The Imagemagick security policy seems to be not allowing me perform this conversion from pdf to png. Converting other extensions seem to be working, just not from pdf. I haven't changed any of the imagemagick settings since I installed it... I am using Arch Linux, if the OS matters.
user#machine $ convert -density 300 -depth 8 -quality 90 input.pdf output.png
convert: attempt to perform an operation not allowed by the security policy `PDF' # error/constitute.c/IsCoderAuthorized/408.
convert: no images defined `output.png' # error/convert.c/ConvertImageCommand/3288.
Well, I added
<policy domain="coder" rights="read | write" pattern="PDF" />
just before </policymap> in /etc/ImageMagick-7/policy.xml and that makes it work again, but not sure about the security implications of that.
This issue is a workaround for a security vulnerability. The vulnerability has been addressed in Ghostscript 9.24, so if you have that or a newer version, you don't need the workaround anymore.
On Ubuntu 19.04 through 22.04 and probably any later versions with ImageMagick 6, here's how you fix the issue by removing that workaround:
Make sure you have Ghostscript ≥9.24:
gs --version
If yes, just remove this whole following section from /etc/ImageMagick-6/policy.xml:
<!-- disable ghostscript format types -->
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="PS2" />
<policy domain="coder" rights="none" pattern="PS3" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />
Removing just the line with pattern="PDF" inside would be enough to re-enable PDF conversion. I can't see a good reason to keep the workaround for other PostScript-based file types, though.
Attribution: #jakob-r's comment on an alternative answer. And the helpful comments here below 🙂
As pointed out in some comments, you need to edit the policies of ImageMagick in /etc/ImageMagick-7/policy.xml. More particularly, in ArchLinux at the time of writing (05/01/2019) the following line is uncommented:
<policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />
Just wrap it between <!-- and --> to comment it, and pdf conversion should work again.
For me on Arch Linux, I had to comment this:
<policy domain="delegate" rights="none" pattern="gs" />
For me on my archlinux system the line was already uncommented. I had to replace "none" by "read | write " to make it work.
The ImageMagick change was kept after Ghostscript was fixed because applications (especially web applications) often feed arbitrary user-supplied files to ImageMagick, don't always enforce format restrictions properly, and, since Postscript (which PDF uses) is a turing-complete programming language running in a sandbox, there's always the possibility of another hole in the sandbox.
It's much better to leave things configured so ImageMagick refuses to process files that require running a program and, instead, just invoke Ghostscript directly when you intentionally want to permit Postscript rendering.
That would be accomplished by a Ghostscript command like this:
gs -dSAFER -r600 -sDEVICE=pngalpha -o foo.png myfile.pdf
Yes, this is a variation on the GhostScript command ImageMagic calls. (see ImageMagick's delegates.xml. -o is shorthand for -dBATCH -dNOPAUSE -sOutputFile=)
What's important is that ImageMagick stays locked down, you don't needlessly invoke an intermediate program, and you get more control over the rendering parameters. (eg. -r600 is the DPI to render at and changing -sDEVICE=pngalpha allows you to render directly to your desired format)
Works in Ubuntu 20.04
Add this line inside <policymap>
<policy domain="module" rights="read|write" pattern="{PS,PDF,XPS}" />
Comment these lines:
<!--
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="PS2" />
<policy domain="coder" rights="none" pattern="PS3" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />
-->
As a highly active comment by #Richard Kiefer, a simple fix is like this
$ sudo sed -i '/disable ghostscript format types/,+6d' /etc/ImageMagick-6/policy.xml
Adding to Stefan Seidel's answer.
Well, at least in Ubuntu 20.04.2 LTS or maybe in other versions you can't really edit the policy.xml file directly in a GUI way. Here is a terminal way to edit it.
Open the policy.xml file in terminal by entering this command -
sudo nano /etc/ImageMagick-6/policy.xml
Now, directly edit the file in terminal, find
<policy domain="coder" rights="none" pattern="PDF" />
and replace none with read|write as shown in the picture. Then press Ctrl+X to exit.
I was experiencing this issue with nextcloud which would fail to create thumbnails for pdf files.
However, none of the suggested steps would solve the issue for me.
Eventually I found the reason: The accepted answer did work but I had to also restart php-fpm after editing the policy.xml file:
sudo systemctl restart php7.2-fpm.service
On Ubuntu 19.10, I have done this in /etc/ImageMagick-6/policy.xml
uncomment this
<policy domain="module" rights="read | write" pattern="{PS,PDF,XPS}" />
and comment this
<!-- <policy domain="coder" rights="none" pattern="PDF" /> -->
After that, this command work without error
convert -thumbnail x300 -background white -alpha remove sample.pdf sample.png
In my case i'm useing ubuntu 20.10 and the Imagick-7.
in my /etc/ImageMagick-6/policy.xml I've removed below lines,
restarted my machine and I'm done.
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="PS2" />
<policy domain="coder" rights="none" pattern="PS3" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />
Manjaro April 2021
Just remove uncommented line inside <policymap> in /etc/ImageMagick-7/policy.xml
Thank you #tanius and others for the detailed answers !
I'd just add to it the following points.
The path of the policy file policy.xml may change with the version of the ImageMagick like /etc/ImageMagick-6/policy.xml or /etc/ImageMagick-7/policy.xml etc. So update it accordingly.
As the policy to prevent or allow the conversion for some filetypes is a security measure, you may like to reset the changes to the policy.xml after the task is done so that there is no possibilty of the corresponding attack, if the system is accessible to attackers !
Happy speedy file conversions meanwhile !
For my system Ubuntu 20.04 wasnt working, but for my windows 10 was working just fine.
my main job was to add subtitles to a video and generate an output mp4.
After messing around with the policy.xml file i found a "potentially" bad workaround. which is delete all contents of the policy.xml, which has worked for me and i was able to add my subtitles to the video.
Please be aware this might be a temporary fix untill you dont find a better solution.
Related
I am new to Hybris. I am able to configure Hybris Administration Console and access the sections by following wiki.hybris documents.
I dont find a section to configure the Hybris Management Console (HMC). I get 404 error when I access the URL http://localhost:9001/hmc. Please let me know where to find to get this URL working.
UPDATE
I am sorry for not giving enough information in my original post.
I am using Hybris Commerce Suite 5.7.0.8 and followed the steps mentioned in wiki.hybris.
I executed the following commands in CMD.
setantenv.bat
ant clean all
hybrisserver.bat
Then logged into http://localhost:9001/ using admin credentials
Under Platform--> Initialization, I initialized to recreate the new
tables.
Apart from the above, I did not do any other steps. I noticed that the extensions under HMC in Platform-->Extension, are all marked as X. Please refer to the attached image.
You are missing the hmc as part of your localextensions.xml file... see the answer at: https://stackoverflow.com/a/33110971/932201
After adding the hmc extension you have to run an update running system from the hac (or re-initialize).
Note though that the hmc is the old backoffice application, in more recent versions it had first been depracted and finally been removed.
The new backoffice application is called backoffice and its url is by default:
http://localhost:9001/backoffice
(you would also have to add the backoffice extension to your localextensions.xml file to make it available)
Good luck!
Perform the following steps :
Step 1 : Add the following main modules in localextensions.xml
<extension name="admincockpit" />
<extension name="backoffice" />
<extension name="cockpit" />
<extension name="hmc" />
<extension name="mcc" />
<extension name="platformhmc" />
Step 2: Run ant clean all
Step 3 : Run update from HAC
The hMC is usually available on http://localhost:9001/hmc (or /hmc/hybris if you don't want it opening in a pop up).
I'd suggest checking your server logs (~YOUR_HYBRIS_DIR/hybris/log/tomcat/console.log) and seeing if there's any errors in it.
Make sure you have not altered the property hmc.webroot. It should be set to /hmc by default, but you can try explicitly setting it in your local.properties file like this:
hac.webroot=/hac
hmc.webroot=/hmc
Also you need to initialize the system before you can access anything other than the HAC.
You can do this either using your browser via the HAC or using ant:
ant clean all initialize
You can read all about Hybris' initialize and update processes here:
https://wiki.hybris.com/display/release5/Initializing+and+Updating+the+hybris+Commerce+Suite
Hope this helps
In recent versions of Hybris they have introduced an installer script that sets up the basics for you. What this means though is that if you just go right ahead and simply run ant all, you will get a localextensions.xml file with almost everything disabled.
What you should do is install hybris using the installer script and one of the recipies. See here:
https://wiki.hybris.com/display/release5/Sample+Scenarios+Installation
This will generate you a decent starting configuration for what ever you want to do with hybris.
For example, when I install the recipe b2c_acc (B2C Accelerator), I get the following localextensions.xml file generated:
<hybrisconfig xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='../bin/platform/resources/schemas/extensions.xsd'>
<extensions>
<path dir='${HYBRIS_BIN_DIR}' autoload='false' />
<extension name='mcc' />
<extension name='backoffice' />
<extension name='commercesearchbackoffice' />
<extension name='commerceservicesbackoffice' />
<extension name='solrfacetsearchbackoffice' />
<extension name='solrserver' />
<extension name='yacceleratorcockpits' />
<extension name='yacceleratorinitialdata' />
<extension name='yacceleratorfulfilmentprocess' />
<extension name='yacceleratorstorefront' />
<extension name='yaddon' />
<extension name='ycommercewebservices' />
<extension name='electronicsstore' />
<extension name='apparelstore' />
<extension name='liveeditaddon' />
<extension name='acceleratorwebservicesaddon' />
</extensions>
</hybrisconfig>
Once you have done this, I also strongly recommend installing MySQL and using that as your database rather than the default HSQLDB approach as it is much, much faster. See here:
https://wiki.hybris.com/display/release5/MySQL
Hope this helps
Go to http://localhost:9001/mcc (log as an admin) you will find all links of your current Hybris installation.
What version of Hybris are you using ? Do you see the hmc extension when you go to the HAC ?
Edit:
With 5.7 the default localextensions.xml is mostly empty by default, you will need to run an installer like '. install.sh -r b2c_acc_plus' from your installer directory (first level of your Hybris installation)
Before I start I would like to say that I have read and tried all methods/solutions I can find on this and other forums to no avail.
I have a simple mail setting entry in my webconfig that I want transformed when publishing to test environment etc.
This is the main config that uses my local settings
<system.net>
<mailSettings>
<smtp from="p.carey#sentinelwater.co.uk">
<network host="SENTINEL-SBS" port="25" />
</smtp>
</mailSettings>
</system.net>
and this is one of the attempted transforms
<system.net>
<mailSettings>
<smtp from="noreply#test.managemywater.co.uk" xdt:Transform="Replace">
<network xdt:Transform="Replace" host="localhost" port="25" />
</smtp>
</mailSettings>
</system.net>
It simply fails on replacing 'host' with localhost and maintains SENTINEL-SBS. I have no idea if it attempts to replace 'from'.
I have run out of ideas and will have to resort to translating Japanese forums now!!!
No doubt there is a simple answer but I'll be damned if I can find it.
I have an addition transform for the connection string using 'add name' and that works fine.
The problem is that my JNLP file works locally on my 64-bit machine (running on my own machine), and locally and remotely on my 32-bit machine - but not remotely on the 64-bit machine (you see the Java 6... message for a looong time, and then it just terminates!). Any suggestions about how to trouble-shoot this? Should I specify different libraries for 64-bit and 32-bit? FWIW the jnlp file looks like this (maybe quite wrong!):
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+"
codebase="http://www.jpaulmorrison.com/graphicsstuff/">
<information>
<title>DrawFBP</title>
<vendor>J.P. Morrison Enterprises, Ltd.</vendor>
<description>FBP Diagramming Tool</description>
<icon href="DrawFBP-logo.jpg"/>
</information>
<security>
<all-permissions/>
</security>
<offline-allowed/>
<resources>
<j2se version="1.6+"/>
<j2se version="1.5"/>
<jar href="DrawFBP_signed-2.3.jar" main="true"/>
<extension name="javahelp" href="javahelp.jnlp">
</extension>
</resources>
<application-desc/>
</jnlp>
and javahelp.jnlp is as follows:
<!-- Java Network Launching Protocol file for JavaHelp
(requires Java Web Start http://www.java.com/) - thanks to www.koders.com -->
<jnlp codebase="https://jwindows.dev.java.net/" href="javahelp.jnlp" spec="1.0+">
<information>
<title>Java Help</title>
<vendor>Sun Microsystems</vendor>
<homepage href="http://java.sun.com/products/javahelp/"/>
<description>Java Help 2.0</description>
<offline-allowed/>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.5+"/>
<jar href="lib/jhall.jar" part="javahelp"/>
<package name="javax.help" part="javahelp" recursive="true"/>
</resources>
<component-desc/>
</jnlp>
TIA
Turns out you have to install both the 32-bit version of Java and the 64-bit version. Very confusing, but apparently Java can figure out which to use! It would be nice (but not essential) if someone could tell me why this works...?
PS I posted this to the Oracle forum, and nobody answered it either :-) I will post this answer there too.
I've created a rptdesign file using BIRT IDE. This file contents are in Arial font, when I export the report to PDF in windows it works fine.
I uses the default viewerServlet to create reports. But when I moved the report to a linux system, all contents in the report was displayed in Times New Roman font instead of Arial in th PDF file.
Then I copied the Arial.ttf file to /var/font/truetype and added the following line to platform/plugins/org.eclipse.birt.report.engine.fonts_2.3.2.r232_20090202/fontsConfig.xml
<font-paths>
---------------
---------------
---------------
<path path="/var/font/truetype" />
</font-paths>
After adding this line all contents are coming in Arial font, but the contents which are bold appears to compressed and look very ugly.
Has anyone faced this problem and has any solution?
Thank you
Regards,
Arun
Here is my fontsConfig_pdf.xml file
<font>
<font-aliases>
<mapping name="sans-serif" font-family="Arial" />
<mapping name="serif" font-family="Times-Roman" />
<mapping name="monospace" font-family="Courier" />
</font-aliases>
<font-encodings>
<encoding font-family="Times-Roman" encoding="Cp1252" />
<encoding font-family="Helvetica" encoding="Cp1252" />
<encoding font-family="Courier" encoding="Cp1252" />
<encoding font-family="Zapfdingbats" encoding="Cp1252" />
<encoding font-family="Symbol" encoding="Cp1252" />
<encoding font-family="STSong-Light" encoding="UniGB-UCS2-H" />
<encoding font-family="STSongStd-Light" encoding="UniGB-UCS2-H" />
<encoding font-family="MHei-Medium" encoding="UniCNS-UCS2-H" />
<encoding font-family="MSung-Light" encoding="UniCNS-UCS2-H" />
<encoding font-family="MSungStd-Light" encoding="UniCNS-UCS2-H" />
<encoding font-family="HeiseiMin-W3" encoding="UniJIS-UCS2-H" />
<encoding font-family="HeiseiKakuGo-W5" encoding="UniJIS-UCS2-H" />
<encoding font-family="KozMinPro-Regular" encoding="UniJIS-UCS2-H" />
<encoding font-family="HYGoThic-Medium" encoding="UniKS-UCS2-H" />
<encoding font-family="HYSMyeongJo-Medium" encoding="UniKS-UCS2-H" />
<encoding font-family="HYSMyeongJoStd" encoding="UniKS-UCS2-H" />
</font-encodings>
<font-paths>
<path path="/var/fonts/truetype"/>
</font-paths>
<composite-font name="all-fonts">
<font font-family="Times-Roman" catalog="Western" />
<font font-family="MSung-Light" catalog="Chinese" />
<font font-family="HeiseiKakuGo-W5" catalog="Japanese" />
<font font-family="HYGoThic-Medium" catalog="Korean" />
</composite-font>
</font>
Try explicitly stating your path to the font like this:
<font-paths>
<path path="/var/font/truetype/arial.ttf" />
</font-paths>
Setting this property (font-paths) cause the default fonts directory to be ignored in favor of only the paths in this set. This will make Arial the only available font for your PDF. To include the default fonts (TNR, Courier, etc...) add the default path (org.eclipse.birt.report.engine.fonts) under the eclipse plug-ins to you font-paths entries as well.
You can also choose to just add Arial.ttf to the default directory and REMOVE ALL ENTRIES from font-paths and pick up the Arial type that way. Either way should work.
Good Luck.
Can any one tell me if there is any
issue with Arial font in linux, if the
characters are set as bold
Everything works fine for us. Below is my patch for fontsConfig.xml:
<font-aliases>
<mapping name="sans-serif" font-family="Arial" />
...
</font-aliases>
<font-paths>
<path path="fonts"/>
</font-paths>
Put in fonts folder arial.ttf and arial.xml files.
I spent hours searching for this:
export BIRT_FONT_PATH=/usr/share/fonts/truetype
Execute this and done!
Then I copied the Arial.ttf file to /var/font/truetype
Arial.ttf only contains the plain version of the font.
For bold, italic and italic-bold there are different files (arialbd.ttf etc).
Just copy these, too.
E.g. when I add a new table it does not appear in the Northwind namespace untill I remove the project folder from :
C:\Users\userName\AppData\Local\Temp\Temporary ASP.NET Files\
or add and readd the SubSonic.dll
I have the following configuration :
<configSections>
<section name="SubSonicService" type="SubSonic.SubSonicSection, SubSonic"></section>
....
<SubSonicService defaultProvider="Northwind">
<providers>
<clear/>
<add name="Northwind"
type="SubSonic.SqlDataProvider, SubSonic"
connectionStringName="Northwind"
generatedNamespace="Northwind"/>
</providers>
</SubSonicService>
<connectionStrings>
<add name="Northwind" connectionString="Data Source=.;Database=Northwind;Integrated Security=true;"/>
</connectionStrings>
....
<compilation debug="true">
<buildProviders>
<add extension=".abp" type="SubSonic.BuildProvider, SubSonic"/>
</buildProviders>
...
<pages>
<controls>
<add assembly="SubSonic" namespace="SubSonic" tagPrefix="subsonic"/>
The issue here is that the BuildProvider doesn't "go off" unless you change the abp file in App_Code. It's a hack, but if you want it to work you need to open that file up and change it somehow by adding a space or something - then it will kick off the builder.
I'm working on some T4 templates so you don't have to do this. Also - you can use our commandline tool to generate the stuff to file for you:
http://subsonicproject.com/subcommander/using-the-command-line-tool-subcommander/
Thanks, both worked !
Either as you said to simply change the *.abp file ( added couple of spaces)
or
sonic.exe generate /config "D:\path\to\my\web.config"
P.S.
I have a D:\temp\utils folder , where I keep all the command line tools used ... and it is part of the %PATH% environmental variable ...
and it took me couple of minutes to realize that I had to copy the whole :
D:\libs\orm\SubSonic_2.1_Final_Source\src\SubSonic\bin\Debug directory to that command line tools folder ...
Edit: Even faster with VS External Tool command :
Tools - External Tools - Add
Title: SubSonic
Command: D:\path\to\sonic.exe
Arguments: generate /config "D:\path\to\my\web.config"
Initial Directory: {$ProjectDir}
Tools - Options - Keyboard
Find tools Subsonic
for it to work from anywhere on the command line