sane-backends: run (xinetd) saned as non-root

saned requires write access scanner USB bus for its process and to usblp/bind in order to rebind multifunctional printers back to usblp (for printing with p910nd). A hotplug script monitor new USB devices for scanners. Scanners are detected by searching /usr/share/sane/<vendor>-<backend>.usbid for the device product_id. The package saned creates user saned:scanners. Access is granted to group scanners. The default xinetd conf was updated to run as saned:scanner. sane-daemon pkg now has a postinst trigger that runs udevtrigger for granting perms where there are connected scanners during installation. Existing hotplug scripts from hplip were removed. They were mostly useless. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
author: Luiz Angelo Daros de Luca <luizluca@gmail.com> 2019-06-01 03:30:23 -0300
committer: Luiz Angelo Daros de Luca <luizluca@gmail.com> 2019-12-21 20:44:56 -0300
commit: 794c950b32454a4b83faa1078ee83bf1a2041569 (patch)
tree: 5ea6ec183b4b192f453294a3488987a40cfde924 /utils/sane-backends
parent: 9c901e1bd10ee4d6a58e1e2cdd1c297483caf99e (diff)
3 files changed, 61 insertions, 11 deletions
diff --git a/utils/sane-backends/Makefile b/utils/sane-backends/Makefile
index b9d2af214..8b547ad1d 100644
--- a/utils/sane-backends/Makefile
+++ b/utils/sane-backends/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sane-backends
 PKG_VERSION:=1.0.28
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://gitlab.com/sane-project/backends/uploads/9e718daff347826f4cfe21126c8d5091/
 PKG_HASH:=31260f3f72d82ac1661c62c5a4468410b89fb2b4a811dabbfcc0350c1346de03
@@ -125,6 +125,7 @@ $(call Package/sane-backends/Default)
   CATEGORY:=Utilities
   DEPENDS:=+libsane
   TITLE+= (network daemon)
+  USERID:=saned:scanner
 endef
 
 define Package/sane-daemon/description
@@ -132,6 +133,12 @@ $(call Package/sane-backends/Default/description)
 This package contains the SANE daemon.
 endef
 
+# Run hotplug to grant access to existing scanners
+define Package/sane-daemon/postinst
+#!/bin/sh
+udevtrigger
+endef
+
 define Package/libsane
   $(call Package/sane-backends/Default)
   SECTION:=libs
@@ -174,13 +181,24 @@ define Build/Configure
 	$(Build/Configure/Default)
 endef
 
+define Build/Install
+	$(call Build/Install/Default)
+	mkdir -p $(PKG_INSTALL_DIR)/usr/share/sane
+	$(foreach file, $(filter-out %/unsupported.desc ,$(wildcard $(PKG_BUILD_DIR)/doc/descriptions/*.desc)),
+		sed -rn -e '/^:usbid[[:blank:]]+"?0x(....)"?[[:blank:]]+"?0x(....)"?.*/{s//\1 \2/;p}' $(file) | \
+			sort -u > $(PKG_INSTALL_DIR)/usr/share/sane/$(basename $(notdir $(file))).usbid; \
+		awk '{ print $$$$2 > "$(PKG_INSTALL_DIR)/usr/share/sane/"$$$$1"-$(basename $(notdir $(file))).usbid" }' \
+			$(PKG_INSTALL_DIR)/usr/share/sane/$(basename $(notdir $(file))).usbid ;
+	)
+endef
+
 define Package/libsane/install
 	$(INSTALL_DIR) $(1)/usr/lib/sane/
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libsane.so.* $(1)/usr/lib/
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/sane/libsane-dll.so.* $(1)/usr/lib/sane/
 	$(INSTALL_DIR) $(1)/etc/sane.d/dll.d
 	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/sane.d/dll.conf $(1)/etc/sane.d/
-	chmod 0755 $(1)/etc/sane.d/dll.conf
+	chmod 0644 $(1)/etc/sane.d/dll.conf
 endef
 
 define Package/libsane/conffiles
@@ -190,13 +208,15 @@ endef
 define Package/sane-daemon/install
 	$(INSTALL_DIR) $(1)/etc/sane.d
 	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/sane.d/saned.conf $(1)/etc/sane.d/
-	chmod 0755 $(1)/etc/sane.d/saned.conf
+	chmod 0644 $(1)/etc/sane.d/saned.conf
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/saned.sbin $(1)/usr/sbin/saned
 	$(INSTALL_DIR) $(1)/usr/lib/sane/
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/saned $(1)/usr/lib/sane/saned
 	$(INSTALL_DIR) $(1)/etc/xinetd.d
 	$(INSTALL_CONF) ./files/saned.xinetd $(1)/etc/xinetd.d/sane-port
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/usb/
+	$(INSTALL_BIN) ./files/saned.hotplug $(1)/etc/hotplug.d/usb/20-saned
 endef
 
 define Package/sane-daemon/conffiles
@@ -243,15 +263,19 @@ This package contains the SANE backend for $(2).
 
   define Package/sane-$(1)/install
 	if [ -f "$(PKG_INSTALL_DIR)/etc/sane.d/$(1).conf" ]; then \
-	  $(INSTALL_DIR) $$(1)/etc/sane.d ; \
-	  $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/sane.d/$(1).conf $$(1)/etc/sane.d/; \
-	  chmod 0755 $$(1)/etc/sane.d/$(1).conf ; \
-	fi
-	$(INSTALL_DIR) $$(1)/usr/lib/sane
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/sane/libsane-$(1).so.* $$(1)/usr/lib/sane/
+		$(INSTALL_DIR) $$(1)/etc/sane.d ; \
+		$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/sane.d/$(1).conf $$(1)/etc/sane.d/ ; \
+	        chmod 0644 $$(1)/etc/sane.d/$(1).conf ; \
+	fi ; \
+	$(INSTALL_DIR) $$(1)/usr/lib/sane ; \
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/sane/libsane-$(1).so.* $$(1)/usr/lib/sane/ ; \
 	if [ -d "$(PKG_INSTALL_DIR)/usr/share/sane/$(1)" ]; then \
 		$(INSTALL_DIR) $$(1)/usr/share/sane/ ; \
 		$(CP) -a $(PKG_INSTALL_DIR)/usr/share/sane/$(1) $$(1)/usr/share/sane/ ; \
+	fi ; \
+	if [ -s "$(PKG_INSTALL_DIR)/usr/share/sane/$(1).usbid" ]; then \
+		$(INSTALL_DIR) $$(1)/usr/share/sane/ ; \
+		$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/sane/????-$(1).usbid $$(1)/usr/share/sane/ ; \
 	fi
   endef
 
diff --git a/utils/sane-backends/files/saned.hotplug b/utils/sane-backends/files/saned.hotplug
new file mode 100755
index 000000000..42d35ad96
--- /dev/null
+++ b/utils/sane-backends/files/saned.hotplug
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+[ "$ACTION" = "add" ] || exit 0
+[ "$DEVTYPE" = "usb_device" ] || exit 0
+
+SANE_GROUP=scanner
+grep -q -E "^$SANE_GROUP:" /etc/group || exit 0
+
+# Filter SANE known devices
+vendor_product="${PRODUCT%/*}"
+vendorid="$(printf '%04x' "0x0${vendor_product%/*}")"
+productid="$(printf '%04x' "0x0${vendor_product#*/}")"
+grep -s -x -F -q "$productid" "/usr/share/sane/$vendorid"-*.usbid || exit 0
+
+grant() {
+	logger -t "hotplug(usb/20-saned)" "Granting $1 to '$2' for group '$SANE_GROUP'"
+	chgrp "$SANE_GROUP" "$2"
+	chmod "$1" "$2"
+}
+
+# Needed by script /usr/bin/saned to rebind USB devices back to usblp after use
+usblp_bind="/sys/bus/usb/drivers/usblp/bind"
+if [ -e "$usblp_bind" ]; then
+	grant g+w "$usblp_bind"
+fi
+
+grant g+rw "/dev/$DEVNAME"
diff --git a/utils/sane-backends/files/saned.xinetd b/utils/sane-backends/files/saned.xinetd
index bc4dff8a7..1202d7fd5 100644
--- a/utils/sane-backends/files/saned.xinetd
+++ b/utils/sane-backends/files/saned.xinetd
@@ -7,8 +7,7 @@ service sane-port
 	socket_type = stream
 	port        = 6566
 	wait        = no
-	user        = root
-#	user        = saned
+	user        = saned
 	group       = scanner
 	server      = /usr/sbin/saned
 	disable     = yes
author	Luiz Angelo Daros de Luca <luizluca@gmail.com>	2019-06-01 03:30:23 -0300
committer	Luiz Angelo Daros de Luca <luizluca@gmail.com>	2019-12-21 20:44:56 -0300
commit	794c950b32454a4b83faa1078ee83bf1a2041569 (patch)
tree	5ea6ec183b4b192f453294a3488987a40cfde924 /utils/sane-backends
parent	9c901e1bd10ee4d6a58e1e2cdd1c297483caf99e (diff)