unshackle-dl/unshackle
1
0
Fork 0
forked from kenzuya/unshackle
Code Pull Requests 1 Activity

revert(monalisa): pass key via argv again

Browse Source 
Reverts the env/stdin key passing change introduced in 6c83790, since ML-Worker builds in use expect the key as argv[1].
This commit is contained in:
Andy
2026-02-08 19:51:22 -07:00
parent 5650c2b591
commit 5fa0b33664
1 changed files with 1 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
unshackle/core/drm/monalisa.py
View File

@@ -234,11 +234,7 @@ class MonaLisa:
raise MonaLisa.Exceptions.DecryptionFailed(f"Segment file does not exist: {segment_path}") raise MonaLisa.Exceptions.DecryptionFailed(f"Segment file does not exist: {segment_path}")
# Stage 1: ML-Worker decryption # Stage 1: ML-Worker decryption
# Do not pass secrets via argv (visible in process listings/logs). cmd = [str(worker_path), str(self._key), str(bbts_path), str(ents_path)]
# ML-Worker supports receiving the key out-of-band; we provide it via env + stdin.
cmd = [str(worker_path), "-", str(bbts_path), str(ents_path)]
worker_env = os.environ.copy()
worker_env["WORKER_KEY"] = self._key
startupinfo = None startupinfo = None
if sys.platform == "win32": if sys.platform == "win32":
@@ -251,8 +247,6 @@ class MonaLisa:
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE,
text=True, text=True,
input=self._key,
env=worker_env,
startupinfo=startupinfo, startupinfo=startupinfo,
timeout=worker_timeout_s, timeout=worker_timeout_s,
) )