-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Print: Find alternative to PPD #2088
Comments
I have confirmed now that this line also appears on the |
We have sadly known about this for a while and even tried to suppress those warnings: 9bcd76a Another good reason to move away from this approach and towards the modern age :) |
I looked a bit into this yesterday. I was able to successfully set up an HP printer without drivers (IPP). How I got it working
That was it. In the final version we may want to automate some of the steps using Research on driverless printingI found the Debian wiki a very valuable resource. Many of my findings come from there. How to detect if a printer supports IPP?
|
@rocodes and I have both had successful experiences with setting up driverless printers. The Debian wiki provides a lot of detail on the topic and it was my main resource to get things working. However, none of us managed to fully automate the process (yet). |
Driverless Printing FAQHere are some answers to some of driverless printing Driverless printing vs IPP Everywhere vs. AirPrintIPP Everywhere == AirPrint == IPP Driverless (they are all the same thing) Classic drivers + filters are the previous default (called Classic drivers). What does driverless actually mean?A good explanation is provided here. But the just of it is: The driver is generated on demand depending on the features the printer states are available. How much time do we have to implement this?CUPS 3.0 is technically not going to support PPD files. All 3.0 com components are planned to be available in mid-2025. Distro availability may be another while (especially because we rely on Debian). And technically classic drivers (PPD files) will still be available through a "printer application" and all open PPD drivers have been already ported. What is the printer compatibility like?Apple maintains a list of compatible printers here. I got the impression that Open Printing also has a list for driverless printers, but I could only find the one for classic drivers. As a general rule, all support modern HP printers support IPP over USB but the general exception are HP LaserJet printers (this are still from the Samsung printer division that HP bought -- ). For example, HP LaserJet Pro MFP 4101fdn is advertised as "Ethernet / USB only", but is NOT on the AirPrint compatibility list. However, it is supported through classic drivers (via hplip) so it may still support "driverless" printing via backwards compatibility? 🤔 And as the market moves more towards driverless WiFi-based printing, it is likely that the non-networked will become more scarce. Hopefully the market for security is still enough to sustain some non-networked options. |
Following a team meeting, here are some of the conclusions:
|
(Proposal) Mitigating some printer-related risksWe want to add support for driverless printing (IPP) to the workstation. However, recent vulnerabilities Even though the SecureDrop Workstation does assume that plugged in USBs are not malicious, it could be good We can't fully mitigate this risk and are looking for Qubes 4.3 for further device control. However, for the time This has some usability implications, though. Without this mitigation, the user can just plug in any printer and so Proposal downsides: this doesn't come without its downsides. If the printer were to be malicious, it could use the one-time autodetection and any 0day PPD-related RCE vectors to add a permanent RCE in InvestigationPrinter configs were not remaining after After looking at the files touched by
This means that adding ImplementationGeneral strategy:
How it would work in practice:
Implementation notes:
Useful commands / tricks
|
Hey @deeplow, thanks for preparing this. My opinion (recapping from standup for the rest of the team) is a couple things:
|
That makes sense. Given the (understandable) skepticism, let's proceed with driverless printing with complete printer autodetetion. |
Given that we have a decision on how to proceed, I'm moving forward with the implementation already. But I an implementation question. We currently support two printers (I think). It's a bit unclear exactly which ones these are (#2087), but looking at the code, it looks like the "br7030" (aka Brother DCP-7030, I think), does NOT support AirPrint. So much of the code is dependent on loading up manual drivers that it would just be cleaner to scrap all that and just do driverless printing directly, which translates to no code at all. We can do that, but we'd a component which retrofits printers into the IPP world. This can happen for legacy HP printers and legacy Brother printers and this would open up the possibility to have a lot of relatively old hardware also supported (might be easier to procure non-wireless models). The downside of this is that both "printer applications" are only available as snaps and as far as I can tell, they haven't been packaged for Debian. They appear to be pretty trivial C applications, but I don't know if we want to venture into packaging other's code. So my question is: how do we proceed:
Personally I'm inclined for Option A just because it's not that much extra work to get around the code and we don't upset anyone's workflows. Even though I think Option C would be ideal if the respective printer applications were available out of the box in Debian. We would not only be adding support for driverless printing, while also (1) simplifying the print code a lot and (2) adding support for so many more legacy printers. |
Yeah I'm with you, I would say A or B, (and if A, that we make a plan to do B and drop all the ppd driver stuff in a followup release). We have a small number of pilot users and can reach out individually to find out if anyone is still using an older printer. (I have started reaching out already to speed things along.) It looks like to me, you would primarily be making changes to _check_printer_setup and its helper functions. So I'd lean towards making that existing setup method a self contained |
Thanks for writing this up, @deeplow. Strictly speaking I think the opportunity for option B was the breaking v1.0.0 release. For a non-breaking v1.y.0 that leaves us options A or C, and I hear your concerns about the packaging implications of C. So another vote for A. |
While implementing this I'm running into an issue where the ipp info is sometimes being shown on Example of this happening:
One command was run right after the other and yet in the second one it shows First we have to confirm that this is a problem that goes beyond my setup. Then if this is indeed a bigger issue we have several ways to approach this:
🙋♂️ Ask: if someone has an IPP-capable printer, could you run Investigating inconsistent results in
|
@deeplow: re printer detection via lpinfo: can you post the exact steps you are doing to configure the printer, either in a draft PR or a gist somewhere? I did run into this specific issue (not always reliably seeing the printer via lpinfo even after it was configured) and I left a couple notes in the driverless printing wiki page I shared a while back on different printer discovery mechanisms. (I also see that there are some discovery steps needed with lpadmin before lpinfo works, but don't want to suggest paths you have already tried.) |
I added the qubes service I saw on your notes the command On your intructions you're creating a print queue via |
Update from #2332: |
Description
The workstation's print workflow relies on PPD files, which according to the CUPS's lpadmin manpage:
update: found the respective CUPS issue about the removal of PPD OpenPrinting/cups-sharing#4
This is also warned when running
_setup_printer()
. Running the same line manually on my system succeeds but shows the following on stderr:Steps to Reproduce
Not relevant,
Expected Behavior
Use of supported system.
Actual Behavior
Warning about using something that may not be supported in the future.
Comments
The text was updated successfully, but these errors were encountered: