Notes for Yum repositories for CentOS and Fedora

This is my scratch page for third-party centos and fedora repositories that are useful. I’ve used these at least once in my personal experience. There’s obviously a lot more, and they’re only an internet search away.


Lists of additional ones:

Sites for “rpm find”:


Fedora and scanners

If you are running Fedora and you want to use a scanner, you probably already have sane (backends at least) and simple-scan installed.

What is incredibly frustrating is when scanimage -L shows you the scanner, but simple-scan does not list it.

What you are missing is

sudo dnf install libnsl

This package is different from libnsl2, which is probably already installed. But some applications must depend on libnsl, including simple-scan. Thanks to suspiciousmilk of Ask Fedora.



  1. Brother scanner driver don’t work []

Lightdm crashes after dnf update

For a few months this year, running “dnf update” caused my display manager to malfunction. It it a terribly annoying problem. In the past, once, my /usr/bin/X was not installed. I don’t know how that happened.

This time, lightdm was not starting due to some error message which is only visible if you turn on logging/debugging and go find the right log.

lightdm gtk:error:gtkiconhelper.c:494:ensure_surface_for_gicon: assertion failed

Thankfully, the issue was researchable online although it did take a while and I bounced around different distros’ fora to get to the answer.
For Fedora, the answer simply was:

sudo dnf -y reinstall shared-mime-info


Web searches

  1. Google: fedora lightdm gtk:error:gtkiconhelper.c:494:ensure_surface_for_gicon: assertion failed

Web links

  3. points to the next two links
  4. what actually solved it
  5. same kind of error

Compile Pale Moon 28 on Fedora 27


Pale Moon 28 was released on August 16, 2018. I package it myself on Fedora because I don’t see it in the fedora repositories, and plus I like the experience of assembling packages myself. For a basic compile (not in an rpm), you can follow these instructions.

Install dependencies

Install the whole set of packages listed on the Pale Moon site (reference 2) or CentOS7

sudo dnf -y install gtk2-devel dbus-glib-devel autoconf213 yasm mesa-libGL-devel alsa-lib-devel libXt-devel zlib-devel openssl-devel sqlite-devel bzip2-devel pulseaudio-libs-devel
sudo dnf -y groupinstall 'Development Tools'

Install the dependencies I found.

sudo dnf -y install GConf2-devel notification-daemon

Use autoconf 2.13

Pale Moon depends on autoconf 2.13. Thankfully, it’s in the Fedora repos, but changing the main autoconf link to point to this specific version will save a bunch of headache later. Be aware that this step exactly as shown will change your system’s default autoconf. I’m sure this is a crude way to do it, but aren’t build systems throwaway systems nowadays?

autoconfver="$( autoconf --version 2>/dev/null | awk 'NR==1 {print $NF*100;} END {print "0";}' | head -n1 )"
test ${autoconfver} -ne 213 &&amp test ${autoconfver} -gt 0 && sudo mv /usr/bin/autoconf /usr/bin/autoconf-${autoconver} 2>/dev/null ; sudo ln -sf autoconf-2.13 /usr/bin/autoconf

Fetch source

Pale Moon likes to compile in ~/pmsrc. Don’t change it. It just makes it easier.

mkdir ~/pmsrc ~/pmbuild
cd ~/pmsrc
git clone .

Prepare to compile

Use the recommended .mozconfig from the Pale Moon site (reference 2)

touch "${tf}"
cat <<'EOFMOZCONFIG' > "${tf}"
mk_add_options AUTOCLOBBER=1
mk_add_options MOZ_OBJDIR=/home/$USER/pmbuild/
ac_add_options --enable-application=palemoon
ac_add_options --enable-optimize="-O2"
# Please see for restrictions when using the official branding.
ac_add_options --enable-official-branding
ac_add_options --enable-default-toolkit=cairo-gtk2
ac_add_options --enable-jemalloc
ac_add_options --enable-strip
ac_add_options --with-pthreads
ac_add_options --disable-tests
ac_add_options --disable-eme
ac_add_options --disable-parental-controls
ac_add_options --disable-accessibility
ac_add_options --disable-webrtc
ac_add_options --disable-gamepad
ac_add_options --disable-necko-wifi
ac_add_options --disable-updater
ac_add_options --x-libraries=/usr/lib


These instructions include saving the output to a log file, but that’s not necessary.

mkdir ~/log
cd ~/pmsrc
{ time ./mach build && time ./mach package ; } | tee -a ~/log/pmsrc.$( date "+%F-%H%M%S" ).log
echo done



  3. Compiling Pale Moon web browser on Fedora (published 2018-02-09)

Compile FreeFileSync 10.1 on Fedora

How to compile FreeFileSync 10.1 on Fedora

Tested on Fedora 28

1. Install build dependencies.

dnf install -y boost-devel compat-wxGTK3-gtk2-devel gcc-c++ gtk+-devel gtk3-devel wxGTK-devel wxGTK3-devel

2. Fetch and extract source

wget --user-agent 'Firefox 60.0 (GNU/Linux) X11' -L
mkdir 10.1
pushd 10.1; unzip ../; popd

3. Prepare patch required to compile on Fedora.

cat <<'EOF' > "${pfile}"
diff -x '*.orig' -x '*.rej' -Naur 10.1/FreeFileSync/Source/Makefile 10.1-0/FreeFileSync/Source/Makefile
--- 10.1/FreeFileSync/Source/Makefile	2018-06-03 04:27:00.000000000 -0400
+++ 10.1-0/FreeFileSync/Source/Makefile	2018-06-07 22:44:44.919899060 -0400
@@ -5,15 +5,15 @@
-CXXFLAGS  = -std=c++17 -pipe -DWXINTL_NO_GETTEXT_MACRO -I../.. -I../../zenXml -isystem../../boost -include "zen/i18n.h" -include "zen/warn_static.h" \
+CXXFLAGS  = -std=c++17 -pipe -DWXINTL_NO_GETTEXT_MACRO -I../.. -I../../zenXml -isystem/usr/include/boost -include "zen/i18n.h" -include "zen/warn_static.h" \
 -Wall -Wfatal-errors -Wmissing-include-dirs -Wswitch-enum -Wcast-align -Wshadow -Wnon-virtual-dtor \
 -O3 -DNDEBUG `wx-config --cxxflags --debug=no` -pthread
-LINKFLAGS = -s -no-pie `wx-config --libs std, aui --debug=no` -pthread
+LINKFLAGS = -s -no-pie `wx-config --libs std, aui --debug=no` -lz -pthread
 #Gtk - support recycler/icon loading/no button border/grid scrolling
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 #support for SELinux (optional)
 SELINUX_EXISTING=$(shell pkg-config --exists libselinux && echo YES)
@@ -125,5 +125,5 @@
 	mkdir -p $(DOCSHAREDIR)
-	cp ../Build/Changelog.txt $(DOCSHAREDIR)/changelog
+	cp ../../Changelog.txt $(DOCSHAREDIR)/changelog
 	gzip $(DOCSHAREDIR)/changelog
diff -x '*.orig' -x '*.rej' -Naur 10.1/FreeFileSync/Source/RealTimeSync/Makefile 10.1-0/FreeFileSync/Source/RealTimeSync/Makefile
--- 10.1/FreeFileSync/Source/RealTimeSync/Makefile	2018-06-03 04:27:00.000000000 -0400
+++ 10.1-0/FreeFileSync/Source/RealTimeSync/Makefile	2018-06-07 22:20:59.043383931 -0400
@@ -6,11 +6,11 @@
 -Wall -Wfatal-errors -Wmissing-include-dirs -Wswitch-enum -Wcast-align -Wshadow -Wnon-virtual-dtor \
 -O3 -DNDEBUG `wx-config --cxxflags --debug=no` -pthread
-LINKFLAGS = -s -no-pie `wx-config --libs std, aui --debug=no` -pthread
+LINKFLAGS = -s -no-pie `wx-config --libs std, aui --debug=no` -lz -pthread
 #Gtk - support "no button border"
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
diff -x '*.orig' -x '*.rej' -Naur 10.1/FreeFileSync/Source/ui/main_dlg.cpp 10.1-0/FreeFileSync/Source/ui/main_dlg.cpp
--- 10.1/FreeFileSync/Source/ui/main_dlg.cpp	2018-06-03 04:27:02.000000000 -0400
+++ 10.1-0/FreeFileSync/Source/ui/main_dlg.cpp	2018-06-07 22:25:32.856972097 -0400
@@ -11,6 +11,7 @@
 #include <zen/thread.h>
 #include <zen/shell_execute.h>
 #include <zen/perf.h>
+/* #include <zen/warn_static.h>  REMOVED FOR TESTING. Add back on any failures. */
 #include <wx/clipbrd.h>
 #include <wx/wupdlock.h>
 #include <wx/sound.h>
@@ -4844,7 +4845,7 @@
         globalCfg_.gui.lastUpdateCheck = 0; //reset to GlobalSettings.xml default value!
+    /*
     if (shouldRunAutomaticUpdateCheck(globalCfg_.gui.lastUpdateCheck))
         flashStatusInformation(_("Searching for program updates..."));
@@ -4852,6 +4853,7 @@
         automaticUpdateCheckEval(this, globalCfg_.gui.lastUpdateCheck, globalCfg_.gui.lastOnlineVersion,
+    */
@@ -4859,7 +4861,7 @@
     //execute just once per startup!
     Disconnect(wxEVT_IDLE, wxIdleEventHandler(MainDialog::OnRegularUpdateCheck), nullptr, this);
+    /*
     if (shouldRunAutomaticUpdateCheck(globalCfg_.gui.lastUpdateCheck))
         flashStatusInformation(_("Searching for program updates..."));
@@ -4873,6 +4875,7 @@
                                      resultAsync.get()); //run on main thread:
+    */
diff -x '*.orig' -x '*.rej' -Naur 10.1/FreeFileSync/Source/ui/small_dlgs.cpp 10.1-0/FreeFileSync/Source/ui/small_dlgs.cpp
--- 10.1/FreeFileSync/Source/ui/small_dlgs.cpp	2018-06-03 04:27:02.000000000 -0400
+++ 10.1-0/FreeFileSync/Source/ui/small_dlgs.cpp	2018-06-07 22:20:59.050384125 -0400
@@ -970,7 +970,8 @@
-    m_textCtrlOfflineActivationKey->ForceUpper();
+    // Fedora 27 does not have wxWidgets 3.1.1 yet.
+    //m_textCtrlOfflineActivationKey->ForceUpper();
     m_textCtrlLastError           ->ChangeValue(lastErrorMsg);
     m_textCtrlManualActivationUrl ->ChangeValue(manualActivationUrl);
diff -x '*.orig' -x '*.rej' -Naur 10.1/FreeFileSync/Source/ui/version_check_impl.h 10.1-0/FreeFileSync/Source/ui/version_check_impl.h
--- 10.1/FreeFileSync/Source/ui/version_check_impl.h	2018-06-03 04:27:02.000000000 -0400
+++ 10.1-0/FreeFileSync/Source/ui/version_check_impl.h	2018-06-07 22:20:59.051384152 -0400
@@ -14,7 +14,7 @@
 namespace fff
 time_t getVersionCheckInactiveId()
     //use current version to calculate a changing number for the inactive state near UTC begin, in order to always check for updates after installing a new version
@@ -38,7 +38,6 @@
 time_t getVersionCheckCurrentTime()
     return std::time(nullptr);
diff -x '*.orig' -x '*.rej' -Naur 10.1/wx+/grid.cpp 10.1-0/wx+/grid.cpp
--- 10.1/wx+/grid.cpp	2018-06-03 04:27:02.000000000 -0400
+++ 10.1-0/wx+/grid.cpp	2018-06-07 22:30:02.202436428 -0400
@@ -1169,7 +1169,9 @@
                 if (overlapPix != 0)
-                    const double scrollSpeed = wnd_.ToDIP(overlapPix) * mouseDragSpeedIncScrollU; //unit: [scroll units / sec]
+                    // Fedora 28 does not have wxGTK 3.1.1 yet. This probably breaks HiDPI usage
+                    //const double scrollSpeed = wnd_.ToDIP(overlapPix) * mouseDragSpeedIncScrollU; //unit: [scroll units / sec]
+                    const double scrollSpeed = overlapPix * mouseDragSpeedIncScrollU; //unit: [scroll units / sec]
                     toScroll += scrollSpeed * deltaSecs;

A summary of what this patch does:

  • Ensure using the system boost library. It appears the source looks for a locally-bundled boost lib, which was not included with the 10.1 code.
  • Link to zlib because previous versions use to, and without I could not compile.
  • Compile against gtk+3 instead of gtk+2 because I could not get it to compile against gtk2.
  • Place the changelog text file where the Makefile expects.
  • Disable the check for updates and lines related to activation, particularly a few based on a newer version of wxWidgets which Fedora 28 does not have yet (wxWidgets 3.1.1).
  • Revert to an older version of the scrollSpeed calculation because wxWidgets 3.1.1 is not in Fedora yet.

4. Apply patch

cd 10.1
patch -p1 < ../FreeFileSync-10.1-1.fc28.patch

5. Compile and install

cd FreeFileSync/Source
make && sudo make install

Next steps

Build an rpm for FreeFileSync (gitlab)



  1. How-to: Build 10.* from Source (Linux Mint) (FreeFileSync forum)
  2. Compiling FreeFileSync 10.0 on Fedora (this blog)
  3. Compiling FreeFileSync on Fedora (this blog)
  4. AUR (en) – freefilesync

Compiling FreeFileSync 10.0 on Fedora

When compiling the latest release of FreeFileSync, I came across this error (after applying my basic Fedora patches):

cc1plus: warning: ../../boost: No such file or directory [-Wmissing-include-dirs]
g++ -o ../Build/FreeFileSync ../Obj/FFS_GCC_Make_Release/ffs/src/algorithm.o ../Obj/FFS_GCC_Make_Release/ffs/src/application.o ../Obj/FFS_GCC_Make_Release/ffs/src/comparison.o ../Obj/FFS_GCC_Make_Release/ffs/src/structures.o ../Obj/FFS_GCC_Make_Release/ffs/src/synchronization.o ../Obj/FFS_GCC_Make_Release/ffs/src/fs/abstract.o ../Obj/FFS_GCC_Make_Release/ffs/src/fs/concrete.o ../Obj/FFS_GCC_Make_Release/ffs/src/fs/native.o ../Obj/FFS_GCC_Make_Release/ffs/src/file_hierarchy.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/batch_config.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/batch_status_handler.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/cfg_grid.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/command_box.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/folder_history_box.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/folder_selector.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/file_grid.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/file_view.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/tree_grid.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/gui_generated.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/gui_status_handler.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/main_dlg.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/progress_indicator.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/search.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/small_dlgs.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/sync_cfg.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/taskbar.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/tray_icon.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/triple_splitter.o ../Obj/FFS_GCC_Make_Release/ffs/src/ui/version_check.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/binary.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/db_file.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/dir_lock.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/ffs_paths.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/generate_logfile.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/hard_filter.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/icon_buffer.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/icon_loader.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/localization.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/parallel_scan.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/process_xml.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/resolve_path.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/perf_check.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/status_handler.o ../Obj/FFS_GCC_Make_Release/ffs/src/lib/versioning.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/xml_io.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/recycler.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/file_access.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/file_io.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/file_traverser.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/zstring.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/format_unit.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/process_priority.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../zen/shutdown.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/file_drop.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/grid.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/image_tools.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/graph.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/http.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/tooltip.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/image_resources.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/popup_dlg.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/popup_dlg_generated.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/zlib_wrap.o ../Obj/FFS_GCC_Make_Release/ffs/src/../../xBRZ/src/xbrz.o -s -no-pie `wx-config --libs std, aui --debug=no` -pthread `pkg-config --libs   gtk+-3.0` `pkg-config --libs libselinux`
/usr/bin/ld: ../Obj/FFS_GCC_Make_Release/ffs/src/../../wx+/zlib_wrap.o: undefined reference to symbol 'compressBound@@ZLIB_1.2.0'
//usr/lib64/ error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make: *** [Makefile:103: ../Build/FreeFileSync] Error 1

After some Internet searches, I found the answer!

All you have to do is fix the linking to include the -lz flag. In fact, previous versions of the software included the -lz flag in the makefile. It was probably removed as an oversight, but it compiled and operated on Fedora GNU/Linux once I added back in the linking flag. I guess omitting the z library prevents the binary from building successfully! Who’da thunk it?

Here is the diff:

--- 10.0-0/FreeFileSync/Source/Makefile	2018-04-26 16:57:13.000000000 -0400
+++ 10.0-1/FreeFileSync/Source/Makefile	2018-05-01 07:13:57.430369158 -0400
@@ -9,11 +9,11 @@
 -Wall -Wfatal-errors  -Winit-self -Wmissing-include-dirs -Wswitch-enum -Wmain -Wnon-virtual-dtor -Wcast-align -Wshadow -Wno-deprecated-declarations \
 -O3 -DNDEBUG `wx-config --cxxflags --debug=no` -pthread
-LINKFLAGS = -s -no-pie `wx-config --libs std, aui --debug=no` -pthread
+LINKFLAGS = -s -no-pie `wx-config --libs std, aui --debug=no` -lz -pthread
 #Gtk - support recycler/icon loading/no button border/grid scrolling
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 #support for SELinux (optional)
 SELINUX_EXISTING=$(shell pkg-config --exists libselinux && echo YES)



  2. Discussion about linking to a lib in general

Fedora remove duplicate packages from partially-completed dnf update

On my Fedora 27 systems, my system froze up when I was updating all the packages (I suspect I’m having hardware problems).

My system did reboot just fine, but not all ancillary services came up. During my troubleshooting, I discovered that there were multiple versions of packages installed for hundreds of packages.

After some brief Internet searches, I found my solution:

sudo dnf remove --duplicates

Output will resemble:

Last metadata expiration check: 1:14:37 ago on Sat 31 Mar 2018 09:52:43 PM EDT.
Dependencies resolved.
 Package                       Arch   Version            Repository        Size
 ImageMagick                   x86_64 1:  updates-smith122 186 k
     replacing  ImageMagick.x86_64 1:
 ImageMagick-libs              x86_64 1:  updates-smith122 2.3 M
     replacing  ImageMagick-libs.x86_64 1:
 abrt                          x86_64 2.10.7-1.fc27      updates-smith122 525 k
     replacing  abrt.x86_64 2.10.5-1.fc27
 abrt-addon-ccpp               x86_64 2.10.7-1.fc27      updates-smith122 130 k
     replacing  abrt-addon-ccpp.x86_64 2.10.5-1.fc27
 abrt-addon-coredump-helper    x86_64 2.10.7-1.fc27      updates-smith122  40 k
     replacing  abrt-addon-coredump-helper.x86_64 2.10.5-1.fc27
 abrt-addon-kerneloops         x86_64 2.10.7-1.fc27      updates-smith122  54 k
     replacing  abrt-addon-kerneloops.x86_64 2.10.5-1.fc27
 abrt-addon-pstoreoops         x86_64 2.10.7-1.fc27      updates-smith122  32 k
     replacing  abrt-addon-pstoreoops.x86_64 2.10.5-1.fc27




VeraCrypt rpm for Fedora

Last updated: 2018-09-26

Update: I now package veracrypt in an rpm on my copr. So use:

dnf copr enable bgstack15/stackrpms
dnf install veracrypt

In these post-TrueCrypt days, I migrated to VeraCrypt. For a very long time now, I have been maintaining an encrypted file container on a flash drive on my keychain. Additionally, I keep various binaries to help open it, like on Windows or GNU/Linux, should I ever need emergency access to my files when not on one of my regular machines. I’m not NSA-proof, but I do intend to keep my private files out of the view of the general public or any random person who might find a lost flash drive.

So about VeraCrypt, A user can download the latest binary packages, even for GNU/Linux, from the offical downloads page. And the source code is on gitlab at

But nobody I could find on the Internet has a Fedora rpm package for it. Well, I present to you now my Veracrypt rpm project. It took me a while to figure out the different releases of VeraCrypt don’t compile on Fedora 27 for various bug-related reasons. But the freshest commit version does, so this rpm is generated from the beta upstream point in time where I saved a copy of the repo.

The normal way to compile any of my rpms is to use the usr/share/${package}/build/pack script. It will download sources, prepare the file list in the spec, and perform the rpmbuild.

Add custom kickstart file and root ca certificates to iso file

Introduction and goals

This is intended to be one of my longer posts. This article describes how to accomplish the following tasks:

  1. Insert custom kickstart files into an iso file
  2. Insert custom root CA certificates into the initrd.img of an iso file, so you can fetch a custom repository over https
  3. Write a sample kickstart file
  4. Open up the initrd.img to add more files

The example file used is Fedora-Workstation-netinst-x86_64-27-1.6.iso available from

The files

You will need a few files, including:

  1. kickstart file
  2. Root certificate

Kickstart files

My 2 different kickstart files are
fc27c-ks.cfg (saved to WordPress as a .doc, but it is truly just a plain text file)
Quite a few things to note about the content:
I had to use http for all my local repositories, even though I got the ca certficate loaded. I think how my ISP bounces back my https traffic causes enough slowdown on the ssl handshake it prevents anaconda from using it correctly. It was working earlier in the day but I had to disable it.
Observe in the %pre scriptlet the lines

cp -p /run/install/repo/ /etc/pki/ca-trust/source/anchors 2>/dev/null || :
update-ca-trust || :

These 2 lines load up the root certificate authority cert into the running initrd trusted keys, so the ssl connections are trusted.
Please see the attached or indicated files.

Root certificate

A root certificate is the certificate that signs other certificates for that namespace. I use my own in my ipa domain, and I use it on my web server. So to connect with ssl because I want to encrypt everything possible, I need this cert in the runtime environment on the iso disc image. My root ca file is
not shared on this blog. Go get your own!

The steps

Mount original iso

mkdir -p /mnt/originaliso
mount -v -o loop /mnt/public/Support/SetupsBig/Linux/Fedora-Workstation-netinst-x86_64-27-1.6.iso /mnt/originaliso/

Copy contents to work directory

mkdir -p /mnt/newiso ; cd /mnt/
time cp -pr originaliso/* newiso/

Copy in kickstart files

cp -pf /mnt/public/Support/Platforms/Fedora/fc27{x,c}-ks.cfg /mnt/newiso/
chown root:root /mnt/newiso/*ks.cfg
echo done

Tell disc to use new ks file

This task:

  • Adds xfce and cinnamon menu options
  • Find all the append= lines, and add to the end this attribute: ks=hd:LABEL=fc26:/fc26x-ks.cfg

The important piece is to have the LABEL= the volume name that you give the mkisofs -V “label” a few commands later in this article. If you really want to use a file:/ks.cfg, then you have to open up the initrd, which Appendix A demonstrates.

Fedora 27 xfce and cinnamon
sed -r -e "/append/{s/LABEL=([A-Za-z0-9_\-]*)(\s|:)/LABEL=${label}\2/;s/quiet//;};" -e '/label linux/,/^\s*$/H;' -e '/^\s*$/{x;};' "${tf}" | \
awk "BEGIN{a=0;b=0;labels[1]=\"xfce\";labels[2]=\"cinnamon\";} /^label [^l]/{b=b+1} b < 1 && /label linux/{a=a+1;\$0=\$0\" \"labels[a];} b < 1 && /menu label/{\$0=\$0\" \"labels[a];} b < 1 && /append/{\$0=\$0\"ks=hd:LABEL=${label}:/${label}\"substr(labels[a],1,1)\"-ks.cfg\";} {print;}" > "${tf}.$$"
mv -f "${tf}.$$" "${tf}"
Centos 7
sed -r -e "/append/{s/LABEL=([A-Za-z0-9_\-]*)(\s|:)/LABEL=${label}\2/;s/quiet//;};" "${tf}" | \
awk "BEGIN{a=0;b=0;labels[1]=\"with my bgstack15 custom kickstart\";} /^label [^l]/{b=b+1} b < 1 && /label linux/{a=a+1;\$0=\$0\" \"labels[a];} b < 1 && /menu label/{\$0=\$0\" \"labels[a];} b < 1 && /append/{\$0=\$0\"ks=hd:LABEL=${label}:/${label}-ks.cfg\";} {print;}" > "${tf}.$$"
mv -f "${tf}.$$" "${tf}"

Copy in certificate file

This will be used by the kickstart file and injected into the running initrd so https connections can be trusted to download the repos.

/bin/cp -pf /mnt/public/www/smith122/certs/ /mnt/newiso/
chown root:root /mnt/newiso/*.crt

Make new iso

Fedora 27
ti="${label}manual.iso"; cd /mnt/newiso;
rm -f /mnt/newiso/"${ti:-NOTHINGTODELETE}" ; __func() { mkisofs -V "${label}" -m '*.iso' -o "../${ti}" -b isolinux/isolinux.bin -c isolinux/ -no-emul-boot -boot-load-size 4 -boot-info-table -r -J -v -T . ; implantisomd5 "/mnt/${ti}" ; } ; time __func
CentOS 7
ti=centos7manual.iso ; cd /mnt/newiso ;
rm -f /mnt/newiso/"${ti:-NOTHINGTODELETE}" ; __func() { mkisofs -V "${label}" -m '*.iso' -o "../${ti}" -b isolinux/isolinux.bin -c isolinux/ -no-emul-boot -boot-load-size 4 -boot-info-table -r -J -v -T . ; implantisomd5 "/mnt/${ti}" ; } ; time __func

Copy to server so vm1 can access

time su bgstack15 -c "cp -pf /mnt/${ti} /mnt/public/Support/SetupsBig/Linux/";
echo done

Next steps

After that, the iso is ready to be burned to disc or used by virt-install. I have not actually tried burning a disc or usb drive, but I assume it’s pretty similar to a regular Live iso.
For virt-install, I was simply unable to get my fancy customized iso to work fully automatically. For a regular, unattended vm install, I use the regular Fedora netinstall iso and I inject my kickstart file.

vm=fc27x-02a ; time sudo virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=fedora25 --accelerate -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/Linux/Fedora-Workstation-netinst-x86_64-27-1.6.iso  --initrd-inject=/mnt/public/Support/Platforms/Fedora/fc27x-ks.cfg --extra-args "ks=file:/fc27x-ks.cfg SERVERNAME=${vm}" --debug --network type=direct,source=eno1

And to destroy that vm when I’m done with it:

vm=fc27x-02a; sudo virsh destroy "${vm}"; sudo virsh undefine --remove-all-storage "${vm}";

But this custom iso that we built is ready to be inserted into a vm, where you can manually select the xfce or the cinnamon option. After that initial menu choice, everything else is automatic and unattended.


Appendix A: Modify initrd.img file

Right after step “Copy in certificate file,” if you want to modify the initrd.img file, you can use these steps:

Open initrd.img xz file

mkdir -p /mnt/initrd1; cd /mnt/initrd1; time xzcat /mnt/originaliso/isolinux/initrd.img | cpio -d -i -m

Perform any file modifications to that filesystem in /mnt/initrd1.

Assemble new initrd.img file

cd /mnt/initrd1 ; time find . | cpio -o -H newc | xz --check=crc32 --x86 --lzma2=dict=512KiB > /mnt/newiso/isolinux/initrd.img




Internal documents

~/2017/Systems/guides/Add custom kickstart to iso file.odt

Compiling FreeFileSync on Fedora

FreeFileSync is a great open source GUI application. Think of it as the GUI for rsync.

The Freefilesync team does not provide an rpm of the software, but they do provide the source code. Now, the team does not allow direct linking, so that link has a HMTL5 rel=”noreferrer” which might make it work for you.


I finally got a scriptlet to work with download the source code! Use this:

wget --referer "" --user-agent "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0"

So, once you open up the zip file of the source code, you need to modify a few things. Please examine the patch I wrote:

Here is the text, in case my home server is down:

diff -Naur FreeFileSync/Source/Makefile FreeFileSync.fc25/Source/Makefile
--- FreeFileSync/Source/Makefile	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/Makefile	2017-10-22 21:33:01.445470939 -0400
@@ -10,8 +10,8 @@
 LINKFLAGS = -s `wx-config --libs std, aui --debug=no` -lboost_thread -lboost_chrono -lboost_system -lz -pthread
 #Gtk - support recycler/icon loading/no button border/grid scrolling
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 #support for SELinux (optional)
 SELINUX_EXISTING=$(shell pkg-config --exists libselinux && echo YES)
diff -Naur FreeFileSync/Source/RealTimeSync/Makefile FreeFileSync.fc25/Source/RealTimeSync/Makefile
--- FreeFileSync/Source/RealTimeSync/Makefile	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/RealTimeSync/Makefile	2017-10-22 21:33:19.853796285 -0400
@@ -7,8 +7,8 @@
 LINKFLAGS = -s `wx-config --libs std, aui --debug=no` -lboost_thread -lboost_chrono -lboost_system -lz -pthread
 #Gtk - support "no button border"
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
diff -Naur FreeFileSync/Source/ui/main_dlg.cpp source.fc25/FreeFileSync/Source/ui/main_dlg.cpp
--- FreeFileSync/Source/ui/main_dlg.cpp	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/ui/main_dlg.cpp	2017-10-22 21:33:01.446470957 -0400
@@ -1024,7 +1024,7 @@
     globalSettings.gui.cfgFileHistory = history;
-    globalSettings.gui.cfgFileHistFirstItemPos = m_listBoxHistory->GetTopItem();
+    //globalSettings.gui.cfgFileHistFirstItemPos = m_listBoxHistory-gt;GetTopItem();
     for (const Zstring& cfgFilePath : activeConfigFiles_)
@@ -4862,6 +4862,7 @@
+    /*
     if (shouldRunPeriodicUpdateCheck(globalCfg_.gui.lastUpdateCheck))
         flashStatusInformation(_("Searching for program updates..."));
@@ -4869,6 +4870,7 @@
         periodicUpdateCheckEval(this, globalCfg_.gui.lastUpdateCheck, globalCfg_.gui.lastOnlineVersion,
+    */
@@ -4877,6 +4879,7 @@
     //execute just once per startup!
     Disconnect(wxEVT_IDLE, wxIdleEventHandler(MainDialog::OnRegularUpdateCheck), nullptr, this);
+    /*
     if (shouldRunPeriodicUpdateCheck(globalCfg_.gui.lastUpdateCheck))
         flashStatusInformation(_("Searching for program updates..."));
@@ -4890,6 +4893,7 @@
                                     resultAsync.get()); //run on main thread:
+    */

You will need a set of packages installed to compile:

dnf install -y boost-devel compat-wxGTK3-gtk2-devel gcc-c++ gtk+-devel gtk3-devel wxGTK-devel wxGTK3-devel