Accepting request 215537 from home:jsmeix:branches:Printing
Solve bnc#857372 (and its various duplicates) by a major clean up and fix of the systemd unit files for CUPS that makes it again simple and secure to get cupsd working again as it did all the time in the past by a single simple and secure cups.service unit file. For experienced users cups.socket and cups.path are still provided as templates in /usr/share/doc/packages/cups/systemd/ so that experienced users can derive their own cups.socket and cups.path files according to their particular needs. When cupsd again "just works" as it did all the time in the past, then the next step is an optional systemd generator to create cups.socket that matches cupsd.conf see bnc#861084. OBS-URL: https://build.opensuse.org/request/show/215537 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=274
This commit is contained in:
Git OBS Bridge
45
cups.spec
45
cups.spec
@@ -182,9 +182,16 @@ Patch109: str4190.patch
|
||||
# Patch110 avoids any possible busy loop in cups-polld in case of unusual issues
|
||||
# by sleeping interval seconds see https://bugzilla.novell.com/show_bug.cgi?id=828228
|
||||
Patch110: cups-polld_avoid_busy_loop.patch
|
||||
# Patch111 fixes the systemd cups.socket file so that systemd listens only on localhost
|
||||
# (i.e. where the cupsd itself listens by default). Patch111 must be applied on top of Patch105.
|
||||
# Patch111 fixes the cups.socket systemd unit file from Patch105 to be more secure
|
||||
# so that systemd listens only on localhost (i.e. where the cupsd itself listens by default)
|
||||
# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c24
|
||||
# Patch111 must be applied on top of Patch105.
|
||||
Patch111: cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch
|
||||
# Patch112 changes the cups.service systemd unit file from Patch105 to be more secure
|
||||
# and to let the cupsd again work as it did all the time for printing in a network
|
||||
# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c61
|
||||
# Patch111 must be applied on top of Patch105.
|
||||
Patch112: cups-0003-systemd-secure-cups.service-unit-file.patch
|
||||
# Install into this non-root directory (required when norootforbuild is used):
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
@@ -331,9 +338,16 @@ printer drivers for CUPS.
|
||||
%patch109
|
||||
# Patch110 avoids any possible busy loop in cups-polld
|
||||
%patch110
|
||||
# Patch111 fixes the systemd cups.socket file so that systemd listens only on localhost
|
||||
# (i.e. where the cupsd itself listens by default). Patch111 must be applied on top of Patch105.
|
||||
# Patch111 fixes the cups.socket systemd unit file from Patch105 to be more secure
|
||||
# so that systemd listens only on localhost (i.e. where the cupsd itself listens by default)
|
||||
# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c24
|
||||
# Patch111 must be applied on top of Patch105.
|
||||
%patch111
|
||||
# Patch112 changes the cups.service systemd unit file from Patch105 to be more secure
|
||||
# and to let the cupsd again work as it did all the time for printing in a network
|
||||
# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c61
|
||||
# Patch111 must be applied on top of Patch105.
|
||||
%patch112
|
||||
|
||||
%build
|
||||
# Disable SILENT run of make so that make runs verbose as usual:
|
||||
@@ -473,8 +487,15 @@ grep -q '^# Sample configuration ' $RPM_BUILD_ROOT/%{_sysconfdir}/cups/cupsd.con
|
||||
sed -i -e 's/^# Sample configuration /# Configuration /' $RPM_BUILD_ROOT/%{_sysconfdir}/cups/cupsd.conf
|
||||
grep -q '^# Sample configuration ' $RPM_BUILD_ROOT/%{_sysconfdir}/cups/cupsd.conf.default
|
||||
sed -i -e 's/^# Sample configuration /# Default configuration /' $RPM_BUILD_ROOT/%{_sysconfdir}/cups/cupsd.conf.default
|
||||
|
||||
# systemd stuff:
|
||||
%if 0%{?have_systemd}
|
||||
# move the installed cups.socket and cups.path into a documentation directory
|
||||
# so that experienced admins can make their own individual systemd unit files
|
||||
# for socket activation and/or path activation as they need it for their particular cases
|
||||
# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c61
|
||||
mkdir $RPM_BUILD_ROOT/%{_defaultdocdir}/cups/systemd
|
||||
mv $RPM_BUILD_ROOT/%{_unitdir}/cups.path $RPM_BUILD_ROOT/%{_defaultdocdir}/cups/systemd/cups.path
|
||||
mv $RPM_BUILD_ROOT/%{_unitdir}/cups.socket $RPM_BUILD_ROOT/%{_defaultdocdir}/cups/systemd/cups.socket
|
||||
# install /usr/lib/tmpfiles.d/cups.conf
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
|
||||
cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/cups.conf <<EOF
|
||||
@@ -485,7 +506,17 @@ d /var/spool/cups/tmp - - - 30d
|
||||
EOF
|
||||
%endif
|
||||
# Run fdupes:
|
||||
%fdupes $RPM_BUILD_ROOT
|
||||
# The RPM macro fdupes runs /usr/bin/fdupes that links files with identical content.
|
||||
# Never run fdupes carelessly over the whole buildroot directory
|
||||
# because in older openSUSE and SLE11 versions fdupes
|
||||
# links files with different owner, group, or permissions
|
||||
# see https://bugzilla.novell.com/show_bug.cgi?id=784670
|
||||
# and even in current openSUSE versions fdupes links across sub-package boundaries,
|
||||
# compare https://bugzilla.novell.com/show_bug.cgi?id=784869
|
||||
# so that fdupes can only run for specific directories where linking files is safe.
|
||||
# Using fdupes -s, which will create symlinks that are easier to grasp for rpm and
|
||||
# rpmlint will give a "dangling symlink" error if the file and link ended up in different packages:
|
||||
%fdupes -s $RPM_BUILD_ROOT/%{_datadir}/cups
|
||||
|
||||
%pre
|
||||
/usr/sbin/groupadd -g 71 -o -r ntadmin 2>/dev/null || :
|
||||
@@ -631,9 +662,7 @@ exit 0
|
||||
%{_datadir}/cups/
|
||||
%exclude %{_datadir}/cups/ppdc/
|
||||
%if 0%{?have_systemd}
|
||||
%{_unitdir}/cups.path
|
||||
%{_unitdir}/cups.service
|
||||
%{_unitdir}/cups.socket
|
||||
%{_tmpfilesdir}/cups.conf
|
||||
%endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user