lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0ee407a1-ff5a-4c04-a99e-045cfe90d850@gmail.com>
Date:   Wed, 5 Jan 2022 10:47:40 +0900
From:   Akira Yokosawa <akiyks@...il.com>
To:     Christoph Hellwig <hch@....de>
Cc:     corbet@....net, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, mchehab@...nel.org
Subject: Re: make pdfdocs fails on Debian stable

On Tue, 4 Jan 2022 22:46:57 +0900, Akira Yokosawa wrote:
> On Tue, 4 Jan 2022 14:19:52 +0100, Christoph Hellwig wrote:
>> On Tue, Jan 04, 2022 at 06:31:01PM +0900, Akira Yokosawa wrote:
>>> Hi, getting back to the error message, I remember seeing a similar error
>>> when I failed to permit PDF output of ImageMagick.
>>>
>>> What I did back then was this (as root):
>>>
>>>  # cd /etc/ImageMagick-6  
>>>  # sed -i 's+policy domain="coder" rights="none" pattern="PDF"+policy domain="coder" rights="read|write" pattern="PDF"+' policy.xml ; \
>>>
>>> In case this resolves your issue.
>>
>> I've definitively seen permission denied errors earlier in the (rather
>> noisy) build log.  But I absolutely do not feel comfortable changing
>> global security policies for a kernel build, especially for something
>> like ImageMagic that had its fair share of security issues.  Is there any
>> way to side step this by using a different tool?
>>
> 
> See my pending patch set at:
> 
>     https://lore.kernel.org/linux-doc/e01fe9f9-f600-c2fc-c6b3-ef6395655ffe@gmail.com
>     [PATCH v2 0/4] docs: sphinx/kfigure.py: Improve conversion to PDF
> 
> This uses Inkscape if it is available instead of ImageMagick.
> No imagemagick nor librsvg2-bin is required.
> As long as if you can trust Inkscape...
> 
> Good luck!

Alternatively, you can avoid ImageMagick by installing
graphicsmagick-imagemagick-compat instead of imagemagick.

I'm not sure what you think of GraphicsMagick, though.

If you'd like to try, do:

    $ sudo apt install graphicsmagick-imagemagick-compat ghostscript gsfonts-x11

This will remove ImageMagick.
(You have ghostscript and gsfonts-x11 already installed, I guess.)

        Thanks, Akira

> 
>         Thanks, Akira
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ