Tuesday, December 23, 2008

Installing the Wyse 5: configure and install cups

If you're still following these series of posts and installed Debian Etch on your firewall, please go back and install Lenny instead. The problem with Etch is that it has a lot of old, outdated, software packages, containing bugs that _will_ cause you headaches.
While configuring cups should be a breeze, there are a number of bugs requiring you to do some manual interventions on the server side.
First there is a compatibility issue which causes cups to hang when configuring printers using Firefox 3. Due to export regulations, Debian does not ship Open SSL by default, causing cups to hang while generating SSL keys. The new admin interface now requires HTTPS, so you will need to install Open SSL by hand. The default configuration for cups, generated bu Debian's package management, also contains a few flaws.
All the above things are probably resolved in Lenny, so you might want to consider upgrading to Lenny. I chose to stick with Etch and here are the things I did to get cups up and running.
First you need to install the necessary packages:

ii hp-ppd 0.8 HP Postscript Printer Definition (PPD) files
ii hpijs-ppds 2.6.10+1.6.10-3etch1 HP Linux Printing and Imaging - HPIJS PPD fi
ii linuxprinting.org-ppds 20061031-1 linuxprinting.org printer support - PostScri
ii foomatic-db 20061031-1 linuxprinting.org printer support - database
ii foomatic-db-hpijs 20061031-1 linuxprinting.org printer support - database
ii foomatic-filters 3.0.2-20061031-1.2 linuxprinting.org printer support - filters
ii cupsys 1.2.7-4etch6 Common UNIX Printing System(tm) - server
ii cupsys-common 1.2.7-4etch6 Common UNIX Printing System(tm) - common fil
ii libcupsimage2 1.2.7-4etch6 Common UNIX Printing System(tm) - image libs
ii libcupsys2 1.2.7-4etch6 Common UNIX Printing System(tm) - libs
ii libcupsys2-dev 1.2.7-4etch6 Common UNIX Printing System(tm) - developmen
ii openssl 0.9.8c-4etch3 Secure Socket Layer (SSL) binary and related
ii hplip 1.6.10-3etch1 HP Linux Printing and Imaging System (HPLIP)
ii hplip-data 1.6.10-3etch1 HP Linux Printing and Imaging - data files
The above list contains the packages I installed to get cups up and running. I am not sure this is an exhaustive list, but it should be more or less complete.
After installing the necessary packages, we need to tell cups to accept calls from the internal network, so we're able to configure it using its web interface. Below is cupsd.conf containing all my modifications.
# Show troubleshooting information in error_log.
LogLevel debug
SystemGroup lpadmin
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAddress @LOCAL
DefaultAuthType Basic
<Location />
# Allow shared printing and remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Encryption Required
# Allow remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel a job...
<Limit Cancel-Job>
Order deny,allow
Require user @OWNER @SYSTEM
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
Printcap /var/run/cups/printcap

Next, create a folder called ssl underneath /etc/cups to hold the ssl keys. Generate the keys, by running the following command:

openssl req -new -x509 -nodes -days 365 -out server.crt -keyout server.key

underneath /etc/cups/ssl
Now stop and start the cups daemon to let the changes have effect.
You should be able now to login and configure your printer. As I already said, don't use Firefox 3, but use another browser like safari or konqueror instead.
Below screenshot shows the completed configuration of my printer.

No comments: