-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChrome.mw
148 lines (110 loc) · 4.6 KB
/
Chrome.mw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
{{Title|title=Chrome}}
{{Header}}
{{#seo:
|description=Using Chrome in {{project_name_long}}.
|image=GoogleChromeicon.png
}}
[[File:GoogleChromeicon.png|thumb|<code>Chrome</code> logo]]
{{intro|
Using Chrome in {{project_name_short}}.
}}
= Warnings =
{{Other_Browsers}}
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text = Chrome is non-freedom software!
See [[Avoid_nonfreedom_software|Avoid non-freedom software]].
}}
{{stub}}
= Installation =
These instructions are cumbersome due to [[Google Chrome Repository Insecurity|Google Chrome Repository Insecurity]].
(Based on [https://www.google.com/linuxrepositories/ Linux Software Repositories] instructions.)
== Signing Key Installation ==
{{always_verify_signatures_reminder}}
Download the signing key.
{{CodeSelect|code=
scurl-download https://dl.google.com/linux/linux_signing_key.pub
}}
View OpenPGP key information.
{{CodeSelect|code=
gpg --keyid-format long --import --import-options show-only --with-fingerprint linux_signing_key.pub
}}
<pre>
pub dsa1024/A040830F7FAC5991 2007-03-08 [SC]
Key fingerprint = 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991
uid Google, Inc. Linux Package Signing Key <[email protected]>
sub elg2048/4F30B6B4C07CB649 2007-03-08 [E]
gpg: key 7721F63BD38B4796: 2 signatures not checked due to missing keys
pub rsa4096/7721F63BD38B4796 2016-04-12 [SC]
Key fingerprint = EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
uid Google Inc. (Linux Packages Signing Authority) <[email protected]>
sub rsa4096/78BD65473CB3BD13 2019-07-22 [S] [expires: 2022-07-21]
</pre>
Convert assci armored <code>linux_signing_key.pub</code> to gpg keyring format <code>linux_signing_key.pub.gpg</code>. <ref>
Because in next step, gpg can only work with keyrings. Not with assci armored public key files. This is to import only the newer signing key. Avoiding to import the insecure legacy DSA 1024 signing key.
</ref>
{{CodeSelect|code=
gpg --no-default-keyring --keyring linux_signing_key.pub.gpg --import linux_signing_key.pub
}}
<ref>
{{CodeSelect|code=
gpg --no-default-keyring --keyring linux_signing_key.pub.gpg --armor --export "EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796" {{!}} gpg --import
}}
<pre>
gpg: key 7721F63BD38B4796: 2 signatures not checked due to missing keys
gpg: key 7721F63BD38B4796: public key "Google Inc. (Linux Packages Signing Authority) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
</pre>
</ref>
Create keyring with the RSA 4096 signing key only.
{{CodeSelect|code=
gpg --no-default-keyring --keyring linux_signing_key.pub.gpg --armor --export "EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796" {{!}} gpg --dearmor --no-options --no-default-keyring > google.gpg
}}
Install the Google RSA 4096 APT signing key.
{{CodeSelect|code=
sudo cp google.gpg /usr/share/keyrings/google.gpg
}}
== Avoid Google Chrome Automatic Repository Configuration ==
Due to [[Google Chrome Repository Insecurity|Google Chrome Repository Insecurity]].
Create file <code>/etc/default/google-chrome</code> to avoid Google Chrome Automatic Repository Configuration. <ref>
<blockquote>Note: Installing Google Chrome will add the Google repository so your system will automatically keep Google Chrome up to date. If you don’t want Google's repository, do “sudo touch /etc/default/google-chrome” before installing the package.</blockquote>
</ref>
Note: this will only work if Google Chrome Repository hasn't been previously added.
{{CodeSelect|code=
sudo touch /etc/default/google-chrome
}}
== Repository Installation ==
{{Open with root rights|filename=
/etc/apt/sources.list.d/google-chrome.list
}}
Paste.
{{CodeSelect|code=
deb [arch=amd64 signed-by=/usr/share/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main
}}
Save.
== Package Installation ==
Pick a package version.
* <code>google-chrome-stable</code>
* <code>google-chrome-beta</code>
* <code>google-chrome-unstable</code>
Example below installs <code>google-chrome-stable</code>.
{{Install Package|package=
google-chrome-stable
}}
= Usage =
Start.
{{CodeSelect|code=
/opt/google/chrome/chrome
}}
= Related =
* [[Chromium]]
* [[Dev/Chromium]]
* [[Dev/Default Browser]]
* [https://forums.whonix.org/t/chromium-browser-for-kicksecure-discussions-not-whonix/10388 Chromium Browser for {{project_name_short}} Discussions (not Whonix)]
* [[Google_Chrome_Repository_Insecurity|Google Chrome Repository Insecurity]]
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]