Your message dated Fri, 27 Aug 2021 15:33:47 +0200
with message-id <[email protected]>
and subject line Re: Bug#992378: /etc/apparmor.d/usr.sbin.cupsd: Prevents Let's
Encrypt certificates from being used
has caused the Debian Bug report #992378,
regarding /etc/apparmor.d/usr.sbin.cupsd: Prevents Let's Encrypt certificates
from being used
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
992378: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992378
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cups-daemon
Version: 2.3.3op2-3+deb11u1
Severity: normal
File: /etc/apparmor.d/usr.sbin.cupsd
Adding
/etc/letsencrypt/archive/** r,
seems to fix this.
I only discovered what was causing the problem when I stumbled across
https://askubuntu.com/questions/1079957
Thanks,
Roger
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages cups-daemon depends on:
ii adduser 3.118
ii bc 1.07.1-2+b2
ii init-system-helpers 1.60
ii libavahi-client3 0.8-5
ii libavahi-common3 0.8-5
ii libc6 2.31-13
ii libcups2 2.3.3op2-3+deb11u1
ii libdbus-1-3 1.12.20-2
ii libelogind0 [libsystemd0] 246.9.1-1+debian1
ii libgssapi-krb5-2 1.18.3-6
ii libpam0g 1.4.0-9
ii libpaper1 1.1.28+b1
ii lsb-base 11.1.0
ii procps 2:3.3.17-5
ii ssl-cert 1.1.0+nmu1
Versions of packages cups-daemon recommends:
pn avahi-daemon <none>
pn colord <none>
pn cups-browsed <none>
pn ipp-usb <none>
Versions of packages cups-daemon suggests:
ii cups 2.3.3op2-3+deb11u1
ii cups-bsd 2.3.3op2-3+deb11u1
ii cups-client 2.3.3op2-3+deb11u1
ii cups-common 2.3.3op2-3+deb11u1
ii cups-filters 1.28.7-1
pn cups-pdf <none>
ii cups-ppdc 2.3.3op2-3+deb11u1
ii cups-server-common 2.3.3op2-3+deb11u1
ii foomatic-db-compressed-ppds [foomatic-db] 20200820-1
ii ghostscript 9.53.3~dfsg-7
ii poppler-utils 20.09.0-3.1
pn smbclient <none>
ii udev 247.3-6
-- Configuration Files:
/etc/cups/cups-files.conf changed:
CreateSelfSignedCerts no
SystemGroup lpadmin
LogFileGroup adm
AccessLog /var/log/cups/access_log
ErrorLog /var/log/cups/error_log
PageLog /var/log/cups/page_log
-- no debconf information
--- End Message ---
--- Begin Message ---
Control: tags -1 +wontfix
Hello Roger, and thanks for your bugreport.
Le mercredi, 18 août 2021, 01.30:00 h CEST Roger Lynn a écrit :
> Package: cups-daemon
> Version: 2.3.3op2-3+deb11u1
> Severity: normal
> File: /etc/apparmor.d/usr.sbin.cupsd
>
> Adding
> /etc/letsencrypt/archive/** r,
> seems to fix this.
>
> I only discovered what was causing the problem when I stumbled across
> https://askubuntu.com/questions/1079957
Using Let's Encrypt is fine, allowed, and (apparently) working with CUPS, but
as that's clearly not a default way of working for CUPS, I'd be _very_
reluctant to allow CUPS to access "all the Let's Encrypt certificates" on all
systems it gets installed to. Furthermore, /etc/apparmor.d/usr.sbin.cupsd is a
configuration file, freely modifiable by the local system administrator. In
other words, imposing that a local system administrator needs to update that
file to enable a specific type of certificates is reasonable.
I'll therefore close this bug as +wontfix.
That said, if you think a patch making the documentation clearer could be
useful; feel free to reopen this bug and provide said patch.
Best regards,
OdyX
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
