Bug 47435 – Broken cups symlink check in postinst

Bug 47435 - Broken cups symlink check in postinst


Summary:	Broken cups symlink check in postinst

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Printserver
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.3-3-errata
Assigned To:	Felix Botner
QA Contact:	Erik Damrose

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-08-01 16:17 CEST by Hendrik Peter
Modified:	2019-01-09 13:27 CET (History)
CC List:	2 users (show)

See Also:	47843
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hendrik Peter

2018-08-01 16:17:28 CEST

File: univention-printserver.postinst
Line: 69 - 74
Error:
 mv: das Überschreiben des Verzeichnisses '/usr/share/cups/model.orig/model' mit einem Nicht‐Verzeichnis ist nicht möglich.
 ln: die symbolische Verknüpfung '/usr/share/cups/model/ppd' konnte nicht angelegt werden: Die Datei existiert bereits

Note:
 '/usr/share/cups/model.orig' was a folder
 '/usr/share/cups/model' was the correct symlink to '/usr/share/ppd'

----

The code of the mentioned lines is supposed to create a symlink from folder '/usr/share/ppd' to '/usr/share/cups/model' because cups only checks the model-Folder for ppd-Files, but only if this link doesn't exist yet.

Unfortunately, the if-check will return true for both scenarios:
1) The model-Folder still is a simple, empty folder delivered by an cups-Package
2) The model-Folder is the wanted symlink

This means that the code will always try to overwrite the backed up 'model.orig' folder with the symlink 'model' folder, which should be prevented.
In best case, just unwanted symlink subfolders will be created ('/usr/share/ppd/ppd'). In worst case, the link will be destroyed and cups won't be able to reach any ppd files anymore.

The if-check should check if the model-Folder correctly points to the ppd-Folder with a command like:
 if [ ! "/usr/share/cups/model" -ef "/usr/share/ppd" ]; then
  [...]
 fi

Comment 1 Moritz Bunkus 2018-11-07 09:34:46 CET

This leads to real problems with existing installations, see e.g. this forum thread[1].

In my case, an up-to-date UCS 4.3-2, "/usr/share/cups/model" was a directory, and inside there's a symlink "/usr/share/cups/model/ppd" → "/usr/share/ppd".

Unfortunately the file names of all driver definitions (both the ones provided by Univention as the ones created myself in accordance with the admin manual[2]) are relative to /usr/share/ppd, but the "lpadmin" command that's executed in order to modify the printer looks in /usr/share/cups/model. For file names such as "foomatic-rip/Apple-ImageWriter-iwhi.ppd" "lpadmin" would look for "/usr/share/cups/model/foomatic-rip/Apple-ImageWriter-iwhi.ppd" — which obviously doesn't exist.

If "/usr/share/cups/model" were a symlink to "/usr/share/ppd" instead, the relative file name would work again.

The problem is that due to "lpadmin" not finding the PPD, it doesn't modify any of the other printer properties either, meaning none of the changes made in the LDAP end up in "printers.conf".

My system was set up back in the days of… 4.1 or even 4.0, I don't quite remember. It was updated regularly via "univention-upgrade".

[1]  https://help.univention.com/t/cups-ppd-und-timing-problem/9988
[2]  https://docs.software-univention.de/manual-4.3.html#central:udm:example:printer

Comment 2 Moritz Bunkus 2018-11-07 09:40:26 CET

Addendum: here's an example error message from "/var/log/univention/listener.log" from my system where "/usr/share/cups/model" is still a directory with "/usr/share/cups/model/ppd" symlinking to "/usr/share/ppd":

07.11.18 09:20:12.583  LISTENER    ( PROCESS ) : updating 'cn=aurora,cn=printers,dc=bs,dc=linet-services,dc=de' command m
07.11.18 09:20:12.627  LISTENER    ( WARN    ) : cups-printers: info: univention-lpadmin -u allow:all -o auth-info-required=none -p aurora -m foomatic-rip/Apple-ImageWriter-iwhi.ppd -v socket://aurora.bs.linet-services.de:9100 -E
lpadmin: Unable to copy PPD file.
The command "/usr/sbin/lpadmin -u allow:all -o auth-info-required=none -p aurora -m foomatic-rip/Apple-ImageWriter-iwhi.ppd -v socket://aurora.bs.linet-services.de:9100 -E -h localhost" returned 1
07.11.18 09:20:12.972  LISTENER    ( ERROR   ) : cups-printers: Failed to execute the univention-lpadmin command. Please check the cups state.
{}
{'austausch': {'invalid users': None, 'valid users': None, 'hosts deny': None, 'hosts allow': None}, 'PXE Images': {'invalid users': None, 'valid users': None, 'hosts deny': None, 'hosts allow': None}, 'n-central-installation': {'invalid us
{'aurora': {'invalid users': None, 'valid users': None, 'hosts deny': None, 'smbname': None, 'hosts allow': None}}
Reloading smbd.
Reloading smbd configuration (via systemctl): smbd.service.
Reloading smbd.
Reloading smbd configuration (via systemctl): smbd.service.

Comment 3 Felix Botner

2018-12-20 16:19:00 CET

ensure /usr/share/cups/model is a link to /usr/share/ppd in postinst

4fdb5fc18a853968938815ab26857f45bf5c0994 - univention-printserver
f9f0102e36d4f335c5082d98fd71cdbda3f0098f - yaml
d0463e0ab14e2555725e9645e61fdf72a31d1893 - merged to 4.4-0

Comment 4 Erik Damrose

2019-01-08 12:17:23 CET

OK: ensure /usr/share/cups/model is a link to /usr/share/ppd in postinst
OK: yaml
OK: merge to 4.4-0, package build

Verified

Comment 5 Arvid Requate

2019-01-09 13:27:08 CET

<http://errata.software-univention.de/ucs/4.3/397.html>