Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Running the the Vivaldi Linux update-ffmpeg and update-widevine scripts without using root

Intro

The update-ffmpeg and update-widevine scripts included in the Vivaldi install directory are provided to fix situations where proprietary media (AVC/H.264 and AAC) and Widevine (DRM/EME) respectively, are not setup correctly.

These scripts are primarily intended to be run as root (or under sudo) as they create and update files and directories that are root owned. However both support a command line option (--user) that adjusts their installation directories and thus allows them to be run without escalation.

The --user options were made for internal usage, with locally ‘unpacked’ copies of Vivaldi (i.e. not installed). However, it is possible to use them with standard installs (albeit with a little tweaking in the case of update-widevine).

update-ffmpeg

To install proprietary media for just your current user issue the following:

/opt/vivaldi/update-ffmpeg --user

update-widevine

To install Widevine for just your current user, a couple more steps are required. This is because the script still attempts to adjust symlinks within the (typically root owned) Vivaldi install directory.

You can adjust the script as it runs, to disable the symlink creation, which would otherwise cause failure:

sed -r 's/^ *(rm|ln) -f.*/:/' /opt/vivaldi/update-widevine | sh -eus -- --user

Now create meta data in your Vivaldi user data directory that points to alternative Widevine install location–triple click to select the entire line:

echo "{\"Path\":\"$HOME/.local/lib/vivaldi/WidevineCdm\"}" > "${XDG_CONFIG_HOME:-$HOME/.config}/vivaldi/WidevineCdm/latest-component-updated-widevine-cdm"

Note: Change all “vivaldi” references in the above commands to “vivaldi-snapshot”, if you use the snapshot version.

@icf20

This comment has been minimized.

Copy link

@icf20 icf20 commented Aug 6, 2020

-2020-08-06 22:50:17-- https://launchpadlibrarian.net/478578979/chromium-codecs-ffmpeg-extra_81.0.4044.138-0ubuntu0.16.04.1_amd64.deb
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving launchpadlibrarian.net (launchpadlibrarian.net)... 0.0.0.0, ::
Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|0.0.0.0|:443... failed: Connection refused.
Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|::|:443... failed: Connection refused.
xz: (stdin): File format not recognized
tar: This does not look like a tar archive
tar: ./usr/lib/chromium-browser/libffmpeg.so: Not found in archive
tar: Exiting with failure status due to previous errors
The extracted libffmpeg.so does not match the expected sha256sum; aborting

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 6, 2020

@icf20 You have not installed OS updates for a while I would assume, hence your local certificate store is out of date and thus the failure to be able to connect to launchpadlibrarian.net. The rest of the errors are a follow on from there.

@icf20

This comment has been minimized.

Copy link

@icf20 icf20 commented Aug 7, 2020

@ruario OS is up to date

connect to launchpadlibrarian.net

i dint look correctly the domain is blacklist like malware

Connecting to launchpadlibrarian.net (launchpadlibrarian.net)|0.0.0.0|:443... failed: Connection refused.

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 7, 2020

@icf20 launchpadlibrarian.net is run by Canonical/Ubuntu (it ain't malware!).

What distro and distro version do you have?

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 7, 2020

@icf20 All package links from here are linked from launchpadlibrarian.net

https://launchpad.net/ubuntu/+source/chromium-browser/+publishinghistory

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 7, 2020

I checked the launchpadlibrarian.net cert. It is a valid and up to date Let's Encrypt cert that does not expire until Wednesday, 23 September 2020 at 23:04:45

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 7, 2020

@icf20 You connection is (most likely) refused because your certificate store is not up to date (e.g. the package providing '/etc/ssl/certs/ca-certificates.crt'). I would guess it is older than when that particular cert was created (Thursday, 25 June 2020 at 23:04:45). Thus wget does not want to connect. Update your certificate store (most likely via an OS update) and everything will likely just work.

If there is no update, either take it up with your distro maintainer and/or check that you are actually running an distro version that is still maintained.

@ruario

This comment has been minimized.

Copy link
Owner Author

@ruario ruario commented Aug 10, 2020

@icf20 in Vivaldi 3.3 I will disable the certificate checks for these packages. That is not as bad as it sounds. The scripts themselves contain SHA 256 sums embedded and these can (and already are) used to verify the packages in cases where the certificate on sites like launchpadlibrarian.net cannot be verified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.