Running the the Vivaldi Linux update-ffmpeg and update-widevine scripts without using root

vivaldi-linux-media-single-user.md

Intro

The update-ffmpeg and update-widevine scripts included in the Vivaldi install directory are provided to fix situations where proprietary media (AVC/H.264 and AAC) and Widevine (DRM/EME) respectively, are not setup correctly.

These scripts are primarily intended to be run as root (or under sudo) as they create and update files and directories that are root owned. However both support a command line option (--user) that adjusts their installation directories and thus allows them to be run without escalation.

The --user options were made for internal usage, with locally ‘unpacked’ copies of Vivaldi (i.e. not installed). However, it is possible to use them with standard installs (albeit with a little tweaking in the case of update-widevine).

update-ffmpeg

To install proprietary media for just your current user issue the following:

/opt/vivaldi/update-ffmpeg --user

update-widevine

To install Widevine for just your current user, a couple more steps are required. This is because the script still attempts to adjust symlinks within the (typically root owned) Vivaldi install directory.

You can adjust the script as it runs, to disable the symlink creation, which would otherwise cause failure:

sed -r 's/^ *(rm|ln) -f.*/:/' /opt/vivaldi/update-widevine | sh -eus -- --user

Now create meta data in your Vivaldi user data directory that points to alternative Widevine install location–triple click to select the entire line:

echo "{\"Path\":\"$HOME/.local/lib/vivaldi/WidevineCdm\"}" > "${XDG_CONFIG_HOME:-$HOME/.config}/vivaldi/WidevineCdm/latest-component-updated-widevine-cdm"

Note: Change all “vivaldi” references in the above commands to “vivaldi-snapshot”, if you use the snapshot version.

-2020-08-06 22:50:17-- https://launchpadlibrarian.net/478578979/chromium-codecs-ffmpeg-extra_81.0.4044.138-0ubuntu0.16.04.1_amd64.deb
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving launchpadlibrarian.net (launchpadlibrarian.net)... 0.0.0.0, ::
Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|0.0.0.0|:443... failed: Connection refused.
Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|::|:443... failed: Connection refused.
xz: (stdin): File format not recognized
tar: This does not look like a tar archive
tar: ./usr/lib/chromium-browser/libffmpeg.so: Not found in archive
tar: Exiting with failure status due to previous errors
The extracted libffmpeg.so does not match the expected sha256sum; aborting

@icf20 You have not installed OS updates for a while I would assume, hence your local certificate store is out of date and thus the failure to be able to connect to launchpadlibrarian.net. The rest of the errors are a follow on from there.

@ruario OS is up to date

connect to launchpadlibrarian.net

i dint look correctly the domain is blacklist like malware

Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|0.0.0.0|:443... failed: Connection refused.

@icf20 launchpadlibrarian.net is run by Canonical/Ubuntu (it ain't malware!).

What distro and distro version do you have?

@icf20 All package links from here are linked from launchpadlibrarian.net

https://launchpad.net/ubuntu/+source/chromium-browser/+publishinghistory

I checked the launchpadlibrarian.net cert. It is a valid and up to date Let's Encrypt cert that does not expire until Wednesday, 23 September 2020 at 23:04:45

@icf20 You connection is (most likely) refused because your certificate store is not up to date (e.g. the package providing '/etc/ssl/certs/ca-certificates.crt'). I would guess it is older than when that particular cert was created (Thursday, 25 June 2020 at 23:04:45). Thus wget does not want to connect. Update your certificate store (most likely via an OS update) and everything will likely just work.

If there is no update, either take it up with your distro maintainer and/or check that you are actually running an distro version that is still maintained.

@icf20 in Vivaldi 3.3 I will disable the certificate checks for these packages. That is not as bad as it sounds. The scripts themselves contain SHA 256 sums embedded and these can (and already are) used to verify the packages in cases where the certificate on sites like launchpadlibrarian.net cannot be verified.

@icf20 - I ran into the same issue. I used a mobile hotspot from work to test and see if it would download from launchpadlibrarian.net it worked.

After checking I found out that it was being blocked by pfSense. launchpadlibrarian.net was listed as malware on one of the DNS Blocker lists I use. I just added it to a whitelist. You can test it by just pointing a browser at launchpadlibrarian.net It should show a page that says:

"http://librarian.launchpad.net/ is a file repository used by Launchpad"

The odd thing is that it showed a certificate error instead of being blocked. I guess it resolves the name, but fails to get the cert from the URL.

@jefff1979 Strange that launchpadlibrarian.net (a domain owned and controlled by Canonical/Ubuntu) would be in a malware list.

@ruario

That's the same thing I thought. I'm not sure why it was on the block list. I'd have to check to see which list I was using.

update-ffmpeg results in 404 not found, and now codecs broken in latest Vivaldi update:

HTTP request sent, awaiting response... 404 Not Found

yay, good thing I updated vivaldi... not

@BloodyIron That URL broke, today. We will get out a fix ASAP. In the mean time:

https://gist.github.com/ruario/fd278f3fdc947e045f3b09b3ad792588