Complementary/personal steps to main guide.


Download latest Live USB Fedora, even if you’re not upgrading to the latest version.


$ cd Fedora-Xfce-Live-i386-24
$ gpg2 --verify Fedora-Spins-24-1.2-i386-CHECKSUM
gpg: Signature made Thu 16 Jun 2016 08:13:51 PM CDT using RSA key ID 73BDE98381B46521
gpg: Can't check signature: No public key

$ gpg2 --keyserver --search-keys 73BDE98381B46521
gpg: data source:
(1)     Fedora (24) <>
          4096 bit RSA key 73BDE98381B46521, created: 2015-07-25
Keys 1-1 of 1 for "73BDE98381B46521".  Enter number(s), N)ext, or Q)uit > 1
gpg: /home/de7ju4ze/.gnupg/trustdb.gpg: trustdb created
gpg: key 73BDE98381B46521: public key "Fedora (24) <>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

$ gpg2 --verify Fedora-Spins-24-1.2-i386-CHECKSUM
gpg: Signature made Thu 16 Jun 2016 08:13:51 PM CDT using RSA key ID 73BDE98381B46521
gpg: Good signature from "Fedora (24) <>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5048 BDBB A5E7 76E5 47B0  9CCC 73BD E983 81B4 6521

$ grep -i $(sha256sum Fedora-Xfce-Live-i386-24-1.2.iso) Fedora-Spins-24-1.2-i386-CHECKSUM
<match output>

Create boot media

$ bootdevice=/dev/sdf
$ sudo fdisk -l $bootdevice
<verify output of correct device!!!!!!!!!!!!>
$ sudo dd if=Fedora-Xfce-Live-i386-24-1.2.iso of=$bootdevice status=progress
1247646208 bytes (1.2 GB) copied, 340.964426 s, 3.7 MB/s
2437120+0 records in
2437120+0 records out
1247805440 bytes (1.2 GB) copied, 357.731 s, 3.5 MB/s
$ sudo sync

Update system

$ sudo dnf clean all ; sudo dnf upgrade --refresh


$ sudo systemctl poweroff

Boot live media and use GParted to create 2 partitions on a spare hard drive, one small and the other large enough to contain backups of the file systems. Mount the small system backup_head and create a random key file on it.

$ sudo dd if=/dev/urandom of=/mnt/backup_head/key status=progress count=2000

On GParted, format the large partition backup_body to cleared. Then create a encrypted LUKS device in it.

$ sudo cryptsetup --key-file /mnt/backup_head/key luksFormat $device

Create and mount file system

$ sudo cryptsetup open $device backup_body
$ sudo mkfs.ext4 /dev/mapper/backup_body
$ sudo mount /dev/mapper/backup_body /mnt/backup_body

If some of the partitions that are to be backed up are LVM, deactivate them with GParted.

Create partition images, for each partition to backup

$ sudo dd if=/dev/sdx1 of=/mnt/backup_body/partition1 bs=64K conv=noerror,sync status=progress

Save extra information about drive geometry

# fdisk -l /dev/sdX > /mnt/backup_body/geometry.txt

Backup the MBR

$ sudo dd if=/dev/sdX of=/mnt/backup_body/mbr.img bs=512 count=1


After running sudo dnf system-upgrade reboot, the system reboots and starts upgrading while displaying status information on the screen. At some point the text displayed doesn’t see to make any sense, for example I saw a lot of [ characters separated by newlines. This is OK, let the upgrade continue and eventually the machine will reboot to the new kernel/system.


Be sure to follow the Optional post-upgrade tasks in the main official guide.

Old packages

Regarding the output of

$ sudo dnf list extras

Don’t remove the kernel packages. It’s probably better not to remove any of these packages.

Manually remove kernel packages

After upgrading, sometimes DNF stops removing old kernel packages automatically when it installs a new version of the kernel. To remove old versions, look them up with

$ sudo dnf list extras

And remove with

$ sudo dnf remove kernel-core-<version>

Where <version> is the long package version, for example 4.9.10-100.fc24.

Troubleshooting software installed in user directories

If an application installed in a user directory is not working correctly, try re-installing it.

Troubleshooting sshd

After upgrade, trying to connect to sshd port displays connection refused, while other ports may show no route to host.

Run below command

$ sudo tcpdump -n host <host_ip_address> and port <port_number>

Then try to ssh again. If tpcdump dumps flags S and R, it means that although the server’s firewall is not blocking port <port_number>, there is no service listening to it.

In my case, my sshd server configuration file had this issue.