Re: Cannot connect to CUPS web interface in -current
Hello Stuart, On Tue 10/03/2015 08:28, Stuart Henderson wrote: Is this while building the port, or just installing from packages? Installing from packages. Isn't that expected? -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Re: Cannot connect to CUPS web interface in -current
On Tue, Mar 10, 2015 at 06:33:55AM GMT, Alessandro DE LAURENZIS wrote: Hello Raf, Hi Alessandro, On Mon 09/03/2015 19:46, Raf Czlonka wrote: Using 'sudo' and your $UMASK != 022 by any chance? That was exactly the cause! I realized just yesterday night that I forgot to add the umask_override option to the sudoers defaults... Really wise (and correct) guess, Raf! Not as much as a guess but more of a I've seen this before :^) Raf
Re: Cannot connect to CUPS web interface in -current
On Tue, Mar 10, 2015 at 08:28:39AM GMT, Stuart Henderson wrote: On 2015-03-10, Alessandro DE LAURENZIS just22@gmail.com wrote: Hello Raf, On Mon 09/03/2015 19:46, Raf Czlonka wrote: Using 'sudo' and your $UMASK != 022 by any chance? That was exactly the cause! I realized just yesterday night that I forgot to add the umask_override option to the sudoers defaults... Is this while building the port, or just installing from packages? Simply be using 'pkg_add' to install packages. Raf
Re: Cannot connect to CUPS web interface in -current
Hello Raf, On Mon 09/03/2015 19:46, Raf Czlonka wrote: Using 'sudo' and your $UMASK != 022 by any chance? That was exactly the cause! I realized just yesterday night that I forgot to add the umask_override option to the sudoers defaults... Really wise (and correct) guess, Raf! -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Re: Cannot connect to CUPS web interface in -current
On 2015-03-10, Alessandro DE LAURENZIS just22@gmail.com wrote: Hello Raf, On Mon 09/03/2015 19:46, Raf Czlonka wrote: Using 'sudo' and your $UMASK != 022 by any chance? That was exactly the cause! I realized just yesterday night that I forgot to add the umask_override option to the sudoers defaults... Is this while building the port, or just installing from packages?
Re: Cannot connect to CUPS web interface in -current
On Sun, Mar 08, 2015 at 11:56:05AM GMT, Alessandro DE LAURENZIS wrote: Hi Antoine, On Sun 08/03/2015 00:01, Antoine Jacoutot wrote: Permissions are fine here. Not sure why yours are not. Thanks for your feedback. Actually, I re-installed the latest snapshot in a qemu environment and added only cups (and its dependencies), just to double check, and I can confirm that the permissions are correct. I don't really know what went wrong... Anyhow, now it's ok. Sorry for the noise. Hi Alessandro, Using 'sudo' and your $UMASK != 022 by any chance? Raf
Re: Cannot connect to CUPS web interface in -current
Hi Antoine, On Sun 08/03/2015 00:01, Antoine Jacoutot wrote: Permissions are fine here. Not sure why yours are not. Thanks for your feedback. Actually, I re-installed the latest snapshot in a qemu environment and added only cups (and its dependencies), just to double check, and I can confirm that the permissions are correct. I don't really know what went wrong... Anyhow, now it's ok. Sorry for the noise. -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Cannot connect to CUPS web interface in -current
Dear misc@ readers, I must admit, I do not have a lot of luck with CUPS... This time, I'm not even able to connect to the web interface! Brand new snapshot installation: just22@poseidon:[~] uname -a OpenBSD poseidon.atlantide.net 5.7 GENERIC.MP#875 amd64 CUPS daemon is up and running, but when I try to access to https://localhost:631, there seems to be troubles with the SSL encryption; in lynx, for example: SSL error:unable to get local issuer certificate-Continue? (y) SSL error:host(localhost)!=cert(CNposeidon.atlantide.net)-Continue? (y) Alert: HTTP/1.0 404 Not Found There are some evidence the SSL is the culprit in /var/log/cups/error_log too: just22@poseidon:[~] tail /var/log/cups/error_log E [07/Mar/2015:18:14:42 +0100] [Client 1] Unable to encrypt connection: Error in the pull function. Reinforcing the log level to debug: I [07/Mar/2015:18:23:47 +0100] Listening to [v1.::1]:631 (IPv6) I [07/Mar/2015:18:23:47 +0100] Listening to 127.0.0.1:631 (IPv4) I [07/Mar/2015:18:23:47 +0100] Listening to /var/run/cups/cups.sock (Domain) I [07/Mar/2015:18:23:47 +0100] Remote access is disabled. D [07/Mar/2015:18:23:47 +0100] Added auto ServerAlias poseidon.atlantide.net D [07/Mar/2015:18:23:47 +0100] Added auto ServerAlias poseidon I [07/Mar/2015:18:23:47 +0100] Loaded configuration file /etc/cups/cupsd.conf D [07/Mar/2015:18:23:47 +0100] Using keychain /etc/cups/ssl for server name poseidon.atlantide.net. I [07/Mar/2015:18:23:47 +0100] Using default TempDir of /var/spool/cups/tmp... I [07/Mar/2015:18:23:47 +0100] Configured for up to 100 clients. I [07/Mar/2015:18:23:47 +0100] Allowing up to 100 client connections per host. I [07/Mar/2015:18:23:47 +0100] Using policy default as the default. I [07/Mar/2015:18:23:47 +0100] Full reload is required. I [07/Mar/2015:18:23:47 +0100] Loaded MIME database from /usr/local/share/cups/mime and /etc/cups: 39 types, 57 filters... I [07/Mar/2015:18:23:47 +0100] Loading job cache file /var/cache/cups/job.cache... I [07/Mar/2015:18:23:47 +0100] Full reload complete. I [07/Mar/2015:18:23:47 +0100] Listening to [v1.::1]:631 (IPv6) I [07/Mar/2015:18:23:47 +0100] Listening to 127.0.0.1:631 (IPv4) I [07/Mar/2015:18:23:47 +0100] Listening to /var/run/cups/cups.sock (Domain) I [07/Mar/2015:18:23:47 +0100] Remote access is disabled. D [07/Mar/2015:18:23:47 +0100] Added auto ServerAlias poseidon.atlantide.net D [07/Mar/2015:18:23:47 +0100] Added auto ServerAlias poseidon I [07/Mar/2015:18:23:47 +0100] Loaded configuration file /etc/cups/cupsd.conf D [07/Mar/2015:18:23:47 +0100] Using keychain /etc/cups/ssl for server name poseidon.atlantide.net. I [07/Mar/2015:18:23:47 +0100] Using default TempDir of /var/spool/cups/tmp... I [07/Mar/2015:18:23:47 +0100] Configured for up to 100 clients. I [07/Mar/2015:18:23:47 +0100] Allowing up to 100 client connections per host. I [07/Mar/2015:18:23:47 +0100] Using policy default as the default. I [07/Mar/2015:18:23:47 +0100] Full reload is required. I [07/Mar/2015:18:23:47 +0100] Loaded MIME database from /usr/local/share/cups/mime and /etc/cups: 39 types, 57 filters... D [07/Mar/2015:18:23:47 +0100] Scanning /var/spool/cups for jobs... I [07/Mar/2015:18:23:47 +0100] Full reload complete. D [07/Mar/2015:18:23:47 +0100] cupsdCleanFiles(path=/var/spool/cups/tmp, pattern=(null)) I [07/Mar/2015:18:23:47 +0100] Cleaning out old files in /var/spool/cups/tmp. D [07/Mar/2015:18:23:47 +0100] cupsdCleanFiles(path=/var/cache/cups, pattern=*.ipp) I [07/Mar/2015:18:23:47 +0100] Cleaning out old files in /var/cache/cups. I [07/Mar/2015:18:23:47 +0100] Listening to [v1.::1]:631 on fd 9... I [07/Mar/2015:18:23:47 +0100] Listening to 127.0.0.1:631 on fd 10... I [07/Mar/2015:18:23:47 +0100] Listening to /var/run/cups/cups.sock on fd 11... I [07/Mar/2015:18:23:47 +0100] Resuming new connection processing... D [07/Mar/2015:18:23:47 +0100] cupsdSetBusyState: newbusy=Not busy, busy=Not busy D [07/Mar/2015:18:23:47 +0100] cupsdAddCert: Adding certificate for PID 0 D [07/Mar/2015:18:23:47 +0100] Discarding unused server-started event... D [07/Mar/2015:18:23:48 +0100] Report: clients=0 D [07/Mar/2015:18:23:48 +0100] Report: jobs=0 D [07/Mar/2015:18:23:48 +0100] Report: jobs-active=0 D [07/Mar/2015:18:23:48 +0100] Report: printers=0 D [07/Mar/2015:18:23:48 +0100] Report: stringpool-string-count=297 D [07/Mar/2015:18:23:48 +0100] Report: stringpool-alloc-bytes=4832 D [07/Mar/2015:18:23:48 +0100] Report: stringpool-total-bytes=5000 D [07/Mar/2015:18:24:33 +0100] [Client 1] Accepted from localhost:11723 (IPv4) D [07/Mar/2015:18:24:33 +0100] [Client 1] Waiting for request. I [07/Mar/2015:18:24:36 +0100] [Client 1] Connection now encrypted. D [07/Mar/2015:18:24:37 +0100] [Client 1] GET / HTTP/1.0 D [07/Mar/2015:18:24:37 +0100] cupsdSetBusyState: newbusy=Active clients, busy=Not busy D [07/Mar/2015:18:24:37 +0100] [Client 1] Read: status=200 D [07/Mar/2015:18:24:37 +0100] [Client 1] No authentication data provided. D [07/Mar/2015:18:24:37 +0100] [Client 1]
Re: Cannot connect to CUPS web interface in -current
On 03/07/2015 09:41 AM, Alessandro DE LAURENZIS wrote: CUPS daemon is up and running, but when I try to access to https://localhost:631, there seems to be troubles with the SSL encryption; in lynx, for example: Mine does not use https, since it is limited to localhost only. I don't remember it ever using https. -- Those who do not understand Unix are condemned to reinvent it, poorly.
Re: Cannot connect to CUPS web interface in -current
On 03/07/15 17:41, Alessandro DE LAURENZIS wrote: Dear misc@ readers, I must admit, I do not have a lot of luck with CUPS... This time, I'm not even able to connect to the web interface! Brand new snapshot installation: just22@poseidon:[~] uname -a OpenBSD poseidon.atlantide.net 5.7 GENERIC.MP#875 amd64 CUPS daemon is up and running, but when I try to access to https://localhost:631, there seems to be troubles with the SSL encryption; in lynx, for example: SSL error:unable to get local issuer certificate-Continue? (y) SSL error:host(localhost)!=cert(CNposeidon.atlantide.net)-Continue? (y) Alert: HTTP/1.0 404 Not Found There are some evidence the SSL is the culprit in /var/log/cups/error_log too: just22@poseidon:[~] tail /var/log/cups/error_log E [07/Mar/2015:18:14:42 +0100] [Client 1] Unable to encrypt connection: Error in the pull function. Reinforcing the log level to debug: I [07/Mar/2015:18:23:47 +0100] Listening to [v1.::1]:631 (IPv6) I [07/Mar/2015:18:23:47 +0100] Listening to 127.0.0.1:631 (IPv4) I [07/Mar/2015:18:23:47 +0100] Listening to /var/run/cups/cups.sock (Domain) I [07/Mar/2015:18:23:47 +0100] Remote access is disabled. D [07/Mar/2015:18:23:47 +0100] Added auto ServerAlias poseidon.atlantide.net D [07/Mar/2015:18:23:47 +0100] Added auto ServerAlias poseidon I [07/Mar/2015:18:23:47 +0100] Loaded configuration file /etc/cups/cupsd.conf D [07/Mar/2015:18:23:47 +0100] Using keychain /etc/cups/ssl for server name poseidon.atlantide.net. I [07/Mar/2015:18:23:47 +0100] Using default TempDir of /var/spool/cups/tmp... I [07/Mar/2015:18:23:47 +0100] Configured for up to 100 clients. I [07/Mar/2015:18:23:47 +0100] Allowing up to 100 client connections per host. I [07/Mar/2015:18:23:47 +0100] Using policy default as the default. I [07/Mar/2015:18:23:47 +0100] Full reload is required. I [07/Mar/2015:18:23:47 +0100] Loaded MIME database from /usr/local/share/cups/mime and /etc/cups: 39 types, 57 filters... I [07/Mar/2015:18:23:47 +0100] Loading job cache file /var/cache/cups/job.cache... I [07/Mar/2015:18:23:47 +0100] Full reload complete. I [07/Mar/2015:18:23:47 +0100] Listening to [v1.::1]:631 (IPv6) I [07/Mar/2015:18:23:47 +0100] Listening to 127.0.0.1:631 (IPv4) I [07/Mar/2015:18:23:47 +0100] Listening to /var/run/cups/cups.sock (Domain) I [07/Mar/2015:18:23:47 +0100] Remote access is disabled. D [07/Mar/2015:18:23:47 +0100] Added auto ServerAlias poseidon.atlantide.net D [07/Mar/2015:18:23:47 +0100] Added auto ServerAlias poseidon I [07/Mar/2015:18:23:47 +0100] Loaded configuration file /etc/cups/cupsd.conf D [07/Mar/2015:18:23:47 +0100] Using keychain /etc/cups/ssl for server name poseidon.atlantide.net. I [07/Mar/2015:18:23:47 +0100] Using default TempDir of /var/spool/cups/tmp... I [07/Mar/2015:18:23:47 +0100] Configured for up to 100 clients. I [07/Mar/2015:18:23:47 +0100] Allowing up to 100 client connections per host. I [07/Mar/2015:18:23:47 +0100] Using policy default as the default. I [07/Mar/2015:18:23:47 +0100] Full reload is required. I [07/Mar/2015:18:23:47 +0100] Loaded MIME database from /usr/local/share/cups/mime and /etc/cups: 39 types, 57 filters... D [07/Mar/2015:18:23:47 +0100] Scanning /var/spool/cups for jobs... I [07/Mar/2015:18:23:47 +0100] Full reload complete. D [07/Mar/2015:18:23:47 +0100] cupsdCleanFiles(path=/var/spool/cups/tmp, pattern=(null)) I [07/Mar/2015:18:23:47 +0100] Cleaning out old files in /var/spool/cups/tmp. D [07/Mar/2015:18:23:47 +0100] cupsdCleanFiles(path=/var/cache/cups, pattern=*.ipp) I [07/Mar/2015:18:23:47 +0100] Cleaning out old files in /var/cache/cups. I [07/Mar/2015:18:23:47 +0100] Listening to [v1.::1]:631 on fd 9... I [07/Mar/2015:18:23:47 +0100] Listening to 127.0.0.1:631 on fd 10... I [07/Mar/2015:18:23:47 +0100] Listening to /var/run/cups/cups.sock on fd 11... I [07/Mar/2015:18:23:47 +0100] Resuming new connection processing... D [07/Mar/2015:18:23:47 +0100] cupsdSetBusyState: newbusy=Not busy, busy=Not busy D [07/Mar/2015:18:23:47 +0100] cupsdAddCert: Adding certificate for PID 0 D [07/Mar/2015:18:23:47 +0100] Discarding unused server-started event... D [07/Mar/2015:18:23:48 +0100] Report: clients=0 D [07/Mar/2015:18:23:48 +0100] Report: jobs=0 D [07/Mar/2015:18:23:48 +0100] Report: jobs-active=0 D [07/Mar/2015:18:23:48 +0100] Report: printers=0 D [07/Mar/2015:18:23:48 +0100] Report: stringpool-string-count=297 D [07/Mar/2015:18:23:48 +0100] Report: stringpool-alloc-bytes=4832 D [07/Mar/2015:18:23:48 +0100] Report: stringpool-total-bytes=5000 D [07/Mar/2015:18:24:33 +0100] [Client 1] Accepted from localhost:11723 (IPv4) D [07/Mar/2015:18:24:33 +0100] [Client 1] Waiting for request. I [07/Mar/2015:18:24:36 +0100] [Client 1] Connection now encrypted. D [07/Mar/2015:18:24:37 +0100] [Client 1] GET / HTTP/1.0 D [07/Mar/2015:18:24:37 +0100] cupsdSetBusyState: newbusy=Active clients, busy=Not busy D [07/Mar/2015:18:24:37 +0100] [Client 1] Read: status=200 D [07/Mar/2015:18:24:37 +0100] [Client 1] No authentication data
Re: Cannot connect to CUPS web interface in -current
Hi Fred, On Sat 07/03/2015 21:32, Fred wrote: Both Firefox and Chrome let me do https://localhost:631/ but then both complain and I have to add exceptions, once added it works for me. In chrome the connection is then encrypted with TLS 1.2 port:fred ~ uname -a; dmesg|head -4; pkg_info| grep cups OpenBSD port.crowsons.com 5.7 GENERIC.MP#860 amd64 OpenBSD 5.7-beta (GENERIC.MP) #860: Sun Feb 22 03:14:54 MST 2015 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8447131648 (8055MB) avail mem = 8218349568 (7837MB) cups-2.0.2 Common Unix Printing System cups-filters-1.0.65 OpenPrinting CUPS filters cups-libs-2.0.2 CUPS libraries and headers cups-pk-helper-0.2.5 fine-grained privileges PolicyKit helper for CUPS gtk+3-cups-3.14.8 gtk+3 CUPS print backend Maybe ktrace cups to seem that can give any clues. After adding the exception, I continue to see the Not Found message. So the encryption was not the root cause. But it seems I've sorted it out: the files used for CUPS's web interface are contained into the /usr/local/share/doc/cups directory, and *by default*, that isn't world readable, at least for this very latest CUPS release (2.0.2). In fact, the inconsistency is flagged in the error_log file: I [07/Mar/2015:18:25:38 +0100] [Client 4] Files/directories such as /usr/local/share/doc/cups/ must be world-readable. After changing the permissions all works as expected. Maybe something to fix in CUPS port? Antoine could give us his view... -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Re: Cannot connect to CUPS web interface in -current
On Sat, Mar 07, 2015 at 11:20:30PM +0100, Alessandro DE LAURENZIS wrote: Hi Fred, On Sat 07/03/2015 21:32, Fred wrote: Both Firefox and Chrome let me do https://localhost:631/ but then both complain and I have to add exceptions, once added it works for me. In chrome the connection is then encrypted with TLS 1.2 port:fred ~ uname -a; dmesg|head -4; pkg_info| grep cups OpenBSD port.crowsons.com 5.7 GENERIC.MP#860 amd64 OpenBSD 5.7-beta (GENERIC.MP) #860: Sun Feb 22 03:14:54 MST 2015 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8447131648 (8055MB) avail mem = 8218349568 (7837MB) cups-2.0.2 Common Unix Printing System cups-filters-1.0.65 OpenPrinting CUPS filters cups-libs-2.0.2 CUPS libraries and headers cups-pk-helper-0.2.5 fine-grained privileges PolicyKit helper for CUPS gtk+3-cups-3.14.8 gtk+3 CUPS print backend Maybe ktrace cups to seem that can give any clues. After adding the exception, I continue to see the Not Found message. So the encryption was not the root cause. But it seems I've sorted it out: the files used for CUPS's web interface are contained into the /usr/local/share/doc/cups directory, and *by default*, that isn't world readable, at least for this very latest CUPS release (2.0.2). In fact, the inconsistency is flagged in the error_log file: I [07/Mar/2015:18:25:38 +0100] [Client 4] Files/directories such as /usr/local/share/doc/cups/ must be world-readable. After changing the permissions all works as expected. Maybe something to fix in CUPS port? Antoine could give us his view... Permissions are fine here. Not sure why yours are not. -- Antoine
Re: Cannot connect to CUPS web interface in -current
On Sat 07/03/2015 23:20, Alessandro DE LAURENZIS wrote: After adding the exception, I continue to see the Not Found message. So the encryption was not the root cause. But it seems I've sorted it out: the files used for CUPS's web interface are contained into the /usr/local/share/doc/cups directory, and *by default*, that isn't world readable, at least for this very latest CUPS release (2.0.2). In fact, the inconsistency is flagged in the error_log file: I [07/Mar/2015:18:25:38 +0100] [Client 4] Files/directories such as /usr/local/share/doc/cups/ must be world-readable. After changing the permissions all works as expected. Maybe something to fix in CUPS port? Antoine could give us his view... Just found a thread reporting a similar issue: [1] http://www.linuxquestions.org/questions/slackware-14/stoopid-cups-question-4175522158/page2.html -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
