Installing Brave Browser on Debian and Derivatives
I'm a big fan of brave. If you need to use a Chromium based browser, it's
the best choice (aside from Ungoogled Chromium). Although Debian and its
derivatives don't package the browser, the Brave project provides a deb
package through their own apt repository, as well as instructions on how
to enable the repo.
Being an opinionated bastard, however, means that I install the software
in a slightly different manner (for starters, I'm not a fan of running
curl as root, and nor should you).
Note that the process below is slightly more involved, so if you'd rather just follow Brave's official instructions[1], then by all means go for it.
As always: '#' means run command as root; '$' means run as a non-root user.
Get Brave's GPG Key
Use either curl or wget. If neither are installed on your system, I recommend installing wget, simply because it will be installed as a dependency for Brave later on anyway.
wget command:
$ wget -q -O brave-browser-archive-keyring.gpg \
https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpgcurl command:
$ curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg \
https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpgNow, move the key to /usr/share/keyrings/
# mv brave-browser-archive-keyring.gpg /usr/share/keyrings/Next, ensure that the file has 644 mode bits and is owned by root. This is very important. If the file is still owned by the non-root user, apt will report that no public key for the brave browser was found.
$ stat -c "%a %g %G" /usr/share/keyrings/brave-browser-archive-keyring.gpgThe output should look like this
644 0 rootIf not, change ownership
# chmod 644 /usr/share/keyrings/brave-browser-archive-keyring.gpg
# chown root:root /usr/share/keyrings/brave-browser-archive-keyring.gpgCreate DEB822 .sources file
When it comes to apt's sources, I very much prefer using DEB822 style .sources
files. They're cleaner, and there's apparently a plan to make them the default
in the future (finally one change I'm not averse to).
/etc/apt/sources.list.d/brave-browser.sources (download)
Types: deb
URIs: https://brave-browser-apt-release.s3.brave.com/
Suites: stable
Components: main
Signed-by: /usr/share/keyrings/brave-browser-archive-keyring.gpgSave and move the file to /etc/apt/souces.list.d.
# mv brave-browser.sources /etc/apt/sources.list.d/If you'd rather stick to the .list file, simply:
$ echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" \
> brave-browser-release.list
# mv brave-browser-release.list /etc/apt/sources.list.d/The ownership note in the prior section also applies to brave-browser.sources
(or brave-browser-release.list), so run the same stat command against this file,
and fix if needed.
Install Brave
Now, all that's left is to update and install Brave
# apt update && apt install brave-browserVoila.
Post install
After installation, the brave-keyring package may create a file called
brave-browser-release.gpg in /etc/apt/trusted.gpg.d/, which is linked
to /usr/share/keyrings/brave-browser-archive-keyring.gpg. This happens
because the package verifies if the old keyring file is being used, and if
so, will create the symlink in order to ensure the new one is going to be used.
However, in our case, this happens because the postinst script does its check
in the brave-browser-release.list file, which was not created since we're
using the (better) deb822 format. Either way, no problem, simply remove the
file if it exists
# if [ -f /etc/apt/trusted.gpg.d/brave-browser-release.gpg ]; then rm /etc/apt/trusted.gpg.d/brave-browser-release.gpg; fi