Chrome
Donate
Chrome logoUsing Chrome in Kicksecure.
Warnings[edit]
Chrome is non-freedom software!
Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.
Installation[edit]
These instructions are cumbersome due to Google Chrome Repository Insecurity.
(Based on Linux Software Repositories
instructions.)
Signing Key Installation[edit]
- Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
- Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
- Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.
Download the signing key.
scurl-download https://dl.google.com/linux/linux_signing_key.pub
View OpenPGP key information.
gpg --keyid-format long --import --import-options show-only --with-fingerprint linux_signing_key.pub
pub dsa1024/A040830F7FAC5991 2007-03-08 [SC]
Key fingerprint = 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991
uid Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>
sub elg2048/4F30B6B4C07CB649 2007-03-08 [E]
gpg: key 7721F63BD38B4796: 2 signatures not checked due to missing keys
pub rsa4096/7721F63BD38B4796 2016-04-12 [SC]
Key fingerprint = EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
uid Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
sub rsa4096/78BD65473CB3BD13 2019-07-22 [S] [expires: 2022-07-21]
Convert assci armored linux_signing_key.pub to gpg keyring format linux_signing_key.pub.gpg. [1]
gpg --no-default-keyring --keyring linux_signing_key.pub.gpg --import linux_signing_key.pub
Create keyring with the RSA 4096 signing key only.
gpg --no-default-keyring --keyring linux_signing_key.pub.gpg --armor --export "EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796" | gpg --dearmor --no-options --no-default-keyring > google.gpg
Install the Google RSA 4096 APT signing key.
sudo cp google.gpg /usr/share/keyrings/google.gpg
Avoid Google Chrome Automatic Repository Configuration[edit]
Due to Google Chrome Repository Insecurity.
Create file /etc/default/google-chrome to avoid Google Chrome Automatic Repository Configuration. [3]
Note: this will only work if Google Chrome Repository hasn't been previously added.
sudo touch /etc/default/google-chrome
Repository Installation[edit]
Open file /etc/apt/sources.list.d/google-chrome.list in an editor with root rights.
Kicksecure
See
Open File with Root Rights
for detailed instructions on why to use sudoedit for better security and how to use it.
sudoedit /etc/apt/sources.list.d/google-chrome.list
Kicksecure for Qubes
NOTES:
- When using Kicksecure-Qubes, this needs to be done inside the Template.
sudoedit /etc/apt/sources.list.d/google-chrome.list
- After applying this change, shutdown the Template.
- All App Qubes based on the Template need to be restarted if they were already running.
- This is a general procedure required for Qubes and unspecific to Kicksecure for Qubes.
Others and Alternatives
- This is just an example. Other tools could achieve the same goal.
- If this example does not work for you or if you are not using Kicksecure, please refer to this link.
sudoedit /etc/apt/sources.list.d/google-chrome.list
Paste.
deb [arch=amd64 signed-by=/usr/share/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main
Save.
Package Installation[edit]
Pick a package version.
google-chrome-stablegoogle-chrome-betagoogle-chrome-unstable
Example below installs google-chrome-stable.
Install package(s) google-chrome-stable following these instructions
1 Platform specific notice.
- Kicksecure: No special notice.
- Kicksecure-Qubes: In Template.
2
Update the package lists and upgrade the system
.
sudo apt update && sudo apt full-upgrade
3 Install the google-chrome-stable package(s).
Using apt command line
--no-install-recommends option
is in most cases optional.
sudo apt install --no-install-recommends google-chrome-stable
4 Platform specific notice.
- Kicksecure: No special notice.
- Kicksecure-Qubes: Shut down Template and restart App Qubes based on it as per
Qubes Template Modification
.
5 Done.
The procedure of installing package(s) google-chrome-stable is complete.
Usage[edit]
Start.
/opt/google/chrome/chrome
Related[edit]
- Chromium
- Dev/Chromium
- Dev/Default Browser
- Chromium Browser for Kicksecure Discussions (not Whonix)
- Google Chrome Repository Insecurity
Footnotes[edit]
- ↑ Because in next step, gpg can only work with keyrings. Not with assci armored public key files. This is to import only the newer signing key. Avoiding to import the insecure legacy DSA 1024 signing key.
- ↑
gpg --no-default-keyring --keyring linux_signing_key.pub.gpg --armor --export "EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796" | gpg --import
gpg: key 7721F63BD38B4796: 2 signatures not checked due to missing keys gpg: key 7721F63BD38B4796: public key "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found
- ↑
Note: Installing Google Chrome will add the Google repository so your system will automatically keep Google Chrome up to date. If you don’t want Google's repository, do “sudo touch /etc/default/google-chrome” before installing the package.
A secure by default operating system with the latest security research in place.
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
2012-
2024 ENCRYPTED SUPPORT LP
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!