Skip to content

Instantly share code, notes, and snippets.

@ruario
Last active January 7, 2023 20:52
Show Gist options
  • Save ruario/215c365facfe8d3c5071 to your computer and use it in GitHub Desktop.
Save ruario/215c365facfe8d3c5071 to your computer and use it in GitHub Desktop.
Installs (or updates) PPAPI Flash, so that it can be used by Chromium-based browsers

Usage

If you use Ubuntu or a derivative distro, issue the following to install an appropriate version of Flash:

sudo add-apt-repository "deb http://archive.canonical.com/ubuntu `lsb_release -cs` partner" 
sudo apt update
sudo apt install adobe-flashplugin

If your distro does not provide a copy of Pepper Flash that works with Vivaldi, this script will download and install it for you. To use, click on the "Download ZIP" button listed on the GitHub Gist page and then unpack the .zip archive locally. You should now have a directory containing the file "latest-pepper-flash.sh".

Open a terminal within that directory and run the script like so:

sh latest-pepper-flash.sh

The script will fetch and install the latest Pepper Flash. From time to time (perhaps once a month) you should re-run this script and if there is a newer Flash it will upgrade your installed copy, otherwise it will just confirm that you have the latest version.

#!/bin/sh
available () {
command -v $1 >/dev/null 2>&1
}
# Make sure we have wget or curl
if available wget; then
SILENT_DL="wget -qO-"
LOUD_DL="wget"
elif available curl; then
SILENT_DL="curl -sL"
LOUD_DL="curl -O"
else
echo "Install wget or curl" >&2
exit 1
fi
# Set Output dir
PPAPI_FLASH_INSTALL_DIR=${PPAPI_FLASH_INSTALL_DIR:-/opt/google/chrome/PepperFlash}
# Set temp dir
TMP=${TMP:-/tmp}
# Set staging dir
STAGINGDIR=$TMP/pepper-flash-staging
# Setup Arch
case $(uname -m) in
x86_64) ARCH=x86_64 ;;
i?86) ARCH=i386 ;;
esac
# Work out the VERSION
VERSION=$($SILENT_DL https://get.adobe.com/flashplayer/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1)
# Error out if $VERISON is unset, e.g. because previous command failed
if [ -z "$VERSION" ]; then
echo "Could not work out the latest version; exiting" >&2
exit 1
fi
# Don't start repackaging if the same version is already installed
if [ -r "$PPAPI_FLASH_INSTALL_DIR/manifest.json" ] ; then
CUR_VER=$(grep -Eo '"version" *: *"([0-9]+\.){3}[0-9]+",' "$PPAPI_FLASH_INSTALL_DIR/manifest.json" | cut -d'"' -f 4)
if [ "$CUR_VER" = "$VERSION" ]; then
echo "The latest Flash ($VERSION) is already installed"
exit 0
fi
fi
# Now we could screw things up so exit on first error
set -e
# If the staging directory is already present from the past, clear it down
# and re-create it.
if [ -d "$STAGINGDIR" ]; then
rm -fr "$STAGINGDIR"
fi
mkdir -p "$STAGINGDIR$PPAPI_FLASH_INSTALL_DIR"
cd "$STAGINGDIR"
# Now get the tarball
$LOUD_DL "https://fpdownload.adobe.com/pub/flashplayer/pdc/$VERSION/flash_player_ppapi_linux.${ARCH}.tar.gz"
# Extract the contents of the Google Chrome binary package
tar xf flash_player_ppapi_linux.${ARCH}.tar.gz -C "$STAGINGDIR$PPAPI_FLASH_INSTALL_DIR"
chmod -R u+w,go+r-w,a-s .
# Escalate privileges if needed and copy files into place
if [ "$UID" = 0 ]; then
tar --owner=0 --group=0 -cf- ".$PPAPI_FLASH_INSTALL_DIR" | tar -xf- -C /
elif [ -r /etc/os-release ] && grep -qx 'ID=\(ubuntu\|linuxmint\)' /etc/os-release; then
echo "Calling sudo ... (if prompted, please enter your password, so Flash can be copied into place)"
tar --owner=0 --group=0 -cf- ".$PPAPI_FLASH_INSTALL_DIR" | sudo tar -xf- -C /
else
echo "Please enter your root password so Pepper Flash can be copied into place"
su -c "sh -c \"tar --owner=0 --group=0 -cf- .$PPAPI_FLASH_INSTALL_DIR | tar -xf- -C /\""
fi
# Tell the user we are done
printf "\nFlash installed into $PPAPI_FLASH_INSTALL_DIR\n"
@cybernova
Copy link

cybernova commented Jan 10, 2018

Didn't notice that in the script we don't use any security by downloading updates from http instead of https exposing us to MitM attacks until today when I saw a report from ESET titled: Diplomats in Eastern Europe bitten by a Turla mosquito ( https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf ) where Turla APT apparently injects malware on the fly in adobe flash player's update.
So I suggest to apply a little patch to the script by simply changing all http to https as soon as possible.

EDIT:
I verified analyzing the traffic generated by the script, even with the use of https the check of the version is in plain text because of a redirect in this page: https://www.adobe.com/software/flash/about/ -> http://get.adobe.com/flashplayer/about/ :D
The better solution is to use the suggest of @ohaessler ( is more faster and stable as he said, Thanks! ) and to use a string for verifying the version like this :
VERSION=$($SILENT_DL https://fpdownload.macromedia.com/pub/flashplayer/masterversion/masterversion.xml | grep -m1 "PPAPI_linux version" | cut -d \" -f 2 | tr , .)
Note the use of https and this time works and is full encrypted.

@x2k13
Copy link

x2k13 commented Jul 13, 2019

This approach doesn't work on Debian Buster (curl and/or wget alike) anymore. curl just fails and wget gets sent into a loop.
Using https instead of http doesn't help either. Looks like Adobe fiddled around with TLS in a non-proper way.

curl version:

curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.37.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

command:

curl -O http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information

wget version:

wget --version
GNU Wget 1.20.1 built on linux-gnu.

-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls 
+ntlm +opie +psl +ssl/gnutls 

Wgetrc: 
    /etc/wgetrc (system)
Locale: 
    /usr/share/locale 
Compile: 
    gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib 
    -I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 
    -I/usr/include/p11-kit-1 -DHAVE_LIBGNUTLS -DNDEBUG -g -O2 
    -fdebug-prefix-map=/build/wget-EiPT9d/wget-1.20.1=. 
    -fstack-protector-strong -Wformat -Werror=format-security 
    -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall 
Link: 
    gcc -I/usr/include/p11-kit-1 -DHAVE_LIBGNUTLS -DNDEBUG -g -O2 
    -fdebug-prefix-map=/build/wget-EiPT9d/wget-1.20.1=. 
    -fstack-protector-strong -Wformat -Werror=format-security 
    -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-z,relro -Wl,-z,now 
    -lpcre2-8 -luuid -lidn2 -lnettle -lgnutls -lz -lpsl ftp-opie.o 
    gnutls.o http-ntlm.o ../lib/libgnu.a 

Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
Please send bug reports and questions to <bug-wget@gnu.org>

command:

wget http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1
--2019-07-13 09:55:23--  http://www.adobe.com/software/flash/about/
Resolving www.adobe.com (www.adobe.com)... 2a02:26f0:6c00:19d::1efd, 2a02:26f0:6c00:190::1efd, 104.109.76.89
Connecting to www.adobe.com (www.adobe.com)|2a02:26f0:6c00:19d::1efd|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.adobe.com/software/flash/about/ [following]
--2019-07-13 09:55:24--  https://www.adobe.com/software/flash/about/
Connecting to www.adobe.com (www.adobe.com)|2a02:26f0:6c00:19d::1efd|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://get.adobe.com/flashplayer/about/ [following]
--2019-07-13 09:55:24--  https://get.adobe.com/flashplayer/about/
Resolving get.adobe.com (get.adobe.com)... 193.104.215.66
Connecting to get.adobe.com (get.adobe.com)|193.104.215.66|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html'

index.html                           [ <=>                                                       ] 121.49K  --.-KB/s    in 0.06s   

2019-07-13 09:55:24 (2.06 MB/s) - Read error at byte 124406 (The TLS connection was non-properly terminated.).Retrying.

@ruario
Copy link
Author

ruario commented Aug 28, 2019

@x2k13 Neither of the example commands you provided are the ones that run by the script above. The curl command includes -sL, the wget command uses -qO-.

$ curl --version
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets 
$ curl -sL http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1
32.0.0.238

or

$ wget --version
GNU Wget 1.17.1 built on linux-gnu.

+digest -gpgme +https +ipv6 +iri +large-file -metalink +nls +ntlm 
+opie -psl +ssl/openssl 

Wgetrc: 
    /etc/wgetrc (system)
Locale: 
    /usr/share/locale 
Compile: 
    gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib 
    -I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include 
    -DHAVE_LIBSSL -DNDEBUG -g -O2 -fPIE -fstack-protector-strong 
    -Wformat -Werror=format-security -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 
    -g -Wall 
Link: 
    gcc -DHAVE_LIBSSL -DNDEBUG -g -O2 -fPIE -fstack-protector-strong 
    -Wformat -Werror=format-security -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 
    -g -Wall -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro 
    -Wl,-z,now -L/usr/lib -lpcre -luuid -lssl -lcrypto -lz -lidn 
    ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a 

Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
Please send bug reports and questions to <bug-wget@gnu.org>.
$ wget -qO- http://www.adobe.com/software/flash/about/ | grep -FA2 'Chromium-based browsers - PPAPI' | grep -Eo '([0-9]+\.){3}[0-9]+' | tail -n1
32.0.0.238

@ruario
Copy link
Author

ruario commented Aug 28, 2019

@cybernova I have not read these comments in ... well ages... since I never use the script myself. I have made it all https (as I see the benefit in that) but did not make the change @ohaessler suggested as it works fine already and since it works reliably for all this time there is little need to change.

@cybernova
Copy link

@ruario :)

@MariaTrika6
Copy link

I can use Github as an appropriate director on writing easy stories with monkeys,lizards,frogs & birds in case of my funny soul which is relied in a plenty of things & situations about wild forests due to my watching many documentaries whole my years...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment