Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Running the the Vivaldi Linux update-ffmpeg and update-widevine scripts without using root

Intro

The update-ffmpeg and update-widevine scripts included in the Vivaldi install directory are provided to fix situations where proprietary media (AVC/H.264 and AAC) and Widevine (DRM/EME) respectively, are not setup correctly.

These scripts are primarily intended to be run as root (or under sudo) as they create and update files and directories that are root owned. However both support a command line option (--user) that adjusts their installation directories and thus allows them to be run without escalation.

The --user options were made for internal usage, with locally ‘unpacked’ copies of Vivaldi (i.e. not installed). However, it is possible to use them with standard installs (albeit with a little tweaking in the case of update-widevine).

update-ffmpeg

To install proprietary media for just your current user issue the following:

/opt/vivaldi/update-ffmpeg --user

update-widevine

To install Widevine for just your current user, a couple more steps are required. This is because the script still attempts to adjust symlinks within the (typically root owned) Vivaldi install directory.

You can adjust the script as it runs, to disable the symlink creation, which would otherwise cause failure:

sed -r 's/^ *(rm|ln) -f.*/:/' /opt/vivaldi/update-widevine | sh -eus -- --user

Now create meta data in your Vivaldi user data directory that points to alternative Widevine install location–triple click to select the entire line:

echo "{\"Path\":\"$HOME/.local/lib/vivaldi/WidevineCdm\"}" > "${XDG_CONFIG_HOME:-$HOME/.config}/vivaldi/WidevineCdm/latest-component-updated-widevine-cdm"

Note: Change all “vivaldi” references in the above commands to “vivaldi-snapshot”, if you use the snapshot version.

@icf20

This comment has been minimized.

Copy link

@icf20 icf20 commented Aug 6, 2020

-2020-08-06 22:50:17-- https://launchpadlibrarian.net/478578979/chromium-codecs-ffmpeg-extra_81.0.4044.138-0ubuntu0.16.04.1_amd64.deb
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving launchpadlibrarian.net (launchpadlibrarian.net)... 0.0.0.0, ::
Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|0.0.0.0|:443... failed: Connection refused.
Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|::|:443... failed: Connection refused.
xz: (stdin): File format not recognized
tar: This does not look like a tar archive
tar: ./usr/lib/chromium-browser/libffmpeg.so: Not found in archive
tar: Exiting with failure status due to previous errors
The extracted libffmpeg.so does not match the expected sha256sum; aborting

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 6, 2020

@icf20 You have not installed OS updates for a while I would assume, hence your local certificate store is out of date and thus the failure to be able to connect to launchpadlibrarian.net. The rest of the errors are a follow on from there.

@icf20

This comment has been minimized.

Copy link

@icf20 icf20 commented Aug 7, 2020

@ruario OS is up to date

connect to launchpadlibrarian.net

i dint look correctly the domain is blacklist like malware

Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|0.0.0.0|:443... failed: Connection refused.

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 7, 2020

@icf20 launchpadlibrarian.net is run by Canonical/Ubuntu (it ain't malware!).

What distro and distro version do you have?

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 7, 2020

@icf20 All package links from here are linked from launchpadlibrarian.net

https://launchpad.net/ubuntu/+source/chromium-browser/+publishinghistory

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 7, 2020

I checked the launchpadlibrarian.net cert. It is a valid and up to date Let's Encrypt cert that does not expire until Wednesday, 23 September 2020 at 23:04:45

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 7, 2020

@icf20 You connection is (most likely) refused because your certificate store is not up to date (e.g. the package providing '/etc/ssl/certs/ca-certificates.crt'). I would guess it is older than when that particular cert was created (Thursday, 25 June 2020 at 23:04:45). Thus wget does not want to connect. Update your certificate store (most likely via an OS update) and everything will likely just work.

If there is no update, either take it up with your distro maintainer and/or check that you are actually running an distro version that is still maintained.

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 10, 2020

@icf20 in Vivaldi 3.3 I will disable the certificate checks for these packages. That is not as bad as it sounds. The scripts themselves contain SHA 256 sums embedded and these can (and already are) used to verify the packages in cases where the certificate on sites like launchpadlibrarian.net cannot be verified.

@jefff1979

This comment has been minimized.

Copy link

@jefff1979 jefff1979 commented Jan 19, 2021

@icf20 - I ran into the same issue. I used a mobile hotspot from work to test and see if it would download from launchpadlibrarian.net it worked.

After checking I found out that it was being blocked by pfSense. launchpadlibrarian.net was listed as malware on one of the DNS Blocker lists I use. I just added it to a whitelist. You can test it by just pointing a browser at launchpadlibrarian.net It should show a page that says:

"http://librarian.launchpad.net/ is a file repository used by Launchpad"

The odd thing is that it showed a certificate error instead of being blocked. I guess it resolves the name, but fails to get the cert from the URL.

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented May 21, 2021

@jefff1979 Strange that launchpadlibrarian.net (a domain owned and controlled by Canonical/Ubuntu) would be in a malware list.

@jefff1979

This comment has been minimized.

Copy link

@jefff1979 jefff1979 commented May 21, 2021

@ruario

That's the same thing I thought. I'm not sure why it was on the block list. I'd have to check to see which list I was using.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment