Joint PWG/OP Summit called to order by Jeremy Leber at 10am US Eastern. These minutes were prepared by Ira McDonald.
Attendees (at one or more OP Summit sessions)
- Amitha (Konica-Minolta, call-in) - Taiki Arai (Oki, call-in) - Aveek Basu (Lexmark, OP GSoC Guru, call-in) - Zdenek Dohnal (Redhat, OP GSoC Mentor, call-in) - Benjamin Gordon (Google, Chrome OS, call-in) - Piyush Goyal (OP GSoC, call-in) - Hiro Ito (call-in) - Till Kamppeter (Canonical, OP Manager, call-in) - Smith Kennedy (HP Inc, PWG Vice-Chair, call-in) - Pranshu Kharwal (OP GSoC, call-in) - Diyasheel Kumar (OP GSoC, call-in) - Jeremy Leber (Lexmark, PWG Chair, call-in) - Ira McDonald (High North, PWG Secretary, IPP WG Co-Chair, OP Chair, call-in) - Piotr Pawliczek (Google, call-in) - Michael Rhines (Qualcomm, Mopria Liaison, call-in) - Anthony Suarez (Kyocera Document Solutions, call-in) - Alan Sukert (Independent, IDS WG Chair, call-in) - Mike Sweet (Lakeside Robotics, IPP WG Secretary, call-in) - Paul Tykodi (TCS, IPP WG Co-Chair, call-in) - Michael Vrhel (Artifex, Ghostscript, call-in) - Bill Wagner (TIC, former Cloud WG Chair, former WIMS WG Chair, call-in) - Uli Wehner (Ricoh, call-in) - Steven Young (Canon, call-in)
Agenda
- Discussion
- See slides
- Linux Markets and Distributions
- Linux Internet public server market share in May 2022
– 38% Linux / 20% Windows / 43% other/unknown
- https://w3techs.com/technologies/overview/operating_system
- https://w3techs.com/technologies/details/os-unix
- Linux Web Server market share in May 2022
– 38% Linux / 20% Windows / 42% other/unknown
- https://w3techs.com/technologies/comparison/os-linux,os-windows
- Linux mobile OS market share in May 2022
– 72% Android / 27% iOS / 1% other/unknown
- http://gs.statcounter.com/os-market-share/mobile/worldwide
- Linux distributions popularity on Distro Watch in May 2022
– Mint, Manjaro, Ubuntu, Debian, Fedora, openSUSE, CentOS
- https://distrowatch.com/dwres.php?resource=popularity
- OpenPrinting Highlights 2021
- OpenPrinting celebrates 20 years of printing with free software!
https://linuxplumbersconf.org/event/7/contributions/748/attachments/681/1265/
20-Years-on-Printing-with-Free-Software.pdf
- CUPS OpenPrinting
- See CUPS Plenary presentation tomorrow
- Developers – Mike Sweet and Linux community
- Releases – v2.3.3op1 (20 November 2020) and v2.3.3op2 (1 February 2021)
- Ubuntu 21.04 (22 April 2021) shipped with CUPS v2.3.3op2
- Development is approaching CUPS v2.4.x
- CUPS Snap uses GIT master of OpenPrinting CUPS
- CUPS Filters
- See CUPS Filters presentation tomorrow
- Developers – Till Kamppeter and Linux community
- Releases – v1.27.5 (5 June 2020) thru v1.28.8 (25 March 2021)
-Ubuntu 21.04 (22 April 2021) shipped with CUPS Filters v1.28.8
- PAPPL (Printer Application)
- See PAPPL presentations tomorrow
- Developers – Mike Sweet and Linux community
- Releases – v1.0.0 (11 December 2020) thru v1.0.3 (21 April 2021)
- PostScript Printer Application
- See PAPPL presentations tomorrow
- Developers – Till Kamppeter and Linux community
- Started on 26 October 2020
https://lists.linuxfoundation.org/pipermail/printing-architecture/2020/003899.html
- Mostly complete – a few PAPPL features are still pending
- CUPS Snap (Printing Stack Snap)
- See CUPS Snap presentation tomorrow
- Developers – Till Kamppeter and Linux community
- CUPS Snap project started in October 2017
https://github.com/OpenPrinting/cups-snap
- CUPS Snap is now in Snap Store
https://snapcraft.io/cups
- Driverless
- See CUPS Filters presentation tomorrow
- Nidhi Jain, LFMP 2020 added IPP FaxOut support
- IPP over USB
- See CUPS Filters presentation tomorrow
- ippusbxd discontinued
- ipp-usb replaces ippusbxd in most Linux distributions
- Google Chrome OS has its own IPP-over-USB daemon in Rust
- Scanning
- See CUPS Filters presentation tomorrow
- Mopria just published eSCL specification in April 2021
- sane-airscan supports eSCL / WSD
- Not integrated w/ IPP Scan Service or IPP System Service
- Scan integration w/ the IPP ecosystem is an open topic
- Google Summer of Code 2021
- OP in GSoC 2021 – Recruitment and Projects
- Student recruitment process started in late 2020
- Recruitment hampered by COVID-19 pandemic travel restrictions
- GSoC 2021 projects approximately half hours of GSoC 2020 projects
- Accepted student projects announced on 17 May 2021
- GSoC 2021 – Timeline Highlights
- 29 January 2021 – Organization Applications Open – LF applied
- 19 February 2021 – Organization Application Deadline
- 9 March 2021 – Organizations Announced – LF accepted
- 29 March 2021 to 13 April 2021 – Student Applications – 4 OP projects
- 17 May 2021 – Student Projects Announced
- 7 June 2021 to 16 August 2021 – Coding
- 31 August 2021 – Results Announced
- OpenPrinting Highlights 2022
- CUPS OpenPrinting
- See CUPS Plenary presentation tomorrow
- Developers – Mike Sweet, Zdenek Dohnal, and Linux community
- Latest Release – v2.4.1 (27 January 2022)
- Ubuntu 22.04 LTS (21 April 2022) shipped with CUPS v2.4.1
- CUPS Snap uses GIT master of OpenPrinting CUPS
https://github.com/OpenPrinting/cups-snap
https://snapcraft.io/cups
- CUPS Filters Highlights
- See CUPS Filters presentation tomorrow
- Developers – Till Kamppeter and Linux community
- Latest Release – v1.28.15 (11 April 2022)
- Ubuntu 22.04 LTS (21 April 2022) shipped with CUPS Filters v1.28.15
- CUPS Filters v2.0 is coming
https://github.com/OpenPrinting/cups-filters/releases/tag/1.28.15
- PAPPL (Printer Application)
- See Printer Applications presentation tomorrow
- Developers – Mike Sweet and Linux community
- Latest Release – v1.2.0 (15 May 2022)
https://github.com/michaelrsweet/pappl/releases/tag/v1.2.0
- PostScript Printer Application
- See Printer Applications presentation tomorrow
- Developers – Till Kamppeter and Linux community
- PostScript Printer Application is now in Snap Store
https://github.com/OpenPrinting/ps-printer-app
https://snapcraft.io/ps-printer-app
- Ghostscript Printer Application
- See Printer Applications presentation tomorrow
- Developers – Till Kamppeter and Linux community
- Ghostscript Printer Application is now in Snap Store
https://github.com/OpenPrinting/ghostscript-printer-app
https://snapcraft.io/ghostscript-printer-app
- Gutenprint Printer Application
- See Printer Applications presentation tomorrow
- Developers – Till Kamppeter and Linux community
- Gutenprint Printer Application is now in Snap Store
https://github.com/OpenPrinting/gutenprint-printer-app
https://snapcraft.io/gutenprint-printer-app
- HPLIP Printer Application
- See Printer Applications presentation tomorrow
- Developers – Till Kamppeter and Linux community
- HPLIP Printer Application is now in Snap Store
https://github.com/OpenPrinting/hplip-printer-app
https://snapcraft.io/hplip-printer-app
- Retro-Fitting Printer Applications
- See Retro-Fitting Printer Applications presentation tomorrow
- Developers – Till Kamppeter and Linux community
https://github.com/OpenPrinting/pappl-retrofit
- Driverless Printing
- See CUPS Filters and Printer Applications presentation tomorrow
- Driverless Printing is now available on all major OS platforms
- IPP over USB
- See CUPS Filters presentation tomorrow
- ippusbxd discontinued
- ipp-usb replaces ippusbxd in most Linux distributions
- Google Chrome OS has its own IPP-over-USB daemon in Rust
- Driverless Scanning
- See CUPS Filters and Driverless Scanning presentation tomorrow
- Driverless Scanning is a GSoC 2022 project
- Google Summer of Code 2022
- OP in GSoC 2022 – Recruitment and Projects
- Student recruitment process started in late 2021
- Recruitment hampered by COVID-19 pandemic travel restrictions
- GSoC 2022 contributors do not have to be students
- Accepted contributor projects announced on 20 May 2022
- GSoC 2022 – Timeline Highlights
- 7 February 2022 – Organization Applications Open – LF applied
- 21 February 2022 – Organization Application Deadline
- 7 March 2022 – Organizations Announced – LF accepted
- 4-19 April 2022 – Contributor Applications – 8 OP projects
- 20 May 2022 – Contributor Projects Announced
- 13 June 2022 to 12 September 2022 – Coding (standard period)
- 20 September 2022 – Results Announced (standard period)
- 12 September 2022 to 13 November 2022 – Coding (extended period)
- 28 November 2022 – Results Announced (extended period)
- OP Next Steps
- Call for Participation
- OP is cost-effective for printer vendor support of Linux & UNIX
- PWG and OP Collaboration
- OP CUPS development and evolution
- OP CUPS Filters v2.0 development and evolution
- OP GSoC implementations of PWG IPP specs
- OP Driverless Printing and Driverless Scanning development
- OP monthly teleconferences on Tuesdays
- Tuesday 7 June 2022 1-2pm US EDT (F2F review/GSoC status)
- Tuesday 5 July 2022 1-2pm US EDT (GSoC status)
- Tuesday 9 August 2022 1-2pm US EDT (GSoC status)
- Discussion
- See slides
- GSoC 2022 Projects
- Add Avahi calls for discovering and resolving driverless IPP printers and Optimize
the processes
- GUI for discovering non-driverless printers and finding suitable Printer Applications
for them
- Adding CPDB support to existing Print Dialogs
- Converting Braille embosser support into a Printer Application
- Scanning Support in PAPPL with eSCL Support
- Scanning Support in PAPPL with IPP Scan Interface
- Create new printer setup tool for the GNOME Control Center
- Make a native Printer Application from Gutenprint
- GSoC 2021 Projects Students
- Bhavna Kosta
- Suraj Kulriya
- Pratyush Ranjan
- Pranshu Kharkwal
- Divyasheel Kumar
- Demos of GSoC 2021 Projects
- Create a universal filter to replace the chain of individual cups filters
(Pranshu Kharkwal)
- GUI for listing and managing available IPP Print/Scan services
(or DNS-SD-advertised network services in general)
(Divyasheel Kumar)
- Linux Plumbers 2021 Virtual F2F (20-24 September 2021)
- https://www.youtube.com/watch?v=nQxWoXO90FM&t=4s
- Linux Plumbers 2022 Hybrid F2F (12-14 September 2022, Dublin)
- OP MC proposal has been selected by the LPC Committee for Linux Plumbers 2022
- Inviting speakers for talks
- OP Initiatives
- Ubuntu Desktop Team Indaba (27 August 2021)
- Summer of Printers | Community Office Hours 7 October 2021)
- FOSS Asia 2021 - Lightning Talks (13-21 March 2021)
- Discussion
- See slides
- Ghostscript
- Ghostscript is a document conversion and rendering engine.
- Ghostscript, GhostPCL, GhostXPS, GhostPDF, GhostPDL
- Converts between and renders PDF, PS, PCL, PCL-XL, XPS
- Dual license GNU AGPLv3 / Commercial
- Source and documentation available at www.ghostscript.com
- MuPDF
- Open-source software framework for viewing and converting PDF, XPS, and e-book
documents
- Dual license GNU AGPLv3 / Commercial
- Written in C, but has JNI bindings that work on both Oracle’s Java and Android
- Source and documentation available at www.mupdf.com
- MuPDF Command Line Tools
- mutooldraw
- Primarily used for rendering a document to image files.
- mutoolconvert
- For converting documents into other formats.
- mutooltrace
- Debugging tool used for printing a trace of the graphics device calls on a page.
- mutoolshow
- A tool for displaying the internal objects in a PDF file.
- mutoolextract
- Extract images and embedded font resources.
- mutoolclean
- Rewrite PDF file. Used to fix broken files, or to make a PDF file human editable.
- mutoolmerge
- Merge pages from multiple input files into a new PDF.
- mutoolcreate
- Create a new PDF file from a text file with graphics commands.
- mutoolrun
- A tool for running Javascriptprograms with access to the MuPDFlibrary functions.
- MuPDF JavaScript
- Examples in docs/examples:
- pdf-merge.js
- pdf-portfolio.js
- pdf-create.js
- and more…
- Example:
- mutoolrun pdf-merge.js output.pdf input1.pdf input2.pdf ...
- Changes to GS since last OP Summit in 2021
- Release 9.55 October 2021
- Includes new PDF interpreter. Invoked with –dNEWPDF=true
- Includes stand-alone PDF only binary
- pdfwritedevice supports passthrough for JPX/JPG2000
- Improvements in demo apps for C, C#, Java, and Python
- Object specific halftoning
- Release 9.56 March 2022
- New PDF interpreter enabled by default (–dNEWPDF=false to disable)
- Calling Ghostscriptvia GS API now threadsafe.
- Limitation is the X11 devices which cannot be made threadsafe due to interaction
with X11 server.
- PSD (Photoshop) output format includes ICC profile
- API demo added for MATLAB
- GSabletogenerate all formats for driverless printing.
- Apple Raster/URF cups/pwgrasterpclm/pclm8 pdfwrite/pdfimage8/pdfimage24/pdfimage32
- Changes to MuPDF since last OP Summit in 2021
- Release 1.19 October 5th2021
- Microsoft Word DOCX output format
- ODT output format (OpenOffice)
- Undo and redo functions
- Autosave and restore functions
- Reflow document wrapper
- Enhancements to OCR functions
- Additional 'mutoolrun' and Java library functions
- Added new Unicode scripts and fonts for EPUB
- Support opacity for all markup annotation types
- C++ and Python bindings now run on Windows
- Python bindings are now available as pre-built binaries
- Added demo PDF viewer using the Python MuPDFbindings and PyQt
- PyMuPDF
- Python binding for MuPDF
- PyMuPDFcan be installed from Python wheels
- Windows (32bit and 64bit), Linux (64bit, Intel and ARM) and Mac OSX (64bit, Intel),
for Python versions 3.7 and later.
- See https://pymupdf.readthedocs.io/en/latest/intro.htmlfor detailed documentation
- Heavily used in the Python community (downloaded more than 19 million times)
- Dual license GNU AGPLv3 / Commercial
- Little CMS2MT
- We continue to use a fork of Little CMS2 that is thread safe.
- Fork is currently available with git checkout of Ghostscript.
- We bring in any bug fixes applied to Little CMS2.
- Developed SSE4.2, AVX2, NEON plug-in for tetrahedral interpolation with cmyk,
rgb, or gray output. (Commercial license only)
- MuJS
- MuJS is a library, written in C.
- MuJS has no notion of a main program:
- It only works embedded in a host client program.
- The host program can invoke functions to execute Javascriptcode, read and write
Javascriptvariables, and register C functions to be called by Javascript.
- Implements EMCAScriptECMA-262
- Open source under ISC license
https://opensource.org/licenses/ISC
http://git.ghostscript.com/?p=mujs.git;a=summary
- MuPDF WebAssembly
- Binary instruction format for a stack-based virtual machine.
- Wasm is designed as a portable target for compilation enabling deployment on the
web for client and server applications.
- Ghostscript API Bindings
- In ghostpdl/demos folder:
- C – Contains a VS project that exercises API
- C# – Contains simple demo viewer for Windows (WPF UI) and for Linux (MONO with GTK UI).
- Mimics C API but has helper methods to extend API
- Java – Contains simple Java demo viewer.
- Mimics C API but has helper methods to extend API
- Python – Mimics C API.
- Has demo example usage (ghostpdl\demos\python\examples.py)
- MATLAB –Uses MEX file to interface to GS API.
- Code Security/Analysis Methods
- Fuzzing of test files used to detect simple faults
- Coverity: https://scan.coverity.com/projects/ghostpdl
- dereferences of NULL pointers, use of uninitialized data, memory corruptions, buffer
overruns, control flow issues, incorrect expressions, unsafe signed values
- Coverage tests run periodically: https://ghostscript.com/coverage/
- Various compilers used and warning report provided with every commit
- gcc, clang
- Address Sanitizer: Testing for buffer overflows, dangling pointer overflows
- Valgrind: Testing for buffer overflows, use of uninitialized memory/variables
- Memento: Memory leak/corruption analyzer and "Memory Squeezing".
- Part of Ghostscriptbuild memento.h/c
- Current/Future Work
- -dBlackVector–dBlackText–dBlackThresholdL–dBlackThresholdC
- These options allow the forcing of vector and text content to black (or white) even
to pdfwritedevice.
- Improved page control for PDF files like what is available for XPS files. For example:
-sPageList=1,2,1,2
-sPageList=10-5
-sPageList=1-,-1
- Preservation of PDF accessibility content for pdfwritedevice
- More Info
- Repositories located at
- git://git.ghostscript.com
- Ghostscriptdiscussions on Discord channel #ghostscript
- MuPDFdiscussions on Discord channel #mupdf
- Bug reports
- bugs.ghostscript.com
- Additional information at www.mupdf.comwww.ghostscript.com
- Discussion
- See slides
- What is ChromiumOS?
- Google’s Open Source operating system for Chromebooks (and other devices)
- Approximately the same as ChromeOS minus some Google-only parts
- Gentoo derivative
- Everything is built from source
- Supports a variety of ARM and x86-64 architectures
- Code available at chromium.googlesource.com
- Open Source Projects Used
- CUPS
- Print spooling
- Driverless support
- cups-filters
- gstoraster
- pdftops
- foomatic-rip
- Ghostscript
- Scanning
- sane-airscan
- Mopria eSCL scanning
- SANE
- avahi + nss-mdns
- mDNS hostname resolution
- ippusb_bridge
- local IPP-USB sockets
- Features in Chromium
- mDNS detection
- Driverless support
- Matching printers with PPDs
- IPP-USB through local (UNIX domain) sockets
- Recent Improvements
- General scalability of existing features
- More PPDs available
- More manufacturer-specific PPD keywords supported
- More automated testing
- Mock printer improvements
- Better sharing of USB devices between printing and scanning
- New feature: OAuth 2.0 for IPP
- OAuth 2.0 for IPP
1. Scope of the project
2. Security considerations
3. Proposed protocol
4. Project status & proposed changes
- OAuth 2.0 General Idea
- see diagram in slides
- IPP Client starts Authentication Procedure w/ Authorization Server
- Authorization Server replies w/ Access Token to IPP Client
- IPP Client sends IPP requests w/ Access Token to IPP Printer
- OAuth 2.0 Possible Configurations
- see diagram in slides
- IPP Client sends requests to Authorization Server + IPP Printers (together)
- Forwarded to Output Devices (i.e., physical printers)
- IPP Client sends requests to Authorization Server + IPP Printers (separately)
- Forwarded by IPP Printers to Output Devices (i.e., physical printers)
- OAuth 2.0 Main Assumptions
- IPP Printer can be managed by only one Authorization Server
- IPP Printer knows the URL of its Authorization Server
- IPP Client does not need any prior knowledge about the implementation of IPP Printer
or Authorization Server
- IPP Printer does not need any prior knowledge about the implementation of IPP Client
- All communication between IPP Client and IPP Printer and between IPP Client and
Authorization Server relies on https protocol
- Out of Scope
- Communication between IPP Printer and Authorization Server
- Verification of the access token performed by IPP Printer
- Capabilities of IPP Printer and the way jobs are processed
- IPP version supported by IPP Printer
- Printing pipeline - filters needed to process the document
- Source of knowledge of IPP Printers
- Provided by user
- Queried from Authorization Server or printing server
- Discovered via mDNS
- Security considerations
1. Communication between IPP Client and IPP Printer cannot be intercepted by any third
party.
- The immediate goal: to protect user data.
2. Access to IPP Printer can be restricted to a limited set of authorized users.
- The immediate goal: to protect printer resources (e.g., paper, ink, printing time,
etc.).
- The second condition may be achieved only if the first requirement is fulfilled.
Otherwise, attackers would be able to intercept credentials/access tokens and
impersonate authorized users.
- Mitigating possible attacks - fake Authorization Server
- Both requirements must be fulfilled:
1. Authorization Server must have a valid certificate that is fully verified by the IPP
Client
2. The URL of the Authorization Server must be trusted
- Possible sources of Authorization Server URLs:
- Well-known FQDN of the service
- Provided by the administrator of the system/local network
- Provided by the user
- Provided by the IPP Printer
- Must be explicitly verified by the user!
- Mitigating possible attacks - fake IPP Printer
- Both requirements must be fulfilled:
1. IPP Printer must have a valid certificate that is fully verified by the IPP Client
2. The Authorization Server must verify the identity of the IPP Printer
- Possible approaches to identity verification
- IPP Printer has FQDN that can be verified by the Authorization Server
- Authorization Server verifies the fingerprint of the IPP Printer's certificate
- An alternative for printers visible only in local network and without unique
addresses (e.g., discovered via mDNS)
- OAuth 2.0 Proposed Protocol (1 of 2)
- see diagram in slides
1. IPP Printer managed by Authorization Server MUST return attributes:
a. oauth-authorization-server-uri (always)
b. oauth-authorization-scope (if needed).
2. IPP Client MUST:
a. check that oauth-authorization-server-uri is on the list of trusted servers
b. query metadata from the Authorization Server as described in RFC 8414
c. try to register as a new client as described in RFC 7591 when:
i. client_id is not known, AND
ii. the Authorization Server allows for dynamic registration of new clients.
- OAuth 2.0 Proposed Protocol (2 of 2)
1. IPP Client MUST open session with Authorization Server as described in RFC 6749:
a. the IPP Client uses an internet browser to open authorization link from
Authorization Server and enables the user to complete authentication procedure
provided by the server;
b. the IPP Client obtains access token (and, if provided, refresh token) from the
Authorization Server
2. The IPP Client uses access token to obtain endpoint access token for specific IPP
Printer as described in RFC 8693:
a. the IPP Client sends to the Authorization Server the URL of the IPP Printer and
the fingerprint of its certificate
- OAuth 2.0 Implementation Plans
- IPP Client in ChromeOS
- experimental feature
- activated by a flag
- Convince our partners to implement Authorization Server on their side
- centralized solutions with infrastructure printers
- Future: stand-alone Authorization Server working with IPP Printer being:
- print server - requires protocol between IPP Printer and Authorization Server
- stand-alone printer - as above + OEM that agree to implement the protocols
- OAuth 2.0 Proposed Changes
- IPP Printer should announce oauth-authorization-server-uri and -scope in HTTP header
- Access to Get-Printer-Attributes request can be restricted too
- Get-Printer-Attributes may be used to conduct DDOS attack
- Provide standard way of querying list of IPP Printers from the Authorization Server
- It may be useful for some configurations
- IPP Client should be able to delegate to Authorization Server verification of a
certificate of IPP Printer
- IPP Client would not need additional configuration to verify IPP Printer's
certificate
- Thank you!
- Benjamin Gordon, Software Engineer
- bmgordon@chromium.org
- Piotr Pawliczek, Software Engineer
- pawliczek@chromium.org
- Discussion
- See slides
- Introduction
- CUPS is the standards-based, open source printing system developed by
OpenPrinting for Linux® and other Unix®-like operating systems. CUPS uses
IPP Everywhere™ to support printing to local and network printers
- CUPS is provided under the Apache License v2.0 with an exception that
allows linking to GPL2-only software (like Gutenprint)
- The CUPS web site, source code, and bug database are hosted on Github
- https://openprinting.github.io/cups
- https://github.com/openprinting/cups/
- CUPS 2.4.x
- Release manager: Zdenek Dohnal
- Release history:
- CUPS 2.4.0 - 29 November 2021
- CUPS 2.4.1 - 27 January 2022
- Release schedule:
- CUPS 2.4.2 - Soon
- CUPS 2.4.3 - July/August 2022
- CUPS 2.4.4 - September/October 2022
- CUPS 2.4.5 - November/December 2022
- CUPS 2.5 - Next Feature Release
- Release manager: Till Kamppeter
- Release schedule:
- CUPS 2.5b1 - November/December 2022?
- CUPS 2.5rc1 - January/February 2023?
- CUPS 2.5.0 - February/March 2023?
- Features:
- Discovery improvements: "wide-area" DNS-SD lookups and configuration profiles
- Localization improvements: multiple languages in IPP Everywhere PPDs, centralize
localization efforts
- OAuth 2.0/OpenID authentication: default callback
- "job-sheets-col" and better "media-col" attribute support
- X.509 certificate management improvements
- CUPS 2.5 - OAuth 2.0/OpenID
- Replacement for Kerberos SSO
- Doesn't require root access or user changing gymnastics like Kerberos
- Many open source solutions available, including my own:
- https://www.msweet.org/moauth
- SAML and Webauthn authentication backends are commonly available, too
- Support OpenID/RFC 8414 compliant OAuth 2.0 authorization servers
- Authorization server is reported via IPP "oauth-authorization-server-uri (uri)"
attribute
- Bearer and refresh tokens will be cached per-user/auth-server
- Authorization UI will be presented using embedded web view - only available when
printing from system console
- Command-line tool for registering bearer token, too
*** FUTURE STUFF ***
- Transition of Printing
- see diagrams in slides
- CUPS 3.0 - Modular Printing Architecture
- Commands: lp, lpr, lpstat, cancel, etc.
- Local Server
- Handles local print requests for desktop/mobile devices
- Only temporary IPP Everywhere print queues
- Runs as user
- UNIX domain socket and/or D-Bus API and/or XPC API
- Sharing Server
- Handles network print requests and local printing on headless servers
- Full print accounting/ACLs/pre-processing of documents
- OAuth 2 and PAM-based authentication/authorization
- IPP Shared Infrastructure Extensions/System support
- Tools
- ippeveprinter, ippfind, ipptool, ipptransform
- Library: libcups
- CUPS 3.0 - Overview
- see diagrams in slides
- CUPS 3.0 - Local Server
- Handles all discovery and communications with printers
- Handles authentication, authorization, consent, and notification UI
- Converts to/from PDF/raster as needed for printers
- Job history is limited to the current session/login
- No web interface
- Configuration limited to listing specific printers or servers that cannot be
discovered via DNS-SD ("profiles")
- CUPS 3.0 - Sharing Server
- Handles all communications with printers
- Authorization/consent/notification UI needs to be handled by client
- Converts to/from PDF/raster as needed for printers
- Job history is configurable
- Web interface
- Configuration similar to existing cupsd
- OAuth token introspection (RFC 7662) and scopes for ACLs
- CUPS 3.0 - Challenges
- Much broader scope and integration than the original CUPS work
- Desktop support - need to uplift GNOME/KDE/XFCE desktops to new D-Bus API for printing,
authorization, consent UI
- Need developers to work on the local and sharing servers, desktop UI/services
- Can probably use/adapt PAPPL code for the core server bits
- Much of the print dialog work can be repurposed
- Probably have existing authorization/notification UI we can use
- Graphics libraries - current PDF tools/libraries have problematic licenses or other
limitations
- CUPS 3.0 - Progress
- Commands and Local Server (pending cups-local project)
- Sharing Server (pending cups-sharing project)
- Tools and Library (libcups project)
- https://github.com/michaelrsweet/libcups
- To be moved to OpenPrinting "soon"
- Deprecated APIs have been removed
- Naming and calling conventions have been normalized
- See "MIGRATING.md" document
- New shared library major version
- Not binary compatible with CUPS 2.x and earlier
- Still have to implement D-Bus API and bring over ipptransform
- Resources
- CUPS Web Site
- https://openprinting.github.io/cups
- CUPS Repository
- https://github.com/OpenPrinting/cups
- CUPS Programming Manual
- https://openprinting.github.io/cups/doc/cupspm.html
- https://openprinting.github.io/cups/doc/cupspm.epub
- Discussion
- See slides
- Printer Applications Are...
- A replacement for CUPS printer drivers
- Options are replaced by IPP attributes
- Driver-specific UI is provided by the Printer Application
- An implementation of an IPP Everywhere™ Printer
- Basic IPP Everywhere™ support only requires PWG Raster, plus JPEG for color
printers
- CUPS library and sample code provide an easy-to-use framework for implementations
- Compatible with CUPS 1.4 and later
- Can be compatible with iOS® 5 and later with a few small additions (DNS-SD
subtype and "image/urf" document format)
- macOS 10.8® and later support IPP Everywhere™ via the command-line, can be used
from the GUI with the same changes needed for iOS support
- PAPPL: Printer Application Framework
- Runs on desktops, servers, and in embedded environments
- *BSD, Linux, macOS®, QNX®, Windows® 10+
- Used in shipping printers
- Works out-of-the-box with AirPrint™ (iOS®/macOS®), IPP Everywhere™ (ChromeOS, Linux),
and Mopria® (Android™/Windows® 10+) clients
- PAPPL: Key Contributors
- Michael Sweet (Lakeside Robotics): lead developer
- Jai Luthra (GSoC 2020): auto-setup, hp-printer-app, networking improvements,
DNS-SD and SNMP discovery, papplMainloop API, snapcraft prototyping
- Sambhav Dusad (GSoC 2020): job persistence, live log viewer, test pages, web
interface enhancements
- Didier Raboud (Debian Project): documentation and packaging
- PAPPL: Recent Releases
- v1.1.0: December 15, 2021
- Auto-add/driver lookup features
- Better multiple printer support
- USB printer gadget support (legacy printer class and IPP-USB)
- Wi-FI configuration support
- Windows® 10 and higher application support
- v1.2.0: May 15, 2022
- Full localization support
- Mainloop API improvements
- New SNMP supply/state query APIs
- IPP notifications support
- Bilinear interpolation support when printing images
- OpenSSL/LibreSSL support
- Enable/Disable-Printer support
- Job persistence API with reprint web interface
- Client limits API
- PAPPL: v1.3 Feature Release
- Current "master" branch
- Hoping to release by the end of 2022
- https://github.com/michaelrsweet/pappl/milestone/6
- IPP Proxy support
- OAuth support
- HP Printer Application (hp-printer-app)
- Web site and Github repository:
- https://www.msweet.org/hp-printer-app
- https://github.com/michaelrsweet/hp-printer-app
- Supports a variety of common PCL 3/5 printers connected via network or USB
- Originally just sample code, but people actually used it!
- v1.2.0 released on May 15, 2022:
- macOS package for Apple Silicon and Intel
- Snapcraft packages for ARM and Intel - "hp-printer-app"
- Build from source
- LPrint
- Web site and Github repository:
- https://www.msweet.org/lprint
- https://github.com/michaelrsweet/lprint
- Supports a variety of common label and receipt printers connected via network or USB
- Currently all DYMO, EPL, and Zebra (ZPL) label printers, looking at adding others...
- Current release is v1.1.0, based on PAPPL
- Working towards a v1.2.0 release with bug fixes/improvements soon...
- Resources
- PAPPL
- https://www.msweet.org/pappl
- https://github.com/michaelrsweet/pappl
- HP Printer Application (hp-printer-app)
- https://www.msweet.org/hp-printer-app
- https://github.com/michaelrsweet/hp-printer-app
- LPrint
- https://www.msweet.org/lprint
- https://github.com/michaelrsweet/lprint
- Discussion
- See slides
- Introduction
- PAPPL-based library to retro-fit classic CUPS drivers (PPDs, filters, backends) into
Printer Applications: pappl-retrofit
- Functionality to
- Manage collections of PPD files
- Convert between PPD options and IPP attributes, for get-printer-attributes IPP
response and for printing
- Wrap CUPS filters and backends, resembling all CUPS functionality incl. side and back
channels
- Convert standard IPP data formats (PDF, Apple Raster, PWG Raster) into printer's
format
- PPD file handling
- Everything based on libppd
- Lists PPDs with duplicate elimination, user-friendly sorting
- Auto-assigns PPD to make/model from device ID, generic PPD to CMD: of device ID
- Lists standard, vendor-specific, and installable accessory options
- Associates standard options with IPP attributes and ready media
- Auto-selects best PPD option settings for printcolor-mode, print-quality, and
print-contentoptimize IPP attributes
- Modifies Printing Defaults list depending on installed accessories
- Adds PPD's PostScript code to PostScript job data streams
- Printers can be queried for option defaults and installed accessories if PPD supplies
appropriate PostScript code
- Allows user to add their own PPDs, checks file format, rejects and warns, prefers user
PPDs on auto-assigning to printer, allows removal
- Further Properties
- Uses filter functions to print PDF and PostScript input data, to have no
in-between raster step, maintaining maximum print quality
- Uses PAPPL's raster printing functionality to print raster input, allowing
completely streaming and "infinite" jobs, conversion to grayscale, and to
dithered bi-level (for fast draft printing)
- A4/Letter auto-selection by locale environment variables
- Next Steps
- We are nearly feature-complete, missing parts are due to features added to PAPPL
lately (1.2.x):
- Human-readable strings for vendor options
- Internationalization/Localization
- Ink level check, like CUPS does via SNMP in backends
- These features will be added soon, but releasing cupsfilters 2.x has priority
- With these features done and cups-filters 2.x released, we will release
pappl-retrofit 1.x
- Available Printer Applications
- 4 retro-fitting Printer Applications to include all free software drivers which are
included in Debian
- PostScript Printer Application: ~4000 manufacturer PPDs, user can upload own PPDs
- HPLIP Printer Application: Currently print-only, user can load proprietary plugin
via web interface
- Gutenprint Printer Application: Full functionality supported, even for PPDs with >
100 options
- Ghostscript Printer Application: All the rest of the drivers: Built-in, Foomatic,
filters, unmaintained, ...
- Legacy Printer Application (not as Snap): Maps classically installed drivers into
Printer Application
- Discussion
- See slides
- cups-filters: Introduction
- cups-filters takes up everything from CUPS which Mac OS X does not need (CUPS 1.6.x)
– Started end of 2011 by OpenPrinting, overtaking most of CUPS filters
– Switched filters over from PostScript-centric to PDFcentric workflow
– cups-browsed introduced end of 2012, to introduce browsing of DNS-SD-advertised
remote CUPS queues, as CUPS dropped its own broadcasting/browsing
– 11 years of further development added things like driverless printing support,
clustering, support for Printer Applications, IPP standards, PPD-less...
- cups-filters Development: libcupsfilters
- General
- Converted all CUPS filters into filter functions
- Filter functions work without PPDs (use IPP attrib.)
- Use parameters instead of environment variables
- All logging into log function, no leaks into stderr
- New filter functions
- cfFilterPWGToRaster()
- Apple/PWG Raster -> CUPS/Apple/PWG Raster
- Completely streaming
- For Printer Applications to stream into "rasterto..." CUPS filters
- cfFilterUniversal()
- Filter to convert any format to any other
- Internally calls chains of filter functions
- CUPS needs only to call one filter executable
- cfFilterExternalCUPS()
- Calls classic CUPS filters/backends
- Call drivers (also proprietary) from Printer Apps
- Emulates complete CUPS environment, including env variables, back/side channel, ...
- Call backends also in discovery mode
- Extensively used by pappl-retrofit
- Improvements and Fixes
- Auto-selection of color space and depth
- Filter gets print-color-mode and print-quality and Apple/PWG-Raster/PCLm printer
IPP attrs -> Filter determines needed color space/depth
- But PDF jobs do not provide color space info
- All driverless formats by Ghostscript
- Added Apple Raster output to GS 9.56.0
- Feature requests for streaming PCLm/raster PDF and also gray PCLm got accepted for
GS 9.56.0
- cfFilterGhostsript() outputs all formats now
-> Simplifies filter chains, streaming Raster -> PDF
- Streaming of data through filters
- On-demand via "filter-streaming-mode" option
- cfFilterGhostscript(), foomatic-rip: Assume PostScript input, skip zero-page check
- cfFilterGhostscript(): Use PCLm and raster PDF to stream Raster input to PDF
- cfFilterPDFToPDF(): Skip QPDF treament, only insert JCL
- CfFilterPDFToPDF(), cfFilterImageTo...(): Fixed page geometry: print-scaling,
number-up, longedge-first, landscape, orientation-requested, ...
- cups-filters Development: libppd
- Auto-selecting best PPD option settings for job IPP attributes
- On loading PPD create PPD option preset for each
- combo of print-color-mode and print-quality
- value of print-content-optimize
- Auto-creation algorithm finding best settings for ~10000 PPDs, no pre-building, no
hand-editing
- Used by the retro-fitting Printer Applications
- Gets best from classic drivers/PPDs with 3 job IPP attributes, ideal for simplified
print dialogs
- Added "*.drv" PPD compiling from CUPS
- Easier retro-fitting of CUPS drivers
- cups-filters Development: cups-browsed
- implicitclass backend: Using filter functions via cfFilterUniversal(), not external
executables
- implicitclass backend: Querying destination printer via IPP for correct properties,
now rasteronly printers as destination work
- Planned
- Avahi browsing/resolving optimization: Get rid of unneeded, time-consuming resolving
- Separate cups-browsed from cups-filters, into own OpenPrinting GitHub project
- Separate cups-browsed from CUPS Snap into own Snap
- Turn cups-browsed into a Printer Application
- cups-filters Development: 1.x -> 2.x
- License change to Apache 2.0 + (L)GPL2 exception, same as CUPS (approved by contributors)
- Cleaned up naming style to match CUPS:
- API functions: "cfCamelCase()"
- Library-internal functions: "_cfCamelCase()"
- File-local functions: "underscore_separated()"
- Bumped soname to 2
- First planned release 2.0b1
- Silenced all compiler warnings
- All logging to log function, fixed log leaks to stderr
- Re-structuring to get rid of PPD support
- Currently: Filter functions support PPD files for CUPS
-> libcupsfilters depends on libppd
- How to solve this?
- First thought: Conditional compiling
- Distros want PPD-free libcupsfilters? Or PPDsupporting for Printer Apps as RPM/DEB?
- Solution: Re-structuring
- Remove PPD support from libcupsfilters
-> Original filter functions ("cfFilter...()") w/o PPD support
- Wrapper filter functions ("ppdFilter...()") in libppd do PPD support and call orig.
filter functions
- CUPS 2.x and retro Printer Apps use libppd filters4
- Optional/Later 2.x release
- "cfFilterPDFToPDF()" PDFio-based
- libppd in separate project
- cups-browsed in separate project/Snap
- Turn cups-browsed into Printer Application
- Options for the ./configure script for partial builds:
- No cups-browsed, no libppd/PPD support, no libqpdf, raster-only printing/scanning,
... to allow Snaps to build only the part of cups-filters which they actually need.
- We have agreed not to rename cups-filters and libcupsfilters.
- CUPS in a Snap
- A Snap containing CUPS, cups-filters, cups-browsed, Ghostscript, QPDF -> Complete
CUPS printing stack
- No support for classic drivers, as filters and PPDs cannot get dropped into Snap's
file system -> Printer Applications
- Sorting out all the problems with Canonical’s Snap gurus on the snapcraft.io forum
(see all links in README.md)
- Components always up-to-date, independent of release cycles: CUPS 2.4.x, cups-filters
2.x, Ghostscript 9.56.1, QPDF 10.5.0
- Secure "cups" interface for application Snaps to print
- Available in Snap Store "cups": https://snapcraft.io/cups
- CUPS in a Snap: Properties
- Three run modes:
- Stand-alone: Snap’s CUPS is the only CUPS on the system, no classic CUPS present
- Proxy: Classic CUPS present, Snap’s CUPS clones the queues, is firewall for the
classic CUPS
- Parallel: Classic CUPS present, Snap’s CUPS runs as second, indpendent CUPS (for
development only)
- CUPS always listens on Snap's domain socket, in stand-alone mode also on the
standard domain socket and port 631 for unsnapped clients
- To not need to create system users and groups use snapd's "snap_daemon" for "lp"
user and "adm" for "lpadmin" group
- Adapted to Snap environment via cups-files.conf and file permissions, no patches,
explicit Snap support built into CUPS upstream code
- All System-V- and Berkeley-style command line tools, also special tools cupsfilter,
driverless, ippfind, ipptool, ippeveprinter, ippproxy
- cups-browsed included, always attaching to the Snap's CUPS
- The CUPS Snap on OpenPrinting is integral part of the Snap eco-system as it is required
for the "cups" snapd interface
- CUPS in a Snap: Security Concept
- Snaps are usually completely confined and can communicate only through defined
interface connections
- Everyone can upload Snaps to the Snap Store but
- On the user's system only "safe" interfaces of downloaded Snaps connect
automatically
- "Dangerous" interfaces need to get connected manually after Snap install (if
they do not have auto-connect permission from the Snap Store team)
- Unconfined ("classic") need permission of the Snap Store team
- For using CUPS from Snaps there are two interfaces:
- "cups": For user application Snaps which print (safe)
- "cups-control": Admin access to cupsd (dangerous)
- Most Snap interfaces are defined only by AppArmor rules, but
- "cups" vs. "cups-control" -> Snap Mediation
- If cupsd receives an administrative request it accepts it only if
- The client is no Snap or a classically confined Snap
- The client connects via "cups-control"
- User's system usually has classic CUPS, not CUPS Snap -> No Snap Mediation,
therefore
- "cups" interface only connects to Snap's domain socket
- Application Snap installation force-installs CUPS Snap
- CUPS Snap in proxy (firewall) mode and mediates requests
- User stays with his queues and (often proprietary) drivers
- CUPS in a Snap: As a distro's CUPS
- What is needed:
- DONE: Security concept on the snapd side completed
- DONE: All drivers available on Debian retro-fitted into Printer Applications (only
Braille embossers missing)
- GUI tools: GNOME Control Center "Printers & Scanners" WIP, CPDB for PPD-free print
dialogs
- Look-up service for Printer Applications on OpenPrinting web site planned
- No follow-up on hardware-look-up feature request for Snap Store
- Could support also other platforms, like Docker
- Rehearsal for CUPS 3.x in a distro (no PPD/driver support)
- CUPS, Printer Applications, ... Snap only ???
- Snap is a sophisticated package format, supports CLI apps, system daemons ...
Like phone apps ... BUT:
- Slow start-up of desktop apps (esp. Firefox, Chrome)
- Only one Snap Store
- Investigated other formats
- Flatpak
- Very common format for desktop apps
- System access via GUI portals (GNOME, KDE) -> Not suitable for system daemons
- Atomic distros for Flatpak use: Possibility to add system daemons as OCI container
image via Docker or podmap -> Official OpenPrinting images on DockerHub needed
- Printer Applications
- PAPPL got standard framework
- PAPPL provides everything required in a library
- Driver developer only has to do the printer-specific parts
- Tutorial for manufacturers/driver developers written in GsoD 2020
- pappl-retrofit: Printer driver retro-fit library
- PPD handling: Listing, filtering, selecting, options, installable accessories, CUPS
extensions, drivers ...
- Map job IPP attributes to best PPD option settings
- Calling external CUPS driver filters and backends
- Printer App easy to create, minimum C code required
- Current Printer Aplications:
- Retro-fitting all free drivers available in Debian
- PostScript Printer Application – ~4000 manufacturer PPDs
- Ghostscript Printer Application – All the rest
- HPLIP Printer Application – Proprietary plugin, no scanning
- Gutenprint Printer Application – Epson, Canon, Dye-Sub, ...
- Native Printer Applications
- Lprint – Label printers
- Map classically installed (also proprietary) drivers into a Printer Application (not
available as Snap)
- Legacy Printer Application
- For unmaintained drivers wrap filters and PPDs into Printer Application via
pappl-retrofit
- Native Printer Applications for maintained drivers
- Driverless Scanning
- 3 Standards
- IPP Scan, open PWG standard
- eSCL, proprietary, from HP, specs published by Mopria
- WSD, from Microsoft and W3C
- All are mainly intended for multi-function printers
- eSCL and WSD one already available in AirScan devices
- 2 SANE drivers for eSCL: "escl" from Thierry Hucahrd and "airscan" from Alexander
Pevzner, both in most distros
- Alexander has added WSD support and will add IPP Scan if needed/required
- At least eSCL also works via IPP-over-USB (ipp-usb)
- Sandboxed Scanner Drivers
- Current situation: SANE
- Scanner driver (SANE backend) is shared library
- Scanning app (SANE frontend) links backends dynamically
- To add a driver it needs to be dropped in backend dir -> not good for sandboxed
packaging
- New scanning environment: eSCL/IPP Scan driverless
- Scanner drivers in Scanner Applications, emulating driverless scanner
- Scanning app is eSCL/IPP Scan client
- Legacy: App uses only sane-airscan SANE backend, SANE drivers enclosed in legacy
Scanner Application
- Scan support in PAPPL is WIP
- IPP-over-USB: ipp-usb
- ipp-usb written in Go, as Go has sophisticated HTTP library to read out buffer on
closed connection
- ipp-usb works perfectly, esp. web admin interface
- Chrome OS not accepting software in Go due to high memory footprint
-> Chrome OS own approach in Rust
- ippusbxd development discontinued
- eSCL scanning and IPP Fax Out work with ipp-usb
- Note all 7/1/4 USB printers do driverless (not standard conforming), e.g., HP Laser
series (Wi-Fi works, firmware bug?)
- ipp-usb Snap available
- Uses UDEV-watching script to replace missing UDEV rule support
- Printing GUIs: What do we need?
- Print dialog: We need to get CPDB into GTK and Qt
- Printer Setup Tool
- Main Window
- List all IPP services as reported by DNS-SD, list Printer Applications and their
queues in a group, no duplicates for IPv4/IPv6, IPPS, interfaces
- Buttons for web interface, add new queue, show jobs, ...
- Add Printer Wizzard
- List of discovered non-driverless USB/network printers, click button to see list of
Printer Applications supporting the printer, installed ones and available in Snap
Store (look-up service on OpenPrinting)
- Buttons to setup printer with selected Printer Application and to install Printer
Application from Snap Store
- Printing GUIs: GNOME Comtrol Center
- New "Printers & Scanners" module for the New Architecture replaces old "Printers" module
- Three main parts:
- Main screen: List IPP services (printing, scanning, fax out) by device
(Divyasheel, GSoC 2021)
- IPP System Service configuration dialog
(Lakshay Bandlish, GSoC 2020)
- Add Printer Dialog, adding and managing non-driverless printers
(GSoC 2022 ???)
- Also support by the Canonical Desktop and Design Teams