Bug#747073: [cups-daemon] Doesn't work with systemd

Didier 'OdyX' Raboud odyx at debian.org
Thu Sep 25 21:24:49 BST 2014 

Hi all again,

I've spent some braincells on this problem and I thought it'd probably 
be wise to report my thought process to this bug.

OdyXLe dimanche, 3 août 2014, 14.06:10 Didier '' Raboud a écrit :
> Le dimanche, 3 août 2014, 12.11:58 Marco d'Itri a écrit :
> > > systemd maintainers: I think Listen*=[::1]:$port stanzas shouldn't
> > > make the .socket-file loading fail if the ipv6 module is not
> > > loaded. It should certainly spit out a warning though.
> > 
> > There is no magic "we do not care if it does not work" address
> > family: if a unit is configured to open a socket but this fails
> > then the unit must fail.

This causes more headaches, see below.

> Assuming there's no good way to make this work within systemd, I see
> three ways forward to fix this in cups:
> 
> a) declare that ipv6 is mandatory these days, document this in
>    README.Debian, let users cope with it.
>    Pros: it works for most, ipv6 is coming anyway
>    Cons: changes done through cups would break the user override every
>          time.

This has been reported privately to me as a serious problem as some 
institutions apparently continue to forbid ipv6.

> b) Detect whether there's a local ipv6 address both in the
>    cups-daemon.preinst and in the cups code through
>    cupsd-write-systemd-Port.patch.
>    Pros: would work for everyone
>    Cons: wouldn't make cups work over ipv6 if the latter is enabled
>           after cups is installed; more fault-potential os-specific
>           code.

The more I think about it, the more I become convinced that this would 
be a nightmare to manage on top of being really ugly.

> c) Replace address-based ListenStream stanzas with a combination of
>    BindIPv6Only and FreeBind to configure systemd to bind only local
> or all available interfaces. The problem with that is that CUPS does
> address-based checking to verify that its bound addresses are really
> local. That could be patched out or corrected though.

I've tried to tackle this again, but here are the problems I'm having:

 i) ListenStream with explicit IPs
    This means I need to know before writing the file whether the
    corresponding IP is available; this is the current situation, and it 
    fails when ipv6 is not available.

 ii) ListenStream with only the port number.
     This works for the localhost ipv6 [::1] but it doesn't listen on 
     127.0.0.1:631 but on :::631 . This implies that accessing
     http://localhost:631/ doesn't spawn CUPS (of course, if you try
     accessing http://[::1]:631/ first, then CUPS is spawned and the
     IPv4 access works duing the 30 seconds, as cups has taken the port.

  iii) Any combination of FreeBind or BindIPv6Only doesn't seem to
       help.

So, dear systemd maintainers; what am I missing? CUPS offers two 
alternative settings, which I can't reproduce in systemd.socket stanzas:

a) 'Listen localhost:631' for which systemd would need to bind against:
	127.0.0.1:631 if 127.0.0.1 exists locally (we take is as granted)
	[::1]:631 if [::1] exists locally (purpose of this very bug)

b) 'Port 631' for which systemd would need to bind against:
	127.0.0.1:631 if 127.0.0.1 exists locally (we take is as granted)
	[::1]:631 if [::1] exists locally (purpose of this very bug)
	+ port 631 on every local IP.

Reading systemd.socket, I would have set:

	ListenStream=631
	BindIPv6Only=both

… and toggled FreeBind to switch from a) to b) as above, but that's not 
how it works. What am I doing wrong?

Let's state it clearly: the core of the problem is that I think that 
"http://localhost:631/" is a standard CUPS user interface and I'm not 
ready to make sure users (starting with me) change their muscle memory 
to use "http://ip6-localhost:631/" or "http://[::1]:631/" instead. How 
can we make this happen?

TIA, cheers,
OdyX

More information about the Pkg-systemd-maintainers mailing list