DEV Community

Cover image for You Can Install Edge Browser on openSUSE... In a Rootless Container
Archer Allstars
Archer Allstars

Posted on • Updated on

You Can Install Edge Browser on openSUSE... In a Rootless Container

Installing Edge on Linux is not a straight forward process if you're not using Debian-based distros, as only .deb package is available on the official website. Fortunately, Microsoft also provides its official Linux repo that we can use to download and install Microsoft products on our system.

πŸ‘‰οΈ Table of contents:

  1. Preparing the Container
  2. Install Edge
  3. Export Edge from the Container
  4. Edit the Startup WM Class in the Desktop File
  5. Check the Host's Keyring Entry
  6. Automatically Update the Browser

1. Preparing the Container

I install the browser in a container because I want an isolation between the browser and my base system. I consider this is a good practice in both security and management, as the container is rootless, plus I can delete the container along with everything inside it more easily without affecting my system in any way.

If you want to install the browser directly on your system, you can skip this part.

1.1. Install Distrobox and Podman on the Host

sudo zypper install distrobox podman
Enter fullscreen mode Exit fullscreen mode

1.2. Configure Distrobox to use Podman

echo 'container_manager="podman"' > ~/.config/distrobox/distrobox.conf
Enter fullscreen mode Exit fullscreen mode

1.3. Create a New Distrobox Container for Edge

distrobox create -i registry.opensuse.org/opensuse/tumbleweed:latest -n edge-dbx --volume /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
Enter fullscreen mode Exit fullscreen mode

Note, if you're using Distrobox ≀ 1.7.1, you'll have to add --hostname "$(uname -n)" to the distrobox create command. Otherwise, you will have an issue with .desktop icon integretion with GNOME, see gnome-shell issue #7531.

1.4. Prepare the Packages Inside the Container

Base Packages

sudo zypper install adwaita-icon-theme dbus-1-x11 glib2
Enter fullscreen mode Exit fullscreen mode

VA-API drivers for Intel GPUs

sudo zypper install intel-media-driver libva-utils
Enter fullscreen mode Exit fullscreen mode

Note, AFAIK, AMD's VA-API doesn't work with Chromium yet. Plus, you would also need to sudo zypper install opi && opi codecs for H265 video acceleration to work. For NVIDIA, please refer to the GPU section on Distrobox's GitHub page.

1.5. Prepare DBus

eval $(dbus-launch --sh-syntax)
Enter fullscreen mode Exit fullscreen mode

At this point, if you set a bigger cursor size on the host system like me, you might want to change the cursor size in the container to match the one on your system as well. For example, the medium size (32) would be:

gsettings set org.gnome.desktop.interface cursor-size 32
Enter fullscreen mode Exit fullscreen mode

The host's system reboot is required for this to take effect.


2. Install Edge

2.1. Add the Official Edge Repo

sudo zypper ar -f --gpgcheck-allow-unsigned https://packages.microsoft.com/yumrepos/edge/ edge-yum
Enter fullscreen mode Exit fullscreen mode

Then, refresh all repos with:

sudo zypper refresh
Enter fullscreen mode Exit fullscreen mode

Note, I use -f to make the repo automatically refresh, and --gpgcheck-allow-unsigned to allow the unsigned repo and packages, the same with the official config.repo on Microsoft website.

2.2. Install Edge (finally πŸ˜‚)

sudo zypper install microsoft-edge-stable
Enter fullscreen mode Exit fullscreen mode

3. Export Edge from the Container

distrobox-export -a microsoft-edge-stable -ef "--enable-features=UseOzonePlatform,VaapiVideoDecodeLinuxGL,VaapiVideoEncoder --use-gl=angle --use-angle=gl --ozone-platform=wayland"
Enter fullscreen mode Exit fullscreen mode

I use many flags as shown on above to enable native Wayland mode and VA-API video acceleration. Unlike other Chromium-based browser, you'll have to enable native Wayland through launch flags.


4. Edit the Startup WM Class in the Desktop File

You can use MenuLibre for this. Easy installation on the host system:

sudo zypper install menulibre gnome-icon-theme
Enter fullscreen mode Exit fullscreen mode

Then, you can add microsoft-edge as the Startup WM Class, as shown in the screenshot below:

MenuLibre

Note, you can use Alt+F2 then lg to view any app's correct Startup WM Class value.

If the icon of the browser doesn't show up, you can reboot the system. After that, the icon will show up without issues.


5. Check the Host's Keyring Entry

This is the most important step of all. On GNOME, we can use the Passwords and Keys app (Seahorse) to check whether the browser created a correct entry. If it doesn't create any entry, it means that all your data, which would be encrypted otherwise, will be stored in plain text!

In our case, if the encryption is in place, Edge will store its entry as Chromium Safe Storage, as shown in the screenshot below:

Edge's keyring entry

Note, not all container images could access the host's keyring in rootless mode, Ubuntu's container images for example.


6. Automatically Update the Browser

One important factor to make the browser as secure as it can be is to update it ASAP when a new version is released. To do this, we can use systemd's service and timer like this:

dbx-upgrade.service

[Unit]
Description=Upgrade all rootless Distrobox containers.
RequiresMountsFor=/run/user/1000/containers

[Service]
Type=exec
ExecStart=-bash -c "distrobox-upgrade --all"
Restart=on-failure
RestartSec=60
TimeoutStopSec=5min
RemainAfterExit=yes
Enter fullscreen mode Exit fullscreen mode

Save this in ~/.config/systemd/user/dbx-upgrade.service.

dbx-upgrade.timer

[Unit]
Description=Run distrobox-upgrade --all daily.

[Timer]
OnCalendar=daily
RandomizedDelaySec=5min
Persistent=true

[Install]
WantedBy=timers.target
Enter fullscreen mode Exit fullscreen mode

Save this in ~/.config/systemd/user/dbx-upgrade.timer.

Enable the Timer

systemctl --user daemon-reload && systemctl --user enable dbx-upgrade.timer
Enter fullscreen mode Exit fullscreen mode

Why Not Flatpak

There are many issues with all the Chromium-based browsers on Flathub. The showstoppers for me are Widevine and PWA supports.

Also, everyone must know that every Chromium-based browser available on Flathub uses zypak to circumvent Chromium's refined sandboxing. For a better or worse, security of zypak and Flatpak's sandboxing in general are still up for debating.

Lastly, Edge on Flathub is NOT maintained or affiliated by Microsoft. I am against using unverified software, unless it's maintained by your Linux distro, I don't think using unverified software in any form is a good idea, especially when security is the utmost important aspect of the app. Yes, your web browser is that kind of app. If you're not convinced, please see the recent incidents [1], [2] about fake Exodus wallet app for example.


I hope this helps! Bye πŸ’¨


Cover Photo by Microsoft Edge on Unsplash

Top comments (0)