Arch Linux User Repository

Make sure to fetch the developers' signing key before building the package.

The official instructions are here. The link is also mentioned in the PKGBUILD.

If the site is blocked in your region, you'll have to work around it or trust me that this is what it says:

% gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

which (as of 2024-06-26) should also show this fingerprint:

EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290

If your gpg says otherwise, you may have been fed garbage.

I removed all the changes I had made previously, ran the command to create a @/is-packaged-app file, and that did the trick!

It also completely removes the update section from the settings page which makes this approach superior to the previously proposed solutions.

I try to avoid changing more configuration than is absolutely necessary, especially in a browser that's built around the idea of sharing the same fingerprint for all users.

Automatic updates can also be disabled by letting the browser know that it's managed by an external package manager. 13.5 added some checks for it, and IIUC it was also supposed to introduce a check for @/system-install (which has been created by this package from the beginning because it's needed for some other things), but it looks like nothing came of it.

Instead, they added a check for @/is-packaged-app. If you're feeling adventurous, run:

# touch /opt/mullvad-browser/is-packaged-app

and see if it helps. It works for me, so I'll test it for a couple more days and then push an update if nothing else breaks.

edit: I'd also propose adding a distribution.ini file in /opt/mullvad-browser/distribution/ just like the firefox package does in its PKGBUILD, see here. See here for more about the distribution.ini file.

Just a note, this only affects newly created profiles from what I can tell, so only fresh installs without any preexisting profile(s) will have the changes applied (or if you create a new profile in about:profiles manually and switch to using it).

One more thing, this is most likely not applicable here, but this is how the firefox package handles the initial configuration (e.g. disabling browser update checks) and other stuff. It leverages a mozconfig file which is used to configure the build process.

I added the policies.json file in /opt/mullvad-browser/distribution/ with DisableAppUpdate policy set to true, as outlined here, and it worked.

MB reports Updates disabled by your system administrator both in the Mullvad Browser Update section of the Settings and in the About window, and MB no longer attempts to reach Mullvad's CDN for version check.

Yes, it didn't work, at least a couple of months ago.

https://aur.archlinux.org/packages/mullvad-browser-bin?O=10#comment-967529

Have you considered placing a policies.json file in $pkgdir/opt/mullvad-browser/distribution/ to disable the browser's update check? The content of policies.json would be:

{
  "policies": {
    "DisableAppUpdate": true
  }
}

https://mozilla.github.io/policy-templates/#disableappupdate

Thanks for the research. The browser does indeed look up libavcodec.so with sonames version 53 through 60, and the latest ffmpeg only provides version 61.

Here is a test video; installing ffmpeg4.4 fixes it. I updated the package.

I recently was unable to reproduce H264 videos and AAC audio on my desktop, both from Mullvad Browser and Tor Browser.

Because video playback on Mullvad was working just fine on my laptop, I started looking for differences between the two machines. I found out that on my laptop, I also had installed the ffmpeg4.4 library. As soon as I installed ffmpeg4.4 on my desktop, video and audio playback were fixed.

I believe this issue started with the latest ffmpeg update from the Arch Repo.

Do you think ffmpeg4.4 should be added as a dependency for this package?

That did it. Thank you.

Make sure to fetch the developers' signing key before building the package.

The official instructions are here. The link is also mentioned in the PKGBUILD.

If the site is blocked in your region, you'll have to work around it or trust me that this is what it says:

% gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

which (as of 2024-06-26) should also show this fingerprint:

EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290

If your gpg says otherwise, you may have been fed garbage.

m@m-woof ~/Downloads/mullvad/mullvad-browser-bin $ makepkg -si ==> Making package: mullvad-browser-bin 13.5-1 (Tue 25 Jun 2024 05:19:28 PM CDT) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Downloading mullvad-browser-linux-x86_64-13.5.tar.xz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 98.4M 100 98.4M 0 0 830k 0 0:02:01 0:02:01 --:--:-- 1561k -> Downloading mullvad-browser-linux-x86_64-13.5.tar.xz.asc... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 833 100 833 0 0 783 0 0:00:01 0:00:01 --:--:-- 783 -> Found mullvad-browser.sh -> Found mullvad-browser.desktop ==> Validating source files with sha256sums... mullvad-browser-linux-x86_64-13.5.tar.xz ... Passed mullvad-browser-linux-x86_64-13.5.tar.xz.asc ... Skipped mullvad-browser.sh ... Passed mullvad-browser.desktop ... Passed ==> Verifying source file signatures with gpg... mullvad-browser-linux-x86_64-13.5.tar.xz ... FAILED (unknown public key E53D989A9E2D47BF) ==> ERROR: One or more PGP signatures could not be verified!