Bazzite 7 Published by

It has been stated that Bazzite Linux images created before 2024-07-02 will need a workaround to receive updates again.



Important announcement regarding system updates [Action needed]

If you use Bazzite, Bluefin, Aurora, or any other Universal Blue image (including our toolboxes) then you need to follow the instructions in this announcement in order to ensure that your device is getting updates. We were rotating our cosign keypairs this morning, which is the method that we use to sign our images.

During this process I made a critical error which has resulted in forcing you to take manual steps to migrate to our newly signed images.

  • All existing Universal Blue images BEFORE 2024-07-02 will need to issue the commands below in order to receive future updates, your device will reject future updates unless this action is undertaken.
    This incident does not mean that there was a security breach, quite the opposite, in fact. It means the protections and checks we’ve built into the operating system are working and they’ll refuse to accept an update signed by an unknown key.

  • The installation on your device is fine, upgrades just won’t work. But you do need to follow the instructions below in order to get updates.

  • All the Universal Blue images and ISOs have been updated to the new key, we strongly recommend replacing any downloaded ISOs with the new ones to avoid having to do this on new installations.

  • We are working on signing some older images so that you can still have rollback (especially for you Bazzite users on AMD Polaris GPUs) and will post more information as soon as we can.

I deeply apologize for this, I take full personal responsibility as the error was completely mine, from both a technical and process standpoint. I know this shakes the amount of trust we’ve built up over the past three years, so there’s no easy way to say it other than by being transparent about the mistakes.

Instructions

We have a script that will resolve the issue. You are strongly recommended to review the script first prior to running it  by inspecting it here . You can either perform those steps by hand or use this following command:

curl -sL https://fix.universal-blue.org/ | sudo bash

Process changes

Process changes enacted to ensure this doesn’t happen again, please reference the following github issue:  create update process/solution for cosign key rotation · Issue #600 · ublue-os/main · GitHub 

Important announcement regarding system updates [Action needed]