From: abubakarsabir924-cell <abubakarsabir924@gmail.com>
Date: Mon, 18 May 2026 22:10:23 +0000 (-0400)
Subject: Fix Docker: embed rpath and copy runtime files (issue #1275)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d8b4e3d8a00909feb5c23487c7a3c14f86b333c6;p=thirdparty%2Fcups.git

Fix Docker: embed rpath and copy runtime files (issue #1275)

PR #1153 introduced a multi-stage Dockerfile but left two bugs:

1. libcups.so.2 was not copied into the runtime stage, causing:
   error while loading shared libraries: libcups.so.2: cannot open
   shared object file: No such file or directory

2. Runtime apt dependencies (openssl, libavahi-client3, etc.)
   were missing from the runtime stage.

Fix:
- Pass LDFLAGS='-Wl,-rpath,/usr/lib64' at configure time
- Explicitly COPY libcups.so.2 into runtime stage
- Install correct runtime packages in runtime stage
- Add Browsing No to prevent avahi crash in container
- Run ldconfig in runtime stage

Fixes #1275
---

diff --git a/Dockerfile b/Dockerfile
index 55cc0841f8..27cb3b0d54 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,30 +1,125 @@
 # syntax=docker/dockerfile:1
 
-### Build stage
-# Use the latest Ubuntu base image
+# âââââââââââââââââââââââââââââ
+# Stage 1 â builder
+# âââââââââââââââââââââââââââââ
 FROM ubuntu:latest AS builder
 
-# Set the working directory inside the container
-WORKDIR /workspaces/cups
-
-# Update package list and upgrade existing packages
-RUN apt-get update -y && apt-get upgrade --fix-missing -y
+WORKDIR /root/cups
 
-# Install required dependencies for CUPS
-RUN apt-get install -y autoconf build-essential \
-    avahi-daemon  libavahi-client-dev \
-    libssl-dev libkrb5-dev libnss-mdns libpam-dev \
-    libsystemd-dev libusb-1.0-0-dev zlib1g-dev \
-    openssl sudo
+RUN apt-get update -y && apt-get upgrade --fix-missing -y \
+    && apt-get install -y --no-install-recommends \
+        autoconf \
+        build-essential \
+        libavahi-client-dev \
+        libgnutls28-dev \
+        libkrb5-dev \
+        libnss-mdns \
+        libpam-dev \
+        libssl-dev \
+        libsystemd-dev \
+        libusb-1.0-0-dev \
+        zlib1g-dev \
+    && rm -rf /var/lib/apt/lists/*
 
-# Copy the current directory contents into the container's working directory
 COPY . /root/cups
-WORKDIR /root/cups
-RUN ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var && make clean && make && make install
 
-### Runtime stage
-FROM ubuntu:latest
-COPY --from=builder /root/cups /root/cups
-WORKDIR /root/cups
-# Expose port 631 for CUPS web interface
+# KEY FIX 1: rpath embed karo â /usr/lib64 kyunki Ubuntu pe yahi install hota hai
+RUN LDFLAGS='-Wl,-rpath,/usr/lib64' \
+    ./configure \
+        --prefix=/usr \
+        --sysconfdir=/etc \
+        --localstatedir=/var \
+    && make clean \
+    && make \
+    && make install
+
+# âââââââââââââââââââââââââââââ
+# Stage 2 â runtime
+# âââââââââââââââââââââââââââââ
+FROM ubuntu:latest AS runtime
+
+# KEY FIX 2: runtime packages
+RUN apt-get update -y \
+    && apt-get install -y --no-install-recommends \
+        avahi-daemon \
+        libavahi-client3 \
+        libgnutls30t64 \
+        libkrb5-3 \
+        libnss-mdns \
+        libpam0g \
+        libssl3t64 \
+        libsystemd0 \
+        libusb-1.0-0 \
+        openssl \
+        sudo \
+        zlib1g \
+    && rm -rf /var/lib/apt/lists/*
+
+# KEY FIX 3: binaries â /usr/bin
+COPY --from=builder /usr/bin/cancel          /usr/bin/cancel
+COPY --from=builder /usr/bin/ippeveprinter   /usr/bin/ippeveprinter
+COPY --from=builder /usr/bin/ippfind         /usr/bin/ippfind
+COPY --from=builder /usr/bin/ipptool         /usr/bin/ipptool
+COPY --from=builder /usr/bin/lp              /usr/bin/lp
+COPY --from=builder /usr/bin/lpoptions       /usr/bin/lpoptions
+COPY --from=builder /usr/bin/lpq             /usr/bin/lpq
+COPY --from=builder /usr/bin/lpr             /usr/bin/lpr
+COPY --from=builder /usr/bin/lprm            /usr/bin/lprm
+COPY --from=builder /usr/bin/lpstat          /usr/bin/lpstat
+COPY --from=builder /usr/bin/cupstestppd     /usr/bin/cupstestppd
+
+# KEY FIX 4: binaries â /usr/sbin
+COPY --from=builder /usr/sbin/cupsd          /usr/sbin/cupsd
+COPY --from=builder /usr/sbin/cupsfilter     /usr/sbin/cupsfilter
+COPY --from=builder /usr/sbin/cupsaccept     /usr/sbin/cupsaccept
+COPY --from=builder /usr/sbin/cupsctl        /usr/sbin/cupsctl
+COPY --from=builder /usr/sbin/cupsdisable    /usr/sbin/cupsdisable
+COPY --from=builder /usr/sbin/cupsenable     /usr/sbin/cupsenable
+COPY --from=builder /usr/sbin/cupsreject     /usr/sbin/cupsreject
+
+# KEY FIX 5: libcups.so.2 â /usr/lib64 pe hai!
+COPY --from=builder /usr/lib64/libcups.so.2      /usr/lib64/libcups.so.2
+COPY --from=builder /usr/lib64/libcupsimage.so.2 /usr/lib64/libcupsimage.so.2
+
+# CUPS support directories
+COPY --from=builder /usr/lib/cups/           /usr/lib/cups/
+COPY --from=builder /usr/share/cups/         /usr/share/cups/
+COPY --from=builder /etc/cups/               /etc/cups/
+
+# KEY FIX 6: linker cache update
+RUN ldconfig
+
+# Admin user setup
+RUN useradd -m --create-home \
+        --password "$(echo 'admin' | openssl passwd -1 -stdin)" \
+        -f 0 admin \
+    && groupadd -f lpadmin \
+    && usermod -aG lpadmin admin \
+    && echo 'admin ALL=(ALL:ALL) ALL' >> /etc/sudoers
+
+# CUPS config
+RUN /usr/sbin/cupsd \
+    && sleep 3 \
+    && cupsctl --remote-admin --remote-any --share-printers \
+    && killall cupsd || true
+
+RUN sed -i \
+        -e 's/SystemGroup sys root/SystemGroup lpadmin/' \
+        /etc/cups/cups-files.conf \
+    && sed -i \
+        -e 's/Port 631/Port 631\nServerAlias */' \
+        -e 's/DefaultAuthType Basic/DefaultAuthType Basic\nDefaultEncryption IfRequested/' \
+        -e 's/Browsing yes/Browsing no/I' \
+        /etc/cups/cupsd.conf \
+    && echo "Browsing No" >> /etc/cups/cupsd.conf \
+    && echo "BrowseLocalProtocols none" >> /etc/cups/cupsd.conf
+
+RUN cp -rp /etc/cups /etc/cups-bak
+
+VOLUME ["/etc/cups"]
+VOLUME ["/var/log/cups"]
+
 EXPOSE 631
+
+CMD ["/usr/sbin/cupsd", "-f"]
diff --git a/docker-compose.yaml b/docker-compose.yaml
index bb604846dc..23456dd9ed 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -4,38 +4,10 @@ services:
       context: .
       dockerfile: Dockerfile
     container_name: cups
-    # Command to be executed when the container starts
-    command:
-      - /bin/bash
-      - -c
-      - |
-        # Add a new user 'admin' with password 'admin'
-        useradd -m --create-home --password $(echo 'admin' | openssl passwd -1 -stdin) -f 0 admin
-
-        # Create a new group 'lpadmin'
-        groupadd lpadmin
-
-        # Add the user 'admin' to the 'lpadmin' group
-        usermod -aG lpadmin admin
-
-        # Grant sudo privileges to the user 'admin'
-        echo 'admin ALL=(ALL:ALL) ALL' >> /etc/sudoers
-
-        # Start the CUPS daemon for remote access
-        /usr/sbin/cupsd \
-        && while [ ! -f /var/run/cups/cupsd.pid ]; do sleep 1; done \
-        && cupsctl --remote-admin --remote-any --share-printers \
-        && kill $(cat /var/run/cups/cupsd.pid) \
-        && echo "ServerAlias *" >> /etc/cups/cupsd.conf \
-        && service cups start \
-        && /usr/sbin/cupsd -f
-
-    # Expose port 631 for CUPS web interface
+    restart: unless-stopped
+    command: ["/usr/sbin/cupsd", "-f"]
     ports:
       - "631:631"
-
-    # Bind mount for cups config files and logs
     volumes:
-      - .:/workspaces/cups
       - ./container-config:/etc/cups
       - ./container-config/logs:/var/log/cups