1 files changed, 33 insertions, 13 deletions

diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index 9d21b6e70c..c3c6d2f1be 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -82,6 +83,14 @@
 (define (serialize-multiline-string-list field-name val)
   (for-each (lambda (str) (serialize-field field-name str)) val))
 
+(define (comma-separated-string-list? val)
+  (and (list? val)
+       (and-map (lambda (x)
+                  (and (string? x) (not (string-index x #\,))))
+                val)))
+(define (serialize-comma-separated-string-list field-name val)
+  (serialize-field field-name (string-join val ",")))
+
 (define (space-separated-string-list? val)
   (and (list? val)
        (and-map (lambda (x)
@@ -130,7 +139,7 @@
 (define-enumerated-field-type default-encryption
   (Never IfRequested Required))
 (define-enumerated-field-type error-policy
-  (abort-job retry-job retry-this-job stop-printer))
+  (abort-job retry-job retry-current-job stop-printer))
 (define-enumerated-field-type log-level
   (none emerg alert crit error warn notice info debug debug2))
 (define-enumerated-field-type log-time-format
@@ -170,7 +179,10 @@
 
 (define (ssl-options? x)
   (and (list? x)
-       (and-map (lambda (elt) (memq elt '(AllowRC4 AllowSSL3))) x)))
+       (and-map (lambda (elt) (memq elt '(AllowRC4
+                                          AllowSSL3
+                                          DenyCBC
+                                          DenyTLS1.0))) x)))
 (define (serialize-ssl-options field-name val)
   (serialize-field field-name
                    (match val
@@ -446,7 +458,10 @@ or state files.")
   (user
    (string "lp")
    "Specifies the user name or ID that is used when running external
-programs."))
+programs.")
+  (set-env
+   (string "variable value")
+   "Set the specified environment variable to be passed to child processes."))
 
 (define (serialize-files-configuration field-name val)
   #f)
@@ -485,6 +500,11 @@ requests.")
    (boolean #f)
    "Specifies whether to purge job history data automatically when it is no
 longer required for quotas.")
+  (browse-dns-sd-sub-types
+   (comma-separated-string-list (list "_cups"))
+   "Specifies a list of DNS-SD sub-types to advertise for each shared printer.
+For example, @samp{\"_cups\" \"_print\"} will tell network clients that both
+CUPS sharing and IPP Everywhere are supported.")
   (browse-local-protocols
    (browse-local-protocols 'dnssd)
    "Specifies which protocols to use for local printer sharing.")
@@ -534,7 +554,7 @@ typically within a few milliseconds.")
    (error-policy 'stop-printer)
    "Specifies what to do when an error occurs.  Possible values are
 @code{abort-job}, which will discard the failed print job; @code{retry-job},
-which will retry the job at a later time; @code{retry-this-job}, which retries
+which will retry the job at a later time; @code{retry-current-job}, which retries
 the failed job immediately; and @code{stop-printer}, which stops the
 printer.")
   (filter-limit
@@ -794,9 +814,6 @@ reports @code{CUPS 2.0}.  @code{Minimal} reports @code{CUPS 2.0.0}.  @code{OS}
 reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is the output of the
 @code{uname} command.  @code{Full} reports @code{CUPS 2.0.0 (@var{uname})
 IPP/2.0}.")
-  (set-env
-   (string "variable value")
-   "Set the specified environment variable to be passed to child processes.")
   (ssl-listen
    (multiline-string-list '())
    "Listens on the specified interfaces for encrypted connections.  Valid
@@ -805,12 +822,15 @@ an IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate
 all addresses.")
   (ssl-options
    (ssl-options '())
-   "Sets encryption options.
-By default, CUPS only supports encryption using TLS v1.0 or higher using known
-secure cipher suites.  The @code{AllowRC4} option enables the 128-bit RC4
-cipher suites, which are required for some older clients that do not implement
-newer ones.  The @code{AllowSSL3} option enables SSL v3.0, which is required
-for some older clients that do not support TLS v1.0.")
+   "Sets encryption options.  By default, CUPS only supports encryption
+using TLS v1.0 or higher using known secure cipher suites.  Security is
+reduced when @code{Allow} options are used, and enhanced when @code{Deny}
+options are used.  The @code{AllowRC4} option enables the 128-bit RC4 cipher
+suites, which are required for some older clients.  The @code{AllowSSL3} option
+enables SSL v3.0, which is required for some older clients that do not support
+TLS v1.0.  The @code{DenyCBC} option disables all CBC cipher suites.  The
+@code{DenyTLS1.0} option disables TLS v1.0 support - this sets the minimum
+protocol version to TLS v1.1.")
   #;
   (ssl-port
    (non-negative-integer 631)