Fixes <https://issues.guix.gnu.org/63198>.
Our CUPS service doesn't currently extend the PAM configuration, and prevents
users from authenticating. Use cups-minimal, which has no PAM support.
* gnu/services/cups.scm (cups-configuration) [cups]: Use cups-minimal.
(opaque-cups-configuration): Likewise.
* gnu/packages/cups.scm (cups-minimal, cups): Update to 2.4.2.
[arguments]: Remove --disable-* #:configure-flags as they do nothing.
Add (different) --without-* ones that do.
Run a newly passing test; skip a newly failing test.
[home-page]: Link to specific subdirectory.
[description]: Better describe the state & direction of the project.
* gnu/services/cups.scm (comma-separated-string-list-or-#f?)
(serialize-comma-separated-string-list-or-#f): New procedures.
(cups-configuration): Update <default-auth-type> and
<browse-dns-sd-sub-types> defaults.
Remove obsolete <classification>, <listen-back-log>, <page-log-format>
and <rip-cache> fields.
Add new <max-subscriptions>, <max-subscriptions-per-job>,
<max-subscriptions-per-printer>, <max-subscriptions-per-user>, and
<ready-paper-sizes> ones.
* doc/guix.texi (Desktop Services): Likewise for their documentation.
Upstream raised these back in 2019 with CUPS 2.3.0.
* gnu/services/cups.scm (<cups-configuration>): Raise default
‘multiple-operation-timeout’ and ‘timeout’ from 300 to 900 seconds.
* doc/guix.texi (Printing Services): Adjust accordingly.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
‘escpr’ is nice and short, but everyone else calls this package
‘epson-inkjet-printer-escpr’. More importantly, so does upstream.
* gnu/packages/cups.scm (escpr, epson-inkjet-printer-escpr,): Rename
escpr to epson-inkjet-printer-escpr, redefining escpr as
deprecated-package. Adjust all users.
* gnu/services/cups.scm (error-policy, cups-configuration): Substitute
RETRY-CURRENT-JOB for the obsolete RETRY-THIS-JOB name of this policy.
* doc/guix.texi (Printing Services): Likewise.
* gnu/services/cups.scm (comma-separated-string-list?)
(serialize-comma-separated-string-list): New variables.
(cups-configuration)[browse-dns-sd-sub-types]: New field.
* doc/guix.texi (Printing Services): Document it.
…except for ‘AllowDH’, which makes no sense on GNU TLS systems.
* gnu/services/cups.scm (ssl-options?): Validate ‘DenyCBC’ and
‘DenyTLS1.0’.
* doc/guix.texi (Printing Services): Document them both.
* gnu/services/configuration.scm (serialize-field, serialize-string)
(serialize-space-separated-string-list, space-separated-string-list?)
(serialize-file-name, file-name?, serialize-boolean): Move these functions...
* gnu/services/cups.scm: ...to this file.
* gnu/services/kerberos.scm: ...to this file.
Configuration syntaxes are very specific to services. Some services may have
the same configuration syntax, but none of them is common enough to be
abstracted in configuration.scm.
Signed-off-by: Clément Lassieur <clement@lassieur.org>