From 1cdb869a19d3edf1df9b63471339bbce50c98cfd Mon Sep 17 00:00:00 2001
From: cyteen <cyteen@ring-zero.co.uk>
Date: Wed, 11 Mar 2026 01:36:11 +0000
Subject: [PATCH] Updated and corrected.

The usual round of changing to deb822 and changing the keyring location.
---
 020_brave_browser-beta.sh    |  89 +++++++++++++++-----------
 020_brave_browser-dev.sh     | 114 +++++++++++++++++++++------------
 020_brave_browser-nightly.sh |  92 +++++++++++++++++----------
 020_brave_browser.sh         | 119 ++++++++++++++++++++++-------------
 4 files changed, 259 insertions(+), 155 deletions(-)

diff --git a/020_brave_browser-beta.sh b/020_brave_browser-beta.sh
index 5459c80..1997ab9 100755
--- a/020_brave_browser-beta.sh
+++ b/020_brave_browser-beta.sh
@@ -1,53 +1,72 @@
 #!/usr/bin/env bash
 
+# 1. Detect Architecture
 machine=$(uname -m)
-if [[  ${machine} == x86_64 ]]; then
-	ARCH=amd64
-elif
-	[[ ${machine} == aarch64 ]]; then
-	ARCH=arm64
+if [[ ${machine} == x86_64 ]]; then
+  arch=amd64
+elif [[ ${machine} == aarch64 ]]; then
+  arch=arm64
 fi
 
-# UBUNTU_CODENAME=bionic
-UBUNTU_CODENAME=stable
-BRANCH="-beta"
+# 2. Variables & Configuration
+APP="brave-browser"
+BRANCH="-dev" # Change to "" for release, "-beta" for beta
+UBUNTU_CODENAME="stable"
 URL="brave-browser-apt${BRANCH}.s3.brave.com"
 
+TYPES=(deb)
+URIs="https://${URL}/"
+SUITES="${UBUNTU_CODENAME}"
+COMPONENTS=(main)
+ARCHITECTURES="($arch)"
 
-#sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/brave-browser-archive-keyring.gpg
+# Debian standard directory for third-party keys
+KEY_DIR="/usr/share/keyrings"
+KEY="${KEY_DIR}/brave-browser-archive-keyring.gpg"
 
-KEY_DIR=/etc/apt/trusted.gpg.d  # if you dont want to have signed-by in the sources.list
-# KEY_DIR=/usr/share/keyrings
-# KEY_DIR=/etc/apt/keyrings
-KEY=${KEY_DIR}/brave-browser${BRANCH}-archive-keyring.gpg
-# KEY=${KEY_DIR}/brave-browser-keyring.gpg
+# 3. Download Key to /usr/share/keyrings
+sudo mkdir -p "${KEY_DIR}"
+sudo curl -fsSLo "${KEY}" "https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg"
 
-sudo curl -fsSLo ${KEY} https://brave-browser-apt-nightly.s3.brave.com/brave-browser${BRANCH}-archive-keyring.gpg
-
-## no data 
-# RECV_KEYS="C3DE1DD4F661CDCB"
-# gpg --keyserver keyserver.ubuntu.com --recv-keys "${RECV_KEYS}"
-# gpg --export --armor "${RECV_KEYS}" > ${KEY}
-
-
-cat <<-EOF | sudo tee /etc/apt/sources.list.d/brave-browser${BRANCH}.list
-    deb [arch=${ARCH} signed-by=${KEY}] https://${URL}/ $UBUNTU_CODENAME main
+# 4. Define deb822 Source Template
+conf_print_brave_sources() {
+  cat <<EOF
+Enabled: yes
+Types: ${TYPES[*]}
+URIs: ${URIs}
+Suites: ${SUITES}
+Components: ${COMPONENTS[*]}
+Architectures: ${ARCHITECTURES[*]}
+Signed-By: ${KEY}
 EOF
+}
 
-ln -sf /etc/apt/sources.list-available/brave-browser${BRANCH}.list /etc/apt/sources.list.d/brave-browser${BRANCH}.list
+# 5. Deploy Sources File (Available -> Enabled Symlink Pattern)
+SOURCES_NAME="${APP}${BRANCH}-${UBUNTU_CODENAME}.sources"
 
-apt update
+# Ensure available directory exists
+sudo mkdir -p /etc/apt/sources.list-available
 
-apt install brave-browser${BRANCH}
+conf_print_brave_sources | sudo tee "/etc/apt/sources.list-available/${SOURCES_NAME}" >/dev/null
 
-echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf
-#service procps restart
+# Create the symlink to enable the repo
+sudo ln -sf "/etc/apt/sources.list-available/${SOURCES_NAME}" "/etc/apt/sources.list.d/${SOURCES_NAME}"
 
-# Bypass apt-proxy for brave packages
-if [ -f /etc/apt/apt.conf.d/02proxy ]; then
-	if ! grep -q "${URL}" /etc/apt/apt.conf.d/02proxy; then
-		echo "Acquire::https::Proxy { \"${URL}\" DIRECT; };" >> /etc/apt/apt.conf.d/02proxy
-	fi
+# 6. System Updates and Installation
+sudo apt update
+sudo apt install "${APP}${BRANCH}" -y
+
+# 7. Post-Install Configurations
+echo 'kernel.unprivileged_userns_clone=1' | sudo tee /etc/sysctl.d/00-local-userns.conf >/dev/null
+
+# 8. Bypass apt-proxy for Brave URLs
+PROXY_CONF="/etc/apt/apt.conf.d/02proxy"
+PROXY_LINE="Acquire::http::Proxy { \"${URL}\" DIRECT; };"
+
+if [ -f "$PROXY_CONF" ]; then
+  if ! grep -q "${URL}" "$PROXY_CONF"; then
+    echo "$PROXY_LINE" | sudo tee -a "$PROXY_CONF" >/dev/null
+  fi
 else
-	echo "Acquire::https::Proxy { \"${URL}\" DIRECT; };" >> /etc/apt/apt.conf.d/02proxy
+  echo "$PROXY_LINE" | sudo tee "$PROXY_CONF" >/dev/null
 fi
diff --git a/020_brave_browser-dev.sh b/020_brave_browser-dev.sh
index 572a597..ccf7251 100755
--- a/020_brave_browser-dev.sh
+++ b/020_brave_browser-dev.sh
@@ -1,45 +1,77 @@
-#!/bin/	bash
+#!/usr/bin/env bash
 
+# 1. Architecture Detection
 machine=$(uname -m)
-if [[  ${machine} == x86_64 ]]; then
-	arch=amd64
-elif
-	[[ ${machine} == aarch64 ]]; then
-	arch=arm64
-fi
-
-# UBUNTU_CODENAME=bionic
-UBUNTU_CODENAME=stable
-BRANCH="-dev"
-URL=brave-browser-apt${BRANCH}.s3.brave.com
-
-
-#sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/brave-browser-archive-keyring.gpg
-
-KEY_DIR=/etc/apt/trusted.gpg.d  # if you dont want to have signed-by in the sources.list
-# KEY_DIR=/usr/share/keyrings
-KEY_DIR=/etc/apt/keyrings
-
-sudo curl -fsSLo ${KEY_DIR}/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
-
-
-echo "deb [[signed-by=${KEY_DIR}/brave-browser-archive-keyring.gpg  arch=${arch}] https://${URL}/ $UBUNTU_CODENAME main" | tee /etc/apt/sources.list-available/brave-browser${BRANCH}-${UBUNTU_CODENAME}.list
-
-ln -s /etc/apt/sources.list-available/brave-browser${BRANCH}-${UBUNTU_CODENAME}.list /etc/apt/sources.list.d/brave-browser${BRANCH}-${UBUNTU_CODENAME}.list
-
-apt update
-
-apt install brave-browser${BRANCH}
-
-echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf
-#service procps restart
-
-# Bypass apt-proxy for brave packages
-if [ -f /etc/apt/apt.conf.d/02proxy ]; then
-	cat /etc/apt/apt.conf.d/02proxy
-	if [ ! -z $(grep ${URL}) ]; then
-		echo "Acquire::http::Proxy { \"${URL}\" DIRECT; };" >> /etc/apt/apt.conf.d/02proxy
-	fi
+if [[ ${machine} == "x86_64" ]]; then
+  ARCH="amd64"
+elif [[ ${machine} == "aarch64" ]]; then
+  ARCH="arm64"
 else
-		echo "Acquire::http::Proxy { \"${URL}\" DIRECT; };" >> /etc/apt/apt.conf.d/02proxy
+  echo "Unsupported architecture: ${machine}"
+  exit 1
+fi
+
+# 2. Variables & Configuration
+APP="brave-browser"
+BRANCH="-dev" # Options: "", "-beta", "-nightly", "-dev"
+UBUNTU_CODENAME="stable"
+URL="brave-browser-apt${BRANCH}.s3.brave.com"
+
+# DEB822 Specific Fields
+TYPES="deb"
+URIs="https://${URL}/"
+SUITES="${UBUNTU_CODENAME}"
+COMPONENTS="main"
+
+# Directory for modern GPG keyrings
+KEY_DIR="/usr/share/keyrings"
+KEY="${KEY_DIR}/${APP}${BRANCH}-archive-keyring.gpg"
+# Note: DEB822 files must end in .sources
+SOURCES_NAME="${APP}${BRANCH}-${UBUNTU_CODENAME}.sources"
+
+# 3. Ensure directories exist
+sudo mkdir -p "${KEY_DIR}"
+sudo mkdir -p /etc/apt/sources.list-available
+
+# 4. Fetch GPG Key
+sudo curl -fsSLo "${KEY}" "https://${URL}/brave-browser-archive-keyring.gpg"
+
+# 5. Define deb822 Source Template
+conf_print_brave_sources() {
+  cat <<EOF
+Enabled: yes
+Types: ${TYPES}
+URIs: ${URIs}
+Suites: ${SUITES}
+Components: ${COMPONENTS}
+Architectures: ${ARCH}
+Signed-By: ${KEY}
+EOF
+}
+
+# 6. Deploy Sources File (Available)
+conf_print_brave_sources | sudo tee "/etc/apt/sources.list-available/${SOURCES_NAME}" >/dev/null
+
+# 7. Enable via Symlink
+# For DEB822, the file in sources.list.d must end in .sources to be recognized
+sudo ln -sf "/etc/apt/sources.list-available/${SOURCES_NAME}" "/etc/apt/sources.list.d/${SOURCES_NAME}"
+
+# 8. Install
+sudo apt update
+sudo apt install "${APP}${BRANCH}" -y
+
+# 9. System Hardening / Sandbox Fix
+echo 'kernel.unprivileged_userns_clone=1' | sudo tee /etc/sysctl.d/00-local-userns.conf >/dev/null
+sudo sysctl -p /etc/sysctl.d/00-local-userns.conf >/dev/null
+
+# 10. Bypass apt-proxy for Brave repo
+PROXY_CONF="/etc/apt/apt.conf.d/02proxy"
+PROXY_LINE="Acquire::https::Proxy { \"${URL}\" DIRECT; };"
+
+if [ -f "$PROXY_CONF" ]; then
+  if ! grep -q "${URL}" "$PROXY_CONF"; then
+    echo "$PROXY_LINE" | sudo tee -a "$PROXY_CONF" >/dev/null
+  fi
+else
+  echo "$PROXY_LINE" | sudo tee "$PROXY_CONF" >/dev/null
 fi
diff --git a/020_brave_browser-nightly.sh b/020_brave_browser-nightly.sh
index 1275dc4..fa11992 100755
--- a/020_brave_browser-nightly.sh
+++ b/020_brave_browser-nightly.sh
@@ -1,53 +1,77 @@
 #!/usr/bin/env bash
 
+# 1. Architecture Detection
 machine=$(uname -m)
-if [[  ${machine} == x86_64 ]]; then
-	ARCH=amd64
-elif
-	[[ ${machine} == aarch64 ]]; then
-	ARCH=arm64
+if [[ ${machine} == "x86_64" ]]; then
+  ARCH="amd64"
+elif [[ ${machine} == "aarch64" ]]; then
+  ARCH="arm64"
+else
+  echo "Unsupported architecture: ${machine}"
+  exit 1
 fi
 
-# UBUNTU_CODENAME=bionic
-UBUNTU_CODENAME=stable
-BRANCH="-nightly"
+# 2. Configuration
+APP="brave-browser"
+BRANCH="-nightly" # Keeping this specific to your request
+UBUNTU_CODENAME="stable"
 URL="brave-browser-apt${BRANCH}.s3.brave.com"
 
+# DEB822 Specific Fields
+TYPES="deb"
+URIs="https://${URL}/"
+SUITES="${UBUNTU_CODENAME}"
+COMPONENTS="main"
 
-#sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/brave-browser-archive-keyring.gpg
+# Directory for modern GPG keyrings
+KEY_DIR="/usr/share/keyrings"
+KEY="${KEY_DIR}/${APP}${BRANCH}-archive-keyring.gpg"
+# Note: Extension must be .sources for DEB822
+SOURCES_NAME="${APP}${BRANCH}.sources"
 
-KEY_DIR=/etc/apt/trusted.gpg.d  # if you dont want to have signed-by in the sources.list
-# KEY_DIR=/usr/share/keyrings
-# KEY_DIR=/etc/apt/keyrings
-KEY=${KEY_DIR}/brave-browser${BRANCH}-archive-keyring.gpg
-# KEY=${KEY_DIR}/brave-browser-keyring.gpg
+# 3. Ensure directories exist
+sudo mkdir -p "${KEY_DIR}"
+sudo mkdir -p /etc/apt/sources.list-available
 
-sudo curl -fsSLo ${KEY} https://brave-browser-apt-nightly.s3.brave.com/brave-browser${BRANCH}-archive-keyring.gpg
+# 4. Fetch GPG Key
+sudo curl -fsSLo "${KEY}" "https://${URL}/brave-browser-archive-keyring.gpg"
 
-## no data 
-# RECV_KEYS="C3DE1DD4F661CDCB"
-# gpg --keyserver keyserver.ubuntu.com --recv-keys "${RECV_KEYS}"
-# gpg --export --armor "${RECV_KEYS}" > ${KEY}
-
-
-cat <<-EOF | sudo tee /etc/apt/sources.list.d/brave-browser${BRANCH}.list
-    deb [arch=${ARCH} signed-by=${KEY}] https://${URL}/ $UBUNTU_CODENAME main
+# 5. Define DEB822 Source Template
+conf_print_brave_sources() {
+  cat <<EOF
+Enabled: yes
+Types: ${TYPES}
+URIs: ${URIs}
+Suites: ${SUITES}
+Components: ${COMPONENTS}
+Architectures: ${ARCH}
+Signed-By: ${KEY}
 EOF
+}
 
-ln -sf /etc/apt/sources.list-available/brave-browser${BRANCH}.list /etc/apt/sources.list.d/brave-browser${BRANCH}.list
+# 6. Deploy Sources File (Available)
+conf_print_brave_sources | sudo tee "/etc/apt/sources.list-available/${SOURCES_NAME}" >/dev/null
 
-apt update
+# 7. Enable via Symlink
+# Ensure the symlink also uses the .sources extension
+sudo ln -sf "/etc/apt/sources.list-available/${SOURCES_NAME}" "/etc/apt/sources.list.d/${SOURCES_NAME}"
 
-apt install brave-browser${BRANCH}
+# 8. Install
+sudo apt update
+sudo apt install "${APP}${BRANCH}" -y
 
-echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf
-#service procps restart
+# 9. System Hardening / Sandbox Fix
+echo 'kernel.unprivileged_userns_clone=1' | sudo tee /etc/sysctl.d/00-local-userns.conf >/dev/null
+sudo sysctl -p /etc/sysctl.d/00-local-userns.conf >/dev/null
 
-# Bypass apt-proxy for brave packages
-if [ -f /etc/apt/apt.conf.d/02proxy ]; then
-	if ! grep -q "${URL}" /etc/apt/apt.conf.d/02proxy; then
-		echo "Acquire::https::Proxy { \"${URL}\" DIRECT; };" >> /etc/apt/apt.conf.d/02proxy
-	fi
+# 10. Bypass apt-proxy for Brave repo
+PROXY_CONF="/etc/apt/apt.conf.d/02proxy"
+PROXY_LINE="Acquire::https::Proxy { \"${URL}\" DIRECT; };"
+
+if [ -f "$PROXY_CONF" ]; then
+  if ! grep -q "${URL}" "$PROXY_CONF"; then
+    echo "$PROXY_LINE" | sudo tee -a "$PROXY_CONF" >/dev/null
+  fi
 else
-	echo "Acquire::https::Proxy { \"${URL}\" DIRECT; };" >> /etc/apt/apt.conf.d/02proxy
+  echo "$PROXY_LINE" | sudo tee "$PROXY_CONF" >/dev/null
 fi
diff --git a/020_brave_browser.sh b/020_brave_browser.sh
index 95efc7a..88dff4f 100755
--- a/020_brave_browser.sh
+++ b/020_brave_browser.sh
@@ -1,51 +1,80 @@
 #!/usr/bin/env bash
-set -x
 set -e
 
+# 1. Architecture Detection
 machine=$(uname -m)
-if [[ ${machine} == x86_64 ]]; then
-	arch=amd64
-elif
-	[[ ${machine} == aarch64 ]]
-then
-	arch=arm64
-fi
-
-# UBUNTU_CODENAME=bionic
-UBUNTU_CODENAME=stable
-URL="brave-browser-apt-release.s3.brave.com"
-KEY_URL="brave-browser-apt-release.s3.brave.com"
-KEY_DIR=/etc/apt/trusted.gpg.d
-KEY_NAME=brave-browser-archive-keyring.gpg
-KEY=${KEY_DIR}/${KEY_NAME}
-#curl -s https://${URL}/brave-core.asc | apt-key --keyring /etc/apt/trusted.gpg.d/brave-browser-release.gpg add -
-
-#sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/brave-browser-archive-keyring.gpg
-
-sudo curl -fsSLo ${KEY_DIR}/${KEY_NAME} https://${KEY_URL}/${KEY_NAME}
-
-sudo echo "deb [signed-by=${KEY} arch=${arch}] https://${URL} ${UBUNTU_CODENAME} main" | sudo tee /etc/apt/sources.list-available/brave-browser.list
-
-ln -sf /etc/apt/sources.list-available/brave-browser.list /etc/apt/sources.list.d/brave-browser.list
-
-apt update
-
-apt install -y brave-browser brave-keyring
-
-echo 'kernel.unprivileged_userns_clone=1' >/etc/sysctl.d/00-local-userns.conf
-#service procps restart
-
-# Bypass apt-proxy for brave packages
-# if 02proxy exists check to see if the url is already in it, if so do nothing , if it isn't add it,
-# if 02proxy doesn't exist create it. successful grep 0, unsuccessful 1
-if [ -f /etc/apt/apt.conf.d/02proxy ]; then
-	echo "02proxy contains: "
-	cat /etc/apt/apt.conf.d/02proxy
-	if [ ! -z $(grep ${URL} /etc/apt/apt.conf.d/02proxy) ]; then
-		echo "first"
-		echo "Acquire::http::Proxy { \"${URL}\" DIRECT; };" >>/etc/apt/apt.conf.d/02proxy
-	fi
+if [[ ${machine} == "x86_64" ]]; then
+  ARCH="amd64"
+elif [[ ${machine} == "aarch64" ]]; then
+  ARCH="arm64"
 else
-	echo "second"
-	echo "Acquire::http::Proxy { \"${URL}\" DIRECT; };" >>/etc/apt/apt.conf.d/02proxy
+  echo "Unsupported architecture: ${machine}"
+  exit 1
+fi
+
+# 2. Configuration
+APP="brave-browser"
+UBUNTU_CODENAME="stable"
+URL="brave-browser-apt-release.s3.brave.com"
+
+# DEB822 Specific Fields
+TYPES="deb"
+URIs="https://${URL}/"
+SUITES="${UBUNTU_CODENAME}"
+COMPONENTS="main"
+
+# Directory for modern GPG keyrings (Security Best Practice)
+KEY_DIR="/usr/share/keyrings"
+KEY_NAME="${APP}-archive-keyring.gpg"
+KEY="${KEY_DIR}/${KEY_NAME}"
+
+# Note: DEB822 files MUST use the .sources extension
+SOURCES_NAME="${APP}.sources"
+
+# 3. Ensure directories exist
+sudo mkdir -p "${KEY_DIR}"
+sudo mkdir -p /etc/apt/sources.list-available
+
+# 4. Fetch GPG Key
+sudo curl -fsSLo "${KEY}" "https://${URL}/${KEY_NAME}"
+
+# 5. Define DEB822 Source Template
+conf_print_brave_sources() {
+  cat <<EOF
+Enabled: yes
+Types: ${TYPES}
+URIs: ${URIs}
+Suites: ${SUITES}
+Components: ${COMPONENTS}
+Architectures: ${ARCH}
+Signed-By: ${KEY}
+EOF
+}
+
+# 6. Deploy Sources File (Available)
+conf_print_brave_sources | sudo tee "/etc/apt/sources.list-available/${SOURCES_NAME}" >/dev/null
+
+# 7. Enable via Symlink
+sudo ln -sf "/etc/apt/sources.list-available/${SOURCES_NAME}" "/etc/apt/sources.list.d/${SOURCES_NAME}"
+
+# 8. Update and Install
+sudo apt update
+sudo apt install "${APP}" -y
+
+# 9. System Hardening / Sandbox Fix
+echo 'kernel.unprivileged_userns_clone=1' | sudo tee /etc/sysctl.d/00-local-userns.conf >/dev/null
+sudo sysctl -p /etc/sysctl.d/00-local-userns.conf >/dev/null
+
+# 10. Bypass apt-proxy for Brave repo
+PROXY_CONF="/etc/apt/apt.conf.d/02proxy"
+PROXY_LINE="Acquire::https::Proxy { \"${URL}\" DIRECT; };"
+
+if [ -f "$PROXY_CONF" ]; then
+  # If file exists, only append if the URL isn't already handled
+  if ! grep -q "${URL}" "$PROXY_CONF"; then
+    echo "$PROXY_LINE" | sudo tee -a "$PROXY_CONF" >/dev/null
+  fi
+else
+  # Create file if it doesn't exist
+  echo "$PROXY_LINE" | sudo tee "$PROXY_CONF" >/dev/null
 fi