http://dl.google.com/linux/chrome/deb/ automatically added to sources.list

[srirambv]

Description

Originally reported on community

When running sudo apt update I started wondering about multiple warnings on target packages being configured multiple times. I thought that I had accidentally added the Brave repository multiple times, but then I discovered /etc/apt/sources.list.d/brave-browser-dev.list with contents:

### THIS FILE IS AUTOMATICALLY CONFIGURED ###                                                                                                    
# You may comment out this entry, but any other modifications may be lost.                                                                       
deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main     

Steps to Reproduce

1. Install Brave from terminal by adding sources
2. Enter cat /etc/apt/sources.list/brave-browser.list in terminal
3. Shows Google link automatically added to sources.list file

Actual result:

Expected result:

Should not add it

Reproduces how often:

100%

Brave version (about:brave info)

All

Reproducible on current release:

Yes for all brave release/beta/dev

Website problems only:

• Does the issue resolve itself when disabling Brave Shields?
• Is the issue reproducible on the latest version of Chrome?

Additional Information

[kinghat]

is this the same? #1409

[Mikaela]

I think so.

[kinghat]

i had brave and brave beta installed but i removed them both and im still getting the discover source notification. do i need to manually remove the brace sources?

[Mikaela]

I would edit the two files /etc/apt/sources.list/brave-browser.list and /etc/apt/sources.list/brave-browser-dev.list and if they have the Google line, add # in front of the file and then save. This is so the file doesn't get recreated or the repository added, while it says that comment is fine.

The easiest way is probably to e.g. sudo nano /etc/apt/sources.list/brave-browser.list, arrow down twice, # and Ctrl + X and y when prompted to save the file.

[kinghat]

@Mikaela not exactly as you have shown, but i should just comment out the google lines in both of the brave sources here?

[Mikaela]

not exactly as you have shown, but i should just comment out the google lines in both of the brave sources here?

Sorry, I mistyped, you are correct 👍 .

[Mikaela]

This issue also affects /etc/apt/sources.list.d/brave-browser-beta.list.

[srirambv]

+1 from @grandtoubab via #2176

[philipbock]

The script that installs this .list file (/etc/cron.daily/brave-browser) also installs Google package signing keys into apt, theoretically allowing Google to replace any package on my system with their own version. When I installed Brave I made a choice to trust Brave Software, not Google. Please fix ASAP.

[kinghat]

does getting put on the 1.x backlog mean this wont be fixed until 1.x is pushed?
(just tested again on a ubuntu VM and its still an issue 12/11/18)

[fmarier]

A patch for this is up for review: brave/brave-core#1078

[ntninja]

Can someone of the devs explain why this is happening in the first place? Adding random software repositories on people's system is not something that should happen due to an oversight!?

[user144]

I deleted Google repository. Did I do the right thing?

[kinghat]

Can someone of the devs explain why this is happening in the first place? Adding random software repositories on people's system is not something that should happen due to an oversight!?

it was probably just left over from the move to chrome.

[fmarier]

What is happening is that the .deb / .rpm packaging that comes with Chromium includes a cron job that runs once a day and adds the chromium repository (or re-adds it if it has been disabled). This happens at most 24 hours after installing the package and so it's not immediately obvious after installation.

If you want to get rid of it, you need to remove the repository, but also the cronjob in /etc/cron.daily/ to prevent it from re-adding the repository. My pull request removes that cronjob so that the Chromium repo never gets added.

[srirambv]

@fmarier @mbacchi I think the issue is not just limited to the /etc/cron.daily/. The file under /opt/brave.com/brave/cron/ contains the brave-browser file which invokes the add to source list command each time the browser is launched.

@fmarier does your PR fix this ?

[fmarier]

I didn't remove the actual cronjob in my patch because as long as it's not installed in the right place (/etc/cron.daily), it will not be run.

[dhollinger]

Is there anyway to prevent this error if I have to maintain a copy of the Chrome repo for work and webdev reasons?

[srirambv]

I didn't remove the actual cronjob in my patch because as long as it's not installed in the right place (/etc/cron.daily), it will not be run.

@mihaiplesa @simonhong might be worth checking into the actual file that is getting created in /opt/brave.com/brave/cron. I believe this file is what is getting added to the daily cron job which is being fixed in @fmarier's PR.

[srirambv]

Verification passed on

Brave	0.62.37 Chromium: 73.0.3683.86 (Official Build) beta (64-bit)
Revision	f9b0bec6063ea50ce2b71f5b9abbae7beee319a6-refs/branch-heads/3683@{#858}
OS	Linux

• Verification passed on Ubuntu 18.10
• Verified no google listed in sources.list file