Skip to main content

How to customize ImageMagick configuration

Comments

9 comments

  • Joachim Beck

    Thank you for sharing this!

    I just tried to enable PDF thumbnail generation in my PHP 8.0 app (which runs ImageMagick 6.9.10-23).

    <policymap>
        <policy domain="coder" rights="read|write" pattern="PDF" />
    </policymap>
    

    Turns out the custom policy file gets picked up correctly, by running “convert -list policy”.
    But you can’t allow stuff that is disabled globally as it’s stated here https://stackoverflow.com/a/52719789

    So, any ideas how to enable PDF thumbnails in PHP 8.0 apps?
    (PHP 7.4 with ImageMagick 6.9.7-4 worked perfectly)


    SOLVED: for PDF thumbnail generation you only need read access, which seems to be accepted

    <policymap>
        <policy domain="coder" rights="read" pattern="PDF" />
    </policymap>
    
    0
  • Travis Raup

    For PHP 8.0 I was able to get this to work via the following changes.

    The big change is re-including the default policy path to set the order of policy preferences correctly.

    Still waiting on the maintainers to reactive these settings by default.

    variables:
        env:
            MAGICK_CONFIGURE_PATH: "/app/.magick/:/etc/ImageMagick-6/"
    
    runtime:
        extensions:
            - imagick
    
    <policymap>
        <policy domain="coder" rights="read | write" pattern="PDF" />
    </policymap>
    
    0
  • Sascha Grossenbacher

    Interesting. Based on the claim that it’s not allowed to override this for security reasons from the global defaults, being able to override by specifying the default directory explicitly feels like a (security) bug that might break again in the future as everyone can change the environment variable like this?

    0
  • Andy Dopleach

    Is this approach still working for those on this thread?

    I tried the above along with some variations and although the custom policy shows up in “convert -list policy” an attempt to generate a jpg from a pdf get the same error →

    “convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF’ @ error/constitute.c/IsCoderAuthorized/408.”

    0
  • Barry Fisher

    We found that given ImageMagick has an automatic directory lookup as follows:

    $MAGICK_CONFIGURE_PATH
    $MAGICK_HOME/etc/ImageMagick-7 
    $MAGICK_HOME/share/ImageMagick-7 
    $PREFIX/share/ImageMagick-7 
    $XDG_CACHE_HOME/ImageMagick
    $HOME/.config/ImageMagick/
    <client path>/etc/ImageMagick
    <current directory>
    

    … we didn’t need to add an environment variable in the platform config. Instead we put a policy.xml file in the $HOME/.config/ImageMagick/ directory i.e. /app/.config/ImageMagick/policy.xml that includes:

    <policymap>
      <policy domain="coder" rights="read" pattern="PDF" />
    </policymap>
    

    This allowed us to get our PHP 8.1 Drupal 9.4 site working with the media_pdf_thumnail module functionality.

    Source: https://imagemagick.org/script/resources.php

    0
  • Joachim Beck

    I can confirm, this is working. Thank you for sharing!

    0
  • Rahaf Albawab

    I applied the same thing. but I’m using php8.1.
    When i pushed the work to PSH i faced this issue
    image

    0
  • Robert Hubinak

    Hi, please open a ticket so we can look further.

    0
  • Andrew Munroe

    Sorry for asking a dumb question, but can someone help me out with exact steps to enable this for PHP8.1?

    Where exactly can i add my policymap?

    0

Please sign in to leave a comment.