How to fix Fedora 25 dnf upgrade “certificate expired” failure

After logging on a Fedora 25 system I didn’t log for a while, I ran dnf clean all ; dnf upgrade to update it, but I ran into this problem:

# dnf -vvvv -d 5 upgrade
cachedir: /var/cache/dnf
Loaded plugins: playground, builddep, config-manager, debuginfo-install, generate_completion_cache, needs-restarting, copr, protected_packages, noroot, download, Query, reposync
DNF version: 1.1.10
Cannot download 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f25&arch=x86_64': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=updates-released-f25&arch=x86_64 [Peer's Certificate has expired.].
Errore: Failed to synchronize cache for repo 'updates'

The certificates expired and dnf refuses to work. To update the certificates, I simply installed with rpm the packages ca-certificates, p11-kit, p11-kit-trust, openssl and openssl-libs from the distro upgrades.

# rpm -Uvh http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/c/ca-certificates-2017.2.11-1.1.fc25.noarch.rpm \ http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/p/p11-kit-0.23.2-3.fc25.x86_64.rpm \ http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/p/p11-kit-trust-0.23.2-3.fc25.x86_64.rpm \
http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/o/openssl-1.0.2k-1.fc25.x86_64.rpm \ http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/o/openssl-libs-1.0.2k-1.fc25.x86_64.rpm
# dnf upgrade
Fedora 25 - x86_64 - Updates  
Fedora 25 - x86_64
Ultima verifica della scadenza dei metadati: 0:00:19 fa il Mon Apr 17 13:47:09 2017.
[...]

You might have to find the latest version by browsing around your favourite Fedora mirror (you can find the base url in /etc/yum.repos.d/fedora-updates.repo).

Some links worth reading:

How to start rails or puma (installed with rvm) with systemd

Just a few notes I took about how to start rails server or puma (installed with rvm) with systemd.

I started reading this question on StackOverflow, but it has no answers. Then I found out this gist containing an interesting example: it shows how to create a wrapper with rvm, and then how to use this wrapper to start the server.

I read more in systemd.service documentation and the rails command line documentation and wrote this (gist):

# based on https://gist.github.com/twtw/5494223
# create systemd service file for rails/puma startup
# 0. [if required: rvm use ruby@default]
# 1. rvm wrapper default systemd rails
# 2. put this file in /etc/systemd/system/rails-puma.service
# 3. systemctl enable rails-puma
# 4. systemctl start rails-puma
[Unit]
Description=Rails-Puma Webserver
 
[Service]
Type=simple
User=app
WorkingDirectory=/home/app/your-app
ExecStart=/home/app/.rvm/bin/systemd_rails server -e production
TimeoutSec=15
Restart=always
 
[Install]
WantedBy=multi-user.target

I didn’t get to test it yet, if it works for you let me know :)

Enable touchpad tap to click on Fedora/Debian

Fedora has tap to click disabled by default (WHY?!). This has been a problem for me since AGES when using XFCE and similar environments that do not enable touch tap by default. I spent hours searching how to fix it and today I found the solution here! In short, you should create a file in /etc/X11/xorg.conf.d/ (create that directory if it doesn’t exist) and call it, for example, 10-synaptic-tap.conf. The file should contain something like:

Section "InputClass"
       Identifier "tap-by-default"
       MatchIsTouchpad "on"
       Option "TapButton1" "1"
EndSection

You can also add more options, for example, adding Option “VertTwoFingerScroll” “On” before the EndSection will enable two fingers vertical scrolling.

Asus EEEPc 1215B black screen after suspend

I didn’t find the cause, but don’t panic if your EEE PC 1215B starts with a black/dead screen after being suspended (Fedora 16 here, but I think it applies to other distros also)

As I said: don’t panic. Disconnect the power cord. Disconnect the battery. Wait a few seconds, then reconnect the battery and power cord and turn on your netbook: the screen will wake up :)

Broadcom 4313 on Fedora 16 (Linux kernel 3.1.0)

Update: since kernel 3.1.1-1, brcmsmac module is already built in the kernel package. There’s no need to recompile.

So, the people at Fedora decided the new Open Source driver for the Broadcom 4313 wireless card (idientified as: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller [14e4:4727] (rev 01)) wasn’t stable enough to be built with the default kernel for Fedora 16 (beta, at the moment). Since RPMfusion repositories for F16 aren’t out already, so you can’t install wl driver, the alternative is to build the module.

This tutorial is based on both the Custom Kernel Guide from the Fedora wiki and this article about building the driver for Fedora 15.

First, we need to install some tools needed for kernel development (and the card firmware if we don’t already have it):

root[~]% yum install linux-firmware rpmdevtools yum-utils ncurses-devel
root[~]% yum-builddep kernel

Then we can download the kernel source and prepare the build environment:

user[~]% yumdownloader --source kernel
user[~]% rpmdev-setuptree
user[~]% rpm -Uvh kernel-3.1.0-0.rc9.git0.0.fc16.src.rpm 
user[~]% cd rpmbuild/SPECS/
user[~/.../SPECS/]% rpmbuild -bp --target=$(uname -m) kernel.spec

Now we must enter the source tree and make sure that the extraversion is correctly configured. For example, for kernel 3.1.0-0.rc9.git0.0.fc16.x86_64, the extraversion will be -0.rc9.git0.0.fc16.x86_64. Edit the Makefile accordingly:

user[~/rpmbuild/SPECS/]% cd ../BUILD/kernel-3.0.fc16/linux-3.0.x86_64/
user[~/.../linux-3.0.x86_64/]% vim Makefile
user[~/.../linux-3.0.x86_64/]% make menuconfig

In menuconfig we must find the module (press / then search for brcm). In my current version, it was under Device Drivers / Staging Drivers. Set both Broadcom IEEE802.11n PCIe SoftMAC WLAN driver and Broadcom IEEE802.11n embedded FullMAC WLAN driver as modules.

Then, we compile the staging area (it could be necessary to skip this step):

user[~/.../linux-3.0.x86_64/]% make -j5 staging/drivers/

Then we make and install the drivers:

user[~/.../linux-3.0.x86_64/]% make -j5 M=drivers/staging/brcm80211
user[~/.../]% su -c 'make modules_install M=drivers/staging/brcm80211'
Password: 
  INSTALL drivers/staging/brcm80211/brcmfmac/brcmfmac.ko
  INSTALL drivers/staging/brcm80211/brcmsmac/brcmsmac.ko
  INSTALL drivers/staging/brcm80211/brcmutil/brcmutil.ko
  DEPMOD  3.1.0-0.rc9.git0.0.fc16.x86_64

Make sure that the module is in the right directory:

user[~/.../linux-3.0.x86_64/]% find /lib/modules -name 'brcm*'
/lib/modules/3.1.0-0.rc9.git0.0.fc16.x86_64/extra/brcmfmac/brcmfmac.ko
/lib/modules/3.1.0-0.rc9.git0.0.fc16.x86_64/extra/brcmutil/brcmutil.ko
/lib/modules/3.1.0-0.rc9.git0.0.fc16.x86_64/extra/brcmsmac/brcmsmac.ko

I had to run depmod again as root, then I loaded the driver:

root[~]% depmod -a
root[~]% modprobe -a brcmsmac

At this point, Network Manager got back to life and allowed me to connect to my wifi network.

If you made a mistake during the procedure, you can get a clean build tree running:

user[~/.../linux-3.0.x86_64/]% cp .config ~/config-3.1.0-rc ; cp Makefile ~/
user[~/.../linux-3.0.x86_64/]% make mrproper clean
user[~/.../linux-3.0.x86_64/]% cp ~/config-3.1.0-rc .config ; cp ~/Makefile .
user[~/.../linux-3.0.x86_64/]% make oldconfig && make prepare