Hi all,
I attended annual PWG (Printer Working Group) and OpenPrinting meetup
which was held in May virtually via Webex.
From the things discussed there I would mention the most interesting
ones (more detailed notes are attached):
- last release from series 2.4.x will be released soon,
- first stable release of series 2.5.x will be released in month or two
- the release will include OAuth support, which will replace Kerberos
support in CUPS 3.x. CUPS 2.5.x will work with any OAuth provider by
several new directives present in cupsd.conf and cups-files.conf,
includes helper CLI binaries for setting OAuth and generating TLS
certificates,
- first stable release of libcups 3.x is planned to happen soon (in
month or two) - projects depending on libcups can start implementing
configuration options to support both libcups 2.x and libcups 3.x, or
migrate to libcups 3.x as whole - libcups 3.x is not in Fedora at the
moment,
- OCI container images for OpenPrinting projects created and available
via Rockcraft, which works with Docker.
Have a nice day,
Zdenek
--
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC
CUPS Plenary
------------
2.4.x - will be last release as 2.4.13
2.5.x - new features - oauth, wide-area dnssd lookups, filtering, web interface
facelift, x509 certificate management
OAuth
- we have support for any generic oauth server - you can choose your oauth
provider, supports dynamic and static client registration
- all in cups-files.conf:
OAuthGroup NAME FILENAME - file lists JWT email/sub to groups - OAuthGroup
SYSTEM admins.conf (admins.conf in /etc/cups)
OAuthServer <http uri> - url of authorization server
OAuthScopes SCOPE [... SCOPE] - lists scopes to ask for
Can you have multiple oauth groups? Yes
CUPS can look into whole URL in OAuthServer directive, if it does not work,
strips resources one by one till the root until working URL is found
- all cupsd.conf:
DefaultAuthType Bearer/AuthType Bearer in <Location> or <Policy>
- when enabled, cupsd requires it over domain socket as well, so web ui works
only via localhost, since oauth and local credentials might not be the same.
- cups-oauth - new command, manages/configure Oauth/openiud clients and creds
for configuring client id and secret for servers without dynamic client
registration
see cups-oauth
- cups-x509 - manages certs, CSRs, client/server test functionality
cups-x509 csr -t <cipher> SERVER-NAME (more options for fields in CSR)
cups-x509 install server-name filename.crt
3.0
- libcups 3.0.0 - in two months in 2025
- cups-local - 3.0b1 in two months in 2025
- cups-sharing - 3.0b1 in autumn 2025
Concerns about Ubuntu release cycle and proposed release dates - the proposed
new CUPS 3.x would come into LTS release which is risky. Fedora is stuck on
zdohnal and Centos Stream has time for now.
How long will CUPS 2.5 live? for too long :)
PAPPL
- 2.0b1 May/June 2025
- 2.0.0 October/November 2025
- requires CUPS 2.5 or 3.0+
- auth via oauth/openid
- discovery local only, disabled
- cloud printing - ipp infra and system support
- idle-exit/on-demand support
Ensuring the positions of CUPS and printer apps in CUPS 3.x - still CUPS useful
for generic printing, some specific use cases can be handled by printer app
GSOC project updates
--------------------
- 2024 - 11 projects - 10 successful, 1 failed
- PAPPL API bridging for scanner apps
- CUPS and printer apps into OCI images
- CPDB for libreoffice
- OSS-Fuzz testing for OpenPrinting - especially endorsed by Google
- replace qpdf for pdfio in libcupsfilters
- convert braille embosser into printer app
...
- 2025 - not yet decided which will get accepted:
- port pycups for CUPS 3.x API and apply to system-config-printer
- popular Zephyr and porting apps to it
OP initiatives
- opportunity open source conference - next 5-7 Sept 2025
CPDB libreoffice dialog demo
- dbus communications and human readible options enhancements
If we use CPDB instead of specific GUI print dialogs, we don't have to poke GUI
devs to fix their dialogs
Scan API bridging in PAPPL
- from 2023+2024 - middleware between old scanner and eSCL device
- finishing by end of OSPP deadline - open source promotion plan - mentoring
program in China
OpenPrinting Plenary
--------------------
- CUPS 2.4.12, pappl 1.4.9, pdfio 1.5.3, pappl-retrofit 1.0b2 (stable releases
will be with CUPS 3.0)
- distribution methods - snaps, OCI images
- ipp-usb 0.9.30, sane-airscan 0.99.35
Note about problematic firmware implementation of IPP over USB - challenge for
PWG and manufacturers collab
- GSOC 2025 timelines
- Nov 18th final work submit for extended project, Sep 1st final work submit
for standard project
Extended period can be used if the contributor provides good output, but cannot
finish in standard timeframe due various reasons.
Next Steps
- CUPS 3.0 implementation, cups-filters 2.0, driverless printing and scanning,
GSOC implementation of PWG IPP specs and features
- there is no more monthly news, Till writes only once something important
happens
- monthly OpenPrinting meetings, next in June
OpenPrinting - cups-filters and friends :)
------------------------------------------
- generation 2.x since 2022
- libcupsfilters (filter functions with no PPD support),
- libppd (PPD support for legacy drivers in retrofit apps),
- cups-filters (filters/backend for CUPS 2.x) - will be dropped with CUPS 3.x
- braille-printer-app,
- cups-browsed (printer clusters and autoinstallation) - will be dropped with
CUPS 3.x
libcupsfilters
- 2.1.0/2.1.1 - support for libcups3, CI testing, fix for CVE-2024-47076,
OSS-Fuzz testing
- 2.2.0 - no C++ by replacing QPDF by pdfio - one of the reason was it got a
lot of C++ deps generated in Debian, and licensing
- JPEG-XL support
libppd
- support for libcups3, CVE fix for CVE-2024-47175
cups-filters, cups-browsed
- bug fixes and security fixes - individual connections in cups-browsed to
prevent infinite loop issues
Questions - creating permanent queues between cups-sharing servers - we will
look into it once we move to cups-sharing development, Mike created issue on
cups-sharing to discuss functionality to move from cups-browsed
- what about foomatic-rip when no cups-filters - present in
ghostscript printer app
CPDB
- print dialog connects to CPDB frontend, which communicates with CPDB backends
for each services - CUPS, google cloud print
- generation 2.x
- asynch requests and communication between frontend and backends
- streaming print job content
- containerization optimizations
- possibility for permanently running backends
- dropped job control support
- new API functions to use
- backend is user daemon triggered by dbus or running permanently
- dialog status - gtk accepted, qt before merging, others before merging as well
KDE print manager
- volunteer work by Tarun, Mike Noe and Till to migrate it to CUPS 3.x
Fuzz testing, OSS-Fuzz
- going to use OSS-Fuzz service from Google for fuzz testing
SNAP distributions
- CUPS 3.x:
- sharing server - currently CUPS 2.x and then cups-sharing
- local server - cups-local
- lookup service for printer application on OpenPrinting web site
- snapping printer/scanner apps and ipp-usb - snap does not have systemd udev,
so it might use udevadm to start ipp-usb, but rather run the daemon permanently
OCI container images
- run in container
- container image build in ROCKs/rockcraft, which works with docker - Ubuntu
used for build and runtime, distroless means minimal installation of files from
Ubuntu
- CUPS images available are not from OpenPrinting, thus it is difficult to trust
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
