-
Notifications
You must be signed in to change notification settings - Fork 41
FAQ
Show
While technically possible there are legal issues with providing the Widevine CDM with the application bundle, like Chrome does. We have been explicitly warned not to do this by the Widevine Team since it would open us up to potential litigation, specifically over decoder licensing (since there are decoders included in the CDM). As long as the CDM is dynamically installed by download from Google servers it is covered by the license Google has for the CDM.
Show
To VMP-sign your application during development you can use EVS to sign the distribution installed by npm in node_modules/electron/dist:
% python -m castlabs_evs.vmp sign-pkg node_modules/electron/dist
Signing: node_modules/electron/dist/electron.exe
- Verifying existing VMP signature
- Signature invalid: Certificate is valid for development only
- Requesting VMP signatureAlternatively, if you have a VMP certificate of your own, you can use the vmp-resign.py script to do the same. In both cases you would need to do this each time you reinstall or update the distribution.
Show
To be able to use electron-builder with ECS you have two options with different pros and cons. Option one is to use the electronDist configuration in your package.json to point to an already downloaded distribution, such as the one installed in node_modules by npm:
"build": {
"electronDist": "node_modules/electron/dist"
}Using this option lets electron-builder skip the download step but, as a consequence, only works on the platform that matches your installed distribution. The second option is to use the electronDownload/mirror configuration instead:
"build": {
"electronDownload": {
"mirror": "https://github.com/castlabs/electron-releases/releases/download/v"
}
}This allows electron-builder to automatically select and download the package for the requested platform, which makes it possible to build a package regardless of your native platform.
Show
With the stricter notarization requirements for macOS Catalina, 10.15, and later, you need to disable library validation in order for Electron to be able to load the Widevine CDM. You can do this by adding the following entitlement:
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
Show
This is not recommended because of inherent conflicts between the sanboxing done by the Desktop Bridge and Chromium itself, which causes issues with the Widevine CDM. The only reliable workaround is to disable the Chromium sandbox entirely, by passing the --no-sandbox command-line option to ECS, but this comes with serious security implications and is thus not something we can generally recommend.