--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/cups/README.trustext Thu Oct 18 21:33:16 2012 -0700
@@ -0,0 +1,239 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+#
+
+SETTING UP TEST ENVIRONMENT
+---------------------------
+The following steps should be followed for setting up the test environment
+for Trusted Solaris:
+
+1. Install trusted packages
+ # pkg install system/trusted
+ # pkg install system/trusted/trusted-global-zone
+ # pkg install trusted-extensions
+
+2. Enable labeld service
+ # svcadm enable -s labeld
+
+3. Verify that the service is enabled.
+ # svcs -x labeld
+ svc:/system/labeld:default (Trusted Extensions)
+ State: online since weekday month date hour:minute:second year
+ See: labeld(1M)
+ Impact: None.
+
+4. This step is required in case you want to install your own
+ label_encodings file.
+
+ To test labels greater than 80 characters, you will have to use
+ large labels_encodings file.
+ i) Copy the label_encodings file to the disk.
+ ii) Check the syntax of the file and make it the active
+ label_encodings file.
+ a) Run the chk_encodings command.
+ # /usr/sbin/chk_encodings /full-pathname-of-label-encodings-file
+ b) Make the file the active label_encodings file.
+ # cp /full-pathname-of-label-encodings-file \
+ /etc/security/tsol/label.encodings.site
+ # cd /etc/security/tsol
+ # cp label_encodings label_encodings.tx.orig
+ # cp label.encodings.site label_encodings
+ Your label_encodings file must pass the Check Encodings test before
+ you continue.
+
+5. Reboot the system.
+
+6. Once the system is up after reboot, create labeled zones.
+ Labeled zones can be created using '/usr/sbin/txzonemgr' command.
+ For details refer to 'txzonemgr(1M)' manpage.
+
+ Documentation on 'Printing in Trusted extensions environment' can be found at:
+ http://docs.oracle.com/cd/E23824_01/html/821-1482/manageprint-1.html#scrolltoc
+
+--------------------------------------------------------------------------------------------
+
+TEST CASES
+----------
+All the following test cases should be run in Trusted Solaris environment.
+
+1. Run printing test suite for CUPS.
+ Details on printing test-suite can be found at:
+ https://stbeehive.oracle.com/teamcollab/wiki/Solaris+Printing:CUPS+Printing+Test+Suite
+
+2. Printing from labeled zones to network printer directly.
+3. Printing from labeled zones to network printer via Global zone.
+4. Printing from global zone to directly attached USB printer.
+5. Printing from global zone to network printer.
+6. Print in different orientations. (Should be tested for both Image & Text files)
+ The -o landscape option will rotate the page 90 degrees to print in landscape
+ orientation:
+ lp -o landscape filename
+ lpr -o landscape filename
+
+ The -o orientation-requested=N option rotates the page depending on the value of N:
+
+ -o orientation-requested=3 - portrait orientation (no rotation)
+ -o orientation-requested=4 - landscape orientation (90 degrees)
+ -o orientation-requested=5 - reverse landscape or seascape orientation (270 degrees)
+ -o orientation-requested=6 - reverse portrait or upside-down orientation
+ (180 degrees)
+
+ -o number-up=2
+ -o number-up=6
+ this should be landscape by default
+
+ rest number-up should be portrait
+
+ Mix -o number-up & orientation-requested.
+
+7. Printing On Both Sides of the Paper
+
+ -o sides=two-sided-short-edge
+ -o sides=two-sided-long-edge
+ These options will enable two-sided printing on the printer if the printer supports it.
+
+ '-o sides=two-sided-short-edge' option is suitable for landscape pages,
+ while '-o sides=two-sided-long-edge' option is suitable for portrait pages:
+
+ lp -o sides=two-sided-short-edge filename
+ lp -o sides=two-sided-long-edge filename
+ lpr -o sides=two-sided-long-edge filename
+
+ The default is to print single-sided:
+
+ lp -o sides=one-sided filename
+ lpr -o sides=one-sided filename
+
+8. Labels greater than 80 characters.
+ Labels greater than 80 characters would be truncated at the right by '->'
+
+9. Printing to a printer in same subnet.
+ If the printer is in the same subnet, then add it using cups web interface
+ at localhost:631
+
+10. Printing to a printer in different subnet.
+ You should be able to ping the printer ip address.
+
+ Adding the printer:
+ lpadmin -p printer_name -E -v socket://<ip-addr-of-printer> -m <model>
+
+ You can find your printer model using
+ lpinfo -m | grep -i <model name>
+
+ model example: "foomatic-db-ppds/Ricoh/PS/Ricoh-Aficio_MP_5000_PS.ppd.gz"
+
+ e.g:
+ lpadmin -p printer -E -v socket://10.163.198.77 -m foomatic-db-ppds/Ricoh/PS/Ricoh-Aficio_MP_5000_PS.ppd.gz
+
+11. Printing without banner and trailer pages and also without page-labels.
+
+ -o nolabels
+ Does not print job labels
+
+ -o job-sheets=none
+ -o job-sheets=none, none
+ -o job-sheets=none,<any-label>
+ The above three work same. No banner and trailer pages get printed.
+
+ -o job-sheets=<any-label>,none
+ -o job-sheets=<any-label>,<any-label>
+ The above two work same. Both banner and trailer pages get printed.
+
+ -o job-sheets=none -o nolabels
+ No banner and trailer page and no job-labels
+
+12. Test following authorizations:
+ solaris.print.admin
+ solaris.print.unlabeled
+ solaris.print.nobanner
+ solaris.print.list
+
+ Following command can be used to list the user authorizations:
+ $ auths <user>
+
+ For eg:
+ Printing from a labeled zone as root.
+
+ $ lp -d public -o job-sheets=none,none /etc/release
+ request id is public-19 (1 file(s))
+
+ This request is submitted to the server as 'remroot'. In this case both
+ banner and trailer pages get printed, as 'remroot' does not have the
+ solaris.print.nobanner authorization.
+
+ solaris.print.list
+ # lp -d test /etc/release
+ request id is test-313 (1 file(s))
+
+ # lpstat test
+ test-313 root 3072 Fri Mar 30 07:42:58 2012
+
+ ---> Login as 'remroot' <---
+ # su - remroot
+ Oracle Corporation SunOS 5.11 11.0 November 2011
+
+ ---> 'remroot' doesn't have solaris.print.list authorization so it cannot list
+ the jobs for printer test <---
+ $ lpstat test
+
+ $ lp -d test /etc/release
+ request id is test-314 (1 file(s))
+
+ ---> For 'remroot', 'lpstat' lists only the jobs requested by 'remroot' <---
+ $ lpstat test
+ test-314 remroot 3072 Fri Mar 30 07:43:44 2012
+
+ $ logout
+
+ ---> For 'root', 'lpstat' lists all the jobs <---
+ # lpstat test
+ test-313 root 3072 Fri Mar 30 07:42:58 2012
+ test-314 remroot 3072 Fri Mar 30 07:43:44 2012
+
+ ---> Give remroot solaris.print.list authorization <---
+ # usermod -A solaris.print.list remroot
+ Found user in files repository.
+
+ ---> Login as 'remroot'
+ root@txx2270-05:/var/log/cups# su - remroot
+ Oracle Corporation SunOS 5.11 11.0 November 2011
+
+ ---> Now for 'root', 'lpstat' lists all the jobs <---
+ -bash-4.1$ lpstat test
+ test-313 root 3072 Fri Mar 30 07:42:58 2012
+ test-314 remroot 3072 Fri Mar 30 07:43:44 2012
+
+13. Printing to a printer which is outside the labeled range.
+ E.g: Printing from a 'Public Zone' to a printer labeled 'Confidential'
+
+ $ lp -d hp /etc/release
+ lp: label violation.
+
+14. Cascade printing
+ Print from a system which is accessible from local zone, to a printer which
+ is accessible to the GZ only.
+ Print request goes from the system to LZ to GZ to Printer.
+
+ Note: For cascading to work printer must be shared on both LZ and GZ.
+
+ Printer can be shared from command line as:
+ $ lpadmin -p <printer> -o printer-is-shared=true