amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: cups: Don't enforce root ownership on supplementary files.

Browse source 
Printers managed by CUPS might require supplementary files to function,
such as color profiles or filters. CUPS checks permissions on such files
to prevent the execution of unsafe code. One of the conditions-that the
files are owned by root-must be short-circuited on Guix, because this
condition cannot be met on a system with an unprivileged daemon (where
store files are owned by `guix-daemon`).

* gnu/packages/patches/cups-relax-root-ownership-check.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/cups.scm (cups)[source]: Include it.

Change-Id: I77f67f996d057a34bd018ab97cda54577060b0c3
Signed-off-by: John Kehayias <john@guixotic.coop>
This commit is contained in:
Sergey Trofimov 2025-07-01 16:28:47 +02:00 committed by John Kehayias
parent 4fb51864d8
commit 1a4baddc0b
No known key found for this signature in database
GPG key ID: 499097AE5EA815D9
3 changed files with 37 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
gnu/packages/cups.scm
View file

@ -332,7 +332,8 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
;; Avoid NAME confusion: these are the complete CUPS sources.
(file-name (git-file-name "cups" version))
(sha256
(base32 "1dk5salizxy1qm19gw93ffdd34hsn1cd4s57nwl7nfhwwirkiri2"))))
(base32 "1dk5salizxy1qm19gw93ffdd34hsn1cd4s57nwl7nfhwwirkiri2"))
(patches (search-patches "cups-relax-root-ownership-check.patch"))))
(build-system gnu-build-system)
(arguments
(list #:configure-flags