I was preparing a presentation today (for a virtual mini-conf, more details later) and I ran into an issue with ImageMagick. I solved it thanks to a post here, but as that site is mostly in Japanese, I thought it would make sense to make a post here.
Anyway, the issue is that recent versions of ImageMagick have security policies in place that weren’t there before, and the defaults are pretty restrictive. How I ran into this issue was after preparing slides for my presentation I wanted to combine all the slide images into a PDF file for easy sharing. I do this with a simple one-liner:
convert *.png slides.pdf
But when I did, I got the following error:
$ convert *.png slides.pdf convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.
???
Or perhaps more appropriately:
‽‽‽[1]interrobangs FTW
The fix turns out to be quite easy. We just have to give the read
and write
permission to the coder
domain in ImageMagick’s security policy for the PDF
pattern. This can be done by editing the /etc/ImageMagick-6/policy.xml
file directly or with a simple sed
script:
sudo sed -i_bak \ 's/rights="none" pattern="PDF"/rights="read | write" pattern="PDF"/' \ /etc/ImageMagick-6/policy.xml
Here’s the change as a diff:
$ diff -u /etc/ImageMagick-6/policy.xml_bak /etc/ImageMagick-6/policy.xml --- /etc/ImageMagick-6/policy.xml_bak 2020-11-25 11:59:18.101284981 -0500 +++ /etc/ImageMagick-6/policy.xml 2020-11-25 12:03:45.208777703 -0500 @@ -91,6 +91,6 @@ <policy domain="coder" rights="none" pattern="PS2" /> <policy domain="coder" rights="none" pattern="PS3" /> <policy domain="coder" rights="none" pattern="EPS" /> - <policy domain="coder" rights="none" pattern="PDF" /> + <policy domain="coder" rights="read | write" pattern="PDF" /> <policy domain="coder" rights="none" pattern="XPS" /> </policymap>
Now that I have added read
and write
permissions to the PDF
pattern, my convert
one-liner works perfectly as it did before all this nonsense was introduced. I’m sure the ImageMagick developers have their reasons for doing it, I just find it annoying to have to deal with it on my personal workstation.
Oh, and the ‘policy.xml_bak
‘ file created in the sed
step can be removed once you’re satisfied that the change is A-OK.
References
↑1 | interrobangs FTW |
---|