        no
[1275119.879] (II) fglrx(0):     Build-Kernel __SMP__:            no
[1275119.879] (II) fglrx(0):     Build-Kernel PAGE_SIZE:          0x1000
[1275119.879] (II) fglrx(0): [uki] register handle = 0x3f5b6000
[1275119.879] (II) fglrx(0): FIREGL Board Found
[1275119.879] (EE) fglrx(0): Not enough video memory to allocate primary surface (frame buffer).
[1275119.879] (EE) 
[1275119.879] (EE) Backtrace:
[1275119.879] (EE) 0: /usr/bin/Xorg (OsLookupColor+0x129) [0x46f059]
[1275119.879] (EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x3fd500ef9f]
[1275119.880] (EE) 2: /usr/lib64/xorg/modules/drivers/fglrx_drv.so (swlDrmFreeSurfaces+0x42) [0x7f5cd990d432]
[1275119.880] (EE) 3: /usr/lib64/xorg/modules/drivers/fglrx_drv.so (xdl_xs114_atiddxDriCloseScreen+0x14d) [0x7f5cd989c33d]
[1275119.881] (EE) 4: /usr/lib64/xorg/modules/drivers/fglrx_drv.so (xdl_xs114_atiddxDriScreenInit+0x8eb) [0x7f5cd989b9db]
[1275119.881] (EE) 5: /usr/lib64/xorg/modules/drivers/fglrx_drv.so (xdl_xs114_atiddxScreenInit+0xf80) [0x7f5cd9895410]
[1275119.882] (EE) 6: /usr/bin/Xorg (AddScreen+0x71) [0x437441]
[1275119.882] (EE) 7: /usr/bin/Xorg (InitOutput+0x411) [0x48a131]
[1275119.882] (EE) 8: /usr/bin/Xorg (_init+0x38b3) [0x429bc3]
[1275119.882] (EE) 9: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x3fd4821b45]
[1275119.882] (EE) 10: /usr/bin/Xorg (_start+0x29) [0x426a21]
[1275119.882] (EE) 11: ? (?+0x29) [0x29]
[1275119.882] (EE) 
[1275119.882] (EE) Segmentation fault at address 0x8a0
[1275119.882] (EE) 
Fatal server error:
[1275119.882] (EE) Caught signal 11 (Segmentation fault). Server aborting
[1275119.882] (EE) 
[1275119.882] (EE) 
Please consult the Fedora Project support 
	 at http://wiki.x.org
 for help. 
[1275119.882] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[1275119.882] (EE) 
[1275119.980] (EE) Server terminated with error (1). Closing log file.

UNSOLVED: Dell M3800 under Fedora 21 (but not Factory Ubuntu 14) does not suspend, runs super-hot, hangs

Indications

Fedora 21 is substantially unuseable except in “immobile” modes.  Upon closing the clamshell to transport, the CPU, GPU & fan run hard and it gets extremely hot.  The unit will not respond on the NIC, the keyboard or anything.  A powercycle is required.  To transport, one must power down.

This does not occur with the Dell-installed Ubuntu 14.04 LTS.  That configuration suspends & resumes appropriately.

Estimate

Seems like the Fedora system is using nouveau while the Ubuntu system is using i915 (Intel).  Both systems have a Quadro K1100M GPU.

Also the use of external displays.   I didn’t test Dell-factory Ubuntu with external displays.  I did exercise Fedora 21 nouveau with an external display.

Remediations

  • Fedora → None known.
  • Ubuntu → Stick with the factory-installed Ubuntu, learn Ubuntu, hope it doesn’t break.

Hardware

  • NVIDIA Corporation GK107GLM [Quadro K1100M]

Differences

  • Fedora 21 → uses nouveau
  • Ubuntu 14.04 LTS → extensive blacklisting of nouveau
    • nvidia_340 is used
    • all other nvidia is blacklisted
    • nouveau is blacklisted
    • See /etc/modprobe/modprobe.d

References

  • Precision Mobile Workstation M3800 Keyboard Guide
    • FN+Insert → “hardware sleep” unlabeled
      is apparently different than powerbutton “software sleep”)

      • Effective when the Power button (tap) does not
      • Yet is ineffective when the GNOME screen saver is active.

Folklore

Previously

Actualities

$ lspci
00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor DRAM Controller (rev 06)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor PCI Express x16 Controller (rev 06)
00:02.0 VGA compatible controller: Intel Corporation 4th Gen Core Processor Integrated Graphics Controller (rev 06)
00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06)
00:04.0 Signal processing controller: Intel Corporation Device 0c03 (rev 06)
00:14.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI (rev 05)
00:16.0 Communication controller: Intel Corporation 8 Series/C220 Series Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2 (rev 05)
00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 05)
00:1c.0 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #1 (rev d5)
00:1c.2 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #3 (rev d5)
00:1c.3 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #4 (rev d5)
00:1c.4 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #5 (rev d5)
00:1d.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1 (rev 05)
00:1f.0 ISA bridge: Intel Corporation HM87 Express LPC Controller (rev 05)
00:1f.2 SATA controller: Intel Corporation 8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode] (rev 05)
00:1f.3 SMBus: Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller (rev 05)
00:1f.6 Signal processing controller: Intel Corporation 8 Series Chipset Family Thermal Management Controller (rev 05)
02:00.0 3D controller: NVIDIA Corporation GK107GLM [Quadro K1100M] (rev a1)
06:00.0 Network controller: Broadcom Corporation BCM4352 802.11ac Wireless Network Adapter (rev 03)
07:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5249 PCI Express Card Reader (rev 01)
grep -le nouveau $(find /etc/modprobe* -type f)
/etc/modprobe.d/nvidia-340_hybrid.conf
$ ls -ld /etc/modprobe.d/nvidia-*
-rw-r--r-- 1 root root 153 Oct  5  2014 /etc/modprobe.d/nvidia-340_hybrid.conf
lrwxrwxrwx 1 root root  49 Jul 14 09:59 /etc/modprobe.d/nvidia-graphics-drivers.conf -> /etc/alternatives/x86_64-linux-gnu_nvidia_modconf
$ cat /etc/modprobe.d/nvidia-340_hybrid.conf 
# This file was installed by nvidia-340
# Do not edit this file manually

blacklist nouveau
blacklist lbm-nouveau
alias nouveau off
$ cd /etc/modprobe.d
$ grep -le nouveau *
nvidia-340_hybrid.conf
nvidia-graphics-drivers.conf
$ ls -l nvidia*
-rw-r--r-- 1 root root 153 Oct  5  2014 nvidia-340_hybrid.conf
lrwxrwxrwx 1 root root  49 Jul 14 09:59 nvidia-graphics-drivers.conf -> /etc/alternatives/x86_64-linux-gnu_nvidia_modconf
s-drivers.conf
wbaker@bijoux:/etc/modprobe.d$ ls -l nvidia*
-rw-r--r-- 1 root root 153 Oct  5  2014 nvidia-340_hybrid.conf
lrwxrwxrwx 1 root root  49 Jul 14 09:59 nvidia-graphics-drivers.conf -> /etc/alternatives/x86_64-linux-gnu_nvidia_modconf
wbaker@bijoux:/etc/modprobe.d$ dpkg -S /etc/modprobe.d/nvidia-*
nvidia-340: /etc/modprobe.d/nvidia-340_hybrid.conf
dpkg-query: no path found matching pattern /etc/modprobe.d/nvidia-graphics-drivers.conf
wbaker@bijoux:/etc/modprobe.d$ dpkg -L nvidia-340
/.
/lib
/lib/udev
/lib/udev/rules.d
/lib/udev/rules.d/69-nvidia-persistenced.rules
/lib/nvidia-340
/lib/nvidia-340/modprobe.conf
/usr
/usr/lib
/usr/lib/vdpau
/usr/lib/xorg
/usr/lib/xorg/modules
/usr/lib/xorg/modules/extensions
/usr/lib/xorg/modules/drivers
/usr/lib/nvidia-340
/usr/lib/nvidia-340/libnvidia-ifr.so.340.46
/usr/lib/nvidia-340/vdpau
/usr/lib/nvidia-340/vdpau/libvdpau_nvidia.so.340.46
/usr/lib/nvidia-340/libnvidia-tls.so.340.46
/usr/lib/nvidia-340/libnvidia-eglcore.so.340.46
/usr/lib/nvidia-340/libGLESv2.so.340.46
/usr/lib/nvidia-340/libnvidia-fbc.so.340.46
/usr/lib/nvidia-340/tls
/usr/lib/nvidia-340/tls/libnvidia-tls.so.340.46
/usr/lib/nvidia-340/bin
/usr/lib/nvidia-340/bin/nvidia-cuda-mps-control
/usr/lib/nvidia-340/bin/nvidia-debugdump
/usr/lib/nvidia-340/bin/nvidia-smi
/usr/lib/nvidia-340/bin/nvidia-persistenced
/usr/lib/nvidia-340/bin/nvidia-xconfig
/usr/lib/nvidia-340/bin/nvidia-bug-report.sh
/usr/lib/nvidia-340/bin/nvidia-cuda-mps-server
/usr/lib/nvidia-340/libnvidia-encode.so.340.46
/usr/lib/nvidia-340/libGL.so.340.46
/usr/lib/nvidia-340/xorg
/usr/lib/nvidia-340/xorg/nvidia_drv.so
/usr/lib/nvidia-340/xorg/libglx.so.340.46
/usr/lib/nvidia-340/alt_ld.so.conf
/usr/lib/nvidia-340/libnvidia-wfb.so.340.46
/usr/lib/nvidia-340/libnvidia-ml.so.340.46
/usr/lib/nvidia-340/libnvidia-glsi.so.340.46
/usr/lib/nvidia-340/libnvidia-glcore.so.340.46
/usr/lib/nvidia-340/libnvidia-cfg.so.340.46
/usr/lib/nvidia-340/libnvidia-compiler.so.340.46
/usr/lib/nvidia-340/ld.so.conf
/usr/lib/nvidia-340/libnvcuvid.so.340.46
/usr/lib/nvidia-340/libGLESv1_CM.so.340.46
/usr/lib/x86_64-linux-gnu
/usr/lib/x86_64-linux-gnu/xorg
/usr/lib/nvidia-340-prime
/usr/lib/nvidia-340-prime/alt_ld.so.conf
/usr/lib/nvidia-340-prime/ld.so.conf
/usr/bin
/usr/bin/start-nvidia-persistenced
/usr/share
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/nvidia-340.override
/usr/share/doc
/usr/share/doc/nvidia-340
/usr/share/doc/nvidia-340/NVIDIA_Changelog.gz
/usr/share/doc/nvidia-340/README.txt.gz
/usr/share/doc/nvidia-340/html
/usr/share/doc/nvidia-340/html/powermanagement.html
/usr/share/doc/nvidia-340/html/installationandconfiguration.html
/usr/share/doc/nvidia-340/html/programmingmodes.html
/usr/share/doc/nvidia-340/html/configmultxscreens.html
/usr/share/doc/nvidia-340/html/profiles.html
/usr/share/doc/nvidia-340/html/selectdriver.html
/usr/share/doc/nvidia-340/html/introduction.html
/usr/share/doc/nvidia-340/html/configlaptop.html
/usr/share/doc/nvidia-340/html/vdpausupport.html
/usr/share/doc/nvidia-340/html/xineramaglx.html
/usr/share/doc/nvidia-340/html/nvidia-ml.html
/usr/share/doc/nvidia-340/html/dpi.html
/usr/share/doc/nvidia-340/html/addtlresources.html
/usr/share/doc/nvidia-340/html/flippingubb.html
/usr/share/doc/nvidia-340/html/dma_issues.html
/usr/share/doc/nvidia-340/html/sli.html
/usr/share/doc/nvidia-340/html/depth30.html
/usr/share/doc/nvidia-340/html/minimumrequirements.html
/usr/share/doc/nvidia-340/html/i2c.html
/usr/share/doc/nvidia-340/html/newusertips.html
/usr/share/doc/nvidia-340/html/xcompositeextension.html
/usr/share/doc/nvidia-340/html/acknowledgements.html
/usr/share/doc/nvidia-340/html/framelock.html
/usr/share/doc/nvidia-340/html/sdi.html
/usr/share/doc/nvidia-340/html/configtvout.html
/usr/share/doc/nvidia-340/html/xrandrextension.html
/usr/share/doc/nvidia-340/html/nvidia-smi.html
/usr/share/doc/nvidia-340/html/glxsupport.html
/usr/share/doc/nvidia-340/html/commonproblems.html
/usr/share/doc/nvidia-340/html/openglenvvariables.html
/usr/share/doc/nvidia-340/html/gpunames.html
/usr/share/doc/nvidia-340/html/installdriver.html
/usr/share/doc/nvidia-340/html/editxconfig.html
/usr/share/doc/nvidia-340/html/addressingcapabilities.html
/usr/share/doc/nvidia-340/html/appendices.html
/usr/share/doc/nvidia-340/html/knownissues.html
/usr/share/doc/nvidia-340/html/installedcomponents.html
/usr/share/doc/nvidia-340/html/randr14.html
/usr/share/doc/nvidia-340/html/displaydevicenames.html
/usr/share/doc/nvidia-340/html/nvidia-debugdump.html
/usr/share/doc/nvidia-340/html/nvidia-persistenced.html
/usr/share/doc/nvidia-340/html/index.html
/usr/share/doc/nvidia-340/html/audiosupport.html
/usr/share/doc/nvidia-340/html/faq.html
/usr/share/doc/nvidia-340/html/optimus.html
/usr/share/doc/nvidia-340/html/xconfigoptions.html
/usr/share/doc/nvidia-340/html/configtwinview.html
/usr/share/doc/nvidia-340/html/supportedchips.html
/usr/share/doc/nvidia-340/html/nvidiasettings.html
/usr/share/doc/nvidia-340/html/procinterface.html
/usr/share/doc/nvidia-340/README.Debian
/usr/share/doc/nvidia-340/copyright
/usr/share/doc/nvidia-340/changelog.Debian.gz
/usr/share/nvidia-340
/usr/share/nvidia-340/nvidia-340.grub-gfxpayload
/usr/share/nvidia-340/glamor.conf
/usr/share/nvidia-340/nvidia-application-profiles-340.46-rc
/usr/share/grub-gfxpayload-lists
/usr/share/grub-gfxpayload-lists/blacklist
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/alt-nvidia-340-xconfig.1.gz
/usr/share/man/man1/alt-nvidia-340-persistenced.1.gz
/usr/share/man/man1/alt-nvidia-340-cuda-mps-control.1.gz
/usr/share/man/man1/alt-nvidia-340-smi.1.gz
/usr/share/nvidia
/usr/src
/usr/src/nvidia-340-340.46
/usr/src/nvidia-340-340.46/nv_uvm_interface.h
/usr/src/nvidia-340-340.46/nv-cray.c
/usr/src/nvidia-340-340.46/xapi-sdk.h
/usr/src/nvidia-340-340.46/nverror.h
/usr/src/nvidia-340-340.46/nv-usermap.c
/usr/src/nvidia-340-340.46/os-usermap.c
/usr/src/nvidia-340-340.46/nv-frontend.h
/usr/src/nvidia-340-340.46/nv_uvm_interface.c
/usr/src/nvidia-340-340.46/nv.h
/usr/src/nvidia-340-340.46/nv-drm.c
/usr/src/nvidia-340-340.46/nv-vm.c
/usr/src/nvidia-340-340.46/nv-p2p.h
/usr/src/nvidia-340-340.46/nv-dma.c
/usr/src/nvidia-340-340.46/cpuopsys.h
/usr/src/nvidia-340-340.46/os-pci.c
/usr/src/nvidia-340-340.46/conftest.sh
/usr/src/nvidia-340-340.46/rmretval.h
/usr/src/nvidia-340-340.46/os-mlock.c
/usr/src/nvidia-340-340.46/dkms.conf
/usr/src/nvidia-340-340.46/nv-proto.h
/usr/src/nvidia-340-340.46/nv-frontend.c
/usr/src/nvidia-340-340.46/nv-procfs.c
/usr/src/nvidia-340-340.46/Makefile
/usr/src/nvidia-340-340.46/os-registry.c
/usr/src/nvidia-340-340.46/nv-chrdev.c
/usr/src/nvidia-340-340.46/nv-misc.h
/usr/src/nvidia-340-340.46/gcc-version-check.c
/usr/src/nvidia-340-340.46/nv-gvi.c
/usr/src/nvidia-340-340.46/patches
/usr/src/nvidia-340-340.46/patches/buildfix_kernel_3.11.patch
/usr/src/nvidia-340-340.46/patches/buildfix_kernel_3.0.patch
/usr/src/nvidia-340-340.46/patches/register-VT-switch-requirements.patch
/usr/src/nvidia-340-340.46/patches/allow_sublevel_greater_than_5.patch
/usr/src/nvidia-340-340.46/patches/buildfix_kernel_3.6.patch
/usr/src/nvidia-340-340.46/patches/replace-VM_RESERVED-with-VM_DONTEXPAND-and-VM_DONTDU.patch
/usr/src/nvidia-340-340.46/patches/buildfix_kernel_3.13.patch
/usr/src/nvidia-340-340.46/patches/buildfix_kernel_3.14.patch
/usr/src/nvidia-340-340.46/patches/buildfix_kernel_3.10.patch
/usr/src/nvidia-340-340.46/patches/buildfix_kernel_3.8.patch
/usr/src/nvidia-340-340.46/patches/make-use-of-the-new-uapi-framework.patch
/usr/src/nvidia-340-340.46/nv-p2p.c
/usr/src/nvidia-340-340.46/os-smp.c
/usr/src/nvidia-340-340.46/nv-i2c.c
/usr/src/nvidia-340-340.46/g_nvreadme.h
/usr/src/nvidia-340-340.46/nv-pat.c
/usr/src/nvidia-340-340.46/nv-kernel.o
/usr/src/nvidia-340-340.46/nv.c
/usr/src/nvidia-340-340.46/nvgputypes.h
/usr/src/nvidia-340-340.46/rmil.h
/usr/src/nvidia-340-340.46/nvtypes.h
/usr/src/nvidia-340-340.46/nv-linux.h
/usr/src/nvidia-340-340.46/nv-acpi.c
/usr/src/nvidia-340-340.46/nvidia-modules-common.mk
/usr/src/nvidia-340-340.46/nv-mmap.c
/usr/src/nvidia-340-340.46/os-interface.h
/usr/src/nvidia-340-340.46/nv-mempool.c
/usr/src/nvidia-340-340.46/nv-memdbg.h
/usr/src/nvidia-340-340.46/os-interface.c
/usr/src/nvidia-340-340.46/nv-reg.h
/usr/src/nvidia-340-340.46/nv-vtophys.c
/usr/src/nvidia-340-340.46/nv_gpu_ops.h
/usr/lib32
/usr/lib32/vdpau
/usr/lib32/nvidia-340
/usr/lib32/nvidia-340/libnvidia-ifr.so.340.46
/usr/lib32/nvidia-340/vdpau
/usr/lib32/nvidia-340/vdpau/libvdpau_trace.so.340.46
/usr/lib32/nvidia-340/vdpau/libvdpau.so.340.46
/usr/lib32/nvidia-340/vdpau/libvdpau_nvidia.so.340.46
/usr/lib32/nvidia-340/libnvidia-tls.so.340.46
/usr/lib32/nvidia-340/libnvidia-fbc.so.340.46
/usr/lib32/nvidia-340/tls
/usr/lib32/nvidia-340/tls/libnvidia-tls.so.340.46
/usr/lib32/nvidia-340/libnvidia-encode.so.340.46
/usr/lib32/nvidia-340/libGL.so.340.46
/usr/lib32/nvidia-340/libnvidia-wfb.so.340.46
/usr/lib32/nvidia-340/libnvidia-ml.so.340.46
/usr/lib32/nvidia-340/libnvidia-glsi.so.340.46
/usr/lib32/nvidia-340/libnvidia-glcore.so.340.46
/usr/lib32/nvidia-340/libnvidia-cfg.so.340.46
/usr/lib32/nvidia-340/libnvidia-compiler.so.340.46
/usr/lib32/nvidia-340/libnvcuvid.so.340.46
/usr/lib32/nvidia-340/libGL.la
/etc
/etc/init
/etc/init/nvidia-persistenced.conf
/etc/modprobe.d
/etc/modprobe.d/nvidia-340_hybrid.conf
/usr/lib/nvidia-340/vdpau/libvdpau_nvidia.so
/usr/lib/nvidia-340/vdpau/libvdpau_nvidia.so.1
/usr/lib/nvidia-340/libnvidia-ifr.so
/usr/lib/nvidia-340/libnvcuvid.so.1
/usr/lib/nvidia-340/xorg/libglx.so
/usr/lib/nvidia-340/libnvidia-encode.so
/usr/lib/nvidia-340/libnvidia-compiler.so
/usr/lib/nvidia-340/libnvidia-ifr.so.1
/usr/lib/nvidia-340/libGL.so.1
/usr/lib/nvidia-340/libnvidia-ml.so
/usr/lib/nvidia-340/libnvidia-cfg.so
/usr/lib/nvidia-340/libnvcuvid.so
/usr/lib/nvidia-340/libGL.so
/usr/lib/nvidia-340/libnvidia-encode.so.1
/usr/lib/nvidia-340/libnvidia-cfg.so.1
/usr/lib/nvidia-340/libnvidia-ml.so.1
/usr/lib/nvidia-340/libnvidia-compiler.so.1
/usr/lib32/nvidia-340/vdpau/libvdpau_nvidia.so
/usr/lib32/nvidia-340/vdpau/libvdpau_nvidia.so.1
/usr/lib32/nvidia-340/libnvidia-ifr.so
/usr/lib32/nvidia-340/libnvcuvid.so.1
/usr/lib32/nvidia-340/libnvidia-encode.so
/usr/lib32/nvidia-340/libnvidia-compiler.so
/usr/lib32/nvidia-340/libnvidia-ifr.so.1
/usr/lib32/nvidia-340/libGL.so.1
/usr/lib32/nvidia-340/libnvidia-ml.so
/usr/lib32/nvidia-340/libnvidia-cfg.so
/usr/lib32/nvidia-340/libnvcuvid.so
/usr/lib32/nvidia-340/libGL.so
/usr/lib32/nvidia-340/libnvidia-encode.so.1
/usr/lib32/nvidia-340/libnvidia-cfg.so.1
/usr/lib32/nvidia-340/libnvidia-ml.so.1
/usr/lib32/nvidia-340/libnvidia-compiler.so.1

SOLVED: NFSv4 idmap (rpc.idmapper) does not work, with AUTH_SYS, sec=sys, and perhaps never did?

Status

SOLVED, sortof…
tl;dr → the universal recommendation is to use GSS & Kerberos (an unproven technique).

/etc/modprobe.d/nfs.conf (you create this)
options nfs nfs4_disable_idmapping=0
options nfsd nfs4_disable_idmapping=0

The mapping of UID (GID) in NFSv4 with AUTH_SYS, sec=sys can be “made to work” but you have to set module parameters in client & server. The result is a somewhat confusing world where authorization can fail but the reporting shows the mapped identifiers.

Debugging

Something about adding -v -v -v (three levels of verbosity) to RPCIDMAPDARGS in /etc/sysconfig/nfs Establishing verbosity in /etc/idmapd.conf doesn’t seem to have the same effect (or much of any effect beyond level 1).

RPCIDMAPDARGS="-v -v -v"
sudo vi /etc/sysconfig/nfs 
sudo systemctl restart nfs-config
sudo systemctl restart nfs-idmapd

Separately, be sure to configure your system to actually perform the id mappings:

echo N | sudo tee /sys/module/nfs/parameters/nfs4_disable_idmapping
echo N | sudo tee /sys/module/nfsd/parameters/nfs4_disable_idmapping

The service names nfs-idmap and nfs-idmapd (the trailing d in idmap vs idmapd) are synonyms by virtue of a symoblic link.
Under triple-verbose, the nfsidmap does log chatter about name translations when they occur. To wit:

Jul 26 12:47:10 client nfsidmap[13714]: nfs4_name_to_uid: calling nsswitch->name_to_uid
Jul 26 12:47:10 client nfsidmap[13714]: nss_getpwnam: name 'wbaker@example.com' domain 'example.com': resulting localname 'wbaker'
Jul 26 12:47:10 client nfsidmap[13714]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
Jul 26 12:47:10 client nfsidmap[13714]: nfs4_name_to_uid: final return value is 0
Jul 26 12:47:10 client nfsidmap[13716]: key: 0xac3eb81 type: gid value: source@example.com timeout 600
Jul 26 12:47:10 client nfsidmap[13716]: nfs4_name_to_gid: calling nsswitch->name_to_gid
Jul 26 12:47:10 client nfsidmap[13716]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0
Jul 26 12:47:10 client nfsidmap[13716]: nfs4_name_to_gid: final return value is 0

Partial Resolution

NFSv4 ID mapping is disabled by default in Fedora 18 through Fedora 21 (and back into Fedora 16 with post-release updated kernels).  Apparently id mapping used to “work” in Fedora 16 (kernel-3.2 & prior). Via: Comment 13, Maurizio Paolini. 2013-04-17
Setting these to ‘Y’ can establish ID mapping behaviors.

client (Fedora 21)

$ cat /sys/module/nfsd/parameters/nfs4_disable_idmapping
Y
$ cat /sys/module/nfs/parameters/nfs4_disable_idmapping
Y

And persistently in /etc/modprobe.d/nfs.conf (you create this):

options nfs nfs4_disable_idmapping=0
options nfsd nfs4_disable_idmapping=0

server (Fedora 18)

$ cat /sys/module/nfsd/parameters/nfs4_disable_idmapping
Y
$ cat /sys/module/nfs/parameters/nfs4_disable_idmapping
cat: /sys/module/nfs/parameters/nfs4_disable_idmapping: No such file or directory

The (pseudo-)file won’t exist if nfs client services aren’t im play.

Problem

Actual

client$ ls -ld /areas/documents
drwxrwsr-x. 33 500 source 4096 Apr 23 06:34 /areas/documents

Expected

client$ ls -ld /areas/documents
drwxrwsr-x. 33 wbaker source 4096 Apr 23 06:34 /areas/documents

Not looking for an authorization effect here, just looking for a reporting effect.  The expectation is that the User IDs would be matched by name and reported appropriately on the client.
Redeclared: this is not the well-known authorization problem of AUTH_SYS and NFSv4.
Re-redeclared: <known>When kerberos is not in use the client now just sends uid/gid pairs for authorization.</known>

Characterization

  • NFSv4 → yes
    • NFSv3 → no
    • NFSv2 → no
  • Authorization
    • AUTH_GSS → no
    • AUTH_KERB → no (Kerberos)
    • AUTH_SYS → yes (numeric uid matching is the “security” method)
  • Name Service Switch (NSS)
    • LDAP → no (Lightweight Directory Access Protocol)
    • SSS → no (System Security Services Daemon)
    • files → yes

But does it work?

  • mounts work.
  • I/O works.

Feels like the idmapper is never even being called.

Logging

  • Jack up verbosity outrageously causes no change in the output.
  • /var/log/messages
  • Therefore, ID mapping isn’t occurring at all.

Specimen

From the client

Jul 25 23:16:39 client rpc.idmapd[2423]: libnfsidmap: using domain: example.com
Jul 25 23:16:39 client rpc.idmapd[2423]: libnfsidmap: Realms list: 'EXAMPLE.COM'
Jul 25 23:16:39 client rpc.idmapd[2423]: libnfsidmap: loaded plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch
Jul 25 23:16:39 client rpc.idmapd[2424]: Expiration time is 600 seconds.
Jul 25 23:16:39 client rpc.idmapd[2424]: Opened /proc/net/rpc/nfs4.nametoid/channel
Jul 25 23:16:39 client rpc.idmapd[2424]: Opened /proc/net/rpc/nfs4.idtoname/channel
Jul 25 23:16:39 client rpc.idmapd[2424]: New client: 16
Jul 25 23:16:39 client rpc.idmapd[2424]: Opened /var/lib/nfs/rpc_pipefs//nfs/clnt16/idmap
Jul 25 23:16:39 client rpc.idmapd[2424]: New client: 1b
Jul 25 23:16:39 client rpc.idmapd[2424]: New client: 1d
Jul 25 23:16:39 client rpc.idmapd[2424]: Opened /var/lib/nfs/rpc_pipefs//nfs/clnt1d/idmap
Jul 25 23:16:39 client rpc.idmapd[2424]: New client: 22
Jul 25 23:16:39 client rpc.idmapd: rpc.idmapd: libnfsidmap: using domain: example.com
Jul 25 23:16:39 client rpc.idmapd: rpc.idmapd: libnfsidmap: Realms list: 'EXAMPLE.COM'
Jul 25 23:16:39 client rpc.idmapd: rpc.idmapd: libnfsidmap: loaded plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch
<snip/>
Jul 25 23:21:08 client rpc.idmapd[2424]: Stale client: 22
Jul 25 23:21:08 client rpc.idmapd[2424]: -> closed /var/lib/nfs/rpc_pipefs//nfs/clnt22/idmap
Jul 25 23:21:08 client rpc.idmapd[2424]: Stale client: 1d
Jul 25 23:21:08 client rpc.idmapd[2424]: -> closed /var/lib/nfs/rpc_pipefs//nfs/clnt1d/idmap
Jul 25 23:21:08 client rpc.idmapd[2424]: Stale client: 1b
Jul 25 23:21:08 client rpc.idmapd[2424]: -> closed /var/lib/nfs/rpc_pipefs//nfs/clnt1b/idmap
Jul 25 23:21:08 client rpc.idmapd[2424]: Stale client: 16
Jul 25 23:21:08 client rpc.idmapd[2424]: -> closed /var/lib/nfs/rpc_pipefs//nfs/clnt16/idmap

Configurations

client & server (2 machines)

  • NFSv4
  • Firewall (iptables, ip6tables)
    • client → yes (default ruleset)
    • server → no (none)
  • Fedora
    • kernel 3.11
    • kernel 4..0

client

  • wbaker → uid 2500
  • nsswitch → /etc/passwd
  • address → (IPv6) 2001:db8::1234
  • Fedora 21
    $ uname -r
    4.0.8-200.fc21.x86_64
    $ rpm -q -a | grep -Ee '(nfs-utils|kernel)-' | sort
    kernel-4.0.8-200.fc21.x86_64
    kernel-core-4.0.8-200.fc21.x86_64
    kernel-modules-4.0.8-200.fc21.x86_64
    nfs-utils-1.3.1-6.4.fc21.x86_64
  • $ sysctl kernel.keys.root_maxkeys
    kernel.keys.root_maxkeys = 1000000
    $ sysctl kernel.keys.maxkeys
    kernel.keys.maxkeys = 200

server

  • wbaker → uid 500
  • nsswitch → /etc/passwd
  • address → (IPv6) 2001:db8::9876
  • Fedora 18
    $ uname -r
    3.11.10-100.fc18.x86_64
    $ rpm -q -a | grep -Ee '(nfs-utils|kernel)-' | sort
    kernel-3.11.10-100.fc18.x86_64
    nfs-utils-1.2.7-6.fc18.x86_64
  • $ sysctl kernel.keys.root_maxkeys
    kernel.keys.root_maxkeys = 200
    $ sysctl kernel.keys.maxkeys
    kernel.keys.maxkeys = 200

Server

/etc/idmapd.conf

[General]
Verbosity = 10
Domain = example.com
#Local-Realms = 
[Mapping]
#Nobody-User = nobody
#Nobody-Group = nobody
[Translation]
#Method = nsswitch
#GSS-Methods = <alternate method list for translating GSS names>
[Static]
<snip/>

Client

/etc/idmapd.conf

[General]
Verbosity = 100
Domain = example.com
#Local-Realms = 
[Mapping]
#Nobody-User = nobody
#Nobody-Group = nobody
[Translation]
#Method = nsswitch
#GSS-Methods = <alternate method list for translating GSS names>
[Static]
<snip/>

/proc/mounts

client$ grep nfs /proc/mounts
server:/mnt/documents /areas/documents nfs4 rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,port=0,timeo=600,retrans=2,sec=sys,clientaddr=2001:db8::1234,local_lock=none,addr=2001:db8::9876 0 0

More readable… (in order of appearance)

rw
relatime
vers=4.0
rsize=1048576
wsize=1048576
namlen=255
hard
proto=tcp6
port=0
timeo=600
retrans=2
sec=sys
clientaddr=2001:db8::1234
local_lock=none
addr=2001:db8::9876

Artifacts

Files

  • /proc
    • /proc/keys
    • /proc/key-users
  • /etc/modprobe.d
    • /etc/modprobe.d/nfs.conf (you create this)
      options nfs nfs4_disable_idmapping=1 (else 0 to enable)
  • /sys/module/nfs/parameters
    • /sys/module/nfs/parameters/nfs4_disable_idmapping
    • /sys/module/nfsd/parameters/nfs4_disable_idmapping
  • /etc/idmapd.conf
  • /etc/request-key.conf
  • /etc/request-key.conf.d/
    • /etc/request-key.conf.d/cifs.idmap.conf (CIFS)
    • /etc/request-key.conf.d/cifs.spnego.conf (CIFS)
    • /etc/request-key.conf.d/id_resolver.conf (NFSv4)
  • /lib/systemd/system
    • /lib/systemd/system/nfs-idmapd.service
      /lib/systemd/system/nfs-idmap.service is a symlink to nfs-idmapd.service
  • /run/sysconfig/nfs-utils

Operations

  • nfsidmap -c
  • request-key

Folklore

  • Changes in NFS portended by NFS v4 → NFS v4.1
  • Changes in the Linux kernel circa 3.2 → 3.3

Discussion

  • NFSv4 HOWTO; Some dude using the self-asserted identity token bryanquigley; In Ubuntu Documentation; 2014-06-26
    tl;dr → yet it references Fedora Core 2 for subsequent learning, reminds that in AUTH_SYS that authorization decisions are still done by uid & gid equality whereas reporting may or may not be mapped by idmapper (the statements are inconclusive).
  • 997164rpc.idmapd: nss_getpwnam: name ‘#’ does not map into domain; In Red Hat Bugzilla; 2013-08-14 → 2015-01-26.
  • 876705default maximum number of keys (200) too small for nfs4 uid-user mapping; In Red Hat Bugzilla; 2012-11-14 → 2015-05-22.
    tl;dr → discusses capacity of the kernel keyring, but follow the thread about NFSv4 idmapping enablement (disablement)

    • Comment 13hints that NFSv4 id mapping is (has always been) disabled
      • /sys/module/nfs/parameters/nfs4_disable_idmapping
        /sys/module/nfsd/parameters/nfs4_disable_idmapping
    • NFSv4, Name (string) mapping vs. raw UID, idmapd and Kernels >= 3.3; In linux-nfs@vger.kernel.org; 2012-08-23.
      tl;dr → <quote>Yes, newer Linux servers by default do return numeric ID’s (unless Kerberos is used).</quote> where “newer” is defined as >= 3.3.
  • 847084fsidmap failing to show id of some users when using LXDM greeter user list; In Red Hat Bugzilla; 2012-08-09 → 2012-11-15.
    tl;dr → inconclusive, closed as a duplicate of 876705 (a different effect)
  • NFSv4 Client side ID mapping does not work in Tumbleweed kernel 3.3.1-19-desktop; In Novell Bugzilla; 2012-04-12 → 2013-06-19.
    tl;dr → broken circa kernel-3.3, claimed fixed in 3.6
  • 966734nfs4+idmap does not map uids correctly when using AUTH_SYS; In Ubuntu nfs-utils Package, Bugs; 2012-03-28 → 2015-05-12.
    tl;dr → rambles along for three years finally, asserting in Comment 18 that id mapping does not work ever, at all; clearly not for authorization but also not even for the mere reporting case (e.g. the use of /bin/ls).
    Cites syslog message not shown in more recent venues:
    Server's syslog: rpc.idmapd[777]: Server : (user) id "2012" -> name "postie@localdomain"
    Client's syslog: rpc.idmapd[870]: Client 0: (user) name "postie@localdomain" -> id "2014"
  • [SOLVED]nfs idmap problems, nobody is owner of all files; some dude using the self-asserted identity token wmark; In Gentoo Discussion Forums; 2012-02-22.
    tl;dr → inconclusive, early days of NFSv4/NFSv4.1, years ago, a recipe for configuring idmapper (rpc.idmapd) and using the Static clause to override.
  • [PATCH] NFSv4: Change the default setting of the nfs4_disable_idmapping parameter; Trond Myklebust; In linux-nfs@vger.kernel.org; 2012-01-09.
    tl;dr → inconclusive; a discussion concerning whether “numeric sensing” should be returned to default-on status in nfs.nfs4_disable_idmapping, or an export flag, or a proposed idmap config setting ServerNumericMapping. Ends in the word <quote>maybe.</quote>
  • Problem with NFSv4 and idmapd; Some dude using the self-asserted identity token Ping-wine; In Ubuntu Forums; 2011-07-06.
    tl;dr → exhibits syslog messages showing id mapping actually occurring

    • Server
      Jul 5 16:13:00 server rpc.idmapd[824]: libnfsidmap: using domain: dom.ain
      Jul 5 16:13:00 server rpc.idmapd[824]: libnfsidmap: loaded plugin /usr/lib/libnfsidmap/nsswitch.so for method nsswitch
      Jul 5 16:13:00 server rpc.idmapd[827]: Expiration time is 600 seconds.
      Jul 5 16:13:00 server rpc.idmapd[827]: Opened /proc/net/rpc/nfs4.nametoid/channel
      Jul 5 16:13:00 server rpc.idmapd[827]: Opened /proc/net/rpc/nfs4.idtoname/channel
      Jul 5 16:13:25 server rpc.idmapd[827]: nfsdcb: authbuf=client.dom.ain authtype=user
      Jul 5 16:13:25 server rpc.idmapd[827]: nfs4_uid_to_name: calling nsswitch->uid_to_name
      Jul 5 16:13:25 server rpc.idmapd[827]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
      Jul 5 16:13:25 server rpc.idmapd[827]: nfs4_uid_to_name: final return value is 0
      Jul 5 16:13:25 server rpc.idmapd[827]: Server: (user) id "0" -> name "root@dom.ain"
      Jul 5 16:13:25 server rpc.idmapd[827]: nfsdcb: authbuf=client.dom.ain authtype=group
      Jul 5 16:13:25 server rpc.idmapd[827]: nfs4_gid_to_name: calling nsswitch->gid_to_name
      Jul 5 16:13:25 server rpc.idmapd[827]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0
      Jul 5 16:13:25 server rpc.idmapd[827]: nfs4_gid_to_name: final return value is 0
      Jul 5 16:13:25 server rpc.idmapd[827]: Server: (group) id "0" -> name "root@dom.ain"
    • Client
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_uid: calling nsswitch->name_to_uid
      Jul 5 16:17:34 client rpc.idmapd[770]: nss_getpwnam: name 'user1@dom.ain' domain 'dom.ain': resulting localname 'user1'
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_uid: final return value is 0
      Jul 5 16:17:34 client rpc.idmapd[770]: Client 0: (user) name "user1@dom.ain" -> id "1003"
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_gid: calling nsswitch->name_to_gid
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_gid: final return value is 0
      Jul 5 16:17:34 client rpc.idmapd[770]: Client 0: (group) name "user1@dom.ain" -> id "1003"
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_uid: calling nsswitch->name_to_uid
      Jul 5 16:17:34 client rpc.idmapd[770]: nss_getpwnam: name 'user2@dom.ain' domain 'dom.ain': resulting localname 'user2'
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_uid: final return value is 0
      Jul 5 16:17:34 client rpc.idmapd[770]: Client 0: (user) name "user2@dom.ain" -> id "1004"
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_gid: calling nsswitch->name_to_gid
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0
      Jul 5 16:17:34 client rpc.idmapd[770]: nfs4_name_to_gid: final return value is 0
      Jul 5 16:17:34 client rpc.idmapd[770]: Client 0: (group) name "user2@dom.ain" -> id "1004"

References

 

Experiences with the Dell M3800 with Fedora 21 and the nouveau driver

Whereas

Suspend & graphics are (ahem)interacting poorly on the Dell M3800 under Fedora 21.

Question

But does it work with the Ubuntu shipped from the factory by Dell?   TBD.

Previously

Experiences with the Dell M3800, The Good, The Bad (no Ugly, it’s a beautiful machine)

Evidences

  • Fedora 21
  • Kernel 4.0.7
    Linux devbox.example.com 4.0.7-200.fc21.x86_64 #1 SMP Mon Jun 29 22:11:52 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
  • $ rpm -q -a | grep nouveau
    xorg-x11-drv-nouveau-1.0.11-1.fc21.x86_64

Actualities

Graphics Crashes

These manifest as the graphics becomes inoperable; the CPU is running hard, the fan is running hard. Even virtual consoles will not work. You must powercycle.

Jul 24 19:52:10 devbox.example.ccom kernel: nouveau E[    PBUS][0000:02:00.0] MMIO write of 0x00000002 FAULT at 0x4188ac [ IBUS ]
Jul 24 19:52:24 devbox.example.com kernel: nouveau E[    PBUS][0000:02:00.0] MMIO write of 0x00000002 FAULT at 0x4188ac [ IBUS ]
Jul 24 19:52:55 devbox.example.com kernel: nouveau E[    PBUS][0000:02:00.0] MMIO write of 0x00000002 FAULT at 0x4188ac [ IBUS ]

 

Experiences with the Dell M3800 with Fedora 21 and Broadcom’s Bluetooth brcm/BCM20702A0-0a5c-216f.hcd binary blob

tl;dr

You need a blob for the driver BCM20702A0-0a5c-216f.hcd

Update 2015-09-28: some success is reported

Whereas

Bluetooth is not working on the Dell M3800 under Fedora 21.

Question

But does it work with the Ubuntu shipped from the factory by Dell?   TBD.

Previously

Experiences with the Dell M3800, The Good, The Bad (no Ugly, it’s a beautiful machine)

Evidences

  • Fedora 21
  • Kernel 4.0.7
    Linux devbox.example.com 4.0.7-200.fc21.x86_64 #1 SMP Mon Jun 29 22:11:52 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
  • linux-firmware-20150521-48.git3161bfa4.fc21.noarch

Recipe

Recipe #1

Via: Dell XPS 13 (2015); staff; In Arch Linux Forums; 2015-07-25

<quote>

Note: Intel WiFi users: If your WiFi card supports Bluetooth, then the BT interface should be available out-of-the-box, as the required firmware is included in linux-firmware.

The Broadcom Bluetooth firmware is not available in the kernel (source), so you will have to retrieve it from the Windows driver. You need to extract the .cab file with cabextract and then convert it to a .hcd file with hex2hcd from bluez-utils:

$ cabextract 20662520_6c535fbfa9dca0d07ab069e8918896086e2af0a7.cab
$ hex2hcd BCM20702A1_001.002.014.1443.1572.hex
# mv BCM20702A1_001.002.014.1443.1572.hcd /lib/firmware/brcm/BCM20702A1-0a5c-216f.hcd
# ln -rs /lib/firmware/brcm/BCM20702A1-0a5c-216f.hcd /lib/firmware/brcm/BCM20702A0-0a5c-216f.hcd

After reboot, the firmware should be available for your Bluetooth interface.

</quote>

Recipe #2

Via: Bluetooth not connecting to devices even though it recognizes them; Aaron Weinberg, some dude using the self-asserted identity token Jeremy31, Ian Mackinnon; In Ask  Ubuntu; 2015-05-01 → 2015-07-01.

Recipe #2(a)

<quote>

wget https://www.dropbox.com/s/r2pb41rhx65t9zi/BCM20702A0-0a5c-216f.hcd sudo cp BCM20702A0-0a5c-216f.hcd /lib/firmware/brcm/ sudo modprobe -r btusb sudo modprobe btusb

</quote>

And as recovered by me from the dropbox site.  Proven to work on my Dell M3800 <paranoid>but who knows what I recovered?</paranoid>

$ for i in md5sum sha1sum sha256sum ; do $i BCM20702A0-0a5c-216f.hcd; done
356ecc4d52b344109b55b3c96d6ec4d0  BCM20702A0-0a5c-216f.hcd
6ab9dde1e010bacfd57d371f832477d819fd671a  BCM20702A0-0a5c-216f.hcd
42677905be180547d4c6f3e670884f6b5bcaf003c1a7c156e2dfc6fdc0397364  BCM20702A0-0a5c-216f.hcd
Recipe #2(b)

<quote>
Get 20662520_6c535fbfa9dca0d07ab069e8918896086e2af0a7.cab from Microsoft at Broadcom Corporation Bluetooth Controller.
Acquire cabextract via yum (dnf).
Run cabextract 20662520_6c535fbfa9dca0d07ab069e8918896086e2af0a7.cab to recover BCM20702A1_001.002.014.1443.1572.hex.

git clone https://github.com/jessesung/hex2hcd.git
make -C hex2hcd
./hex2hcd/hex2hcd BCM20702A1_001.002.014.1443.1572.hex BCM20702A0-0a5c-216f.hcd
sudo cp BCM20702A0-0a5c-216f.hcd /lib/firmware/brcm/
sudo modprobe -r btusb
sudo modprobe btusb

Folklore

In archaeological order, newer on top, older below.
And recall that the Dell M3800 is “alot like” the Dell XPS 13.

  • Dell XPS 13 (2015); staff; In Arch Linux Forums; 2015-07-25
    tl;dr → see recipe above.  You must to extract the blog out of the Windows driver package yourself, convert the encoding and place the file appropriiately.  Yourself.  No packaging is available at this time.  Construction recipe for:

    • /usr/lib/firmware/brcm/BCM20702A0-0a5c-216f.hcd
    • /usr/lib/firmware/brcm/BCM20702A1-0a5c-216f.hcd
  • Bluetooth not connecting to devices even though it recognizes them; Aaron Weinberg, some dude using the self-asserted identity token Jeremy31, Ian Mackinnon; In Ask  Ubuntu; 2015-05-01 → 2015-07-01.
    tl;dr → good compendium of the recipes; those being recited above.

    • Concept
      <quote>hex2hcd utility by Jesse Sung that converts Broadcom hex files to hcd for use in newer kernels but you have to use Windows drivers and search the inf files to find the correct hex file to convert.</quote>
    • Resources
      • BCM20702A0-0a5c-216f.hcd; at DropBox; prepared by whom? (perhaps en Jeremy31?); no checksum or signature is published nearby.
      • jessesung/hex2hcd at GitHub
      • Broadcom Corporation Bluetooth Controller, software update, At Microsoft; released 2014-06.
        20662520_6c535fbfa9dca0d07ab069e8918896086e2af0a7.cab → some Windows blob you have to use cabstract upon; no checksum or signature is available to you (maybe Microsoft has access to such in their API, who knows).
    • References
      • XPS 13 (9343) Ubuntu Linux; Some Dude; In Sybian Linux; 2015-03-15.
        tl;dr → <quote>whole lot of complaints about the compatibility of this laptop with Linux.</quote> but enumerates the remediations.

        • BIOS update from A0 to A1
        • Ubuntu LTS 14.04.2 with UEFI enabled
        • Broadcom 4352 WiFi (use USB dongle networking to bootstrap it)
        • Broadcom 216F Bluetooth (acquiring BCM20702A0-0a5c-216f.hcd
        • Touchpad requires kernel parameters
        • (Analog) Audio requires kernel parameters
      • How can I get the Bluetooth working on my Lenovo  Yoga 3; Some dude using the self-asserted identity token drs; In Stack Exchange; 2015-03-12.
        tl;dr → complete procedure for Broadcom BCM20702A0 including fishing around in the Broadcom Windows Driver Installer to discover BCM20702A1_001.002.014.1443.1496.hex
  • Dell XPS 13 (9343) Developer Edition – Bluetooth Firmware; Some Dude, using the self-asserted identity token Beowulf; In His Blog; 2015-06-23.
    this advice is unrelated ot the Plugable advice (last item)
    tl;dr → asserts a recipe for manually acquiring & installing the module

    • The module is bfusb
    • That the appropriate firmware is available in bt-dw1560-firmware_1.0_all.deb
    • Gives a recipe for copying it into place, manually.
  • Dell XPS 13 (9343) – No Bluetooth; Some dude using the self-asserted identity token red-lichtie; In Arch Linux Forums; 2015-06-20.
    tl;dr → cites the difference in hardware version number in the firmware blob that must be loaded
    brcm/BCM20702A1-0a5c-216f.hcd is what? (possible?)
    brcm/BCM20702A0-0a5c-216f.hcd is expected but not found.
  • THIS IS A DIFFERENT DEVICE ENTIRELY Plugable USB Bluetooth Adapter: Solving HFP/HSP and A2DP Profiles Issues on Linux; (Plugable); In their Blog; 2014-06-23.
    tl;dr → recommends downloading & installing some unspecified binary blob sourced out of Amazon S3; not even a checksum was uttered to know what was to be expected.
    wget https://s3.amazonaws.com/plugable/bin/fw-0a5c_21e8.hcd
    sudo mv fw-0a5c_21e8.hcd /lib/firmware/brcm/BCM20702A0-0a5c-21e8.hcd

Actualities

Jul 24 19:52:10 devbox.example.com kernel: bluetooth hci0: firmware: brcm/BCM20702A0-0a5c-216f.hcd will not be loaded
Jul 24 19:52:10 devbox.example.com kernel: Bluetooth: hci0: BCM: patch brcm/BCM20702A0-0a5c-216f.hcd not found
$ find /usr/lib/firmware/brcm -print | while read file ; do echo "$file $(rpm -q -f $file)" ; done
$ find /usr/lib/firmware/brcm -print | while read file ; do rpm=$(rpm -q -f $file); echo "$rpm $file" ; done
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43570-pcie.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43362-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/bcm4329-fullmac-4.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac4354-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43143.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43340-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43236b.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43602-pcie.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac4334-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/bcm43xx-0.fw
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43241b5-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/bcm43xx_hdr-0.fw
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac4330-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43569.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43143-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43455-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac4335-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43602-pcie.ap.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac4356-pcie.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac4329-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43241b4-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43241b0-sdio.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac43242a.bin
linux-firmware-20150521-48.git3161bfa4.fc21.noarch /usr/lib/firmware/brcm/brcmfmac4339-sdio.bin
$ lsusb
Bus 004 Device 002: ID 8087:8000 Intel Corp.
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 8087:8008 Intel Corp.
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 0bda:8153 Realtek Semiconductor Corp.
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 0a5c:216f Broadcom Corp.
Bus 001 Device 002: ID 04f3:21f9 Elan Microelectronics Corp.
Bus 001 Device 004: ID 0bda:573c Realtek Semiconductor Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Couldn't open device, some information will be missing
Couldn't open device, some information will be missing
Couldn't open device, some information will be missing
$ lsusb -t
/:  Bus 04.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/8p, 480M
/:  Bus 03.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/6p, 480M
/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/6p, 5000M
    |__ Port 2: Dev 2, If 0, Class=Vendor Specific Class, Driver=r8152, 5000M
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/14p, 480M
    |__ Port 6: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 12M
    |__ Port 9: Dev 3, If 0, Class=Vendor Specific Class, Driver=btusb, 12M
    |__ Port 9: Dev 3, If 1, Class=Vendor Specific Class, Driver=btusb, 12M
    |__ Port 9: Dev 3, If 2, Class=Vendor Specific Class, Driver=, 12M
    |__ Port 9: Dev 3, If 3, Class=Application Specific Interface, Driver=, 12M
    |__ Port 11: Dev 4, If 0, Class=Video, Driver=uvcvideo, 480M
    |__ Port 11: Dev 4, If 1, Class=Video, Driver=uvcvideo, 480M
$ lsusb --verbose
<snip/>
Bus 001 Device 003: ID 0a5c:216f Broadcom Corp.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass          255 Vendor Specific Class
  bDeviceSubClass         1
  bDeviceProtocol         1
  bMaxPacketSize0        64
  idVendor           0x0a5c Broadcom Corp.
  idProduct          0x216f
  bcdDevice            1.12
  iManufacturer           1
  iProduct                2
  iSerial                 3
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength          218
    bNumInterfaces          4
    bConfigurationValue     1
    iConfiguration          0
    bmAttributes         0xe0
      Self Powered
      Remote Wakeup
    MaxPower                0mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      1
      bInterfaceProtocol      1
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0010  1x 16 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      1
      bInterfaceProtocol      1
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0000  1x 0 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0000  1x 0 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       1
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      1
      bInterfaceProtocol      1
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0009  1x 9 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0009  1x 9 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       2
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      1
      bInterfaceProtocol      1
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0011  1x 17 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0011  1x 17 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       3
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      1
      bInterfaceProtocol      1
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0019  1x 25 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0019  1x 25 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       4
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      1
      bInterfaceProtocol      1
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Couldn't open device, some information will be missing
Usage Type               Data
        wMaxPacketSize     0x0021  1x 33 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0021  1x 33 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       5
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass      1
      bInterfaceProtocol      1
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0031  1x 49 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0031  1x 49 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        2
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x84  EP 4 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x04  EP 4 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0020  1x 32 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        3
      bAlternateSetting       0
      bNumEndpoints           0
      bInterfaceClass       254 Application Specific Interface
      bInterfaceSubClass      1 Device Firmware Update
      bInterfaceProtocol      1
      iInterface              0
      Device Firmware Upgrade Interface Descriptor:
        bLength                             9
        bDescriptorType                    33
        bmAttributes                        5
          Will Not Detach
          Manifestation Tolerant
          Upload Unsupported
          Download Supported
        wDetachTimeout                   5000 milliseconds
        wTransferSize                      64 bytes
        bcdDFUVersion                   1.10
<snip/>

Experiences with the Dell M3800, The Good, The Bad (no Ugly, it’s a beautiful machine)

Remaining UNSOLVED

Suspend does not function; you must power off before you go mobile.

  • Early in the boot lifetime
    • it does work
    • after a few hours of uptime, it does not
  • Later in the boot cycle
    • The initial suspend works on powerbutton or lid close.
    • Yet five+ seconds later, it comes back alive at full power & heat.
    • Then the cpu is running hard, getting hot, very hot
      it will overheat if left in a suitcase.
    • The screen is dark & the network is unresponsive; it is hard hung.
    • A powercycle is required.

Following

The Good

  • The native 4k2k display is worth the buy-in.
  • The HDMI2-MHL runs 4K2K externally over the HDMI port.  Neat!

The Bad

  • Uses Broadcom componentry
    which is known Linux-unfriendly
    but maybe it’s different here, different now

    • Wireless → SOLVED (a binary blobs in rpms: broadcom-wl, kmod-wl)
    • Bluetooth → SOLVABLE (a binary blob & extraordinary non-standard reencoding & manual installation)
  • No wireline ethernet; use the USB-to-RJ45 dongle DP/N 0J1GH5.

Yet

remember the good

  • 4k2k display
  • super-thin
  • Intel i7
  • 1T SSD
  • Does run Fedora 21 … except for the exceptions.

The Ugly

No ugly, it’s a beautiful machine.  See?

Complaints

Yet, we came to complain. There is stuff that “just does not work.”

  • The bluetooth does not “just work,” whereas it does “just work” elsewhere (on Fedora 20)
    Potentially Solvable
  • The graphics hangs & crashes … alot. Especially when coming out of suspend. this is the nouveau driver.
    UNSOLVED
  • The unit cannot be reliably suspended and put in a closed space. It will go into overheat mode.  The CPU runs hard.
    UNSOLVED.

Evidences

  • Fedora 21
  • Kernel 4.0.7
    Linux devbox.example.com 4.0.7-200.fc21.x86_64 #1 SMP Mon Jun 29 22:11:52 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Actualities

Graphics Crashes

These manifest as the graphics becomes inoperable; the CPU is running hard, the fan is running hard. Even virtual consoles will not work. You must powercycle.

Jul 24 19:52:10 devbox.example.ccom kernel: nouveau E[    PBUS][0000:02:00.0] MMIO write of 0x00000002 FAULT at 0x4188ac [ IBUS ]
Jul 24 19:52:24 devbox.example.com kernel: nouveau E[    PBUS][0000:02:00.0] MMIO write of 0x00000002 FAULT at 0x4188ac [ IBUS ]
Jul 24 19:52:55 devbox.example.com kernel: nouveau E[    PBUS][0000:02:00.0] MMIO write of 0x00000002 FAULT at 0x4188ac [ IBUS ]

ACPI Scary Warnings

Jul 24 19:52:30 devbox.example.com kernel: ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Package] (20150204/nsarguments-95)
Jul 24 19:52:30 devbox.example.com kernel: ACPI: \_SB_.PCI0.PEG0.PEGP: failed to evaluate _DSM
Jul 24 19:52:30 devbox.example.com kernel: ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Package] (20150204/nsarguments-95)
Jul 24 19:53:01 devbox.example.com kernel: ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Package] (20150204/nsarguments-95)
Jul 24 19:53:01 devbox.example.com kernel: ACPI: \_SB_.PCI0.PEG0.PEGP: failed to evaluate _DSM
Jul 24 19:53:01 devbox.example.com kernel: ACPI Warning: \_SB_.PCI0.PEG0.PEGP._DSM: Argument #4 type mismatch - Found [Buffer], ACPI requires [Package] (20150204/nsarguments-95)

 

UNSOLVED: Emacs prior use of C-M-f is occluded by Clipit’s search_key=F

  • emacs uses C-M-f as the natural binding for forward-sexp
  • clipit declares search_key=<Ctrl><Alt>F in ~/.config/clipit/clipitrc

This is super-inconvenient because “clipit always wins” … there is no way for clipit to delegate handling of C-M-f off to emacs within the geometric confines of emacs’ windows.

How can it be disabled?

From GNOME:

  • Create ~/.config/autostart/clipit.desktop
    with Hidden=true
  • Not configurable in Settings
  • Not configurable in Startup Applications of gnome-tweak-tool.

From bash:

  • Remove the desktop file /etc/xdg/autostart/clipit-startup.desktop
    Untested…
  • Erase the package
    yum erase clipit

How is it stopped?

From GNOME: unknown, probably there is no way to stop it.
From bash: Kill the process.

How is clipit started?

unclear.

Perhaps from /etc/xdg/autostart


$ ls -ld /etc/xdg/autostart/clipit-startup.desktop
-rw-r--r--. 1 root root 872 Dec 15 2014 /etc/xdg/autostart/clipit-startup.desktop

$ cat /etc/xdg/autostart/clipit-startup.desktop
[Desktop Entry]
Name=ClipIt
Comment=Clipboard Manager
Icon=clipit-trayicon
Exec=clipit
Terminal=false
Type=Application
OnlyShowIn=GNOME;XFCE;LXDE;Unity;MATE;
X-GNOME-Autostart-enabled=true
X-Desktop-File-Install-Version=0.22

Folklore

References

  • Desktop Application Autostart Specification, Version v0.5; John Palmieri, Kévin Ottens, Renato Caldas, Rodrigo Moya, Waldo Bastian; Free Desktop Standards; 2006-02-13.
    • $XDG_CONFIG_DIRS/autostart
    • $XDG_CONFIG_HOME defaults to ~/.config/autostart/
    • $XDG_CONFIG_DIRS defaults to /etc/xdg/autostart/
    • <quote>If an application autostarts by having a .desktop file installed in the system wide autostart directory, an individual user can disable the autotomatic start of this application by placing a .desktop file of the same name in its personal autostart directory which contains the key Hidden=true. </quote>
  • Manage the startup applications; In The GNOME Shell; 2011-08-26.
    tl;dr → out of date; offers gnome-session-propertiesas a solution

    • Yet gnome-session-properties no longer exists in Fedora 21.
    • <quote>System-wide shortcuts can be found in /etc/xdg/autostart and in /usr/share/gnome/autostart but the preferences dialog will create local copies in your user profile when you edit a shortcut by disabling it or editing its name, command or description. You generally don’t need to edit the system-wide shortcuts but you can make modifications at your private copies.</quote>
  • Autostarting; In Arch Linux Wiki; 2015-05-31.
    tl;dr → not helpful.

Background

Summarization of the Guide to Deploying Diffie-Hellman for TLS from weakdh.org

Shown (here, but see there)

Not Shown (here, but see there)

  • Sendmail (SMTP) → available
  • Dovecot (IMAP) → available
  • OpenSSH (SSH) → available
  • OpenVPN (OPENVPN) → no advice given.
  • …other…

Diffie-Hellman Group

Generate a new, unique-to-you, Diffie Hellman Group.  Set this aside, install as directed.

openssl dhparam -out ~/tmp/dhparams.pem 2048

Case 1. Current

Condition
  • Apache v2.4.8+ and OpenSSL v1.0.2+
Action

In the Apache (httpd) SSL configuration area (e.g. /etc/httpd/conf/ssl.conf) declare explicitly:

SSLOpenSSLConfCmd DHParameters "pki/dhparams.pem"

Case 2. Not Too Old

Conditions
  • Apache with LibreSSL
  • Apache v2.4.7 and OpenSSL v0.9.8a+
Action

Append the dhparams.pem to the end of the server certificate file.

Case 3: Too Old

No advice given.

Apache (mod_ssl)

In the Apache (httpd) SSL configuration area (e.g. /etc/httpd/conf/ssl.conf) declare

SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on

Background

System Administration Guide at weakdh.org
With recipes for

  • Apache HTTP mod_ssl
  • Apache Tomcat
  • Dovecot
  • HAproxy
  • Lighttpd
  • Nginx
  • OpenSSH
  • Sendmail

David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, Paul Zimmermann; Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice; Available at weakdh.org; 2015-05-20; 13 pages; previously noted.

Inventory

Based on information, belief & hearsay; and inspecting some running systems.

Fedora 22

$ rpm -q httpd openssl
httpd-2.4.12-1.fc22
openssl-1.0.1k-6.fc22

Fedora 21

$ rpm -q httpd openssl
httpd-2.4.12-1.fc21
openssl-1.0.1k-6.fc21

Fedora 20

$ rpm -q httpd openssl
httpd-2.4.10-1.fc20
openssl-1.0.1e-42.fc20

Fedora 19

$ rpm -q httpd openssl
httpd-2.4.10-1.fc19
openssl-1.0.1e-37.fc19.1

Fedora 18

$ rpm -q httpd openssl
httpd-2.4.6-2.fc18
openssl-1.0.1e-37.fc18

Fedora 17

$ rpm -q httpd openssl
httpd-2.2.23-1.fc17
openssl-1.0.0k-1.fc17

Fedora 16

$ rpm -q httpd openssl
httpd-2.2.22-2.fc16
openssl-1.0.0j-1.fc16

Fedora 15

$ rpm -q httpd openssl
httpd-2.2.22-1.fc15
openssl-1.0.0j-1.fc15

Fedora 14

$ rpm -q httpd openssl
httpd-2.2.17-1.fc14
openssl-1.0.0c-1.fc14