-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When packing apps for the Windows Store, Widevine is not correctly loaded #50
Comments
First off, when you say |
Yes, I am talking about the widevine-ready event. Apparently the inizialization (in terms of exchanged events) looks went fine. |
Ok, then we are likely looking at some kind of issue with As for a workaround, there are a couple of ways to override the directory values. The first way is to modify the The second way is to use the verifyWidevineCdm() API to do the same thing programmatically. The |
The problem is that the path that Electron sees is always the not-virtualized one, even if it is writing in the virtualized directory. The exact behaviour is the following: If an app running in the desktop bridge tries to access any directory under If, otherwise, the directory does not exist yet, the app running in the desktop bridge thinks it is writing in the above directory, while in reality it is accessing files under
I created a POC of this here: If you install and run it on a machine where you have already run electron, the DRM will work since the directory: But if you delete that directory and run again: Finally, if you even create the not-virtualized electron dir (using the not-desktop-bridged electron version), the |
Well, that sounds like a recipe for disaster in combination with the Widevine CDM. It enforces that the CDM binary image was loaded from a "real" path with no filesystem links or virtualizations of any kind, silently failing if that is the case. This has bitten me before during development, e.g. when I've been using drive mappings to avoid issues with long paths on Windows. It is unclear to me why anything would differ between Electron 4 and 7 though since the code that is in question here is essentially the same. Maybe upstream Electron changed something so that the filesystem APIs now honors the virtualizations where it previously did not. Anyway, thanks for the POC, I'll see if I can use that to further investigate what is happening. I suspect the only way around this is to make the CDM access bypass the filesystem virtualization, but I'm not very familiar with UWP or Desktop Bridge, so I'm not sure if it is possible. Were you able to make it work by overriding the paths used or is all filesystem access virtualized? |
I'm having the same issue as @delfinof.
I tried overriding the paths (with the non-virtualized directories) by passing them to I think this happens because we can only read outside the virtualized folders, but not write. |
To reiterate what Koen is saying, this is hitting us quite hard now, so if there is anything we can do to help resolve this we will! |
I've isolated the cause to what I was speculating about above. Since AppData is virtualized the Widevine CDM loads without problem but it will fail silently due to the security check I mentioned inside the CDM itself. If I install the CDM outside AppData instead, it works. For example setting something like this when calling var wv = app.verifyWidevineCdm({
downloadDir: 'C:\\Users\\khwaaj\\foobar\\Electron\\Downloads\\WidevineCDM',
installDir: 'C:\\Users\\khwaaj\\foobar\\Electron\\WidevineCDM',
updateDir: 'C:\\Users\\khwaaj\\foobar\\Electron\\WidevineCDM.pending',
lastDir: 'C:\\Users\\khwaaj\\foobar\\Electron\\WidevineCDM.last',
}); Apparently the virtualization of AppData was a change introduced in Windows 10 1903, so it was likely working before that. I'm trying to figure out what to best do about this and what recommendation to make to people running into this now. |
This is what I did with but then with: As far as I know you also can't write outside the virtualized directories without permissions (when packed for Windows Store). Or am I missing something? |
That is just the thing, it won't work inside If anyone has any good suggestions for an alternate location that is not virtualized please go ahead and make them... :-) |
As it probably has to be in the user folder due to permissions, I think it would be best to do something like: |
Yeah, it would have to be a writable directory like Apparently there is another accepted pattern as well where template files are installed in |
With the path override, I guess it should be possible to distribute widevine with the app and load it from the installation folder. Is there any legal or technical issue (e.g. using relative paths in loading widevine, too tight release schedule etc) preventing that? |
While technically possible there are legal issues with providing the CDM with the application bundle, like Chrome does. We have explicitly been warned not to do this by the Widevine Team since it would open us up to potential litigation, specifically over decoder licensing (since there are decoders included in the CDM). As long as the CDM is dynamically installed by download from Google servers it is covered by the license Google has. There is also the drawback of not being able to update it in case a CDM is deprecated for security reasons, unless you install the CDM in a directory where it can be updated, of course. An alternative may be to run the application outside the Desktop Bridge with a special |
Starting with v5.0.13 it will be possible to override For example, to use the equivalent of app.verifyWidevineCdm({
baseDir: path.join(app.getPath('home'), 'Widevine', app.getName())
}); Or: app.commandLine.appendSwitch('widevine-base-dir', path.join(app.getPath('home'), 'Widevine', app.getName())) |
Hi, this new option looks interesting. In this branch of my POC: I changed the "c# starter" in order to read the LocalFolder of the app without requiring the system virtualization through the UWP API: Which returns: Then I start electron with the command line switch you explained above. |
@delfinof That looks awesome! How would I get this |
Interesting, I did some similar experiments by hardcoding the paths in Electron v7 but did not get it to work reliably even then. I think that may have still been in the In any case, exactly how this "virtualization" they are doing since the 1903 update works is still a bit unclear to me. Perhaps there are some loopholes that can be used, but I'm a bit worried about what happens in the next OS update. I'm just about to release v7.1.6, including the fix I mentioned earlier, so it would be an interesting test to see if this workaround is still viable there. |
@koenoe In case you wish to do everything from within electron, this is a way for accessing the above API: @khwaaj will test that when available. (BTW this trick does not work in windows mode S (or how is it called now) and violates Windows Store policies) |
@delfinof, thanks, I was thinking that you initially mentioned that it worked in v4 but not v7 so that is why I'm interested to see if there is a difference between v5 and v7 too. I've not been able to find any obvious reasons for this discrepancy which is why I mentioned the possibility of differences depending on which Windows SDK version was linked. Indeed, that is about what I gathered from reading up on the Desktop Bridge in 1903. But the devil is in the details and the CDM obviously detects that it has been placed in a virtualized environment, even for some placements that have not been explicitly documented as virtualized in what I've read. For example, in my testing this was true even if I passed the "real" path to to About the Windows Store, isn't just downloading and executing a binary not part of the initial package a breach off the store policies? I know it is in the Mac App store. |
I think dynamic downloading of WidevineCDM is allowed in the Windows Store because of this: https://docs.microsoft.com/en-us/windows/uwp/publish/store-policies#102-security
That is, as long as you don't include code which changes described functionalities, you are ok. On the other side, IMHO downloading Widevine in the home directory violates the principle at the beginning:
Since it tries to circumvent the ecosystem concept of virtualization. But my personal experience suggests that MS Store reviewers are usually open to exceptions if these are required to assure the app being able to work correctly |
FYI, another workaround for this issue is to run electron without the chromium sandbox, e.g. by passing |
I added a FAQ entry relating our stance on this after discussing it with Chromium devs. I'l go ahead and close the issue, feel free to reopen if there are any outstanding questions or topics pertaining to this. |
@khwaaj I see that the FAQ says the the only solution for packaging ESC for the Windows Store is to use the But what about redefining |
While it used to be technically possible to adjust where the CDM is installed to avoid this issue there are a number of reasons this is probably not a good solution for production grade software, and we are recommending against it. To name a few:
|
When you package an app for the windows store the folder:
%USERPROFILE%\AppData\Roaming\<app name>
Is virtualized in
%USERPROFILE%\AppData\Local\Pacakges\<windows package name>LocalCache\Roaming\<app name>
The WidevineCDM directory is then created under the virtulized folder, and on some computer, this makes widevine to not initialize corretly: the event ready is received but it is impossible to use any DRM protected content (e.g. Spotify SDK).
Manually moving the WidevineCDM directory from the virtualized folder to the "real" folder solves the issue.
This didn't happened with previous versions of Widevine/Electron (we used 4.1.5 without any issue; the problem started moving to electron 7.X).
Is it possible to configure the path to use for downloading the Widevine files, so that the access to that is direct and not somehow virtualized?
The text was updated successfully, but these errors were encountered: