From 31f795a861a5df949def54a8c1e3c2d3b56ae827 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Mon, 15 Jan 2018 09:57:07 +0100
Subject: [PATCH] ansible-inventories/zehnder#169 Improve ImageMagick
 configuration

---
 defaults/main.yml                    | 1 +
 tasks/php.yml                        | 4 ++--
 templates/etc-imagemagick-policy.xml | 7 +++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 9600beb..fdf31ee 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -23,6 +23,7 @@ php_packages:
 php_base_dir: 'php5'
 php_conf_dir: 'conf.d'
 
+php_imagick_config_dir: '/etc/ImageMagick-6'
 php_allow_call_time_pass_reference: 'on'
 php_browscap: false
 php_date_timezone: 'Europe/Berlin'
diff --git a/tasks/php.yml b/tasks/php.yml
index 38ea28c..a5c981f 100644
--- a/tasks/php.yml
+++ b/tasks/php.yml
@@ -113,7 +113,7 @@
 
 - name: "PHP | Ensure ImageMagick config directory"
   file:
-    dest=/etc/ImageMagick
+    dest={{ php_imagick_config_dir }}
     state=directory
     owner=root
     group=root
@@ -122,7 +122,7 @@
 - name: "PHP | ImageMagick Policy File"
   template:
     src=etc-imagemagick-policy.xml
-    dest=/etc/ImageMagick/policy.xml
+    dest={{ php_imagick_config_dir }}/policy.xml
     owner=root
     group=root
     mode='644'
diff --git a/templates/etc-imagemagick-policy.xml b/templates/etc-imagemagick-policy.xml
index 19823c1..a35edf5 100644
--- a/templates/etc-imagemagick-policy.xml
+++ b/templates/etc-imagemagick-policy.xml
@@ -2,7 +2,7 @@
 <!DOCTYPE policymap [
 <!ELEMENT policymap (policy)+>
 <!ELEMENT policy (#PCDATA)>
-<!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
+<!ATTLIST policy domain (delegate|cache|coder|filter|path|resource) #IMPLIED>
 <!ATTLIST policy name CDATA #IMPLIED>
 <!ATTLIST policy rights CDATA #IMPLIED>
 <!ATTLIST policy pattern CDATA #IMPLIED>
@@ -54,8 +54,10 @@
   <!-- <policy domain="resource" name="file" value="768"/> -->
   <!-- <policy domain="resource" name="thread" value="4"/> -->
   <!-- <policy domain="resource" name="throttle" value="0"/> -->
-  <!-- <policy domain="resource" name="time" value="3600"/> -->
+  <policy domain="resource" name="time" value="30"/>
+  <policy domain="cache" name="shared-secret" value="passphrase"/>
   <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="URL" />
   <policy domain="coder" rights="none" pattern="HTTPS" />
   <policy domain="coder" rights="none" pattern="MVG" />
   <policy domain="coder" rights="none" pattern="MSL" />
@@ -63,4 +65,5 @@
   <policy domain="coder" rights="none" pattern="SHOW" />
   <policy domain="coder" rights="none" pattern="WIN" />
   <policy domain="coder" rights="none" pattern="PLT" />
+  <policy domain="path" rights="none" pattern="@*" />
 </policymap>
-- 
GitLab