-
Notifications
You must be signed in to change notification settings - Fork 467
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/tags/release-1.1.11@4306 a1ca3aef-8c08-0410-bb20-df032aa958be
- Loading branch information
msweet
committed
May 10, 2013
0 parents
commit 3994d07
Showing
1,245 changed files
with
574,899 additions
and
0 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
CREDITS.txt - 01/27/2000 | ||
------------------------ | ||
|
||
Few projects are completed by one person, and CUPS is no exception. We'd | ||
like to thank the following individuals for their contributions: | ||
|
||
Nathaniel Barbour - Lots of testing and feedback. | ||
N. Becker - setsid(). | ||
Jean-Eric Cuendet - GhostScript filters for CUPS. | ||
Van Dang - HTTP and IPP policeman. | ||
Dr. ZP Han - setgid()/setuid(). | ||
Guy Harris - *BSD shared libraries and lots of other fixes. | ||
Wang Jian - CUPS RPM corrections. | ||
Roderick Johnstone - Beta tester of the millenium. | ||
Sergey V. Kovalyov - ESP Print Pro and CUPS beta tester. | ||
Mark Lawrence - Microsoft interoperability testing. | ||
Jason McMullan - Original CUPS RPM distributions. | ||
Wes Morgan - *BSD fixes. | ||
Ulrich Oldendorf - German locale. | ||
Petter Reinholdtsen - HP-UX compiler stuff. | ||
Stuart Stevens - HP JetDirect IPP information. | ||
Kiko - Bug fixes. | ||
L. Peter Deutsch - MD5 code. | ||
|
||
If I've missed someone, please let me know by sending an email to | ||
"mike@easysw.com". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
ENCRYPTION - CUPS v1.1.7 - 02/21/2001 | ||
------------------------------------- | ||
|
||
This file describes the encryption support provided by CUPS. | ||
|
||
WARNING: CLIENTS CURRENTLY TRUST ALL CERTIFICATES FROM SERVERS. | ||
This makes the CUPS client applications vulnerable to "man in | ||
the middle" attacks, so we don't recommend using this to do | ||
remote administration over WANs at this time. | ||
|
||
Future versions of CUPS will keep track of server certificates | ||
and provide a callback/confirmation interface for accepting new | ||
certificates and warning when a certificate has changed. | ||
|
||
|
||
LEGAL STUFF | ||
|
||
BEFORE USING THE ENCRYPTION SUPPORT, PLEASE VERIFY THAT IT IS | ||
LEGAL TO DO SO IN YOUR COUNTRY. CUPS by itself doesn't include | ||
any encryption code, but it can link against the OpenSSL library | ||
which does. | ||
|
||
|
||
OVERVIEW OF ENCRYPTION SUPPORT IN CUPS | ||
|
||
CUPS supports SSL/2.0, SSL/3.0, and TLS/1.0 encryption using | ||
keys as large as 128-bits. Encryption support is provided via | ||
the OpenSSL library and some new hooks in the CUPS code. | ||
|
||
CUPS provides support for dedicated (https) and "upgrade" (TLS) | ||
encryption of sessions. The "HTTP Upgrade" method is described | ||
in RFC 2817; basically, the client can be secure or unsecure, | ||
and the client or server initiates an upgrade to a secure | ||
connection via some new HTTP fields and status codes. The HTTP | ||
Upgrade method is new and no browsers we know of support it yet. | ||
Stick with "https" for web browsers. | ||
|
||
The current implementation is very basic. The CUPS client | ||
software (lp, lpr, etc.) uses encryption as requested by the | ||
user or server. | ||
|
||
The user can specify the "-E" option with the printing commands | ||
to force encryption of the connection. Encryption can also be | ||
specified using the Encryption directive in the client.conf file | ||
or in the CUPS_ENCRYPTION environment variable: | ||
|
||
Never | ||
|
||
Never do encryption. | ||
|
||
Always | ||
|
||
Always do SSL/TLS encryption using the https scheme. | ||
|
||
IfRequested | ||
|
||
Upgrade to TLS encryption if the server asks for it. | ||
This is the default setting. | ||
|
||
Required | ||
|
||
Always upgrade to TLS encryption as soon as the | ||
connection is made. This is different than the "Always" | ||
mode above since the connection is initially unsecure | ||
and the client initiates the upgrade to TLS encryption. | ||
(same as using the "-E" option) | ||
|
||
These keywords are also used in the cupsd.conf file to secure | ||
particular locations. To secure all traffic on the server, listen | ||
on port 443 (https port) instead of port 631 and change the "ipp" | ||
service listing (or add it if you don't have one) in /etc/services | ||
to 443. To provide both secure and normal methods, add a line | ||
reading: | ||
|
||
SSLPort 443 | ||
|
||
to /etc/cups/cupsd.conf. | ||
|
||
|
||
BEFORE YOU BEGIN | ||
|
||
You'll need the OpenSSL library from: | ||
|
||
http://www.openssl.org | ||
|
||
|
||
CONFIGURING WITH ENCRYPTION SUPPORT | ||
|
||
Once you have the OpenSSL library installed, you'll need to | ||
configure CUPS to use it with the "--enable-ssl" option: | ||
|
||
./configure --enable-ssl | ||
|
||
If the OpenSSL stuff is not in a standard location, make sure to | ||
define the CFLAGS, CXXFLAGS, and LDFLAGS environment variables | ||
with the appropriate compiler and linker options first. | ||
|
||
|
||
GENERATING A SERVER CERTIFICATE AND KEY | ||
|
||
The following OpenSSL command will generate a server certificate | ||
and key that you can play with. Since the certificate is not | ||
properly signed it will generate all kinds of warnings in | ||
Netscape and MSIE: | ||
|
||
openssl req -new -x509 -keyout /etc/cups/ssl/server.key \ | ||
-out /etc/cups/ssl/server.crt -days 365 -nodes | ||
|
||
chmod 600 /etc/cups/ssl/server.* | ||
|
||
The "-nodes" option prevents the certificate and key from being | ||
encrypted. The cupsd process runs in the background, detached | ||
from any input source; if you encrypt these files then cupsd | ||
will not be able to load them! | ||
|
||
Send all rants about non-encrypted certificate and key files to | ||
/dev/null. It makes sense to encrypt user files, but not for | ||
files used by system processes/daemons... | ||
|
||
|
||
REPORTING PROBLEMS | ||
|
||
If you have problems, READ THE DOCUMENTATION FIRST! If the | ||
documentation does not solve your problems please send an email | ||
to "cups-support@cups.org". Include your operating system and | ||
version, compiler and version, and any errors or problems you've | ||
run into. The "/var/log/cups/error_log" file should also be sent, | ||
as it often helps to determine the cause of your problem. | ||
|
||
If you are running a version of Linux, be sure to provide the | ||
Linux distribution you have, too. | ||
|
||
Please note that the "cups-support@cups.org" email address goes | ||
to the CUPS developers; they are busy people, so your email may | ||
go unanswered for days or weeks. In general, only general build | ||
or distribution problems will actually get answered - for | ||
end-user support see the "README.txt" for a summary of the | ||
resources available. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,170 @@ | ||
INSTALL - CUPS v1.1.10 - 08/06/2001 | ||
----------------------------------- | ||
|
||
This file describes how to compile and install CUPS from source | ||
code. For more information on CUPS see the file called | ||
"README.txt". A complete change log can be found in | ||
"CHANGES.txt". | ||
|
||
|
||
BEFORE YOU BEGIN | ||
|
||
You'll need ANSI-compliant C and C++ compilers, plus a make | ||
program and Bourne shell. The GNU compiler tools work well - | ||
we've tested the current CUPS code against GCC 2.95.x with | ||
excellent results. | ||
|
||
The makefiles used by the project should work with all versions | ||
of make. We've tested them with GNU make as well as the make | ||
programs shipped by Compaq, HP, SGI, and Sun. FreeBSD users | ||
should use GNU make (gmake). | ||
|
||
Besides these tools you'll want the following libraries: | ||
|
||
- JPEG 6b or higher | ||
- PNG 1.0.6 or higher | ||
- TIFF 3.4 or higher | ||
- ZLIB 1.1.3 or higher | ||
|
||
CUPS will compile and run without these, however you'll miss out on | ||
many of the features provided by CUPS. | ||
|
||
|
||
CONFIGURATION | ||
|
||
CUPS uses GNU autoconf, so you should find the usual "configure" | ||
script in the main CUPS source directory. To configure CUPS for | ||
your system, type: | ||
|
||
./configure ENTER | ||
|
||
The default installation will put the CUPS software in the | ||
"/etc", "/usr", and "/var" directories on your system, which | ||
will overwrite any existing printing commands on your system. | ||
Use the "--prefix" option to install the CUPS software in | ||
another location: | ||
|
||
./configure --prefix=/some/directory ENTER | ||
|
||
If the PNG, JPEG, TIFF, and ZLIB libraries are not installed in | ||
a system default location (typically "/usr/include" and | ||
"/usr/lib") you'll need to set the CFLAGS, CXXFLAGS, DSOFLAGS, | ||
and LDFLAGS environment variables prior to running configure: | ||
|
||
setenv CFLAGS "-I/some/directory" ENTER | ||
setenv CXXFLAGS "-I/some/directory" ENTER | ||
setenv DSOFLAGS "-L/some/directory" ENTER | ||
setenv LDFLAGS "-L/some/directory" ENTER | ||
./configure ... ENTER | ||
|
||
or: | ||
|
||
CFLAGS="-I/some/directory"; export CFLAGS ENTER | ||
CXXFLAGS="-I/some/directory"; export CXXFLAGS ENTER | ||
DSOFLAGS="-L/some/directory"; export DSOFLAGS ENTER | ||
LDFLAGS="-L/some/directory"; export LDFLAGS ENTER | ||
./configure ... ENTER | ||
|
||
To enable support for encryption, you'll also want to add the | ||
"--enable-ssl" option: | ||
|
||
./configure --enable-ssl | ||
|
||
SSL and TLS support require the OpenSSL library, available at: | ||
|
||
http://www.openssl.org | ||
|
||
If the OpenSSL header files and libraries are not in a standard | ||
location, specify the locations of these files using the | ||
--with-openssl-includes and --with-openssl-libs directives: | ||
|
||
./configure --enable-ssl \ | ||
--with-openssl-includes=/foo/bar/include \ | ||
--with-openssl-libs=/foo/bar/lib | ||
|
||
See the file "ENCRYPTION.txt" for information on using the | ||
encryption support in CUPS. | ||
|
||
Once you have configured things, just type: | ||
|
||
make ENTER | ||
|
||
or if you have FreeBSD, NetBSD, or OpenBSD type: | ||
|
||
gmake ENTER | ||
|
||
to build the software. | ||
|
||
|
||
INSTALLING THE SOFTWARE | ||
|
||
Once you have built the software you need to install it. The | ||
"install" target provides a quick way to install the software on | ||
your local system: | ||
|
||
make install ENTER | ||
|
||
or for FreeBSD, NetBSD, or OpenBSD: | ||
|
||
gmake install ENTER | ||
|
||
You can also build binary packages that can be installed on other | ||
machines using the RPM spec file ("cups.spec") or EPM list file | ||
("cups.list"). The latter also supports building of binary RPMs, | ||
so it may be more convenient to use - we use EPM to build all of | ||
our binary distributions. | ||
|
||
You can find the RPM software at: | ||
|
||
http://www.rpm.org | ||
|
||
The RPM software is at: | ||
|
||
http://www.easysw.com/epm | ||
|
||
|
||
CREATING BINARY DISTRIBUTIONS WITH EPM | ||
|
||
The top level makefile supports generation of many types of binary | ||
distributions using EPM. To build a binary distribution type: | ||
|
||
make <format> ENTER | ||
|
||
or | ||
|
||
gmake <format> ENTER | ||
|
||
for FreeBSD, NetBSD, and OpenBSD. The <format> target is one of | ||
the following: | ||
|
||
epm - Builds a portable shell script and tar file based | ||
distribution. This format will also backup your | ||
existing printing system if you decide to remove | ||
CUPS at some future time. | ||
aix - Builds an AIX binary distribution. | ||
bsd - Builds a *BSD binary distribution. | ||
deb - Builds a Debian binary distribution. | ||
depot - Builds a HP-UX binary distribution. | ||
pkg - Builds a Solaris binary distribution. | ||
rpm - Builds a RPM binary distribution. | ||
tardist - Builds an IRIX binary distribution. | ||
|
||
|
||
REPORTING PROBLEMS | ||
|
||
If you have problems, READ THE DOCUMENTATION FIRST! If the | ||
documentation does not solve your problems please send an email | ||
to "cups-support@cups.org". Include your operating system and | ||
version, compiler and version, and any errors or problems you've | ||
run into. The "/var/log/cups/error_log" file should also be sent, | ||
as it often helps to determine the cause of your problem. | ||
|
||
If you are running a version of Linux, be sure to provide the | ||
Linux distribution you have, too. | ||
|
||
Please note that the "cups-support@cups.org" email address goes | ||
to the CUPS developers; they are busy people, so your email may | ||
go unanswered for days or weeks. In general, only general build | ||
or distribution problems will actually get answered - for | ||
end-user support see the "README.txt" for a summary of the | ||
resources available. |
Oops, something went wrong.