I’m using F41 on a two-month old laptop with a Ryzen 7 CPU and AMD graphics. I installed two Brother printers, connected wirelessly, a well as an office printer, a Konica-Minolta connected by ethernet. The printers were all functioning perfectly until I tried to print yesterday. In settings it said the print service was unavailable.
Poking around for a solution on the internet, one writer said that CUPS needed to be installed. So I ran “sudo dnf install cups” thinking to myself that I was going to get a “nothing to do” message because it was already installed. To my surprise, it came up with the list of CUPS files and dependencies to be installed, so I let it install. After that I was able to install my printers again.
So the problem is resolved, but what is disturbing is what could possibly have removed my CUPS installation in the first place. I haven’t done anything to this computer other than install additional (very common) programs and regular updates with dnf. I use F41 on a desktop computer which, though a very different configuration, runs pretty much the same programs and also with regular updates. So far I have never had this printer problem on the desktop computer.
I’m wondering if installing another package may have removed CUPS due to a conflict. You might want to look at using dnf history to go back and look at what packages were installed and removed due to conflicts.
My dnf history shows that I haven’t installed anything other than updates since December 12 until I reinstalled CUPS yesterday. I can’t say if I printed anything since then or not since this isn’t my main working computer. On that date I installed Kmymoney, but I have that installed on the desktop computer as well with no printer problems.
Maybe try journalctl -g dnf | grep cups and journalctl -g packagekit | grep cups to search the logs for every instance of dnf or packagekit doing something to cups.
Are your printers IPP Everwhere? I do not have an IPP Everywhere printer to test with but I think they work with just cups-client installed. Was cups-client already installed when you added more cups packages? Installing the cups server should not be necessary in an IPP Everywhere environment.
Well that revealed the dastardly deed of CUPS being removed on Dec. 30, and it would appear that it was part of an update. It’s totally mysterious to me why an update would do that, unless there was a glitch in the script and it deleted the old version without ever installing the updated one. Here’s the output from the packagekit search:
I’m not really familiar with IPP Everywhere. It would appear that the 2 Brother printers are IPP compatible, probably not the Konica-Minolta. The problem is that I didn’t add cups packages. I didn’t have cups installed at all.
dnf history might show the entire update transaction, or perhaps the dnf logs in /var/logs. The dnf logs are extremely verbose, so much that it may be useless.
There were several security issues with CUPS Understanding the CUPS Vulnerability. I have an IPP printer and CUPS is not installed on my 3 Fedora systems.
If disabling is not an option, blocking all traffic to UDP port 631 can help mitigate risks, although this will not protect against local area network attacks via mDNS.
Generally, print servers do not need to be connected to the public internet.
oh yeah, packagekit updates do appear in dnf4’s history
OK, so try dnf4 history, and look for the ID of the transaction that happened at the time CUPS was removed. Then hopefully dnf4 history info <ID> will show something useful.
commit 1d1072a0de573b7850958df614e9ec5b73ea0e0d
Author: Till Kamppeter <till.kamppeter@gmail.com>
Date: Tue Oct 1 00:59:58 2024 +0200
Removed support for legacy CUPS browsing and for LDAP
Legacy CUPS browsing is not needed any more. this functionality got
removed from CUPS with version 1.6, more than a decade ago. In
cups-browsed it was implemented as a legacy support layer for servers
or clients running long-term-support enterprise distributions still
using CUPS 1.5.x or older. Now the support life of all these
distributions should have expired and so this legacy support by
cups-browsed is not needed any more.
In addition, the legacy CUPS browsing implementation in cups-browsed
was listening for UDP packaets on port 631 and by default it accepted
packets from any source, making it easy for attackers to set up forged
printers which could make use of vulnerabilities of CUPS or just find
out about the identity and properties of clients. This is
CVE-2024-47176:
https://ubuntu.com/security/CVE-2024-47176
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://openprinting.github.io/OpenPrinting-News-Flash-cups-browsed-Remote-Code-Execution-vulnerability/
The removal of the legacy CUPS browsing support removes also this
vulnerability.
The LDAP implementation in cups-browsed does not follow the LDAP
printer schema RFC 7612 and is therefore of very limited use.
dnf history did not reveal cups being deleted. I tried both dnf4 and dnf5.
When I reinstalled cups the other day, it was version 2.4, if my memory serves me correctly.
I don’t really have any technical knowledge about cups. What I can say is that it was installed and was later uninstalled, both times without my intervention. This discussion has also explained something I never really understood. Before even installing my 2 Brother printers, they both appeared and my manual installation produced two new entries of the same printers. I presume they were IPP everywhere printers. However, they did not appear unless cups was also installed.
The Brother printers were installed using a script provided by Brother and in the middle of the installation process a line showed up saying that print drivers would be deprecated in the future. So I’m beginning to get the picture. Nonetheless, it doesn’t explain why cups was removed in the first place. If it was because this is a nefarious printing sysem, why was it even installed a couple of months ago when I updated from F39 to 41. And why has it not been removed again since I reinstalled it or for that matter, why was it even available to install?
At this point this is an academic question. My printers are working.