ImageMagick being difficult

I was preparing a presentation today (for a virtual mini-conf, more details later) and I ran into an issue with ImageMagick. I solved it thanks to a post here, but as that site is mostly in Japanese, I thought it would make sense to make a post here.

Anyway, the issue is that recent versions of ImageMagick have security policies in place that weren’t there before, and the defaults are pretty restrictive. How I ran into this issue was after preparing slides for my presentation I wanted to combine all the slide images into a PDF file for easy sharing. I do this with a simple one-liner:

convert *.png slides.pdf

But when I did, I got the following error:

$ convert *.png slides.pdf
convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.

???

Or perhaps more appropriately:

‽‽‽[1]interrobangs FTW

The fix turns out to be quite easy. We just have to give the read and write permission to the coder domain in ImageMagick’s security policy for the PDF pattern. This can be done by editing the /etc/ImageMagick-6/policy.xml file directly or with a simple sed script:

sudo sed -i_bak \
's/rights="none" pattern="PDF"/rights="read | write" pattern="PDF"/' \
/etc/ImageMagick-6/policy.xml

Here’s the change as a diff:

$ diff -u /etc/ImageMagick-6/policy.xml_bak /etc/ImageMagick-6/policy.xml 
--- /etc/ImageMagick-6/policy.xml_bak	2020-11-25 11:59:18.101284981 -0500
+++ /etc/ImageMagick-6/policy.xml	2020-11-25 12:03:45.208777703 -0500
@@ -91,6 +91,6 @@
   <policy domain="coder" rights="none" pattern="PS2" />
   <policy domain="coder" rights="none" pattern="PS3" />
   <policy domain="coder" rights="none" pattern="EPS" />
-  <policy domain="coder" rights="none" pattern="PDF" />
+  <policy domain="coder" rights="read | write" pattern="PDF" />
   <policy domain="coder" rights="none" pattern="XPS" />
 </policymap>

Now that I have added read and write permissions to the PDF pattern, my convert one-liner works perfectly as it did before all this nonsense was introduced. I’m sure the ImageMagick developers have their reasons for doing it, I just find it annoying to have to deal with it on my personal workstation.

Oh, and the ‘policy.xml_bak‘ file created in the sed step can be removed once you’re satisfied that the change is A-OK.

References