Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Installs (or updates) PPAPI Flash, so that it can be used by Chromium-based browsers

Usage

If you use Ubuntu or a derivative distro, issue the following to install an appropriate version of Flash:

sudo add-apt-repository "deb http://archive.canonical.com/ubuntu `lsb_release -cs` partner" 
sudo apt update
sudo apt install adobe-flashplugin

If your distro does not provide a copy of Pepper Flash that works with Vivaldi, this script will download and install it for you. To use, click on the "Download ZIP" button listed on the GitHub Gist page and then unpack the .zip archive locally. You should now have a directory containing the file "latest-pepper-flash.sh".

Open a terminal within that directory and run the script like so:

sh latest-pepper-flash.sh

The script will fetch and install the latest Pepper Flash. From time to time (perhaps once a month) you should re-run this script and if there is a newer Flash it will upgrade your installed copy, otherwise it will just confirm that you have the latest version.

#!/bin/sh
available () {
command -v $1 >/dev/null 2>&1
}
# Make sure we have wget or curl
if available wget; then
SILENT_DL="wget -qO-"
LOUD_DL="wget"
elif available curl; then
SILENT_DL="curl -sL"
LOUD_DL="curl -O"
else
echo "Install wget or curl" >&2
exit 1
fi
# Set Output dir
PPAPI_FLASH_INSTALL_DIR=${PPAPI_FLASH_INSTALL_DIR:-/opt/google/chrome/PepperFlash}
# Set temp dir
TMP=${TMP:-/tmp}
# Set staging dir
STAGINGDIR=$TMP/pepper-flash-staging
# Setup Arch
case $(uname -m) in
x86_64) ARCH=x86_64 ;;
i?86) ARCH=i386 ;;
esac
# Work out the VERSION
VERSION=$($SILENT_DL https://get.adobe.com/flashplayer/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1)
# Error out if $VERISON is unset, e.g. because previous command failed
if [ -z "$VERSION" ]; then
echo "Could not work out the latest version; exiting" >&2
exit 1
fi
# Don't start repackaging if the same version is already installed
if [ -r "$PPAPI_FLASH_INSTALL_DIR/manifest.json" ] ; then
CUR_VER=$(grep -Eo '"version" *: *"([0-9]+\.){3}[0-9]+",' "$PPAPI_FLASH_INSTALL_DIR/manifest.json" | cut -d'"' -f 4)
if [ "$CUR_VER" = "$VERSION" ]; then
echo "The latest Flash ($VERSION) is already installed"
exit 0
fi
fi
# Now we could screw things up so exit on first error
set -e
# If the staging directory is already present from the past, clear it down
# and re-create it.
if [ -d "$STAGINGDIR" ]; then
rm -fr "$STAGINGDIR"
fi
mkdir -p "$STAGINGDIR$PPAPI_FLASH_INSTALL_DIR"
cd "$STAGINGDIR"
# Now get the tarball
$LOUD_DL "https://fpdownload.adobe.com/pub/flashplayer/pdc/$VERSION/flash_player_ppapi_linux.${ARCH}.tar.gz"
# Extract the contents of the Google Chrome binary package
tar xf flash_player_ppapi_linux.${ARCH}.tar.gz -C "$STAGINGDIR$PPAPI_FLASH_INSTALL_DIR"
chmod -R u+w,go+r-w,a-s .
# Escalate privileges if needed and copy files into place
if [ "$UID" = 0 ]; then
tar --owner=0 --group=0 -cf- ".$PPAPI_FLASH_INSTALL_DIR" | tar -xf- -C /
elif [ -r /etc/os-release ] && grep -qx 'ID=\(ubuntu\|linuxmint\)' /etc/os-release; then
echo "Calling sudo ... (if prompted, please enter your password, so Flash can be copied into place)"
tar --owner=0 --group=0 -cf- ".$PPAPI_FLASH_INSTALL_DIR" | sudo tar -xf- -C /
else
echo "Please enter your root password so Pepper Flash can be copied into place"
su -c "sh -c \"tar --owner=0 --group=0 -cf- .$PPAPI_FLASH_INSTALL_DIR | tar -xf- -C /\""
fi
# Tell the user we are done
printf "\nFlash installed into $PPAPI_FLASH_INSTALL_DIR\n"
@baptistedonaux

This comment has been minimized.

Copy link

baptistedonaux commented Apr 7, 2016

Great script ! Really nice !

@ruario

This comment has been minimized.

Copy link
Owner Author

ruario commented Oct 19, 2016

Updated, to use packages from Adobe, rather than pulling apart Chrome.

@mpyatishev

This comment has been minimized.

Copy link

mpyatishev commented Nov 15, 2016

Thanks for this script!

@fld

This comment has been minimized.

Copy link

fld commented Dec 16, 2016

For Debian jessies chromium users:

% cat /etc/chromium.d/latest-pepper-flash
flashso="/opt/google/chrome/PepperFlash/libpepflashplayer.so"
flashversion=`strings $flashso 2> /dev/null | grep LNX | cut -d ' ' -f 2 | sed -e "s/,/./g"`
CHROMIUM_FLAGS="$CHROMIUM_FLAGS --ppapi-flash-path=$flashso --ppapi-flash-version=$flashversion"
@kernc

This comment has been minimized.

Copy link

kernc commented Dec 29, 2016

For Debian jessies chromium users

In addition, they should remove /etc/chromium.d/pepperflashplugin-nonfree, if any.

@ruario Instead of checking for ubuntu|linuxmint in /etc/os-release, how about testing if groups | grep -q '\bsudo\b'. I use Debian in root-locked-sudo-mode and the latter test works.

@ruario

This comment has been minimized.

Copy link
Owner Author

ruario commented Jan 2, 2017

@kernc doesn't help as that is just how it is done in debian. Other distros do not always use a sudo group.

In your case, just run the script itself under sudo (or tweak it for your own use).

@nifgraup

This comment has been minimized.

Copy link

nifgraup commented Jan 12, 2017

@fld that command shouldn't be necessary, Vivaldi looks for flash in that location by default

@cybernova

This comment has been minimized.

Copy link

cybernova commented May 13, 2017

Something has to be changed in the adobe site, now to get the version correctly this should be used:
VERSION=$($SILENT_DL http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1)

@AngryPenguinPL

This comment has been minimized.

Copy link

AngryPenguinPL commented Jun 19, 2017

Yes, solution @cybernova work for me. Thanks.

@ruario

This comment has been minimized.

Copy link
Owner Author

ruario commented Oct 11, 2017

Thanks @cybernova I comhe mean tpletely missed your comment before and I have been away for months on parental leave butI have finally fixed this now. I hope others saw your comment in the mean time

@ohaessler

This comment has been minimized.

Copy link

ohaessler commented Dec 14, 2017

@ruario thanks for the script. I had to deal with flash downloads as well, and came across a xml file with all flash versions:
http://fpdownload.macromedia.com/pub/flashplayer/masterversion/masterversion.xml

So the download could be changed to this (remove the "L" option in curl):


if available wget; then
SILENT_DL="wget -qO-"
LOUD_DL="wget"
elif available curl; then
SILENT_DL="curl -s"
LOUD_DL="curl -O"
else
echo "Install wget or curl" >&2
exit 1
fi

VERSION=$($SILENT_DL http://fpdownload.macromedia.com/pub/flashplayer/masterversion/masterversion.xml | sed '/</release>/,$d' | grep PPAPI_linuxchrome | awk -F'"' '{ print $2 }' | sed 's/,/./g')


This is a bit faster, and should also not change to often.

Cheers
Oliver

@cybernova

This comment has been minimized.

Copy link

cybernova commented Jan 10, 2018

Didn't notice that in the script we don't use any security by downloading updates from http instead of https exposing us to MitM attacks until today when I saw a report from ESET titled: Diplomats in Eastern Europe bitten by a Turla mosquito ( https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf ) where Turla APT apparently injects malware on the fly in adobe flash player's update.
So I suggest to apply a little patch to the script by simply changing all http to https as soon as possible.

EDIT:
I verified analyzing the traffic generated by the script, even with the use of https the check of the version is in plain text because of a redirect in this page: https://www.adobe.com/software/flash/about/ -> http://get.adobe.com/flashplayer/about/ :D
The better solution is to use the suggest of @ohaessler ( is more faster and stable as he said, Thanks! ) and to use a string for verifying the version like this :
VERSION=$($SILENT_DL https://fpdownload.macromedia.com/pub/flashplayer/masterversion/masterversion.xml | grep -m1 "PPAPI_linux version" | cut -d \" -f 2 | tr , .)
Note the use of https and this time works and is full encrypted.

@x2k13

This comment has been minimized.

Copy link

x2k13 commented Jul 13, 2019

This approach doesn't work on Debian Buster (curl and/or wget alike) anymore. curl just fails and wget gets sent into a loop.
Using https instead of http doesn't help either. Looks like Adobe fiddled around with TLS in a non-proper way.

curl version:

curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.37.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

command:

curl -O http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information

wget version:

wget --version
GNU Wget 1.20.1 built on linux-gnu.

-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls 
+ntlm +opie +psl +ssl/gnutls 

Wgetrc: 
    /etc/wgetrc (system)
Locale: 
    /usr/share/locale 
Compile: 
    gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib 
    -I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 
    -I/usr/include/p11-kit-1 -DHAVE_LIBGNUTLS -DNDEBUG -g -O2 
    -fdebug-prefix-map=/build/wget-EiPT9d/wget-1.20.1=. 
    -fstack-protector-strong -Wformat -Werror=format-security 
    -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall 
Link: 
    gcc -I/usr/include/p11-kit-1 -DHAVE_LIBGNUTLS -DNDEBUG -g -O2 
    -fdebug-prefix-map=/build/wget-EiPT9d/wget-1.20.1=. 
    -fstack-protector-strong -Wformat -Werror=format-security 
    -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-z,relro -Wl,-z,now 
    -lpcre2-8 -luuid -lidn2 -lnettle -lgnutls -lz -lpsl ftp-opie.o 
    gnutls.o http-ntlm.o ../lib/libgnu.a 

Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
Please send bug reports and questions to <bug-wget@gnu.org>

command:

wget http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1
--2019-07-13 09:55:23--  http://www.adobe.com/software/flash/about/
Resolving www.adobe.com (www.adobe.com)... 2a02:26f0:6c00:19d::1efd, 2a02:26f0:6c00:190::1efd, 104.109.76.89
Connecting to www.adobe.com (www.adobe.com)|2a02:26f0:6c00:19d::1efd|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.adobe.com/software/flash/about/ [following]
--2019-07-13 09:55:24--  https://www.adobe.com/software/flash/about/
Connecting to www.adobe.com (www.adobe.com)|2a02:26f0:6c00:19d::1efd|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://get.adobe.com/flashplayer/about/ [following]
--2019-07-13 09:55:24--  https://get.adobe.com/flashplayer/about/
Resolving get.adobe.com (get.adobe.com)... 193.104.215.66
Connecting to get.adobe.com (get.adobe.com)|193.104.215.66|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html'

index.html                           [ <=>                                                       ] 121.49K  --.-KB/s    in 0.06s   

2019-07-13 09:55:24 (2.06 MB/s) - Read error at byte 124406 (The TLS connection was non-properly terminated.).Retrying.
@ruario

This comment has been minimized.

Copy link
Owner Author

ruario commented Aug 28, 2019

@x2k13 Neither of the example commands you provided are the ones that run by the script above. The curl command includes -sL, the wget command uses -qO-.

$ curl --version
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets 
$ curl -sL http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1
32.0.0.238

or

$ wget --version
GNU Wget 1.17.1 built on linux-gnu.

+digest -gpgme +https +ipv6 +iri +large-file -metalink +nls +ntlm 
+opie -psl +ssl/openssl 

Wgetrc: 
    /etc/wgetrc (system)
Locale: 
    /usr/share/locale 
Compile: 
    gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib 
    -I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include 
    -DHAVE_LIBSSL -DNDEBUG -g -O2 -fPIE -fstack-protector-strong 
    -Wformat -Werror=format-security -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 
    -g -Wall 
Link: 
    gcc -DHAVE_LIBSSL -DNDEBUG -g -O2 -fPIE -fstack-protector-strong 
    -Wformat -Werror=format-security -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 
    -g -Wall -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro 
    -Wl,-z,now -L/usr/lib -lpcre -luuid -lssl -lcrypto -lz -lidn 
    ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a 

Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
Please send bug reports and questions to <bug-wget@gnu.org>.
$ wget -qO- http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1
32.0.0.238
@ruario

This comment has been minimized.

Copy link
Owner Author

ruario commented Aug 28, 2019

@cybernova I have not read these comments in ... well ages... since I never use the script myself. I have made it all https (as I see the benefit in that) but did not make the change @ohaessler suggested as it works fine already and since it works reliably for all this time there is little need to change.

@cybernova

This comment has been minimized.

Copy link

cybernova commented Aug 29, 2019

@ruario :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.