Updating your kernel when /boot is too small

Some cloud images provide a /boot filesystem which is too small to hold the required files to boot 2 different kernel versions.

In this tip we'll see how to identify when an update was unsuccesfull and what to do in order to run the latest kernel in the next reboot.

Identifying /boot size

This boot filesystem is only 495 MB in size, and size it's a RHEL9 system, it is too small to hold two kernels: 

# df -h /boot/
Filesystem      Size  Used Avail Use% Mounted on
/dev/vda3       495M  360M  136M  73% /boot

Identifying issues while upgradng

When we upgrade the system with yum, the following error is shown on screen: 

# yum upgrade -y
[...]
  Running scriptlet: kernel-core-5.14.0-427.22.1.el9_4.x86_64                                                                                                                                                                  963/963 
cp: error writing '/boot/initramfs-5.14.0-427.22.1.el9_4.x86_64.img': No space left on device
dracut: dracut: creation of /boot/initramfs-5.14.0-427.22.1.el9_4.x86_64.img failed
warning: %posttrans(kernel-core-5.14.0-427.22.1.el9_4.x86_64) scriptlet failed, exit status 1

Error in POSTTRANS scriptlet in rpm package kernel-core

This means that the newly-regenerated initramfs is incomplete/corrupt as it didn't have enough space to be properly created. The next boot using that initramfs will fail and leave you with an unbootable kernel.

We can also see errors in the messages file:

# cat /var/log/messages| grep -P "dracut: creation.*failed" 
Jul  2 10:11:42 server.example.com dracut[27623]: dracut: creation of /boot/initramfs-5.14.0-427.22.1.el9_4.x86_64.img fail

Luckily the old kernel is still working and we can just boot the old kernel to get the system properly updated.

Erasing the old kernel and rebuilding the initramfs

We can now identify the old and new versions of the kernel:

# rpm -qa| grep kern | sort
kernel-5.14.0-362.13.1.el9_3.x86_64
kernel-5.14.0-427.22.1.el9_4.x86_64
kernel-core-5.14.0-362.13.1.el9_3.x86_64
kernel-core-5.14.0-427.22.1.el9_4.x86_64
kernel-modules-5.14.0-362.13.1.el9_3.x86_64
kernel-modules-5.14.0-427.22.1.el9_4.x86_64
kernel-modules-core-5.14.0-362.13.1.el9_3.x86_64
kernel-modules-core-5.14.0-427.22.1.el9_4.x86_64

We have 5.14.0-362.13.1.el9_3 (old) and 5.14.0-427.22.1.el9_4 (new).

We can remove the old version of the kernel (the running one).

BEWARE THIS IS A DANGEROUS STEP! You may render your system unbootable if you don't follow the steps properly and manage to fully install the new kernel.

Remove the old kernel packages with rpm . dnf will not let you do so because it's the running kernel.

# rpm -qa| grep kern | grep 5.14.0-362.13.1.el9_3 | xargs rpm -e 
/usr/sbin/weak-modules: line 1086: cd: /lib/modules/5.14.0-362.13.1.el9_3.x86_64/weak-updates: No such file or directory
warning: file /lib/modules/5.14.0-362.13.1.el9_3.x86_64/modules.builtin.modinfo: remove failed: No such file or directory
warning: file /lib/modules/5.14.0-362.13.1.el9_3.x86_64/modules.builtin: remove failed: No such file or directory

Once you've removed the old kernel, you should have plenty of space in /boot to let it install the new kernel and regenerate the new initramfs automatically with dracut.

A simple way to do that is to just reinstall the kernel package with dnf:

# yum reinstall kernel && reboot
Updating Subscription Management repositories.
Last metadata expiration check: 0:24:06 ago on Tue Jul  2 09:55:07 2024.
Dependencies resolved.
=====================================================================================================
 Package               Architecture    Version                 Repository                     Size
=====================================================================================================
Reinstalling:
 kernel                x86_64          5.14.0-427.22.1.el9_4   rhel-9-for-x86_64-baseos-rpms  5.5 M

Transaction Summary
=====================================================================================================
Total download size: 5.5 M
Installed size: 0  
Is this ok [y/N]: y

This task ensures that:

  • The kernel package is reinstalled.
  • The initramfs is regenerated for all installed kernel packages (only one in our current scenario).

Once this step is done, you'll be running the latest kernel.

Happy hacking!

Re-configuring workers in Satellite 6.13 for performance tunning

While there is a very complete Satellite 6.13 Performance tuning guide, I always struggle to find these parameters whenever I happen to change the CPU and RAM resources when Satellite is configured as a Virtual Machine.

Usually I care about tunning two things:

  • a) The number of Puma workers (helps with Satellite WebUI responsiveness and with the number of dynflow tasks it can handle)

  • b) The number of pulp workers so I can synchronize more repositories in parallel.

To tune this, in a 16 vCPU machine, I would use something like:

satellite-installer \
 --foreman-foreman-service-puma-workers=8 \
 --foreman-foreman-service-puma-threads-min=16 \
 --foreman-foreman-service-puma-threads-max=16 \
 --foreman-proxy-content-pulpcore-worker-count=8

Happy hacking!

Checking SSL and TLS configuration with sslyze

Just a quick tip on checking a server's SSL/TLS configuration without too much issues.

sslyze is a python package that can be used to check the accepted ciphers of a certain service, eg:

 pip install sslyze

 python -m sslyze server.example.com

CHECKING CONNECTIVITY TO SERVER(S)
----------------------------------

server.example.com:443            => 192.168.1.208   WARNING: Server requested optional client authentication


SCAN RESULTS FOR server.example.com:443 - 192.168.1.208
-------------------------------------------------

* Certificates Information:
    Hostname sent for SNI:             server.example.com
    Number of certificates detected:   1


    Certificate #0 ( _RSAPublicKey )
    SHA1 Fingerprint:                  2e57a27485b980d25ea0d8d642ab31d5b6a64b6e
    Common Name:                       server.example.com
    Issuer:                            server.example.com
    Serial Number:                     217661717633682589085577779257221678089539599645
    Not Before:                        2023-02-15
    Not After:                         2038-01-18
    Public Key Algorithm:              _RSAPublicKey
    Signature Algorithm:               sha256
    Key Size:                          4096
    Exponent:                          65537
    SubjAltName - DNS Names:           ['server.example.com']

    Certificate #0 - Trust
    Hostname Validation:               OK - Certificate matches server hostname
    Android CA Store (13.0.0_r9):      FAILED - Certificate is NOT Trusted: self-signed certificate in certificate chain
    Apple CA Store (iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9):FAILED - Certificate is NOT Trusted: self-signed certificate in certificate chain
    Java CA Store (jdk-13.0.2):        FAILED - Certificate is NOT Trusted: self-signed certificate in certificate chain
    Mozilla CA Store (2022-12-11):     FAILED - Certificate is NOT Trusted: self-signed certificate in certificate chain
    Windows CA Store (2023-02-19):     FAILED - Certificate is NOT Trusted: self-signed certificate in certificate chain
    Symantec 2018 Deprecation:         ERROR - Could not build verified chain (certificate untrusted?)
    Received Chain:                    server.example.com --> server.example.com
    Verified Chain:                    ERROR - Could not build verified chain (certificate untrusted?)
    Received Chain Contains Anchor:    ERROR - Could not build verified chain (certificate untrusted?)
    Received Chain Order:              OK - Order is valid
    Verified Chain contains SHA1:      ERROR - Could not build verified chain (certificate untrusted?)

    Certificate #0 - Extensions
    OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
    Certificate Transparency:          NOT SUPPORTED - Extension not found

    Certificate #0 - OCSP Stapling
                                        NOT SUPPORTED - Server did not send back an OCSP response

* SSL 2.0 Cipher Suites:
    Attempted to connect using 7 cipher suites; the server rejected all cipher suites.

* SSL 3.0 Cipher Suites:
    Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

* TLS 1.0 Cipher Suites:
    Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

* TLS 1.1 Cipher Suites:
    Attempted to connect using 80 cipher suites; the server rejected all cipher suites.

* TLS 1.2 Cipher Suites:
    Attempted to connect using 156 cipher suites.

    The server accepted the following 23 cipher suites:
        TLS_RSA_WITH_AES_256_GCM_SHA384                   256                      
        TLS_RSA_WITH_AES_256_CCM                          256                      
        TLS_RSA_WITH_AES_256_CBC_SHA256                   256                      
        TLS_RSA_WITH_AES_256_CBC_SHA                      256                      
        TLS_RSA_WITH_AES_128_GCM_SHA256                   128                      
        TLS_RSA_WITH_AES_128_CCM                          128                      
        TLS_RSA_WITH_AES_128_CBC_SHA256                   128                      
        TLS_RSA_WITH_AES_128_CBC_SHA                      128                      
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256       256       ECDH: X25519 (253 bits)
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384             256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                256       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256             128       ECDH: prime256v1 (256 bits)
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                128       ECDH: prime256v1 (256 bits)
        TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256         256       DH (4096 bits) 
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384               256       DH (4096 bits) 
        TLS_DHE_RSA_WITH_AES_256_CCM                      256       DH (4096 bits) 
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256               256       DH (4096 bits) 
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA                  256       DH (4096 bits) 
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256               128       DH (4096 bits) 
        TLS_DHE_RSA_WITH_AES_128_CCM                      128       DH (4096 bits) 
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256               128       DH (4096 bits) 
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA                  128       DH (4096 bits)

    The group of cipher suites supported by the server has the following properties:
    Forward Secrecy                    OK - Supported
    Legacy RC4 Algorithm               OK - Not Supported


* TLS 1.3 Cipher Suites:
    Attempted to connect using 5 cipher suites.

    The server accepted the following 4 cipher suites:
        TLS_CHACHA20_POLY1305_SHA256                      256       ECDH: X25519 (253 bits)
        TLS_AES_256_GCM_SHA384                            256       ECDH: X25519 (253 bits)
        TLS_AES_128_GCM_SHA256                            128       ECDH: X25519 (253 bits)
        TLS_AES_128_CCM_SHA256                            128       ECDH: X25519 (253 bits)


* Deflate Compression:
                                        OK - Compression disabled

* OpenSSL CCS Injection:
                                        OK - Not vulnerable to OpenSSL CCS injection

* OpenSSL Heartbleed:
                                        OK - Not vulnerable to Heartbleed

* Client certificated required for --robot: use --cert and --key to provide one.

* Session Renegotiation:
    Client Renegotiation DoS Attack:   OK - Not vulnerable
    Secure Renegotiation:              OK - Supported

* Elliptic Curve Key Exchange:
    Supported curves:                  X25519, X448, prime256v1, secp384r1, secp521r1
    Rejected curves:                   prime192v1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp224r1, secp256k1, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1

SCANS COMPLETED IN 6.953993 S
-----------------------------

COMPLIANCE AGAINST MOZILLA TLS CONFIGURATION
--------------------------------------------

    Checking results against Mozilla's "MozillaTlsConfigurationEnum.INTERMEDIATE" configuration. See https://ssl-config.mozilla.org/ for more details.

    server.example.com:443: ERROR - Scan did not run successfully; review the scan logs above.

Happy hacking!

Introducing satellite-conf-report

tl;dr: I wrote a quick shell script that gathers your Satellite/Foreman configuration and generates a Markdown file with it. It uses hammer commands underneath, and can help you in the following scenarios:

  • Reporting the basic configuration of a Satellite system.
  • Help with configuration drift - you can compare reports from different dates.
  • Quickly share the configuration with others.
  • Help perform configuration analysis / health checks.

The satellite-conf-report script is available int he following Github repo:

https://github.com/frangdlt/satellite-conf-report

Happy hacking!

Installing and running shrewsoft VPN client in Fedora 38

Shrewsoft created a VPN client and last build was done in 2013. We can still run such an ancient software in Fedora 38 with this couple of tricks.

Installation

First you need to enable the COPR repository for legacy OpenSSL 1.10

dnf copr enable dioni21/compat-openssl10

After that, you can manually install the shrewsoft package with:

yum localinstall https://download.copr.fedorainfracloud.org/results/pessoft/ike/fedora-rawhide-x86_64/00780930-ike/ike-2.2.1-13.fc29.x86_64.rpm

Running Shrewsoft VPN client

First you need to ensure that the IKE daemon is runing. You can launch it under your regular user:

/usr/sbin/iked &

Then launch the VPN client GUI with:

/usr/bin/ikec

Finally import your VPN profile and enjoy :-)

Happy hacking!

Overriding the system hostname when registering into Red Hat Satellite

Sometimes you need to ensure that a system registered into Satellite has a specific hostname, because the current one is unacceptable for a number of reasons (it might collide with another one, etc).

The Satellite documentations points to the fact that you can override the name by configuring a setting in the subscription-manager facts, however this does not seem to work in newer (6.12+) versions of Red Hat Satellite.

In the latest testing I did, this way ensures the system is registered with the requested hostname in Satellite.

  • Ensure the old host and content hosts are deleted from Satellite (if required).
  • Add the requested hostname in /etc/hosts of the system, bound to one of its IPs. It does not matter if it's not the first entry associated to the IP.

  • Ensure that /etc/rhsm/facts/katello.facts has this settings:

    {
"network.fqdn":"new-name.example.com",
"network.hostname":"new-name.example.com",
"network.hostname-override":"new-name.example.com"
}

  • Register the system again with subscription-manager, eg:

    subscription-manager register --org="ORGANIZATION" --activationkey="ACTIVATIONKEY" --force --name=new-name.example.com

In addition to this, it seems that simply setting the network.hostname-override parameter does not longer work by default. Satellite can be configured to obey this parameter, but the rest of the configuration is still required.

Some relevant documents:

  • https://access.redhat.com/solutions/3166211 - Registered content host appears with a different hostname in Red Hat Satellite WebUI.
  • https://access.redhat.com/solutions/3732221 - network.hostname-override is not overriding the hostname of server for registration

Happy hacking!

Setting VSCode as the default Gnome editor

Quick post. I had the need to change the default Gnome editor from gedit to VSCode. There isn't a straight-forward way to do this, so I found this quick way and wanted to make a note in the blog so I don't forget ;-) .

➜ xdg-mime  query default text/plain 
gedit.desktop

➜ xdg-mime default code.desktop text/plain

➜ xdg-mime  query default text/plain  
code.desktop

You can also check the list of existing applications by searching for *.desktop files installed in your system, eg:

➜ find /usr/share/applications  -name "*.desktop"

Happy hacking!

Registering old RHEL systems into new Satellite versions

Sometimes you find out you need to register really ancient Red Hat Enterprise Linux systems into a new Satellite, but this poses a number of challenges, namely around support, and having the right tools in the system (subscription-manager, curl and others) available so the system can be successfully managed by Red Hat Satellite.

Supported Satellite client operating systems

Red Hat maintains a list of supported operating systems per version on Satellite here:

https://access.redhat.com/solutions/5607011 - What are the supported operating systems for hosts of Red Hat Satellite 6 ?

The reality is a bit more complex, as Red Hat only tests new Satellite versions with actively supported RHEL operating systems. For RHEL6, this means that the only tested combinations are those using RHEL 6.10 using the ELS (Extended Lifecycle Support) add-on.

For ancient RHEL 7.0 and RHEL 7.1 versions, it's even more complicated because curl lacks some cryptographic cyphers, which make connecting to Satellite impossible.

The workaround is to upgrade the relevant system packages to the latest version PRIOR to attempting to register the system into Satellite 6.x .

So here are some notes on how to accomplish that:

Registering RHEL 6 older than 6.10 are not supported with Satellite 6.10+. Registration does not work.

  • It is required to update the subscription-manager, rpm, and other components to those provided by RHEL 6.10 prior to onboarding the system into Satellite 6.12 .
  • This process might render the "subscription-manager" inoperable. It is recommended to perform a full backup of the system, and implement access to the RHEL 6.10 DVD prior to attempting this upgrade.
  • The RHEL 6.10 content can be made available via the RHEL ISO, or hosted in a web server or NFS server.
  • Red Hat Engineering does not certify a full list of packages that need to be upgraded. However, when testing the following list of packages seems to be sufficient to allow a successful registration:
  • yum upgrade -y "yum*" "subscription-manager*" "rpm" python-requests.noarch python-rhsm.x86_64 python-six.noarch python-urlgrabber.noarch python-urllib3.noarch openssl
  • More packages might be required depending on the installed packages in the managed system that needs to be migrated.

RHEL 7.0 and RHEL 7.1 cannot be registered with Satellite.

  • In a similar way to RHEL 6, RHEL 7.0 and RHEL 7.1 cannot connect to a new satellite because of openssl ciphers and because of subscription-manager components. Registration errors might include curl: (35) Peer reports incompatible or unsupported protocol version.
  • The problem can be solved by upgrading the following packages prior to registration. Packages should come from RHEL 7.9.
  • yum upgrade -y openssl curl "yum*" "subscription-manager*" "rpm" python-six python-rhsm
  • Again, this process might render the "subscription-manager" inoperable. It is recommended to perform a full backup of the system, and implement access to the RHEL 7.9 DVD prior to attempting this upgrade.
  • The RHEL 7.9 content can be made available via the RHEL ISO, or hosted in a web server or NFS server.

Happy Satellite-ing!

Installing a Brother DCP-L2550DN printer and scanner in Fedora 37

Bother DCP-L2550DN printer

My trusty, 15 year old Brother HL-2030 printer died with a Laser sensor error, so it was due time for a replacement. Brother has been known to make good printers and I wanted to get a replacement ASAP.

My requirements for the printer were:

  • Laser B&W / monochrome. I only print a few pages per year, but I really need to work OK (as I'm usually very remote to the printer).
  • Reasonable low cost (under 200€).
  • Network attachable (Ethernet), wifi optional.
  • Fedora compatible.

So I found this Brother DCP-L2550DN on Amazon, and after a couple of days for shipping, I was ready to get it installed.

Installing the printer

In my case, I just had to remove the old printer, and replace in place with the new one. I connected the same USB-A (computer) to USB-B (printer) cable, and it was immediately recognized by lsusb.

#> lsusb | grep -i Brother
Bus 001 Device 005: ID 04f9:0423 Brother Industries, Ltd DCP-L2550DN series

The Brother support page instructs you to download the installer script, which in my case was:

  • linux-brprinter-installer-2.2.3-1
  • dcpl2550dnpdrv-4.0.0-1.i386.rpm
  • brscan-skey-0.3.1-2.x86_64.rpm
  • brscan4-0.4.11-1.x86_64.rpm

After running the script and asking for the specific model (DCP-L2550DN in my case, hyphen included), CUPS reported it as configured.

#> ./linux-brprinter-installer-2.2.3-1 
Input model name ->DCP-L2550DN

You are going to install following packages.
   dcpl2550dnpdrv-4.0.0-1.i386.rpm
   brscan4-0.4.11-1.x86_64.rpm
   brscan-skey-0.3.1-2.x86_64.rpm
OK? [y/N] ->y

rpm -ihv --nodeps --replacefiles --replacepkgs dcpl2550dnpdrv-4.0.0-1.i386.rpm
Verifying...                          ########################################
Preparing...                          ########################################
Updating / installing...
dcpl2550dnpdrv-4.0.0-1                ########################################
ln: failed to create symbolic link '/opt/brother/Printers/DCPL2550DN/lpd/rawtobr3': File exists
ln: failed to create symbolic link '/opt/brother/Printers/DCPL2550DN/lpd/brprintconflsr3': File exists
ln: failed to create symbolic link '/etc/opt/brother/Printers/DCPL2550DN/inf/brDCPL2550DNrc': File exists
ln: failed to create symbolic link '/usr/lib/cups/filter/brother_lpdwrapper_DCPL2550DN': File exists
ln: failed to create symbolic link '/usr/share/cups/model/brother-DCPL2550DN-cups-en.ppd': File exists
ln: failed to create symbolic link '/usr/share/ppd/brother/brother-DCPL2550DN-cups-en.ppd': File exists
lpadmin -p DCPL2550DN -E -v usb://Brother/DCP-L2550DN%20series?serial=E78284M2N111836 -P /usr/share/ppd/brother/brother-DCPL2550DN-cups-en.ppd
lpadmin: Printer drivers are deprecated and will stop working in a future version of CUPS.
ValueError: File context for /etc/opt/brother/Printers/DCPL2550DN/inf(/.*)? already defined
ValueError: File context for /opt/brother/Printers/DCPL2550DN/inf(/.*)? already defined
ValueError: File context for /opt/brother/Printers/DCPL2550DN/lpd(/.*)? already defined
ValueError: File context for /opt/brother/Printers/DCPL2550DN/cupswrapper(/.*)? already defined
#
semanage fcontext -a -t bin_t /opt/brother
ValueError: File context for /opt/brother already defined
restorecon -R /opt/brother
semanage fcontext -a -t cupsd_rw_etc_t /etc/opt/brother
ValueError: File context for /etc/opt/brother already defined
restorecon -R /etc/opt/brother
semanage fcontext -a -t cupsd_rw_etc_t /opt/brother/Printers/(.*/)?inf(/.*)?
ValueError: File context for /opt/brother/Printers/(.*/)?inf(/.*)? already defined
restorecon -R /opt/brother/Printers
semanage fcontext -a -t cupsd_rw_etc_t /etc/opt/brother/Printers/(.*/)?inf(/.*)?
ValueError: File context for /etc/opt/brother/Printers/(.*/)?inf(/.*)? already defined
restorecon -R /etc/opt/brother/Printers
semanage fcontext -a -t bin_t /opt/brother/Printers/(.*/)?lpd(/.*)?
ValueError: File context for /opt/brother/Printers/(.*/)?lpd(/.*)? already defined
restorecon -R /opt/brother/Printers
semanage fcontext -a -t bin_t /opt/brother/Printers/(.*/)?cupswrapper(/.*)?
ValueError: File context for /opt/brother/Printers/(.*/)?cupswrapper(/.*)? already defined
restorecon -R /opt/brother/Printers
restorecon -RFv /usr/lib/cups/filter
setsebool -P cups_execmem 1
Will you specify the Device URI? [Y/n] ->


0: beh
1: ipp
2: cups-brf:/
3: https
4: socket
5: serial:/dev/ttyS0?baud=115200
6: lpd
7: http
8: ipps
9: smb
10 (I): Specify IP address.
11 (A): Auto. (usb://dev/usblp0)

select the number of destination Device URI. ->11

lpadmin -p DCPL2550DN -v usb:///etc/usblp0 -E
Test Print? [y/N] ->

You are going to install following packages.
   brscan4-0.4.11-1.x86_64.rpm
rpm -ihv --nodeps --replacefiles --replacepkgs brscan4-0.4.11-1.x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:brscan4-0.4.11-1                 ################################# [100%]
This software is based in part on the work of the Independent JPEG Group.
You are going to install following packages.
   brscan-skey-0.3.1-2.x86_64.rpm
rpm -ihv --nodeps --replacefiles --replacepkgs brscan-skey-0.3.1-2.x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:brscan-skey-0.3.1-2              ################################# [100%]
ln: failed to create symbolic link '/etc/opt/brother/scanner/brscan-skey/brscan_mail.config': File exists
ln: failed to create symbolic link '/etc/opt/brother/scanner/brscan-skey/brscan-skey.config': File exists
ln: failed to create symbolic link '/etc/opt/brother/scanner/brscan-skey/brscan-snmp.cfg': File exists
ln: failed to create symbolic link '/etc/opt/brother/scanner/brscan-skey/scantofile.config': File exists
ln: failed to create symbolic link '/etc/opt/brother/scanner/brscan-skey/scantoimage.config': File exists
ln: failed to create symbolic link '/etc/opt/brother/scanner/brscan-skey/scantoocr.config': File exists
ln: failed to create symbolic link '/etc/opt/brother/scanner/brscan-skey/scantoemail.config': File exists
ln: failed to create symbolic link '/usr/bin/brscan-skey': File exists

I tried printing a test page but nothing would work because it was configured to use a device called /dev/usb/lp0 , or /dev/usblp0 . Neither of those existed on my system so I was troubleshooting for a while.

Some useful resources:

https://fedoraproject.org/wiki/How_to_debug_printing_problems

Configuring the right CUPS queue

In the end, I used good old system-config-printer graphical assistant, which automatically detected the printer, and configured it in cups in the following manner:

#> lpstat -p
printer Brother-DCP-L2550DN-series is idle.  enabled since Thu Mar 30 14:46:53 2023

Description:    Brother DCP-L2550DN series
Location:   mycomputer
Driver: Brother DCPL2550DN for CUPS (grayscale, duplex)
Connection: usb://Brother/DCP-L2550DN%20series?serial=XXXXXXXXXXXXX
Default Options:    Banners=none, none paper=iso_a4_210x297mm sides=one-sided

Configuring SANE

This was my first try with SANE in 20+ years using Linux, and I only had to install the driver as performed with the automatic installer.

Fedora ships simple-scan, which takes care of scanning pages both from the external feeder or the internal scanner. It works nicely and can output images to both JPGs or PDFs (for documents).

Happy hacking!

Notes about pens

And now for something completely different, let's talk about pens. I'm a big fan of stationery, however I strongly refrain from buying lots of fancy pens and writing pads because they usually remain unused and taking lots of space.

I wanted to use this post to document some of the pens that work well for me so whenever I need to buy replacements, I don't spend lots of time figuring which one was good for what -- or even if I should buy a specific model at all.

Being left handed means I don't use many of the fountain pens at all - I haven't found a comfortable way of writing with them, plus the additional mess they make because ink is never dry enough when I put my hand on it to continue writing.

Anyway, my list of currently useful pens:

  • Uni-Ball Vision RT Black UBN-178. Writes well on my Moleskine; ink doesn't bleed and get dry fast enough so I can write without delays. With a 0.8 size, the stroke creates a ticker line.

  • Uni-Ball UB-150. With a thinner stroke (0.5) usually writes well on any paper, including Moleskine.

  • Pilot Hi-Tecpoint V5 Grip. Again a 0.5 ball creates a thin stroke. The ink in this case usually faints a bit after drying out, and produces a lighter blue - which is to be taken into account if you really want your text to strike out.

  • Pilot G2 07. Now a gel pen with a thicker stroke. I really like this pen however is probably the messiest one in terms of wet ink, so I should really not use this pen anymore

  • Pilot Hi-Tecpoint V5. An oldie, but goodie. I haven't used one of these in a while but they provided sharp lines with no traces of running ink.

I'll keep updating this page if I find new pens that I like -- I'm well stoked for the time being though!