1

I'm running a workflow pipeline in GitHub which uses ImageMagick. When I run tests which use ImageMagick on PDF files, I get the following error:

Command failed: convert "/tmp/test.pdf[0]" "/tmp/test-0.png"
convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.
convert-im6.q16: no images defined `/tmp/test-0.png' @ error/convert.c/ConvertImageCommand/3258.

I found the following posts which present a solution

ImageMagick security policy 'PDF' blocking conversion

https://bugs.archlinux.org/task/60580

But as this is ran in GitHub workflow, I was wondering maybe there's a simpler solution?

David Faizulaev
  • 4,651
  • 21
  • 74
  • 124
  • See also https://stackoverflow.com/questions/52861946/imagemagick-not-authorized-to-convert-pdf-to-an-image/52863413#52863413 – fmw42 Jan 10 '22 at 16:27
  • I saw it, so changing the file oa the only option then, even in GitHub. – David Faizulaev Jan 10 '22 at 17:30
  • As far as I know you have to edit the policy.xml file to enable permissions to use PDF/PS/EPS. Be sure you also have Ghostscript installed with ImageMagick – fmw42 Jan 10 '22 at 19:30

1 Answers1

0

Extracted and adapted solution from https://wessman.co/github-actions-imagemagick:

Due to a security vulnerability in Ghostscript < 9.24, ImageMagick changed the default policy to not allow conversions using Ghostscript. Even if Ghostscript has fixed the vulnerability, the ImageMagick policy has not been changed.

On Github Actions the default linux image is Ubuntu. Ubuntu should have an updated version of Ghostscript, but still has a policy for ImageMagick that disallows conversion from PDF to an image or the other way around.

My solution was inspired by this StackOverflow answer. It can be added to a Github Action like this:

jobs:
  job01:
    runs-on: ubuntu-latest
    steps:
      - name: Change ImageMagick policy to allow pdf->png conversion.
        run: |
          sudo sed -i 's/^.*policy.*coder.*none.*PDF.*//' /etc/ImageMagick-6/policy.xml

Note you may have to replace /etc/ImageMagick-6/policy.xml with your specific ImageMagick version, depending on which Ubuntu image is your Github Actions workflow using.

Pere Joan Martorell
  • 2,608
  • 30
  • 29