phga
/
fresh
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added imagemagick

Browse Source
master
toerd 6 years ago
parent ff7fe766a2
commit 96815dc9ea
3 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File

76
etc/ImageMagick-7/policy.xml
Unescape View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policymap [
<!ELEMENT policymap (policy)+>
<!ATTLIST policymap xmlns CDATA #FIXED ''>
<!ELEMENT policy EMPTY>
<!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
]>
<!--
Configure ImageMagick policies.
Domains include system, delegate, coder, filter, path, or resource.
Rights include none, read, write, execute and all. Use | to combine them,
for example: "read | write" to permit read from, or write to, a path.
Use a glob expression as a pattern.
Suppose we do not want users to process MPEG video images:
<policy domain="delegate" rights="none" pattern="mpeg:decode" />
Here we do not want users reading images from HTTP:
<policy domain="coder" rights="none" pattern="HTTP" />
The /repository file system is restricted to read only. We use a glob
expression to match all paths that start with /repository:
<policy domain="path" rights="read" pattern="/repository/*" />
Lets prevent users from executing any image filters:
<policy domain="filter" rights="none" pattern="*" />
Any large image is cached to disk rather than memory:
<policy domain="resource" name="area" value="1GP"/>
Define arguments for the memory, map, area, width, height and disk resources
with SI prefixes (.e.g 100MB). In addition, resource policies are maximums
for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
exceeds policy maximum so memory limit is 1GB).
Rules are processed in order. Here we want to restrict ImageMagick to only
read or write a small subset of proven web-safe image types:
<policy domain="delegate" rights="none" pattern="*" />
<policy domain="filter" rights="none" pattern="*" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
-->
<policymap>
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
<policy domain="resource" name="memory" value="256MiB"/>
<policy domain="resource" name="map" value="512MiB"/>
<policy domain="resource" name="width" value="16KP"/>
<policy domain="resource" name="height" value="16KP"/>
<policy domain="resource" name="area" value="128MB"/>
<policy domain="resource" name="disk" value="1GiB"/>
<!-- <policy domain="resource" name="file" value="768"/> -->
<!-- <policy domain="resource" name="thread" value="4"/> -->
<!-- <policy domain="resource" name="throttle" value="0"/> -->
<!-- <policy domain="resource" name="time" value="3600"/> -->
<!-- <policy domain="system" name="precision" value="6"/> -->
<!-- not needed due to the need to use explicitly by mvg: -->
<!-- <policy domain="delegate" rights="none" pattern="MVG" /> -->
<!-- use curl -->
<policy domain="delegate" rights="none" pattern="URL" />
<policy domain="delegate" rights="none" pattern="HTTPS" />
<policy domain="delegate" rights="none" pattern="HTTP" />
<!-- in order to avoid to get image with password text -->
<policy domain="path" rights="none" pattern="@*"/>
<policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
</policymap>

6
fresh.sh
Unescape View File

@ -185,6 +185,11 @@ add_xorg_conf() {
cp $scriptdir/etc/X11/xorg.conf.d/* /etc/X11/xorg.conf.d/ &>> $logfile cp $scriptdir/etc/X11/xorg.conf.d/* /etc/X11/xorg.conf.d/ &>> $logfile
} }
add_imagemagick_conf() {
echo "Adding image conf\n\n" >> $logfile
cp $scriptdir/etc/ImageMagick-7/* /etc/ImageMagick-7/ &>> $logfile
}
add_udev_rules() { add_udev_rules() {
echo "Adding udev rules from $scriptdir into udev folder\n\n" >> $logfile echo "Adding udev rules from $scriptdir into udev folder\n\n" >> $logfile
cp $scriptdir/etc/udev/rules.d/* /etc/udev/rules.d/ &>> $logfile cp $scriptdir/etc/udev/rules.d/* /etc/udev/rules.d/ &>> $logfile
@ -222,6 +227,7 @@ set_system_stuff() {
set_pacman_config set_pacman_config
add_pacman_hooks add_pacman_hooks
add_xorg_conf add_xorg_conf
add_imagemagick_conf
set_git_config set_git_config
#link syncthing config and move certs #link syncthing config and move certs
sudo -u $uname /home/$uname/.dotfiles/syncthing/link-confs.sh &>> $logfile sudo -u $uname /home/$uname/.dotfiles/syncthing/link-confs.sh &>> $logfile

2
pack.csv
Unescape View File

@ -65,7 +65,9 @@ A,P,gvim,Vi Improved a highly configurable improved version of the vi text edito
A,P,emacs,The extensible customizable self-documenting real-time display editor A,P,emacs,The extensible customizable self-documenting real-time display editor
A,P,xournal,Notetaking and sketching application A,P,xournal,Notetaking and sketching application
# emacs reqs
A,P,pandoc,A universal document converter A,P,pandoc,A universal document converter
A,P,imagemagick,emacs screenshots
# Mail # Mail
A,P,mu,Maildir indexer/searcher and Emacs client (mu4e) A,P,mu,Maildir indexer/searcher and Emacs client (mu4e)

1 # First column: A = All, L = Laptop, D = Desktop
65 A,P,alsa-plugins,Extra alsa plugins # General stuff
66 A,P,alsa-utils,An alternative implementation of Linux sound support A,P,htop,Interactive process viewer
67 A,P,pass,Stores retrieves generates and synchronizes passwords securely A,P,alsa-plugins,Extra alsa plugins
68 A,P,alsa-utils,An alternative implementation of Linux sound support
69 A,A,pass-git-helper,git password helper A,P,pass,Stores retrieves generates and synchronizes passwords securely
70 A,A,pass-git-helper,git password helper
71 A,P,python-tldextract,lib for qute-pass
72 A,P,zip,Compressor/archiver for creating and modifying zipfiles
73 A,P,p7zip,Command-line file archiver with high compression ratio
Write Preview
Loading…
Cancel
Save