Patched CUPS to set permissions/ownerships of certs directory suitabl…

…e for Snap

Inside a Snap executables are run without CAP_DAC_OVERRIDE capability,
meaning that processes running as root also have to obey permissions
and ownerships of files and directories, in contrary to the standard
behavior where processes as root can always access.

CUPS is written assuming that the standard behavior applies, so small
changes, like this one are needed.

See also

https://forum.snapcraft.io/t/snapped-daemon-running-as-root-cannot-create-file-in-directory-with-odd-ownerships-permissions/

patches/cupsd-certs-dir-root-owned-and-writable.patch

@@ -0,0 +1,13 @@
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index bb6049b2c..d5dd639f1 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -1127,7 +1127,7 @@ cupsdReadConfiguration(void)
+ 			     Group, 1, 1) < 0 ||
+        cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
+ 			     Group, 1, 1) < 0 ||
+-       cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
++       cupsdCheckPermissions(StateDir, "certs", 0711, RunUser,
+ 			     SystemGroupIDs[0], 1, 1) < 0 ||
+        cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
+ 			     Group, 1, 0) < 0 ||

snapcraft.yaml

@@ -116,6 +116,7 @@ parts:
         set -eux
         patch -p0 < $SNAPCRAFT_STAGE/patches/cupsd-pass-on-ld-library-path.patch
         patch -p0 < $SNAPCRAFT_STAGE/patches/cupsd-pass-on-path.patch
+        patch -p1 < $SNAPCRAFT_STAGE/patches/cupsd-certs-dir-root-owned-and-writable.patch
         patch -p1 < $SNAPCRAFT_STAGE/patches/cups-airprint-support.patch
         patch -p1 < $SNAPCRAFT_STAGE/patches/cupsd-extra-check-for-admin-tasks-snap-cups-control.patch
         patch -p1 < $SNAPCRAFT_STAGE/patches/libcups-fix-convert-option-choice-names-in-ppd.patch