Chrome
Warnings[edit]
Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.
Installation[edit]
These instructions are cumbersome due to Google Chrome Repository Insecurity.
(Based on Linux Software Repositories instructions.)
Signing Key Installation[edit]
Digital signatures can increase security but this requires knowledge. Learn more about digital software signature verification.
Download the signing key.
View OpenPGP key information.
pub dsa1024/A040830F7FAC5991 2007-03-08 [SC] Key fingerprint = 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991 uid Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com> sub elg2048/4F30B6B4C07CB649 2007-03-08 [E] gpg: key 7721F63BD38B4796: 2 signatures not checked due to missing keys pub rsa4096/7721F63BD38B4796 2016-04-12 [SC] Key fingerprint = EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796 uid Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com> sub rsa4096/78BD65473CB3BD13 2019-07-22 [S] [expires: 2022-07-21]
Convert assci armored linux_signing_key.pub
to gpg keyring format linux_signing_key.pub.gpg
. [1]
Create keyring with the RSA 4096 signing key only.
Install the Google RSA 4096 APT signing key.
Avoid Google Chrome Automatic Repository Configuration[edit]
Due to Google Chrome Repository Insecurity.
Create file /etc/default/google-chrome
to avoid Google Chrome Automatic Repository Configuration. [3]
Note: this will only work if Google Chrome Repository hasn't been previously added.
Repository Installation[edit]
Open file /etc/apt/sources.list.d/google-chrome.list
in an editor with root rights.
(Kicksecure ™ inside Qubes: In Template)
This box uses sudoedit
for better security. This is an example and other tools could also achieve the same goal. If this example does not work for you or if you are not using Kicksecure ™, please refer to this link.
Paste.
Save.
Package Installation[edit]
Pick a package version.
google-chrome-stable
google-chrome-beta
google-chrome-unstable
Example below installs google-chrome-stable
.
Install google-chrome-stable
.
1. Update the package lists.
2. Upgrade the system.
3. Install the google-chrome-stable
package.
Using apt
command line parameter --no-install-recommends
is in most cases optional.
The procedure of installing google-chrome-stable
is complete.
Related[edit]
- Chromium
- Dev/Chromium
- Dev/Default Browser
- Chromium Browser for Kicksecure ™ Discussions (not Whonix)
- Google Chrome Repository Insecurity
Footnotes[edit]
- ↑ Because in next step, gpg can only work with keyrings. Not with assci armored public key files. This is to import only the newer signing key. Avoiding to import the insecure legacy DSA 1024 signing key.
- ↑
gpg --no-default-keyring --keyring linux_signing_key.pub.gpg --armor --export "EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796" | gpg --import
gpg: key 7721F63BD38B4796: 2 signatures not checked due to missing keys gpg: key 7721F63BD38B4796: public key "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found
- ↑
Note: Installing Google Chrome will add the Google repository so your system will automatically keep Google Chrome up to date. If you don’t want Google's repository, do “sudo touch /etc/default/google-chrome” before installing the package.
Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.