Installing Edge on Linux is not a straight forward process if you’re not using Debian-based distros, as only .deb package is available on the official website. Fortunately, Microsoft also provides its official Linux repo that we can use to download and install Microsoft products on our system.
👉️ Table of contents:
Preparing the Container
Install Edge
Export Edge from the Container
Edit the Startup WM Class in the Desktop File
Check the Host’s Keyring Entry
Automatically Update the Browser
1. Preparing the Container
I install the browser in a container because I want an isolation between the browser and my base system. I consider this is a good practice in both security and management, as the container is rootless, plus I can delete the container along with everything inside it more easily without affecting my system in any way.
If you want to install the browser directly on your system, you can skip this part.
1.1. Install Distrobox and Podman on the Host
1.2. Configure Distrobox to use Podman
1.3. Create a New Distrobox Container for Edge
Note, if you’re using Distrobox ≤ 1.7.1, you’ll have to add –hostname “$(uname -n)” to the distrobox create command. Otherwise, you will have an issue with .desktop icon integretion with GNOME, see gnome-shell issue #7531.
1.4. Prepare the Packages Inside the Container
Base Packages
VA-API drivers for Intel GPUs
Note, AFAIK, AMD’s VA-API doesn’t work with Chromium yet. Plus, you would also need to sudo zypper install opi && opi codecs for H265 video acceleration to work. For NVIDIA, please refer to the GPU section on Distrobox’s GitHub page.
1.5. Prepare DBus
At this point, if you set a bigger cursor size on the host system like me, you might want to change the cursor size in the container to match the one on your system as well. For example, the medium size (32) would be:
The host’s system reboot is required for this to take effect.
2. Install Edge
2.1. Add the Official Edge Repo
Then, refresh all repos with:
Note, I use -f to make the repo automatically refresh, and –gpgcheck-allow-unsigned to allow the unsigned repo and packages, the same with the official config.repo on Microsoft website.
2.2. Install Edge (finally 😂)
3. Export Edge from the Container
I use many flags as shown on above to enable native Wayland mode and VA-API video acceleration. Unlike other Chromium-based browser, you’ll have to enable native Wayland through launch flags.
4. Edit the Startup WM Class in the Desktop File
You can use MenuLibre for this. Easy installation on the host system:
Then, you can add microsoft-edge as the Startup WM Class, as shown in the screenshot below:
Note, you can use Alt+F2 then lg to view any app’s correct Startup WM Class value.
If the icon of the browser doesn’t show up, you can reboot the system. After that, the icon will show up without issues.
5. Check the Host’s Keyring Entry
This is the most important step of all. On GNOME, we can use the Passwords and Keys app (Seahorse) to check whether the browser created a correct entry. If it doesn’t create any entry, it means that all your data, which would be encrypted otherwise, will be stored in plain text!
In our case, if the encryption is in place, Edge will store its entry as Chromium Safe Storage, as shown in the screenshot below:
Note, not all container images could access the host’s keyring in rootless mode, Ubuntu’s container images for example.
6. Automatically Update the Browser
One important factor to make the browser as secure as it can be is to update it ASAP when a new version is released. To do this, we can use systemd’s service and timer like this:
dbx-upgrade.service
Description=Upgrade all rootless Distrobox containers.
RequiresMountsFor=/run/user/1000/containers
[Service]
Type=exec
ExecStartPre=-bash -c “until systemctl is-active network-online.target; do sleep 1; done”
ExecStart=-bash -c “distrobox-upgrade –all”
Restart=on-failure
RestartSec=60
RestartCount=5
RemainAfterExit=yes
Save this in ~/.config/systemd/user/dbx-upgrade.service.
dbx-upgrade.timer
Description=Run distrobox-upgrade –all daily.
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
Save this in ~/.config/systemd/user/dbx-upgrade.timer.
Enable the Timer
Why Not Flatpak
There are many issues with all the Chromium-based browsers on Flathub. The showstoppers for me are Widevine and PWA supports.
You need to open filesystem=host-os to have Widevine support. I tested with Brave, see Brave Flatpak issue #357. Flatseal is the easiest way to do it.
Currently, on Wayland session, PWA icons doesn’t work correctly, see Edge Flatpak issue #486.
Also, everyone must know that every Chromium-based browser available on Flathub uses zypak to circumvent Chromium’s refined sandboxing. For a better or worse, security of zypak and Flatpak’s sandboxing in general are still up for debating.
Lastly, Edge on Flathub is NOT maintained or affiliated by Microsoft. I am against using unverified software, unless it’s maintained by your Linux distro, I don’t think using unverified software in any form is a good idea, especially when security is the utmost important aspect of the app. Yes, your web browser is that kind of app. If you’re not convinced, please see the recent incidents [1], [2] about fake Exodus wallet app for example.
I hope this helps! Bye 💨
Cover Photo by Microsoft Edge on Unsplash
