Fedora 22 Review

July 15, 2015, 9 p.m.

Fedora 22 Workstation, which replaced an existing installation of the Fedora 21 based Korora 21, has pleasantly surprised me. This surprise is probably due to my terrible experience with version 20 of Korora, a distribution which aims to make Fedora a friendly out-of-the-box experience. Although, at the time, I liked Korora's changes to Fedora, the GRUB bootloader installation was not reliable. In fact during kernel updates it completely wiped out the directories in the EFI partition belonging to other OSes -- including Microsoft's.

I gave Korora another try with version 21 and this problem was gone, but because it will take Korora's developers a while after the new Fedora release to issue their respin, I decided to try Fedora 22 (after a failed attempt to use fedup with Fedora 22 repositories enabled in Korora 21). It turns out installing Fedora 22 was a good decision, because I see that for my use case, Korora doesn't add much to Fedora to make the delay between a Fedora release and Korora's respin worth the wait. One of Korora's additions, the Pharlap Hardware configuration tool, which didn't work that well is not necessary for my hardware. The other Korora modification to Fedora in the form of additional repositories, including RPM Fusion, Google, and Adobe are not enough of added value, considering that I don't care for what's in the Google repositories and the other repositories are trivial to add. Having learned this, and seeing Fedors's other impressive features, it will be one of the long-term or maybe permanent OSes on this eight-boot system.

For those willing to run a few commands after installation to make it fully usable in terms of proprietary software, which Fedora does not distribute from its repositories, Fedora offers a distribution with superior security, performance, and very up to date kernel and software, especially for a non-rolling release. It is worth a try, especially to those who intend to use the new distribution for work.

Review

I was impressed with Fedora 22 Workstation immediately after selecting Fedora from the GRUB menu. This was because of the best integration of Plymouth into the boot process I have seen, without any flicker, screen messages, or a black screen delay in the interval between selecting the OS from menu and the start of Plymouth or between the end of Plymouth splash and the display of the LightDM greeter. (If desired, the stream of boot messages is always available by pressing ESC while the Plymouth animation is playing.) The closest distribution that is on par with Fedora in this respect is Ubuntu; even openSUSE where everything works very well without configuration or a capability is not disabled completely to avoid complications-- as is hibernation in Ubuntu -- has a little flicker and a few startup messages. Arch and its derivatives, which I have been using almost exclusively recently are the worst in terms of visual polish during boot, and even the derivatives don't enable the bootsplash by default.

Unfortunately, the visual polish ends with the excellent Plymouth expereince and the actual theming done by Fedora is very boring, in my opinion. But this doesn't matter as theming artistry is not an objective of Fedora unlike Voyager, and can be remedied easily to one's own tastes as the following screenshot, which shows my current Fedora Cinnamon Desktop, demonstrates.

My Fedora 22 with Cinnamon Desktop Environment
My Fedora 22 Workstation with the Cinnamon Desktop Environment.
The background is from wallhaven, the window and GTK themes are Arc by horst3180, the icons are Numix-Square by the Numix Project -- which I copied from my Antergos installation, and the Cinnamon shell theme is Ciliora Secunda by zagortenay333.

What is important is what's inside and Fedora offers two unique strengths out of the box which complement its other not so unique features.

  • First, for a non-rolling distribution it offers the latest kernels, software, and is generally regarded as a distribution that is at the vanguard of integrating and even developing new technologies for Linux.
  • Second, Fedora is the most secure Linux distribution out-of-the box due to the inclusion of the NSA-developed SELinux system, by default.

As an exampe of the first point, consider that the kernel version installed as of July 8, 2015 is 4.0.6-300.fc22.x86_64; I assume this means that this is the third build or release for Fedora 22 of the 4.0.6 kernel.

Fedora 22 output of uname
Fedora 22 output of uname -a and uname -r.
The kernel version installed by Fedora is not as conservative as those installed by Ubuntu and the non-rolling version of openSUSE. It is actually at the same version as Arch and openSUSE Tumbleweed.

This is as current as Arch and its derivatives -- Manjaro is unique among Arch derivatives in the user can choose to use the current kernel or older versions, including an LTS version, and even install multiple kernels -- and openSUSE Tumbleweed, which I installed after Fedora. Fedora is as bleeding edge as a rolling release when it comes to kernel versions.

Fedora's short release cycle also allows its selection of packages, in addition to the kernel, to be fresh for some time after release compared to distributions like openSUSE -- with the exception of openSUSE Tumbleweed -- and others. In fact, I have seen Cinnamon updated twice to the versions available in Arch since I started using Fedora.

The second unique feature, the integration of SELinux by default, will annoy some users. But I found that I like the security offered by this feature, knowing unusual access to files by users or prcesses will be prevented. In my use case, over a period of eight weeks, SELinux issued six notifications of a blocking action. Of these, only one mattered enough to interfere with my use of Fedora at all, and I was able to make the necessary SELinux policy change to continue what I was doing, which was to connect to a VPN. In this case SELinux blocked read access to the certificates and key required by the VPN connection, which I had initiated through Network Manager. Clicking on the SELinux notification opens a GUI tool that provides options to allow the blocked action with one or more methods. This tool also allows opening secondary windows to provide more details on the blocked action and commands to issue for possible corrections.

The particular issue was that I had placed the VPN credential files, consisting of a CA certificate, a user certificate, and a private key in a non-standard location. If I had placed the certificats and keys in the standard location, instead of on a separate data partition accessible to all of the installed OSes through their /etc/fstab entries, SELinux wouldn't have taken any action. In fact, one of the options suggested by SELinux was to move the files to the standard location. (I should probably symlink to these files from the standard location as I do with my ssh credentials.)

I chose to modify the SELinux file attributes for these specific files by issuing the following commands for each of the three VPN credential files.

semanage fcontext -a -t home_cert_t /path/to/licence-or-key/file
restorecon -R -v /path/to/licence-or-key/file

Actually, before these commands, the same commands were required but with something containing NetworkManager instead of home_cert_t, unfortunately I don't remember exactly what I did and the command history is gone.

Deciding, whether to choose home_cert_t or one of the many possibilities took some Googling and reading SELinux related man pages; in the end it didn't matter because I just took one of the options from the possible values for the relevant attribute of these VPN credential files.

Besides, opening a notification, SELinux actions can also be investigated by issuing sealert which will open the SELinux Alert Browser, which is shown in the following screenshot.

SELinux Alert Browser
SELinux Alert Browser
The main screen of the tool allows you to navigate through alerts and see the nature of the action with a presentation of possible user intentions and actions to effect the proper intnetion. Certain buttons will open associated windows, such as one displaying a history of SELinux actions, and one showing a details window.

I ignored the first two notifications by SELinux, which I think happened to be a result of the Evince document reader trying to thumbnail files. The first notification I bothered to investigate by clicking the notification, was when I started Firefox for the first time and was related to a plugin trying to access the internet. The SEAlert information is shown in the above screenshot. I assume the blocked action was Firefox's reporting to Mozilla of a new installation of Firefox, since I didn't change any of SELinux's policy as offered by the SELinux Troubleshooter and everything in Firefox works as expected including all of the addons I installed. In fact I think it kept Mozilla from gatehring information about my use of Firefox.

SELinux has several other tools which I have not had the opportunity to look at as of yet, an indication that SELinux is not as bothersome to me as it is to some Linux users, considering the security it offers.

SELinux Tools Displayed in the Cinnamon Menu
SELinux Tools Displayed in the Cinnamon Menu
The SELinux Troubleshooter whcih appears in this list is that shown in the screenshot above. The others are more complex SELinux tools which I have not had to use yet.

Despite the minor problem in connecting to a VPN -- which was due to my ignorance, I think SELinux integration into Fedora is one of its benefits and not a drawback. For an example of its benefit consider two of the six SELinux actions, blocking execution of /usr/sbin/ldconfig and an inquiry of the attributes of /usr/sbin/ldconfig by sh. From a description of ldconfig the action blocked by SELinux could have been used by something to do something malicious, but I don't know (if you do, leave a comment or send feedback). I didn't override the policy leading to this block and the system hasn't displayed any irregular behavior. If it was a result of something that would compromise system security, then SELinux did what it was supposed to.

For more information on SELinux see the following pages:

I also appreciate some of Fedora non-unique features, such as the underrated RPM package system -- underrated, I assume because some users don't realize that the very low level rpm is actually rarely used to manage packages in the same way dpkg is almost never used to actually manage packages in Debian based system, but used by the higher-level tools like dnf.

My appreciation for RPM based systems stems from the fact that, like in Arch based systems, it provides the user an easy to use tool to package software by using the rpmbuild tool. The tool allows packaging software from third-party sources and custom packages of software found in official repositories to be managed by the system's package manager. The typical method of installing third-party software using ./configure, make, make install will not allow management of packages by the package manager.

This feature by itself won't be a determining factor in deciding to keep an installation of Fedora, but for a user who appreciates Fedora's other characteristics and wants the power and flexibility of being to be able to install any software for management by the system package manager, it is a plus. Fedora actually makes this capability even easier by providing automation to make a user and an environment for running rpmbuild tool. See the Fedora wiki page How to create an RPM package for more information on this.

While building packages is easy in Fedora, and the dependency resolver used by the package manager has been recently upgraded to openSUSE's libsolv, and the command line interface to the packaging and repository management system changed from yum to dnf, the dnf commands depend on numerous plugins and in most cases format the informational output horribly. I think examining the synatx of various dnf commands will show that it doesn't follow the logical and consistent structure of openSUSE's zypper. Some examples of dnf usage is available in this supplement to this review. An example of the bad formatting is shown below; in some cases the output is formatted very well, if not very informative as shown later in this article in the Package Management section.

Quick Facts

Fedora 22 comes in three versions each customized for specific uses, Fedora Workstation for desktops and laptops, Fedora Server for physical hardware other than a desktop or laptop, and Fedora Cloud for installation on cloud platforms. (See this Amazon AWS page for more information on cloud computing). The information below is only related to Fedora Workstation.

Feature Availability
Architecture x86, x86_64
Installation Media Types Live ISOs, Netinstall
Desktop Environments Gnome is the default environment; KDE Plasma, Xfce, LXDE (includes Openbox WM), Mate-Compiz, SOAS are available through Fedora Spins; Cinnamon and LXQt through Netinstall or by installing another desktop first
ISO Environment GNOME is official, 32bit and 64bit versions; Live ISOs with KDE Plasma, Xfce, LXDE, Mate-Compiz, SOAS through Fedora Spins
Customized Versions (Fedora Labs) Design Suite for visual design, multimedia production and publishing
Games
Jam for audio creation, editing, and production Robotics
Scientific scientific and numerical analysis software
Security Lab, forencsics and system rescue

Web resources related to obtaining the appropriated Fedora workstation version and installing it are listed below.

Page URL
Fedora Home Fedora Project Page
Default ISO Download Home Fedora Download Page
Spins Home Fedora Spins Page
Labs Home Fedora Labs Page
Release Notes Fedora 22 Release Notes
Installation Guide Fedora 22 Installation Guide
Documentation Home Fedora Documentation Portal

Necessary Fixes and Enhancements

The fixes necessary for this Fedora installation were a solution for a backlight control problem which required the addition of a kernel command line parameter to specify the native video and a solution in order to enable hibernation -- or suspend to disk -- which required adding the swap partition to /etc/fstab to make it the device for saving the system state during hibernation -- which should have been added by the Anaconda installer -- rebuilding the initramfs to include a resume module, and specifying the swap partition as the resume device in the GRUB input configuration file at /etc/default/grub. The steps involved in the resolution of these issues are described in this ORDINATECHNIC blog post.

Because Fedora does not distribute proprietary or non-FOSS software, it is necessary to add repositories to the system in order to install such software and make the OS as usable as most people would like. The most important of these is the RPM Fusion repository which will provide common proprietary codecs and proprietary drivers. The RPM Fusion website also lists some repositories that may be useful including those provided by companies like Dell, Google, and Adobe. I downloaded the repository setup RPM package and installed it, using dnf and not the deprecated yum as RPM Fusion instructs. The steps I used to add these repositories and some other useful repositories to the system and install the software they provide are also described in this supplement to this review. In the supplement I also describe a workaround to make the Pepper Flash Player Plugin work in Chromium based browsers.

The most satisfying enhancement I made after installing Fedora, somewhat necessary only if using another distribution's GRUB to boot Fedora was to modify the grub.cfg file that controls the display and function of the GRUB bootloader menu in the distribution whose GRUB is being used to boot Fedora. I did this to maintain the visual polish of booting Fedora using its own GRUB even when using the GRUB of another distribution. This modification also has the benefit of preserving the backlight control enabling kernel command line parameter -- otherwise the method described here for an Intel graphics card would be required.

The grub.cfg file is generated by the grub-mkconfig command which in turn executes the scripts in /etc/grub.d/ also taking inputs from the /etc/default/grub file. This method is also described in the fixes and enhancements supplement.

Software

Because I used the Netinstall ISO -- which will download and install only the software selected in the installer to install Fedora 22 -- the software installed by default wasn't an issue. I simply selected the software that interested me from the Software Selection button/spoke from the main-screen/hub of the Anaconda installer. Unfortunately, the software selection can't be refined to the package level but only to the level of broad groups of packages organized by category. You can see some screenshots of the installation steps to get a feel of the user interface and the general steps of installation from the installation supplement to this review.

The availability of software in the official repositories is one of the characteristics of Fedora that could be better. This deficiency pertains not only to non-FOSS software but to open source software as well. For example, the Synapse launcher, which is very useful in desktop environments other than KDE and maybe also GNOME, is not available in Fedora's repositories.

Unlike openSUSE, Fedora doesn't have the equivalent of the established third-party Packman Repository with a very extensive selection of packages; the RPM Fusion third-party repository that can be used with Fedora for proprietary and non-FOSS software only provides the most basic selection of software.

Fedora does provide the Fedora COPR service which is similar to the openSUSE build service, which provides a build system and repository hosting for all types of Linux distributions, even those that don't use RPM packaging, available to any end user and upstream projects. Unfortunately the Fedora COPR, which seems to be used only by Fedora developers and not users as well, is very lacking compared to openSUSE's Build Service. Fortunately for Fedora users some developers and users provide repositories that distribute packages for Fedora as well as openSUSE and others on the OBS. For example, the Arc GTK-3 theme seen in some of the screenshots in this article and all three update streams of the new Opera browser are hosted on the OBS.

On the plus side with respect to software availability, software is very current, not only as a benefit of short release cycles, but because Fedora updates even large pieces of software that other distributions may not for the sake of system stability based on all software available for the release working together well as a whole. As mentioned above, the Cinnamon Desktop had one major update and another smaller but substantial update in the less than two months I've been using Fedora, bringing it the versions available in Arch.

Package Management

Package management in Fedora 22 is through the dnf command line interface, the replacement to the deprecated yum. (yum stands for Yellow Dog Updater Modified and dnf stands for Dandified YUM). dnf is capable and fast enough, but in my opinion, it could be better with respect to the command syntax structure, the format and information outputted by commands, and the general power and flexibility of available commands. Some commands, even essential ones like those for adding a repository are provided by plugins to dnf and not part of dnf proper. These deficiencies may be only apparent when compared to openSUSE's similar zypper, which is the best command line package manager that doesn't require interaction with the underlying files, although a user can directly manipulate these if desired. (Some might also prefer the Arch command line package manager, but although I appreciate its simplicity and capability it doesn't have the flexibility combined with power as in openSUSE.)

the Fedora default GUI package manager, Yum Extender DNF (yumex-dnf)
Output of dnf search and info requests.

A simple and adequate GUI package manager is also provided in the form of Yum Extender - DNF or yumex-dnf which acts as a front end to dnf. Linux users used to Synaptic Package Manager will find it simple compared to Synaptic and users used to openSUSE's YaST Software Repositories, and Online Update modules will not like it's lack of features. Those used to Octopi or Pamac, available on Arch and its derivatives will appreciate it as it is similar in look and feel, although it is simpler than even those simple tools, especially Octopi.

the Fedora default GUI package manager, Yum Extender DNF (yumex-dnf)
The Fedora default package manager GUI YUM Extender DNF yumex-dnf.
A very simple GUI package manager.

Even though yumex-dnf is a third-party developed front-end to dnf it is well integrated with Cinnamon, even though it is not the default Fedora environment, GNOME.

a notification from Yum Extender - DNF (yumex-dnf) in Cinnamon
A notification from YUM Extender - DNF yumex-dnf in Cinnamon.
Yum Extender - DNF is well integrated to Cinnamon in Fedora.

The screenshot above shows a notification from Yum Extender - DNF.

Documentation and Help

Fedora has the best formal documentation available of any Linux distribution due to the fact, I suppose, that it is supported by Red Hat.

the Fedora Project documentation portal
The Fedora Project Documentation Portal.
Release versions are listed are listed in the left pane. Expanding the Release 22 link will show the available documents. Expanding the link to the right of the document title will display available formats. A download of the document as a pdf or epub can then be initiated.

openSUSE has similar formal documentation resources but unlike Fedora's in certain instances it tends to be outdated, maybe because of the recent change with its previous supporter/owner Novell. Fedora formal documentation can be accessed at the Fedora Project documentation page. Like openSUSE's documentation portal, the Fedora portal also allows downloading the available documentation

BookPages
Installation Guide200
Mutiboot Guide24
Networking Guide176
SELinux User's and Administrator's Guide188
System Administrator's Guide476
Virtualization Getting Started Guide40

If you expand the Fedora Draft Documentation link in the navigation pane of the portal you will find even more manuals in draft versions or for previous releases that may be very useful, including an RPM packaging manual and a draft version of documentation for Fedora Cloud, among other topics. I used this particular document to install an instance of Fedora Cloud on Amazon AWS (free for one year). Unfortunately, this document being an old unreleased one, although very helpful in providing instructions for managing, connecting to, and interacting with Fedora Cloud on Amazon AWS had a very tiny error that I could only resolve by looking at Amazon documentation -- the username for the SSH connection was indicated to be "ec2-user" instead of "fedora" in "user-name@domain.com". But overall this is great documentation. Below are some other screenshots of the documentation.

the Fedora Project documentation portal
A page from the html mode display of the System Administrator's Guide
A good starting point for learning to use dnf software and package management.

the Fedora Project documentation portal
A page from the html mode display of the System Administrator's Guide
There is documentation on GRUB and some important commands like grub-mkconfig which even shows its non-standard location for writing the grub.cfg file.

Fedora also has a wiki to address some topics with brief instructions, such as How to create an RPM package -- and this is on top of the actual 404 page book on building an RPM packaging book on building an RPM packaging.

The Fedora wiki page entitled Communicating and getting help provides information on the ways users can help themselves and an extensive list of communication channels with other users and developers. Besides the Fedora Forum there is also simple webpage called Ask Fedora where users can submit very direct questions to be answered by the community.

Recommendation

I am very pleased with Fedora 22 Workstation. It is a very secure and well performing distribution release with very current software and kernel, rivaling rolling release distributions. It has the flexible RPM packaging foundation for the dnf package manager which allows a user who appreciates Fedora's strengths to overcome its shortcomings by using rpmbuild tool to package software, as I did with Synapse.

Fedora may especially be recommended for more serious activities rather than a casual general purpose use considering the type of software available in its official repositories. There is a category in Yum Extender - DNF for scientific and engineering software that includes three different 3D CAD programs as well as manu numerical analysis tools.

Fedora also emphasizes its suitability for software development and IT professionals. I saw the result of this emphasis when installing Fedora Cloud on Amazon AWS. Clicking Download from the Fedora Cloud page takes a visitor to anoter page with a choice of installation images for different cloud platforms, each with multiple options. Selecting an image for Amazon AWS seamlessly took me to my newly created Amazon AWS EC2 instance creation page -- a wow moment for me.

Fedora does fall short of the similar openSUSE, in my view, mainly because of the flexibility and power available in openSUSE which allows many ways to administer the system whether through YaST's many modules, intuitive and powerful command line tools, or by editing configuration files directly. openSUSE also has a larger selection of software through openSUSE's own repositores, the excellent PackMan Repository and the openSUSE Build Service. openSUSE is even better now that Tumbleweed is available, which I have been using for a few weeks (look for a review here soon).

Despite the shortcomings -- in my opinion -- I described, I am definitely keeping this installation indefinitely, even using fedup to update to new releases, making my installation a semi-rolling release. Even if it is not in the number one spot on this eight-boot system it has a secure place in the group of OSes and is not in any danger of being overwrittin with another distribution.