sane-backends: run (xinetd) saned as non-root

saned requires write access scanner USB bus for its process and
to usblp/bind in order to rebind multifunctional printers back
to usblp (for printing with p910nd).

A hotplug script monitor new USB devices for scanners. Scanners
are detected by searching /usr/share/sane/<vendor>-<backend>.usbid
for the device product_id.

The package saned creates user saned:scanners. Access is granted to
group scanners.

The default xinetd conf was updated to run as saned:scanner.

sane-daemon pkg now has a postinst trigger that runs udevtrigger for
granting perms where there are connected scanners during installation.

Existing hotplug scripts from hplip were removed. They were mostly
useless.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

utils/hplip/Makefile

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hplip
 PKG_VERSION:=3.19.12
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/hplip
@@ -74,6 +74,13 @@ CONFIGURE_ARGS += \
 	--disable-cups-drv-install \
 	--enable-lite-build
 
+define Build/Install
+	mkdir -p $(PKG_INSTALL_DIR)/usr/share/sane
+	sed -n -e '/key="usb.product_id"/{s/.*int_outof="0x//;s/;0x/\n/g;s/".*//;p}' \
+		$(PKG_BUILD_DIR)/data/rules/20-hplip-devices.fdi | sort -u > \
+		$(PKG_INSTALL_DIR)/usr/share/sane/03f0-hplip.usbid
+endef
+
 define Package/hplip-common/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) $(PKG_BUILD_DIR)/.libs/libhpip.so* $(1)/usr/lib/
@@ -84,9 +91,6 @@ define Package/hplip-common/install
 
 	$(INSTALL_DIR) $(1)/usr/share/hplip/data/models/
 	$(CP) $(PKG_BUILD_DIR)/data/models/models.dat $(1)/usr/share/hplip/data/models/
-
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/usb/
-	$(INSTALL_BIN) ./files/20-hplip $(1)/etc/hotplug.d/usb/
 endef
 
 define Package/hplip-sane/install
@@ -95,6 +99,10 @@ define Package/hplip-sane/install
 
 	$(INSTALL_DIR) $(1)/etc/sane.d/dll.d/
 	$(INSTALL_DATA) ./files/hplib.conf $(1)/etc/sane.d/dll.d/hplib
+
+	$(INSTALL_DIR) $(1)/usr/share/sane
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/sane/03f0-hplip.usbid \
+		$(1)/usr/share/sane/03f0-hplip.usbid
 endef
 
 define Package/hplip-common/conffiles

utils/hplip/files/20-hplip

@@ -1,20 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) 2009 OpenWrt.org
-
-
-case "$ACTION" in
-        add)
-                # You have to figure out your PRODUCT id. Uncomment the line below,
-                # attach and detach your HP USB printer to find your id in /tmp/hplip.test.
-                # It will look like "Found 3f0/1717/100 on /proc/bus/usb/002/009"
-                # Replace 3f0/1717/100 below with your id.
-                #
-                # echo "Found $PRODUCT on $DEVICE" > /tmp/hplip.test
-
-                [ "$PRODUCT" = "3f0/1717/100" ] && chown nobody $DEVICE && chmod 666 $DEVICE
-                ;;
-        remove)
-                # device is gone
-                ;;
-esac

utils/sane-backends/Makefile

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sane-backends
 PKG_VERSION:=1.0.28
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://gitlab.com/sane-project/backends/uploads/9e718daff347826f4cfe21126c8d5091/
 PKG_HASH:=31260f3f72d82ac1661c62c5a4468410b89fb2b4a811dabbfcc0350c1346de03
@@ -125,6 +125,7 @@ $(call Package/sane-backends/Default)
   CATEGORY:=Utilities
   DEPENDS:=+libsane
   TITLE+= (network daemon)
+  USERID:=saned:scanner
 endef
 
 define Package/sane-daemon/description
@@ -132,6 +133,12 @@ $(call Package/sane-backends/Default/description)
 This package contains the SANE daemon.
 endef
 
+# Run hotplug to grant access to existing scanners
+define Package/sane-daemon/postinst
+#!/bin/sh
+udevtrigger
+endef
+
 define Package/libsane
   $(call Package/sane-backends/Default)
   SECTION:=libs
@@ -174,13 +181,24 @@ define Build/Configure
 	$(Build/Configure/Default)
 endef
 
+define Build/Install
+	$(call Build/Install/Default)
+	mkdir -p $(PKG_INSTALL_DIR)/usr/share/sane
+	$(foreach file, $(filter-out %/unsupported.desc ,$(wildcard $(PKG_BUILD_DIR)/doc/descriptions/*.desc)),
+		sed -rn -e '/^:usbid[[:blank:]]+"?0x(....)"?[[:blank:]]+"?0x(....)"?.*/{s//\1 \2/;p}' $(file) | \
+			sort -u > $(PKG_INSTALL_DIR)/usr/share/sane/$(basename $(notdir $(file))).usbid; \
+		awk '{ print $$$$2 > "$(PKG_INSTALL_DIR)/usr/share/sane/"$$$$1"-$(basename $(notdir $(file))).usbid" }' \
+			$(PKG_INSTALL_DIR)/usr/share/sane/$(basename $(notdir $(file))).usbid ;
+	)
+endef
+
 define Package/libsane/install
 	$(INSTALL_DIR) $(1)/usr/lib/sane/
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libsane.so.* $(1)/usr/lib/
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/sane/libsane-dll.so.* $(1)/usr/lib/sane/
 	$(INSTALL_DIR) $(1)/etc/sane.d/dll.d
 	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/sane.d/dll.conf $(1)/etc/sane.d/
-	chmod 0755 $(1)/etc/sane.d/dll.conf
+	chmod 0644 $(1)/etc/sane.d/dll.conf
 endef
 
 define Package/libsane/conffiles
@@ -190,13 +208,15 @@ endef
 define Package/sane-daemon/install
 	$(INSTALL_DIR) $(1)/etc/sane.d
 	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/sane.d/saned.conf $(1)/etc/sane.d/
-	chmod 0755 $(1)/etc/sane.d/saned.conf
+	chmod 0644 $(1)/etc/sane.d/saned.conf
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/saned.sbin $(1)/usr/sbin/saned
 	$(INSTALL_DIR) $(1)/usr/lib/sane/
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/saned $(1)/usr/lib/sane/saned
 	$(INSTALL_DIR) $(1)/etc/xinetd.d
 	$(INSTALL_CONF) ./files/saned.xinetd $(1)/etc/xinetd.d/sane-port
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/usb/
+	$(INSTALL_BIN) ./files/saned.hotplug $(1)/etc/hotplug.d/usb/20-saned
 endef
 
 define Package/sane-daemon/conffiles
@@ -243,15 +263,19 @@ This package contains the SANE backend for $(2).
 
   define Package/sane-$(1)/install
 	if [ -f "$(PKG_INSTALL_DIR)/etc/sane.d/$(1).conf" ]; then \
-	  $(INSTALL_DIR) $$(1)/etc/sane.d ; \
-	  $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/sane.d/$(1).conf $$(1)/etc/sane.d/; \
-	  chmod 0755 $$(1)/etc/sane.d/$(1).conf ; \
-	fi
-	$(INSTALL_DIR) $$(1)/usr/lib/sane
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/sane/libsane-$(1).so.* $$(1)/usr/lib/sane/
+		$(INSTALL_DIR) $$(1)/etc/sane.d ; \
+		$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/sane.d/$(1).conf $$(1)/etc/sane.d/ ; \
+	        chmod 0644 $$(1)/etc/sane.d/$(1).conf ; \
+	fi ; \
+	$(INSTALL_DIR) $$(1)/usr/lib/sane ; \
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/sane/libsane-$(1).so.* $$(1)/usr/lib/sane/ ; \
 	if [ -d "$(PKG_INSTALL_DIR)/usr/share/sane/$(1)" ]; then \
 		$(INSTALL_DIR) $$(1)/usr/share/sane/ ; \
 		$(CP) -a $(PKG_INSTALL_DIR)/usr/share/sane/$(1) $$(1)/usr/share/sane/ ; \
+	fi ; \
+	if [ -s "$(PKG_INSTALL_DIR)/usr/share/sane/$(1).usbid" ]; then \
+		$(INSTALL_DIR) $$(1)/usr/share/sane/ ; \
+		$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/sane/????-$(1).usbid $$(1)/usr/share/sane/ ; \
 	fi
   endef
 

utils/sane-backends/files/saned.hotplug

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+[ "$ACTION" = "add" ] || exit 0
+[ "$DEVTYPE" = "usb_device" ] || exit 0
+
+SANE_GROUP=scanner
+grep -q -E "^$SANE_GROUP:" /etc/group || exit 0
+
+# Filter SANE known devices
+vendor_product="${PRODUCT%/*}"
+vendorid="$(printf '%04x' "0x0${vendor_product%/*}")"
+productid="$(printf '%04x' "0x0${vendor_product#*/}")"
+grep -s -x -F -q "$productid" "/usr/share/sane/$vendorid"-*.usbid || exit 0
+
+grant() {
+	logger -t "hotplug(usb/20-saned)" "Granting $1 to '$2' for group '$SANE_GROUP'"
+	chgrp "$SANE_GROUP" "$2"
+	chmod "$1" "$2"
+}
+
+# Needed by script /usr/bin/saned to rebind USB devices back to usblp after use
+usblp_bind="/sys/bus/usb/drivers/usblp/bind"
+if [ -e "$usblp_bind" ]; then
+	grant g+w "$usblp_bind"
+fi
+
+grant g+rw "/dev/$DEVNAME"

utils/sane-backends/files/saned.xinetd

@@ -7,8 +7,7 @@ service sane-port
 	socket_type = stream
 	port        = 6566
 	wait        = no
-	user        = root
-#	user        = saned
+	user        = saned
 	group       = scanner
 	server      = /usr/sbin/saned
 	disable     = yes