问题
I have an Electron app, published on the Mac AppStore, and sandboxed.
I'm trying to add a new feature that will encode/decode videos on the fly so I can stream more video formats in an Electron context.
I'm using fluent-ffmpeg and a static exec of ffmpeg.
Everything works awesomely, I've uploaded the sandboxed app to Apple, and got rejected because ffmpeg is using by default a secure transport protocol which is using non-public API, this is what they've sent me with the rejection:
Your app uses or references the following non-public API(s):
'/System/Library/Frameworks/Security.framework/Versions/A/Security'
: SecIdentityCreate
Alright, after much investigation, it appears that I have to compile ffmpeg myself with a --disable-securetransport flag. Easy enough, I do it using the same config as the static build I've downloaded simply adding the new flag.
I manage to install every dependencies needed, except libxavs, no big deal I guess and simply remove its flag from the configure command:
./configure \
--cc=/usr/bin/clang \
--prefix=/opt/ffmpeg \
--extra-version=tessus \
--enable-avisynth \
--enable-fontconfig \
--enable-gpl \
--enable-libass \
--enable-libbluray \
--enable-libfreetype \
--enable-libgsm \
--enable-libmodplug \
--enable-libmp3lame \
--enable-libopencore-amrnb \
--enable-libopencore-amrwb \
--enable-libopus \
--enable-libsnappy \
--enable-libsoxr \
--enable-libspeex \
--enable-libtheora \
--enable-libvidstab \
--enable-libvo-amrwbenc \
--enable-libvorbis \
--enable-libvpx \
--enable-libwavpack \
--enable-libx264 \
--enable-libx265 \
--enable-libxvid \
--enable-libzmq \
--enable-libzvbi \
--enable-version3 \
--pkg-config-flags=--static \
--disable-securetransport \
--disable-ffplay
With the new ffmpeg exec, everything still works as expected. But once I'm packaging, signing and sandboxing the app, ffmpeg stops working as soon as I try to launch it throwing this error:
An error occurred ffmpeg was killed with signal SIGABRT Error: ffmpeg was killed with signal SIGABRT
at ChildProcess.eval (webpack:///../node_modules/fluent-ffmpeg/lib/processor.js?:180:22)
at emitTwo (events.js:125:13)
at ChildProcess.emit (events.js:213:7)
at Process.ChildProcess._handle.onexit (internal/child_process.js:200:12)
I've tried to remove the --disable-securetransport flag, see if it could have messed with something, same result.
I've tried to compile on a Linux machine, just to see if it could help, same thing.
As soon as I'm using my custom compiled exec it doesn't work in the sandbox, but when using the static one, everything is ok (after I xattr it, because it's quarantined and blocked in sandbox).
The only thing I've noticed that seems odd is that my custom compilation is only 20mo or so, when the static install I've downloaded is 43mo.
I'm really stuck with this.
回答1:
So I finally was able to compile my static ffmpeg executable.
I've found my solution thanks to this answer.
Apparently, OSX has dynamic libraries located in /usr/local/bin which take precedence over everything else. So even if you try to compile your ffmpeg to be static, it won't work with these libraries on the way.
Once I've removed all those /usr/local/bin/*.dylib my build became fully static and worked perfectly in the sandbox.
来源:https://stackoverflow.com/questions/47629110/ffmpeg-gets-aborted-in-an-electron-sandboxed-application