-
Notifications
You must be signed in to change notification settings - Fork 893
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Update GN flags to properly do Widevine Host Verification / signing #515
Conversation
bf59daa
to
622e34d
Compare
If set to `true` via .npmrc, Widevine Host Verification will be enabled for the build This functionality also requires brave/brave-core#515
995081f
to
4f71dbd
Compare
If set to `true` via .npmrc, Widevine Host Verification will be enabled for the build This functionality also requires brave/brave-core#515 Fixes #1310
diff --git a/third_party/widevine/cdm/widevine.gni b/third_party/widevine/cdm/widevine.gni | ||
index 82a93622585a424f56c3567050f9ba4822de6c1e..9c89d9a0c0a8b2df4e082cfd1ef9ace6ed8fc929 100644 | ||
--- a/third_party/widevine/cdm/widevine.gni | ||
+++ b/third_party/widevine/cdm/widevine.gni |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't need third_party/widevine because we don't bundle widevine cdm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nvm, just saw enable_widevine_cdm_host_verification
also used in chrome/BUILD.gn for generating widevine resource bundle and signing framework instead of just used only with should_bundle_widevine_cdm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please rebase your patch to 70.0.3538.22 so we can get rid of this patch
13 enable_widevine_cdm_host_verification =
14 enable_widevine && enable_cdm_host_verification
15
16 # Only bundle Widevine CDM in Google Chrome builds.
17 should_bundle_widevine_cdm = is_chrome_branded && enable_library_cdms
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it turns out I have previously local change applied and this patch will be needed to remov in the future. https://chromium.googlesource.com/chromium/src/+/f170c737755811ca5d7ded0700d8aa17ec310024
but we still need this patch for now
diff --git a/third_party/widevine/cdm/widevine.gni b/third_party/widevine/cdm/widevine.gni | ||
index 82a93622585a424f56c3567050f9ba4822de6c1e..9c89d9a0c0a8b2df4e082cfd1ef9ace6ed8fc929 100644 | ||
--- a/third_party/widevine/cdm/widevine.gni | ||
+++ b/third_party/widevine/cdm/widevine.gni |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please rebase your patch to 70.0.3538.22 so we can get rid of this patch
13 enable_widevine_cdm_host_verification =
14 enable_widevine && enable_cdm_host_verification
15
16 # Only bundle Widevine CDM in Google Chrome builds.
17 should_bundle_widevine_cdm = is_chrome_branded && enable_library_cdms
@bsclifton you also need to change
|
@darkdh done! 😄👍 |
ec0985d
to
9157cce
Compare
If set to `true` via .npmrc, Widevine Host Verification will be enabled for the build This functionality also requires brave/brave-core#515 Fixes #1310
39b0710
to
72e1e48
Compare
If set to `true` via .npmrc, Widevine Host Verification will be enabled for the build This functionality also requires brave/brave-core#515 Fixes #1310
If set to `true` via .npmrc, Widevine Host Verification will be enabled for the build This functionality also requires brave/brave-core#515 Fixes #1310
8734b31
to
3f718ae
Compare
If set to `true` via .npmrc, Widevine Host Verification will be enabled for the build This functionality also requires brave/brave-core#515 Fixes #1310
18fc6d0
to
e8f9671
Compare
build/BUILD.gn
Outdated
@@ -20,4 +20,4 @@ config("version") { | |||
defines = [ | |||
"BRAVE_CHROMIUM_VERSION=\"$chrome_version_string\"", | |||
] | |||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can probably just leave out this file change from the commit so its history doesn't change.
#endif | ||
|
||
-#if defined(GOOGLE_CHROME_BUILD) | ||
+#if defined(GOOGLE_CHROME_BUILD) || defined(BRAVE_CHROMIUM_BUILD) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can just use a chromium_src override for this where you include the base path but first define GOOGLE_CHROME_BUILD and undef it afterwards.
+ ServiceMap services; | ||
+ factory.RegisterServices(&services); | ||
+ // TODO: register with service map for this thread? | ||
+#else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be removed when we revisit; was just a bad attempt at trying to get this working
- #507 - #510 This code was backed out with #513 (so we can do 0.55.x and 0.56.x builds in the meantime). This functionality also requires brave/brave-browser#1320
2b10c76
to
afbc123
Compare
If set to `true` via .npmrc, Widevine Host Verification will be enabled for the build This functionality also requires brave/brave-core#515 Fixes #1310
Ping since this is ~1 month old, can this be closed? |
Closing as work has been done in #2023 |
Current Status
This PR (as-is) works great on macOS (including the generation of the
.sig
file). Of course, you need to use brave/brave-browser#1320 frombrave-browser
when testing this PRWindows Status
Windows is not working and I have discovered why (but I am not sure how to fix)
non-Windows builds register the UtilityServiceFactory
On macOS (and Linux), this code fires:
https://cs.chromium.org/chromium/src/content/app/content_main_runner_impl.cc?l=508-509&rcl=874d2e3f4036268425593cea23a0ae9b1b00e07f
UtilityProcessHost::RegisterUtilityMainThreadFactory( CreateInProcessUtilityThread);
UtilityServiceFactory registers implementation for CdmService
This (through a few steps) launches the utility process, which creates an instance of UtilityServiceFactory. This will then register the CdmService interface:
https://cs.chromium.org/chromium/src/content/utility/utility_service_factory.cc?l=154-156&rcl=5f75c871d1ec0f3ff08650dcb87e361daf431705
The implementation for CdmService provides the host verification
The important part (ex: host verification) happens when this CdmService is implemented, it'll provide a method to check the
.sig
files. You can view that here:https://cs.chromium.org/chromium/src/content/utility/utility_service_factory.cc?l=96-99&rcl=741e7070889303f4cf376dad52ae67aec69889fe
What exactly is broken on Windows?
Going back to the part that fails on Windows. When a page loads that uses Widevine, it creates a media player and then tries (but is unable) to find an instance of the CdmService:
https://cs.chromium.org/chromium/src/content/browser/media/media_interface_proxy.cc?l=342-346&rcl=aa20726d6256b54ba793eb290545339f49b05113
This means subsequent calls to
cdm_service
are no-ops:https://cs.chromium.org/chromium/src/content/browser/media/media_interface_proxy.cc?rcl=aa20726d6256b54ba793eb290545339f49b05113&l=357
cdm_service->LoadCdm(cdm_path);
What is left? Where is help needed?
We need to register the CdmService on Windows (other platforms are OK because they launch the utility process). I've tried a few ways to patch this, but haven't had any success.
One thing worth noting:
AFTER the page is finished loading, if I wait long enough... I eventually DO see a Utility process launch. A new process is launched with
utility
as an argument which gets picked up here:https://cs.chromium.org/chromium/src/content/app/content_main_runner_impl.cc?rcl=874d2e3f4036268425593cea23a0ae9b1b00e07f&l=431-433
This is created via
UtilityProcessHost
. I was unable to find where Windows is creating this. The fix might be "as easy" as creating an instance of this on browser-launch (on Windows)https://cs.chromium.org/chromium/src/content/browser/utility_process_host.cc?l=273&rcl=53453fb02b81803f64293e3002c6765286a429dd
Why does Chrome work?
I haven't done enough debugging to provide a solid answer on this... However, my best guess is that this works because some additional flags are enabled for Chrome (set to
true
):enable_rlz
should_bundle_widevine_cdm
enable_cdm_storage_id
One potential solution would be to enable each of those and then stub out the RLZ implementation
Description
Fixes brave/brave-browser#944
Fixes brave/brave-browser#1310
Requires brave/brave-browser#1320
NOTE: After this is approved / merged, we'll need to open an issue in the devops repo to track adding the new
brave_enable_cdm_host_verification
param to the.npmrc
on the CI serversSubmitter Checklist:
git rebase -i
to squash commits (if needed).Test Plan:
Reviewer Checklist: