Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Thumbnail generation fails with 10.10 Dockerfile #41

Closed
yreifschneider opened this issue Jul 6, 2020 · 2 comments
Closed

Thumbnail generation fails with 10.10 Dockerfile #41

yreifschneider opened this issue Jul 6, 2020 · 2 comments

Comments

@yreifschneider
Copy link

The docker image for Nuxeo 10.10 uses the image openjdk:8-jdk which recently got updated from Debian Stretch to Debian Buster. Due to this distribution upgrade, the config file /etc/ImageMagick-6/policy.xml got updated to a more restricted version, which prevents thumbnail generation from PDF files.

I fixed this issue in a local clone by specifying that Nuxeo should be built from FROM openjdk:8-jdk-stretch.
@00dav00
Copy link

00dav00 commented Sep 10, 2020

Hi @yreifschneider I'm experiencing the same problem. Did you clone the repo and modify this in the Dockerfile? Or some how extended the image in another custom Dockerfile?

@dmetzler
Copy link

The restriction comes from security issues raised by GS conversion. The distribution then disabled the GS conversion by default and people need to activate it on purpose. For the Nuxeo default image, I we want to follow the distribution security guidelines.
You can re-enable those conversions by either:

  • Building your own image base on stretch. But your image will be built on top of an older based distribution
  • Overriding the /etc/ImageMagick-6/policy.xml by ADDing the file in your own Dockerfile, which seems to be the best solution
FROM nuxeo:LTS
ADD mypolicy.xml /etc/ImageMagick-6/policy.xml

a sample policy file can look like that:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policymap [
  <!ELEMENT policymap (policy)+>
  <!ATTLIST policymap xmlns CDATA #FIXED ''>
  <!ELEMENT policy EMPTY>
  <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
    name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
    stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
]>
<policymap>
  <policy domain="resource" name="width" value="32MP"/>
  <policy domain="resource" name="height" value="32MP"/>
  <policy domain="cache" name="shared-secret" value="passphrase"/>
  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="MSL" />
  <policy domain="coder" rights="none" pattern="TEXT" />
  <policy domain="coder" rights="none" pattern="SHOW" />
  <policy domain="coder" rights="none" pattern="WIN" />
  <policy domain="coder" rights="none" pattern="PLT" />
  <policy domain="path" rights="none" pattern="@*" />
  <policy domain="coder" rights="read|write" pattern="{PS,EPS,PDF,XPS}" />
</policymap>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmetzler @yreifschneider @00dav00