You are here: start / fuss / imagemagick

Differences

This shows you the differences between two versions of the page.


Previous revision
fuss:imagemagick [2024/11/23 21:10] (current) – [Flip and Image Vertically or Horizontally] office
Line 1: Line 1:
 +====== Convert Font to Images ======
  
 +Given a font file called ''font.ttf'', use the following to extract the letters and numbers as separate image files.
 +
 +<code bash>
 +for i in {a..z} {A..Z} {0..9}; do convert -font font.ttf -pointsize 72 label:$i $i.gif; done
 +</code>
 +
 +====== Identify an Image ======
 +
 +Using the ''identify'' command from the ImageMagick package, we can print out the details of an image:
 +
 +<code bash>
 +identify empty.gif
 +</code>
 +
 +with the sample output:
 +<code>
 +empty.gif GIF 1x1 1x1+0+0 8-bit PseudoClass 2c 26B 0.000u 0:00.000
 +</code>
 +
 +====== Flip and Image Vertically or Horizontally ======
 +
 +Flipping an image vertically or horizontally can be done with the ''mogrify'' tool:
 +
 +<code bash>
 +mogrify -flip image.png # to flip vertically
 +mogrify -flop image.png # to flip horizontally
 +</code>
 +
 +====== Fixing Permission Errors with ImageMagick-Convert =======
 +
 +One error that can be frequently observed when using ImageMagick with ''convert'' might be similar to the following:
 +<code>
 +convert: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.
 +convert: no images defined `output.png' @ error/convert.c/ConvertImageCommand/3288.
 +</code>
 +and typically applies to situations where GhostScript documents or PDF documents are converted to some format (in the example above PNG files).
 +
 +This is due to ImageMagick actually defining content policies for conversions that were added due to security flaws that have not been fixed yet. The policies can however be changed by modifying the policy file (typically placed at ''/etc/ImageMagick-6/policy.xml'') and removing some of the restrictions.
 +
 +Here are the lines that should be removed from ''policy.xml'':
 +<code xml>
 +<!-- disable ghostscript format types -->
 +<policy domain="coder" rights="none" pattern="PS" />
 +<policy domain="coder" rights="none" pattern="PS2" />
 +<policy domain="coder" rights="none" pattern="PS3" />
 +<policy domain="coder" rights="none" pattern="EPS" />
 +<policy domain="coder" rights="none" pattern="PDF" />
 +<policy domain="coder" rights="none" pattern="XPS" />
 +
 +</code>
 +in order to allow conversions involving GhostScript and PDF files.
 +
 +Here is a complete policy file for ImageMagick v6 with the changes already made that should be placed at ''/etc/ImageMagick-6/policy.xml'' for conversions of GhostScript and PDF files to work:
 +<code xml>
 +<?xml version="1.0" encoding="UTF-8"?>
 +<!DOCTYPE policymap [
 +  <!ELEMENT policymap (policy)*>
 +  <!ATTLIST policymap xmlns CDATA #FIXED ''>
 +  <!ELEMENT policy EMPTY>
 +  <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
 +    name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
 +    stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
 +]>
 +<!--
 +  Configure ImageMagick policies.
 +
 +  Domains include system, delegate, coder, filter, path, or resource.
 +
 +  Rights include none, read, write, execute and all.  Use | to combine them,
 +  for example: "read | write" to permit read from, or write to, a path.
 +
 +  Use a glob expression as a pattern.
 +
 +  Suppose we do not want users to process MPEG video images:
 +
 +    <policy domain="delegate" rights="none" pattern="mpeg:decode" />
 +
 +  Here we do not want users reading images from HTTP:
 +
 +    <policy domain="coder" rights="none" pattern="HTTP" />
 +
 +  The /repository file system is restricted to read only.  We use a glob
 +  expression to match all paths that start with /repository:
 +
 +    <policy domain="path" rights="read" pattern="/repository/*" />
 +
 +  Lets prevent users from executing any image filters:
 +
 +    <policy domain="filter" rights="none" pattern="*" />
 +
 +  Any large image is cached to disk rather than memory:
 +
 +    <policy domain="resource" name="area" value="1GP"/>
 +
 +  Use the default system font unless overwridden by the application:
 +
 +    <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/>
 +
 +  Define arguments for the memory, map, area, width, height and disk resources
 +  with SI prefixes (.e.g 100MB).  In addition, resource policies are maximums
 +  for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
 +  exceeds policy maximum so memory limit is 1GB).
 +
 +  Rules are processed in order.  Here we want to restrict ImageMagick to only
 +  read or write a small subset of proven web-safe image types:
 +
 +    <policy domain="delegate" rights="none" pattern="*" />
 +    <policy domain="filter" rights="none" pattern="*" />
 +    <policy domain="coder" rights="none" pattern="*" />
 +    <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
 +-->
 +<policymap>
 +  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
 +  <policy domain="resource" name="memory" value="256MiB"/>
 +  <policy domain="resource" name="map" value="512MiB"/>
 +  <policy domain="resource" name="width" value="16KP"/>
 +  <policy domain="resource" name="height" value="16KP"/>
 +  <!-- <policy domain="resource" name="list-length" value="128"/> -->
 +  <policy domain="resource" name="area" value="128MP"/>
 +  <policy domain="resource" name="disk" value="1GiB"/>
 +  <!-- <policy domain="resource" name="file" value="768"/> -->
 +  <!-- <policy domain="resource" name="thread" value="4"/> -->
 +  <!-- <policy domain="resource" name="throttle" value="0"/> -->
 +  <!-- <policy domain="resource" name="time" value="3600"/> -->
 +  <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
 +  <!-- <policy domain="path" rights="none" pattern="@*" /> -->
 +  <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
 +  <!-- <policy domain="cache" name="synchronize" value="True"/> -->
 +  <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
 +  <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
 +  <!-- <policy domain="system" name="shred" value="2"/> -->
 +  <!-- <policy domain="system" name="precision" value="6"/> -->
 +  <!-- <policy domain="system" name="font" value="/path/to/font.ttf"/> -->
 +  <!-- <policy domain="system" name="pixel-cache-memory" value="anonymous"/> -->
 +  <!-- <policy domain="system" name="shred" value="2"/> -->
 +  <!-- <policy domain="system" name="precision" value="6"/> -->
 +  <!-- not needed due to the need to use explicitly by mvg: -->
 +  <!-- <policy domain="delegate" rights="none" pattern="MVG" /> -->
 +  <!-- use curl -->
 +  <policy domain="delegate" rights="none" pattern="URL" />
 +  <policy domain="delegate" rights="none" pattern="HTTPS" />
 +  <policy domain="delegate" rights="none" pattern="HTTP" />
 +  <!-- in order to avoid to get image with password text -->
 +  <policy domain="path" rights="none" pattern="@*"/>
 +  <!-- disable ghostscript format types -->
 +</policymap>
 +
 +</code>
 +
 +Note that depending on the environment, these errors are tough to debug and in particular to web environments due to ImageMagick being used profusely due to image conversions being used abundantly in web design. 
 +
 +For example, this error prevents [[https://www.dokuwiki.org/plugin:latexwas|the DokuWiki ''latex'' plugin]] from working out of the box.
You are here: start / fuss / imagemagick

Wizardry and Steamworks

© 2025 Wizardry and Steamworks

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.