HOWTO: Brave browser installation

For reference, in a nutshell, adapted from here:
Become root, enable kernel user-namespaces, install signature key, add repo, install brave.

sudo su   # get a root shell

echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf
service procps restart

curl https://s3-us-west-2.amazonaws.com/brave-apt/keys.asc | apt-key add -
echo "deb [arch=amd64] https://s3-us-west-2.amazonaws.com/brave-apt buster main" > /etc/apt/sources.list.d/brave-buster.list

apt update
apt install brave

exit    # quit root shell
# run brave from the menu

As the topic (and/or problems) came up a few times, I thought I write a little guide.

Why would you want that?

• Brave plays the audio on twitter videos properly (PureBrowser currently doesn’t)
• Brave seems to be much more efficient with silly Google doodles like this one. Actually, the CPU being at the limit / fan always on with PureBrowser, was when I finally invested the time to get Brave, just to make sure my Librem 13 is actually capable playing games that were state of the art in the millennium I grew up.
• Brave has very nice privacy / tracking settings by default (PureBrowser could learn a bit)
• Brave Payments (micropayments substituting blocked ads) is a really nice idea, IMO.
• It never hurts to have a second browser

Hi @Caliga

I tried your installation and I get a long list of errors about not updating from insecure repositories.

Can you suggest a way around this output?

here it is:

Get:2 http://ftp.de.debian.org/debian-ports sid InRelease [42.4 kB]
Ign:1 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Hit:3 http://cdn-fastly.deb.debian.org/debian stretch Release
Hit:4 https://repo.puri.sm/pureos green InRelease
Get:5 http://mirrors.edge.kernel.org/ubuntu xenial InRelease [247 kB]
Err:2 http://ftp.de.debian.org/debian-ports sid InRelease
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 06AED62430CB581C
Err:5 http://mirrors.edge.kernel.org/ubuntu xenial InRelease
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
Get:7 https://s3-us-west-2.amazonaws.com/brave-apt buster InRelease [2,810 B]
Err:8 https://s3-us-west-2.amazonaws.com/brave-apt green InRelease
403 Forbidden [IP: 52.218.201.96 443]
Get:9 https://s3-us-west-2.amazonaws.com/brave-apt buster/main amd64 Packages [647 B]
Reading package lists… Done
N: Skipping acquire of configured file ‘main/binary-i386/Packages’ as repository ‘https://repo.puri.sm/pureos green InRelease’ doesn’t support architecture ‘i386’
W: GPG error: http://ftp.de.debian.org/debian-ports sid InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 06AED62430CB581C
E: The repository ‘http://ftp.de.debian.org/debian-ports sid InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://mirrors.edge.kernel.org/ubuntu xenial InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
E: The repository ‘http://mirrors.kernel.org/ubuntu xenial InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch https://s3-us-west-2.amazonaws.com/brave-apt/dists/green/InRelease 403 Forbidden [IP: 52.218.201.96 443]
E: The repository ‘https://s3-us-west-2.amazonaws.com/brave-apt green InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@Libre-Sherab:/home/sherab#

I’m rather certain that you did not just follow my guide, but mixed it with the one I linked.
Hint: If you follow my steps, it will never try to find a “green” repository for brave.
Also, it seems you skipped the line that installs the key.
I also don’t know how you ended up with debian ports and ubuntu xenial stuff.

Try to undo your latest changes and then do the steps above.
Possibly you want to remove all the files you lately added to /etc/apt/sources.list.d/

1. You are correct
2. I added those repositories because I am trying to run some software that needed all kind of librarires that I could not get on normal debian

i’ll have a go at your suggestion to remove from sources.list.d
thanks

@Caliga

so i followed the advice. to the letter.

you where right

I love you [wo]man [non-binary]

Well… good to hear

yes i a world champion in making mistakes.

but i get there at the end.

so thank you very much for your efforts.

I hashed out the other repositories.

Also i am trying to instlal crossover and there seems to be a lot of libraries not wanting to install.
Would you mind explaining to me this output please? just say if you are busy as I appreciate you are giving your precious time.

N: Skipping acquire of configured file ‘main/binary-i386/Packages’ as repository ‘https://repo.puri.sm/pureos green InRelease’ doesn’t support architecture ‘i386’

I may be wrong but this is literally saying what it is doing. PureOS I guess only targets x64 and as a result what ever you were doing skipped getting the configuration file for that purpose.

This procedure is for installation on Librem laptops only?

I see Brave could be installed on Linux ( debian, mint, fedora)
Even Android and IOS. But why is not on f-droid yet?. Perhaps is not fully opensource.

I want to give a try on android phone without using google play.

How better could be Brave compared to Duckduckgo Browser?

This process is for Pure OS only.

The bits related to the site payments using crypto-currency, etc are not open source as far as I can tell. Some of it is proprietary.

As for whether or not Brave is better than the duckduckgo browser, which I believe is just a mobile browser at the moment, is not something I am able to answer.

I like Brave because it blocks by default, and it provides an alternative revenue means for sites, instead of just blocking ads.

Caliga, any chance you could update this as the repo has changed since they moved to stripped Chromium as the basis of the browser? (I’m very happy with that personally.)

Become root, enable kernel user-namespaces, install signature key, add repo, install brave. (Adapted)

sudo su   # get a root shell

echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf
service procps restart

curl -s https://brave-browser-apt-release.s3.brave.com/brave-core.asc | apt-key add -
echo "deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/ bionic main" >> /etc/apt/sources.list.d/brave-bionic.list

apt update
apt install brave-browser brave-keyring

exit    # quit root shell
# run brave from the menu

To have the beta / nightly channel, use the following steps additionally or instead:

curl -s https://brave-browser-apt-beta.s3.brave.com/brave-core-nightly.asc | apt-key add -
echo "deb [arch=amd64] https://brave-browser-apt-beta.s3.brave.com/ bionic main" >> /etc/apt/sources.list.d/brave-bionic.list

curl -s https://brave-browser-apt-dev.s3.brave.com/brave-core-nightly.asc | sudo apt-key add -
echo "deb [arch=amd64] https://brave-browser-apt-dev.s3.brave.com/ bionic main" >> /etc/apt/sources.list.d/brave-bionic.list

In case you added both (stable + beta) channels, you can always change your mind. Just add a # before any line in the repo file to disable it.

# open in text editor (exit+write with Ctrl+o, Enter)
nano /etc/apt/sources.list.d/brave-bionic.list
        # both repos, but beta disabled
        deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/ bionic main
        # deb [arch=amd64] https://brave-browser-apt-beta.s3.brave.com/ bionic main

apt update        # update after changes

See available packages:

apt-cache policy brave-keyring brave-browser braver-browser-beta brave-browser-dev

Note: As of now, no betas are available, but about 25 development builds.

Thanks! What I don’t understand is how did you know this was brave-bionic? That isn’t listed in the instructions at all? I assumed PureOS is closest to Ubuntu but maybe not?

I didn’t “know”, I just picked it.

The (official) install commands insert the distro name. The old one Debian names, the new ones Ubuntu names (for Mint it takes the Ubuntu name Mint is based on). Most likely you could use most of the recent Ubuntu names, because thery are all very similar. A package that targets an older distro should usually also work on a newer, unless disruptive changes have been made. Might even be you get the same package no matter what, and all that magic is just to get some statistics on used distros, without sending telemetry data
But I picked Bionic as Ubuntu 18.04 is an LTS release, so that repository is likely to work for at least 4 more years. Cosmic has only 7 months official support left.

I just noticed that Brave seems to update their signing keys quite regularly.
The one I had installed expired 2019-04-13.
The new one will expire 2019-08-08.
Actually, I guess it’s the same key, but refreshed.
Fingerprint is still D8BA D4DE 7EE1 7AF5 2A83 4B2D 0BB7 5829 C2D4 E821

So, if apt update fails to update the brave repository data with invalid signature, EXPKEYSIG, it’s no reason to worry. The command described in post #12 will refresh the key.

To be sure that nothing strange is going on, you can do it in multiple steps. Note that a different fingerprint is not necessarily malicious, but maybe is should be explained somewhere. At the very least, it should match with the fingerprints listed in the official installation docs.

# list all installed repository keys (with fingerprints and expiry dates)
apt-key list
# dowload current brave key, without directly installing it
curl -s https://brave-browser-apt-release.s3.brave.com/brave-core.asc > brave.asc
# examine downloaded key
gpg brave.asc
#install examined key
apt-key add brave.asc

Is it brave-core or brave-bionic as you said earlier?

Those two things are not related. One is a key file , the other a repository name.

The special preparatory steps are no longer necessary. For me, Brave installed just fine by following the Debian instructions here: