# CUPS 1.2.6 crash problems

## Akaihiryuu

CUPS got upgraded to 1.2.6 today when I did my latest sync.  I went ahead and replaced the config file with the new version, and my few changes to it.  It works, except when I try to go to the administration section...then I just get something that says "426 Upgrade required", then it attempts to connect via SSL, and then crashes.  At this point CUPS becomes completely unresponsive, it will not work at all again until I kill -9 it and zap the init.d script.  Nothing unusual shows up in error_log, even when set to debug, the last entry is "generating server SSL key".  Here's my config file:

```
#

# "$Id: cupsd.conf.in 5454 2006-04-23 21:46:38Z mike $"

#

#   Sample configuration file for the Common UNIX Printing System (CUPS)

#   scheduler.  See "man cupsd.conf" for a complete description of this

#   file.

#

# Log general information in error_log - change "info" to "debug" for

# troubleshooting...

LogLevel debug

# Administrator user group...

SystemGroup lpadmin

# Only listen for connections from the local machine.

Listen localhost:631

Listen triforce.internal.lan:631

Listen /var/run/cups/cups.sock

# Show shared printers on the local network.

Browsing On

BrowseOrder deny,allow

BrowseAllow localhost

BrowseAllow 192.168.0.*

# Default authentication type, when authentication is required...

DefaultAuthType Basic

# Restrict access to the server...

<Location />

  Order deny,allow

  Deny all

  Allow localhost

  Allow 192.168.0.*

</Location>

# Restrict access to the admin pages...

<Location /admin>

  Encryption Required

  Require user @SYSTEM

  Order deny,allow

  Deny all

  Allow localhost

  Allow 192.168.0.*

</Location>

# Restrict access to configuration files...

<Location /admin/conf>

  Encryption Required

  Require user @SYSTEM

  Order deny,allow

  Deny all

  Allow localhost

  Allow 192.168.0.*

</Location>

# Set the default printer/job policies...

<Policy default>

  # Job-related operations must be done by the owner or an adminstrator...

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

    Deny all

    Allow localhost

    Allow 192.168.0.*

  </Limit>

  # All administration operations require an adminstrator to authenticate...

  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>

    AuthType Basic

    Require user @SYSTEM

    Order deny,allow

    Deny all

    Allow localhost

    Allow 192.168.0.*

  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...

  <Limit Cancel-Job CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

    Deny all

    Allow localhost

    Allow 192.168.0.*

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

#

# End of "$Id: cupsd.conf.in 5454 2006-04-23 21:46:38Z mike $".

#
```

And the relevant output from error_log:

```
I [25/Nov/2006:12:32:42 -0500] Full reload complete.

I [25/Nov/2006:12:32:42 -0500] Listening to 127.0.0.1:631 on fd 2...

I [25/Nov/2006:12:32:42 -0500] Listening to 192.168.0.1:631 on fd 3...

I [25/Nov/2006:12:32:42 -0500] Listening to /var/run/cups/cups.sock on fd 4...

D [25/Nov/2006:12:32:55 -0500] cupsdAcceptClient: 8 from 192.168.0.5:631 (IPv4)

D [25/Nov/2006:12:32:55 -0500] cupsdReadClient: 8 GET /admin/ HTTP/1.1

D [25/Nov/2006:12:32:55 -0500] cupsdReadClient: 8 Browser asked for language "en-us.utf-8"...

D [25/Nov/2006:12:32:55 -0500] cupsdAuthorize: No authentication data provided.

D [25/Nov/2006:12:32:55 -0500] cupsdSendError: 8 code=426 (Upgrade Required)

D [25/Nov/2006:12:32:55 -0500] cupsdCloseClient: 8

D [25/Nov/2006:12:32:57 -0500] cupsdAcceptClient: 8 from 192.168.0.5:631 (IPv4)

I [25/Nov/2006:12:32:57 -0500] Generating SSL server key...
```

This is the point where it becomes unresponsive, and I have to kill -9 it.

----------

## wynn

There seems to be a bit more required than changing cupsd.conf, see tld's post https://forums.gentoo.org/viewtopic-p-3739362.html#3739362

----------

## Akaihiryuu

Did all that...that's not really the problem.  It works as far as printing goes, it just dies when I try to access the administration from the CUPS menus...it insists on going https and then the whole daemon dies when you try to connect to it with https.  It just hangs forever, never responds, and has to be killed with kill -9.

----------

## wynn

You will probably be better off posting your error to the cups.bugs forum at http://www.cups.org/newsgroups.php

----------

## tld

 *Akaihiryuu wrote:*   

> Did all that...that's not really the problem.  It works as far as printing goes, it just dies when I try to access the administration from the CUPS menus...it insists on going https and then the whole daemon dies when you try to connect to it with https.  It just hangs forever, never responds, and has to be killed with kill -9.

 

I'm not sure why yours is insisting on using https...mine is compiled with ssl support and I can administer it via http.

However, if I try to intentionally access it with https it locks up just like you describe and has to be killed.

Tom

----------

## Akaihiryuu

I sort of worked around the problem in the meantime...I had to turn off encryption and authentication for admin functions.  Now it never tries to go https and thus doesn't crash, but the root problem is still there.  Maybe this version should go back to ~x86 until CUPS fixes their problems.

----------

## wynn

I notice (late, but ...) that you have

```
Encryption Required
```

in both "<Location /admin>" and "<Location /admin/conf>" whereas here it is only in "<Location /admin>" and there is no forcing of https.

----------

## wedge14

Has anyone solved this one?  I worked around it for now as well, by shutting off encryption and authentication for everything.  Fortunately the server is behind a firewall, but that doesn't really address the problem.

Any clues????

----------

## sokai

 *wedge14 wrote:*   

> Any clues????

 

Yes!  :Very Happy: 

By googleing a bit I found [1] and [2].

Try this precedure (that worked for me):

```

#> cp /etc/cups/cupsd.conf.default /etc/cups/cupsd.conf

   (change the "Location" in cupsd.conf for your situation)

#> killall -9 cupsd

#> /etc/init.d/cupsd restart

#> find /   #to push up your "entropy"

-> surf to your CUPS-frontend with your preferred Firefox-browser ;) (http://$PRINTERHOST:631) and wait a while... (I had to wait for 20 seconds.)

```

Et voila! - That's it!  :Smile: 

Good luck and Merry Christmas!

sofar

sokai

--- 

[1] http://www.burtonini.com/blog/computers/cups-2006-08-14-18-00

[2] http://nikhil.sethifamily.org/blog/2006/11/cool-entropy.html

----------

## supermihi

Yes, I found that same solution. Sounds logically on not so busy server machines, since entropy is gained from keyboard or mouse movement and disc activity.

----------

## rburcham

This SSL-key/entropy issue is pretty common on server class machines with little keyboard activity as you point out.  The apache packages allow for a build-time workaround with the "urandom" USE flag on the apr packages:

 *Quote:*   

> # emerge apr -vp
> 
> These are the packages that I would merge, in order:
> 
> Calculating dependencies ...done!
> ...

 

Turn on urandom for apr, and apache will cease to hang in this way.  Maybe a urandom type solution would serve for cups as well?

----------

## KShots

Hmm... I'm still suffering from this.

I went ahead and used the default options, but I changed it so I can log into the system from any IP on my network (I can't log in locally anyways, it's a headless machine).

On another possible problem, my file system does not support lock files (diskless system doing nfs with a FreeBSD nfs server), so that may be a problem... so if a lock file went crazy silently, I could imagine such things happening...

At any rate, I temporarily removed all authentication to at least get it to the point where I could add my printer, but I'll be putting it back in the previous state now that I've confirmed that the printing itself works.

----------

## KShots

Looking at it more in-depth, it seems I'm screwed.

Looking at the sysctl variable, I get the following:

```
$ sysctl  kernel.random.entropy_avail

kernel.random.entropy_avail = 2
```

... and after running find /, I get:

```
$ sysctl  kernel.random.entropy_avail

kernel.random.entropy_avail = 2
```

... So how do I build entropy on a diskless, headless machine?

----------

## Lord_DragonFly

I had a very similar problem with cups recently where cups would hang when accessing the server through the web interface.

After digging through debug level log files and many google and forum searches i figured out the problem. For some reason /dev/random and /dev/urandom were no longer world readable (necessary for a lot of apps/daemons to work properly)

two simple commands issued as root fixed the problem (plus editing custom udev rules to ensure the problem never returns)

```
#> chmod 664 /dev/random

#> chmod 664 /dev/urandom
```

hope this works for you too.

----------

