Brave
Brave is a web browser focused on privacy, blocking trackers, and advertisements.
Brave is not present in the Gentoo ebuild repository, but can be installed from the brave-overlay ebuild repository. Brave is distributed as a binary package, which should not impact usage performance.
Installation
Prerequisites
The following must be installed in order for the rest of this article to work properly: app-eselect/eselect-repository and dev-vcs/git.
Skip the rest of this section if they are already installed.
Install required software:
root #
emerge --ask app-eselect/eselect-repository dev-vcs/git
Set Portage to use the Brave ebuild repository
Issue the command to configure the brave-overlay ebuild repository for Portage. Then, synchronize that repository:
root #
eselect repository add brave-overlay git https://gitlab.com/jason.oliveira/brave-overlay.git
root #
emerge --sync brave-overlay
Emerge
Install Brave:
root #
emerge --ask www-client/brave-bin::brave-overlay
Configuration
Most configuration aspects can be found in the Chromium article. Head over there for configuration information.
Screensharing with Pipewire
Change 'WebRTC PipeWire support' to 'Enabled' in brave://flags
Using Wayland backend
Change 'Preferred Ozone platform' to 'Wayland' in brave://flags
Policies
It is possible to set specific policies for chromium based browsers like Brave. This can be useful especially if the browser should be accessible by users, but the content should be restricted to trusted sites. It can also be configured to restrict the access to specified URIs, like the file:// protocol, to prevent users from surfing the file system.
To set custom policies a JSON file must be created in /etc/brave/policies/managed/<filename>.json
The JSON file must meet the following structure:[1]
{
"[policy name]": [value]
}
An example JSON file could look like this:
{
"IncognitoModeAvailability": 1,
"URLBlocklist": [
"https://facebook.com",
"file://*",
"javascript://*",
"ftp://*",
"mailto:*"
],
"DefaultGeolocationSetting": 2,
"DefaultNotificationsSetting": 2,
}
This prevents the user from surfing on the file system using the file protocol, incognito mode, blocks the listed URIs and URLs, and the location and notifications. More settings, can be found in the policy list: https://www.chromium.org/administrators/policy-list-3/. If configured for other users as a service, it is recommended to block all sites at first and then define the allowed sites, to avoid abuse of the service.
It is important to ensure, that the
<filename>.json
is not writable by non-admin users, to prevent overwriting of the policies by users, which would defeat the purpose of policies! The chown and chmod commands can be used to change ownership and rights if for any reason the file should be writable by non-admin users.If the policy was configured properly can be proofed on the special page: brave://policy
Please note that this only blocks the user from visiting specified locations. It does not disable the protocols on the system, so other applications must be configured separately.
See also
- Eselect/Repository — an eselect module for configuring ebuild repositories for Portage.