CUPS Support, *or* Building my own CUPS package
-
Hey there folks,
I've got an SG-1000 that replaces my old local FreeBSD box (it's silent/fanless, but was an x86 atom, so it needs to go soon).
One of the remaining niggles about pfsense is the ability to do a thing my BSD box did: Ran Avahi and broadcast my Zebra label printer into Airprint. This is not a high overhead process, but it's super useful for being able to print from your phone, and it does require CUPS installed.
I've seen various forum posts about how it's "bad" somehow to use PFSense as a print server, and I don't get it. We're talking about 1-2 prints a month, versus keeping a whole other VM running just to do this one thing. (I've also got a TrueNAS device, so that could do it too, but again, it would be a whole other VM/Jail).
So I guess the two questions;
-
Is it possible to get a cups package?
-
If not, I already build FreeBSD packages for my dayjob, I have poudriere installed and the like. Is there a howto on how to make a third-party package pfsense-compatible, which OS kernel I should target, etc, any tips for building on AMD64 for whatever OS the SG1000 is?
-
-
@TheGushi said in CUPS Support, *or* Building my own CUPS package:
I've seen various forum posts about how it's "bad" somehow to use PFSense as a print server, and I don't get it. We're talking about 1-2 prints a month, versus keeping a whole other VM running just to do this one thing.
Its not about how much it will be used.. its about putting another service on a device that is supposed to be there for security. You are adding a potential vulnerability to your build. Putting a thinner door as the security to your house so to speak.
How about a Raspberry PI for something like that? Probably way less power consumed than by the CPU cycles by your VM.. but I am just guessing.
-
Do you really mean an SG-1000? Or 1100?
The printer is connected directly to the firewall?
But, yes, a printer on a firewall is bad idea IMO! You saw the recent CUPS vulnerability that had to be patched I assume?
Steve
-
Sorry, SG-1100.
No, the printer is on the network. It has a weird parallel port 10baseT print server that can draw power from the printer. It only speaks the LPR protocol.
It's an older Zebra label printer, and is an utter workhorse. Owning it, plus a shipping site that didn't upcharge like Shippo or PirateShip, and Flat Rate boxes (so no scale required) changed my life for the executive function of sending things to loved ones -- that I can simply generate a label that includes the address and postage, makes things so much less a chore. (Blog entry here)
When we were moving, we just were able to fire off box labels from our phones. It's a game changer.
Printer fanbasing aside, on my BSD server, Cups is involved solely as a passthrough - effectively translating IPP to LPR, using this script, which generates a static airprint advertisement for avahi to use:
https://github.com/tjfontaine/airprint-generate
In theory that same avahi file could come over, as long as I defined the same Zebra EPL2 printer. And of course, access to the IPP port would be limited only to my LAN port.
-
Hmm, so it sounds like only Avahi needs to run on the firewall and CUPs could run anywhere on the printer subnet?
I would certainly look at using a RasPi or similar for that.
-
Okay, I had asked two questions, if Netgate is interested in putting out a CUPS package (sounds like no), and if there were pointers on building my own package.
According to these docs: https://docs.netgate.com/pfsense/en/latest/development/develop-packages.html#binaries-from-freebsd
One should be using a FreeBSD 14-current system to build. But it looks like as of now PFSense is running 15-current, does that doc need to be updated?
-
Yes we are running current now in Plus so you would need to use 15.
And, yes, I can ask but I think there would be almost no chance of Netgate developers getting involved here.
