Closed Bug 1566523 Opened 4 months ago Closed 4 months ago

[10.15][Mac] Remove com.apple.quarantine xattr from CDM dylib after downloading

Categories

(Core :: Audio/Video: GMP, task, P1)

70 Branch
Unspecified
macOS
task

Tracking

()

VERIFIED FIXED
mozilla70
Tracking Status
firefox-esr60 69+ verified
firefox-esr68 69+ verified
firefox68 --- wontfix
firefox69 + verified
firefox70 + verified

People

(Reporter: haik, Assigned: bryce)

References

Details

Attachments

(1 file)

On macOS 10.15 Beta, in order for the GMP process to load the new signed Widevine CDM (4.10.1440.19), we must remove the com.apple.quarantine extended attribute from the dylib. With 4.10.1440.19, on macOS 10.15 Beta, we are still seeing the error described on bug 1558924. After clearing the attribute manually from the dylib after it has been downloaded, the CDM loads successfully and playback works. $ xattr -d com.apple.quarantine <file>.

Firefox is configured (via LSFileQuarantineEnabled in our Info.plist) to quarantine all files that it writes. As a result, when we download the CDM it will be quarantined. macOS 10.15 is more strict about launching/loading quarantined executables. We addressed a similar problem with the updater for 10.15 on bug 1556733.

The com.apple.quarantine attribute can be removed with the removexattr(2) library call.

Blocks: 1558924
See Also: → 1566127

It looks like the right place to clear the com.apple.quarantine attribute would be in GMPExtractorWorker.js[1]. I think we would have to expose a method to do this in nsIFile.

  1. https://searchfox.org/mozilla-central/rev/22b330ecb3edba1536a54887060cbdd09db21c59/toolkit/modules/GMPExtractorWorker.js#62
Assignee: nobody → bvandyk
Priority: -- → P1
Depends on: 1566700

Bugbug thinks this bug is a task, but please change it back in case of error.

Type: defect → task

[Tracking Requested - why for this release]: Because this results in complete bustage of EME playback on MacOS Catalina I would like to consider this for 69 and our currents ESRs. We're already seeing issues for users of Catalina beta and I'd like for us to have as many releases ready for Catalina as we can. We don't have a concrete data for Catalina release, but based on previous MacOS releases, the end of September seems likely.

On MacOS Firefox will add the com.apple.quarantine attribute to files it
downloads. Firefox does this as a safety measure to indicate to the OS that the
file may be from an untrusted source.

While the attribute can be set prior to MacOS 10.15, the attribute is used to
enforce new features in 10.15. This leads to issues where if we do not clear the
attribute from GMPs we download, we will fail to load dynamic libs.

This patch means we will clear the quarantine from GMP downloads. These GMPs
come from a trusted source and are checksummed via hash.

Note, most of the heavy lifting for this was done in bug 1566700. We just
leverage the new API here.

Pushed by bvandyk@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/17b7695a194e
Remove com.apple.quarantine from gmp downloads. r=dminor
Status: NEW → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70

Comment on attachment 9080657 [details]
Bug 1566523 - Remove com.apple.quarantine from gmp downloads. r?dminor,alwu

Beta/Release Uplift Approval Request

  • User impact if declined: Playback of premium video will not work under MacOS Catalina due to the CDM being blocked by new security features. These changes are needed to remove quarantine from the Widevine CDM once we extract it. If we do not do this loading of the CDM will be blocked by the OS.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: Bug 1566523, Bug 1558924, Bug 1566180
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This patch removes an extended attribute from the extracted CDM files on Mac. The code to do this is fairly simple and I would expect the worst outcome to be for it not to work, rather than regressing any existing behaviour.
  • String changes made/needed: None

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Bustage of premium video playback on MacOS Catalina. We expect Catalina will release near the end of September, thought this date is not confirmed.
  • User impact if declined: Playback of premium video will not work under MacOS Catalina due to the CDM being blocked by new security features. These changes are needed to remove quarantine from the Widevine CDM once we extract it. If we do not do this loading of the CDM will be blocked by the OS.
  • Fix Landed on Version: 70
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This patch removes an extended attribute from the extracted CDM files on Mac. The code to do this is fairly simple and I would expect the worst outcome to be for it not to work, rather than regressing any existing behaviour.
  • String or UUID changes made by this patch: None
Attachment #9080657 - Flags: approval-mozilla-esr68?
Attachment #9080657 - Flags: approval-mozilla-esr60?
Attachment #9080657 - Flags: approval-mozilla-beta?

Comment on attachment 9080657 [details]
Bug 1566523 - Remove com.apple.quarantine from gmp downloads. r?dminor,alwu

Needed for encrypted video playback on macOS 10.15. Approved for 69.0b10.

Attachment #9080657 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Looks like DRM content works now on Netflix and Amazon Prime on macOS 10.15 19A512f using latest Nightly 70.0a1 and Firefox 69.0b10.

Comment on attachment 9080657 [details]
Bug 1566523 - Remove com.apple.quarantine from gmp downloads. r?dminor,alwu

fix for widevine on macos 10.15, approved for 68.1 and 60.9

Attachment #9080657 - Flags: approval-mozilla-esr68?
Attachment #9080657 - Flags: approval-mozilla-esr68+
Attachment #9080657 - Flags: approval-mozilla-esr60?
Attachment #9080657 - Flags: approval-mozilla-esr60+
Flags: needinfo?(bvandyk)

Bug 1566700 didn't cleanly apply on ESR60, and since we depend on that functionality for this change, I'll look at getting that sorted first. Holding NI.

Did a quick check on the CI build which has the fix for 68.1 esr but both Amazon prime and Netflix are unable to play its content. I do have Widevine 4.10.1440.18 installed from what I can see. Should I recheck once the build is official? 69.0b10 had the same version of widevine and DRM content ran just fine.

(In reply to Bogdan Maris [:bogdan_maris], Release Desktop QA from comment #16)

Did a quick check on the CI build which has the fix for 68.1 esr but both Amazon prime and Netflix are unable to play its content. I do have Widevine 4.10.1440.18 installed from what I can see. Should I recheck once the build is official? 69.0b10 had the same version of widevine and DRM content ran just fine.

Were the builds signed? In general we'd expect those sites to fail if the builds are signed -- but something like Shaka player should still work. A recheck with an official build would be good, largely as those builds ensure signing.

Clearing NI as I believe I've resolved the patch issues in bug 1566700 for ESR60. With that able to land on ESR60 this should be able to follow.

Flags: needinfo?(bvandyk)

I’ve tested this issue on macOS 10.15 Catalina beta 6 (19A536g) with the official 68.1.0esr; Netflix/Amazon Prime are working without any problems. I will not change the esr status to verified or remove the qe+ flag, until Widevine version 4.10.1440.19 will be going live and I recheck this bug.

I’ve tested this issue on macOS 10.15 Catalina beta 6 (19A536g) with the official 68.1.0esr; Netflix/Amazon Prime are working without any problems. I will not change the esr status to verified or remove the qe+ flag, until Widevine version 4.10.1440.19 will be going live and I recheck this bug.

This issue is verified fixed with Widevine version 4.10.1440.19.

This issue is verified fixed with 60.9.0esr on macOS 10.15 Catalina beta 6 (19A536g). No issue occurs while playing Netflix/Amazon Prime/Hulu.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
See Also: → 1587421
See Also: → 1587533
You need to log in before you can comment on or make changes to this bug.