Important announcement regarding system updates [Action needed]
universal-blue.discourse.group
If you use Bazzite, Bluefin, Aurora, or any other Universal Blue image (including our toolboxes) then you need to follow the instructions in this announcement in order to ensure that your device is getting updates. We were rotating our cosign keypairs this morning, which is the method that we use to sign our images. During this process I made a critical error which has resulted in forcing you to take manual steps to migrate to our newly signed images. All existing Universal Blue images BEFOR...

Creating importer: Failed to invoke skopeo proxy method OpenImage: remote error: cryptographic signature verification failed: invalid signature when validating ASN.1 encoded signature ___

I was banging my head against my keyboard for an hour thinking that I broke my system until I saw this.

  •  Sina   ( @Sina@beehaw.org ) 
    203 days ago

    I don’t blame the guy for being human and it’s free software etc, but this is reality bad optics for immutable distros. If my nephew and grandma are going to need manual interventions like this one, then might as well use a less restrictive system. The promise of seamless and easy updates are the main draw for me.

    It would be much appreciated if UniBlue made the update process more robust and more resistant to such mistakes.

    (also curl piped into sudo bash is way more common than it should be)

    •  boredsquirrel   ( @boredsquirrel@slrpnk.net ) 
      183 days ago

      They messed up the signing on the server side.

      They are using all non-stable technology. The Github action and cosign may be normal, but Fedora doesnt release their container images (even though they are the ones that uBlue consumes).

      The updating mechanism is fine, this is a security measurement. If the signing failed, it shouldnt update as this could mean malware.