From 350f6e040721c11fb8832e32251647347e920c327d0cf5b160c0a17f5497289b Mon Sep 17 00:00:00 2001
From: Johannes Meixner <jsmeix@suse.com>
Date: Tue, 1 Feb 2022 10:06:35 +0000
Subject: [PATCH] Accepting request 950380 from home:jsmeix:branches:Printing

Added ReadWritePaths=/etc/cups to cups.service (boo#1195288)

OBS-URL: https://build.opensuse.org/request/show/950380
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=380
---
 cups.changes              | 8 ++++++++
 cups.spec                 | 4 ++--
 harden_cups.service.patch | 8 ++++++--
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/cups.changes b/cups.changes
index bfebe04..8cb3438 100644
--- a/cups.changes
+++ b/cups.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Feb  1 09:18:27 UTC 2022 - jsmeix@suse.de
+
+- Enhanced harden_cups.service.patch by adding
+  ReadWritePaths=/etc/cups
+  because cupsd needs write access in /etc/cups
+  (boo#1195288)
+
 -------------------------------------------------------------------
 Fri Oct 15 07:31:10 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
 
diff --git a/cups.spec b/cups.spec
index f804a31..a291556 100644
--- a/cups.spec
+++ b/cups.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package cups
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -85,7 +85,7 @@ Patch103:       cups-1.4-do_not_strip_recommended_from_PPDs.patch
 Patch104:       cups-config-libs.patch
 # Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
 Patch106:       fix-negotiate-authentication-between-CGIs-and-scheduler.patch
-Patch107:	harden_cups.service.patch
+Patch107:       harden_cups.service.patch
 # Build Requirements:
 BuildRequires:  dbus-1-devel
 BuildRequires:  fdupes
diff --git a/harden_cups.service.patch b/harden_cups.service.patch
index 2c63daa..34321f6 100644
--- a/harden_cups.service.patch
+++ b/harden_cups.service.patch
@@ -2,7 +2,7 @@ Index: cups-2.3.3op2/scheduler/cups.service.in
 ===================================================================
 --- cups-2.3.3op2.orig/scheduler/cups.service.in
 +++ cups-2.3.3op2/scheduler/cups.service.in
-@@ -5,6 +5,17 @@ After=network.target sssd.service ypbind
+@@ -5,6 +5,21 @@ After=network.target sssd.service ypbind
  Requires=cups.socket
  
  [Service]
@@ -16,7 +16,11 @@ Index: cups-2.3.3op2/scheduler/cups.service.in
 +ProtectKernelLogs=true
 +ProtectControlGroups=true
 +RestrictRealtime=true
-+# end of automatic additions 
++# end of automatic additions
++# cupsd needs write access in /etc/cups see
++# https://bugzilla.opensuse.org/show_bug.cgi?id=1195288
++ReadWritePaths=/etc/cups
++# end of SUSE additions
  ExecStart=@sbindir@/cupsd -l
  Type=notify
  Restart=on-failure