Description: Enable running of cups-pk-helper as cups-pk-helper
 Enable running of cups-pk-helper as cups-pk-helper by adding annotations
 to the policy fie and adding --with-daemon-user to configure.ac
 to make the cups-pk-helper dbus service run as cups-pk-helper.
 .
 cups-pk-helper (0.2.6-1ubuntu2) zesty; urgency=medium
 .
   * debian/patches/run_as_cups-pk-helper.patch
     - Make the cups-pk-helper run as cups-pk-helper passing cups-pk-helper as user too.
   * debian/cups-pk-helper.postinst:
     - Add cups-pk-helper group and user.
   * debian/cups-pk-helper.postrm:
     - Remove cups-pk-helper user and group.
   * Added --with-daemon-user
Author: Shem Pasamba <shemgp@gmail.com>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: 2017-07-12

--- cups-pk-helper-0.2.6.orig/configure.ac
+++ cups-pk-helper-0.2.6/configure.ac
@@ -54,6 +54,17 @@ AC_SUBST(CUPS_LIBS)
 
 AC_PATH_PROG([GDBUS_CODEGEN], [gdbus-codegen])
 
+# custom daemon user
+AC_ARG_WITH(
+    [daemon_user],
+    AC_HELP_STRING([--with-daemon-user],
+                   [User for running the cups-pk-helper dbus service (default: root)]),
+    [daemon_user=$withval],
+    [daemon_user=root]
+)
+AC_SUBST(daemon_user)
+AC_DEFINE_UNQUOTED([DAEMON_USER], ["$daemon_user"], [Daemon user])
+
 AC_OUTPUT([
 Makefile
 src/Makefile
--- cups-pk-helper-0.2.6.orig/po/POTFILES.in
+++ cups-pk-helper-0.2.6/po/POTFILES.in
@@ -2,3 +2,4 @@
 # Please keep this file sorted alphabetically.
 [encoding: UTF-8]
 src/org.opensuse.cupspkhelper.mechanism.policy.in
+src/org.opensuse.cupspkhelper.mechanism.policy.in.in
--- cups-pk-helper-0.2.6.orig/src/Makefile.am
+++ cups-pk-helper-0.2.6/src/Makefile.am
@@ -67,7 +67,14 @@ dbus_services_in_files = org.opensuse.Cu
 dbus_services_DATA = $(dbus_services_in_files:.service.in=.service)
 
 $(dbus_services_DATA): $(dbus_services_in_files)
-	$(AM_V_GEN)sed -e "s|\@LIBEXECDIR\@|$(libexecdir)|" $< > $@
+	$(AM_V_GEN)sed -e "s|\@LIBEXECDIR\@|$(libexecdir)|" -e "s|\@DAEMON_USER\@|$(daemon_user)|" $< > $@
+
+org.opensuse.cupspkhelper.mechanism.policy.in: org.opensuse.cupspkhelper.mechanism.policy.in.in Makefile
+	$(AM_V_GEN)if test "x$(daemon_user)" != "xroot"; then \
+		sed -e "s|<!--@ANNOTATE_OWNER@-->|<annotate key=\"org.freedesktop.policykit.owner\">unix-user:$(daemon_user)</annotate>|g" $< > $@ ; \
+	else \
+		sed -e "/^\s*<!--@ANNOTATE_OWNER@-->\s*$$/d;s|<!--@ANNOTATE_OWNER@-->||g" $< > $@ ; \
+	fi
 
 polkitdir = $(datadir)/polkit-1/actions
 polkit_in_files = org.opensuse.cupspkhelper.mechanism.policy.in
--- cups-pk-helper-0.2.6.orig/src/org.opensuse.CupsPkHelper.Mechanism.service.in
+++ cups-pk-helper-0.2.6/src/org.opensuse.CupsPkHelper.Mechanism.service.in
@@ -1,4 +1,4 @@
 [D-BUS Service]
 Name=org.opensuse.CupsPkHelper.Mechanism
 Exec=@LIBEXECDIR@/cups-pk-helper-mechanism
-User=root
+User=@DAEMON_USER@
--- /dev/null
+++ cups-pk-helper-0.2.6/src/org.opensuse.cupspkhelper.mechanism.policy.in.in
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+  <vendor>The openSUSE Project</vendor>
+  <vendor_url>http://www.opensuse.org/</vendor_url>
+  <icon_name>printer</icon_name>
+
+  <action id="org.opensuse.cupspkhelper.mechanism.server-settings">
+    <_description>Get/Set server settings</_description>
+    <_message>Privileges are required to get/set server settings.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <action id="org.opensuse.cupspkhelper.mechanism.devices-get">
+    <_description>Get list of available devices</_description>
+    <_message>Privileges are required to get list of available devices.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <!-- Exists mainly so that it's possible to not require a password for this
+       operation: if some authorization is required, then the PolicyKit helper
+       will fallback on printer-X-edit. -->
+  <action id="org.opensuse.cupspkhelper.mechanism.printer-set-default">
+    <_description>Set a printer as default printer</_description>
+    <_message>Privileges are required to set a printer, or a class, as default printer.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <!-- Exists mainly so that it's possible to not require a password for this
+       operation: if some authorization is required, then the PolicyKit helper
+       will fallback on printer-X-edit. -->
+  <action id="org.opensuse.cupspkhelper.mechanism.printer-enable">
+    <_description>Enable/Disable a printer</_description>
+    <_message>Privileges are required to enable/disable a printer, or a class.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <action id="org.opensuse.cupspkhelper.mechanism.printer-local-edit">
+    <_description>Add/Remove/Edit a local printer</_description>
+    <_message>Privileges are required to add/remove/edit a local printer.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <action id="org.opensuse.cupspkhelper.mechanism.printer-remote-edit">
+    <_description>Add/Remove/Edit a remote printer</_description>
+    <_message>Privileges are required to add/remove/edit a remote printer.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <action id="org.opensuse.cupspkhelper.mechanism.class-edit">
+    <_description>Add/Remove/Edit a class</_description>
+    <_message>Privileges are required to add/remove/edit a class.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <action id="org.opensuse.cupspkhelper.mechanism.job-edit">
+    <_description>Restart/Cancel/Edit a job</_description>
+    <_message>Privileges are required to restart/cancel/edit a job.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <action id="org.opensuse.cupspkhelper.mechanism.job-not-owned-edit">
+    <_description>Restart/Cancel/Edit a job owned by another user</_description>
+    <_message>Privileges are required to restart/cancel/edit a job owned by another user.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <action id="org.opensuse.cupspkhelper.mechanism.all-edit">
+    <_description>Change printer settings</_description>
+    <_message>Privileges are required to change printer settings. This should only be needed from the Printers system settings panel.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+
+  <!-- Deprecated -->
+  <action id="org.opensuse.cupspkhelper.mechanism.printeraddremove">
+    <_description>Add/Remove/Edit a printer</_description>
+    <_message>Privileges are required to add/remove/edit a printer.</_message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <!--@ANNOTATE_OWNER@-->
+  </action>
+</policyconfig>