Ubuntu 25.10 has got an AppArmor policy for gs (ghostscript) which
prevents its accesses to files outside of $HOME/:
[in /etc/apparmoer.d/gs]
# allow access to files with selected extensions under HOME
owner file rw @{HOME}/**.@{gs_file_ext},
This change has resulted in build errors under Git repos not under
$HOME/ [1].
As a workaround, tweak recipes involving ghostscript so that their
input/output files are under /tmp, where rw accesses are allowed by
a policy included from abstructions/user-tmp.
Link [1]:
https://askubuntu.com/questions/1560219/ghostscript-unable-to-write-to-non-boot-volume-after-update-to-25-10
Signed-off-by: Akira Yokosawa <[email protected]>
---
Makefile | 5 ++++-
a2ping-rule.mk | 40 +++++++++++++++++++++++++++++++---------
epstopdf-rule.mk | 48 ++++++++++++++++++++++++++++++++++++------------
3 files changed, 71 insertions(+), 22 deletions(-)
diff --git a/Makefile b/Makefile
index 1e63c0b5..a72b4794 100644
--- a/Makefile
+++ b/Makefile
@@ -503,7 +503,10 @@ endif
$(PDFTARGETS_OF_SVG_CROP): %-crop.pdf: %.pdf
@echo "Crop $< (pdfcrop)"
- @pdfcrop $< $@ > /dev/null
+ @TMP=`mktemp -d` && cp $< $$TMP/$(notdir $<) && \
+ pdfcrop $$TMP/$(notdir $<) $$TMP/$(notdir $@) > /dev/null && \
+ mv -f $$TMP/$(notdir $@) $@ && \
+ rm -rf $$TMP/
ifdef RSVG_CONVERT
FALLBACK_RSVG_CONVERT = || (cat $<i | rsvg-convert $(RSVG_FMT_OPT) > $@ &&
echo "$< --> $(suffix $@) (fallback rsvg-convert)")
diff --git a/a2ping-rule.mk b/a2ping-rule.mk
index 62de9704..da20488e 100644
--- a/a2ping-rule.mk
+++ b/a2ping-rule.mk
@@ -38,10 +38,14 @@ endif
ifeq ($(A2PING_GSCNFL),1)
$(error You need to update a2ping. See #7 in FAQ-BUILD.txt)
endif
- @cp $< $<i
- @sh $(FIXANEPSFONTS) $<i
- @a2ping --below --hires --bboxfrom=compute-gs $<i $@ > /dev/null 2>&1
- @rm -f $<i
+ @TMP=`mktemp -d` && \
+ TMP1=$$TMP/$(notdir $<i) && \
+ TMPDST=$$TMP/$(notdir $@) && \
+ cp $< $$TMP1 && \
+ sh $(FIXANEPSFONTS) $$TMP1 && \
+ a2ping --below --hires --bboxfrom=compute-gs $$TMP1 $$TMPDST >
/dev/null 2>&1 && \
+ mv -f $$TMPDST $@ && \
+ rm -rf $$TMP
$(PDFTARGETS_OF_TEX): %.pdf: %.eps
@echo "$< --> $(suffix $@) (by a2ping)"
@@ -52,11 +56,23 @@ ifeq ($(A2PING_GSCNFL),1)
$(error a2ping version conflict. See #7 in FAQ-BUILD.txt)
endif
ifeq ($(A2PING_GSCNFL),2)
- @a2ping --below --gsextra=-dALLOWPSTRANSPARENCY $< $(basename $@)__.pdf
> /dev/null 2>&1
- @pdfcrop --hires $(basename $@)__.pdf $@ > /dev/null
- @rm -f $(basename $@)__.pdf
+ @TMP=`mktemp -d` && \
+ TMPSRC=$$TMP/$(notdir $<) && \
+ TMP1=$$TMP/$(notdir $(basename $@)__.pdf) && \
+ TMPDST=$$TMP/$(notdir $@) && \
+ cp $< $$TMPSRC && \
+ a2ping --below --gsextra=-dALLOWPSTRANSPARENCY $$TMPSRC $$TMP1 >
/dev/null 2>&1 && \
+ pdfcrop --hires $$TMP1 $$TMPDST > /dev/null && \
+ mv -f $$TMPDST $@ && \
+ rm -rf $$TMP
else
- @a2ping --below --hires --bboxfrom=compute-gs $< $@ > /dev/null 2>&1
+ @TMP=`mktemp -d` && \
+ TMPSRC=$$TMP/$(notdir $<) && \
+ TMPDST=$$TMP/$(notdir $@) && \
+ cp $< $$TMPSRC && \
+ a2ping --below --hires --bboxfrom=compute-gs $$TMPSRC $$TMPDST >
/dev/null 2>&1 && \
+ mv -f $$TMPDST $@ && \
+ rm -rf $$TMP
endif
$(PDFTARGETS_OF_EPSORIG_NOFIXFONTS) $(PDFTARGETS_OF_EPSOTHER): %.pdf: %.eps
@@ -67,4 +83,10 @@ endif
ifeq ($(A2PING_GSCNFL),1)
$(error a2ping version conflict. See #7 in FAQ-BUILD.txt)
endif
- @a2ping --below --hires --bboxfrom=compute-gs $< $@ > /dev/null 2>&1
+ @TMP=`mktemp -d` && \
+ TMPSRC=$$TMP/$(notdir $<) && \
+ TMPDST=$$TMP/$(notdir $@) && \
+ cp $< $$TMPSRC && \
+ a2ping --below --hires --bboxfrom=compute-gs $$TMPSRC $$TMPDST >
/dev/null 2>&1 && \
+ mv -f $$TMPDST $@ && \
+ rm -rf $$TMP
diff --git a/epstopdf-rule.mk b/epstopdf-rule.mk
index ea0ff791..56261259 100644
--- a/epstopdf-rule.mk
+++ b/epstopdf-rule.mk
@@ -14,10 +14,15 @@ $(PDFTARGETS_OF_GNUPLOT_NEEDFIXFONTS): %.pdf: %.eps
ifndef EPSTOPDF
$(error $< --> $@: epstopdf not found. Please install it)
endif
- @sh $(FIXFONTS) < $< > $(basename $<)__.eps
- @eps2eps $(basename $<)__.eps $(basename $<)___.eps
- @epstopdf $(GS_OPT) $(basename $<)___.eps $@
- @rm -f $(basename $<)__.eps $(basename $<)___.eps
+ @TMP=`mktemp -d` && \
+ TMP1=$$TMP/$(notdir $(basename $<)__.eps) && \
+ TMP2=$$TMP/$(notdir $(basename $<)___.eps) && \
+ TMPDST=$$TMP/$(notdir $@) && \
+ sh $(FIXFONTS) < $< > $$TMP1 && \
+ eps2eps $$TMP1 $$TMP2 && \
+ epstopdf $(GS_OPT) $$TMP2 $$TMPDST && \
+ mv -f $$TMPDST $@ && \
+ rm -rf $$TMP
$(PDFTARGETS_OF_TEX): %.pdf: %.eps
@echo "$< --> $(suffix $@)"
@@ -25,19 +30,38 @@ ifndef EPSTOPDF
$(error $< --> $@: epstopdf not found. Please install it)
endif
ifeq ($(GS_953_OR_LATER),1)
- @eps2eps -dALLOWPSTRANSPARENCY $< $(basename $<)__.eps
- @epstopdf --gsopt=-dALLOWPSTRANSPARENCY $(GS_OPT) $(basename $<)__.eps
$@
+ @TMP=`mktemp -d` && \
+ TMPSRC=$$TMP/$(notdir $<) && \
+ TMP1=$$TMP/$(notdir $(basename $<)__.eps) && \
+ TMPDST=$$TMP/$(notdir $@) && \
+ cp $< $$TMPSRC && \
+ eps2eps -dALLOWPSTRANSPARENCY $$TMPSRC $$TMP1 && \
+ epstopdf --gsopt=-dALLOWPSTRANSPARENCY $(GS_OPT) $$TMP1 $$TMPDST &&
\
+ mv -f $$TMPDST $@ && \
+ rm -rf $$TMP
else
- @eps2eps -dNOSAFER $< $(basename $<)__.eps
- @epstopdf --nosafer $(GS_OPT) $(basename $<)__.eps $@
+ @TMP=`mktemp -d` && \
+ TMPSRC=$$TMP/$(notdir $<) && \
+ TMP1=$$TMP/$(notdir $(basename $<)__.eps) && \
+ TMPDST=$$TMP/$(notdir $@) && \
+ cp $< $$TMPSRC && \
+ eps2eps -dNOSAFER $$TMPSRC $$TMP1 && \
+ epstopdf --nosafer $(GS_OPT) $$TMP1 $$TMPDST && \
+ mv -f $$TMPDST $@ && \
+ rm -rf $$TMP
endif
- @rm -f $(basename $<)__.eps
$(PDFTARGETS_OF_EPSORIG_NOFIXFONTS) $(PDFTARGETS_OF_EPSOTHER): %.pdf: %.eps
@echo "$< --> $(suffix $@)"
ifndef EPSTOPDF
$(error $< --> $@: epstopdf not found. Please install it)
endif
- @eps2eps $< $(basename $<)__.eps
- @epstopdf $(GS_OPT) $(basename $<)__.eps $@
- @rm -f $(basename $<)__.eps
+ @TMP=`mktemp -d` && \
+ TMPSRC=$$TMP/$(notdir $<) && \
+ TMP1=$$TMP/$(notdir $(basename $<)__.eps) && \
+ TMPDST=$$TMP/$(notdir $@) && \
+ cp $< $$TMPSRC && \
+ eps2eps $$TMPSRC $$TMP1 && \
+ epstopdf $(GS_OPT) $$TMP1 $$TMPDST && \
+ mv -f $$TMPDST $@ && \
+ rm -rf $$TMP
--
2.43.0
