Day to Day Operation
Bluefin and Aurora are designed to be installed for the life of the hardware without reinstallation. Unlike traditional operating systems the image is always pristine and “clean”, making upgrades less problematic. Updates are automatic and silent by default.
Secure Boot
Secure Boot is supported by default on our systems, providing an additional layer of security. After the first installation, you will be prompted to enroll the secure boot key in the BIOS.
Enter the password ublue-os
when prompted to enroll our key.
If this step is not completed during the initial setup, you can manually enroll the key by running the following command in the terminal:
ujust enroll-secure-boot-key
Secure boot is supported with our custom key. The pub key can be found in the root of the bazzite repository here. If you’d like to enroll this key prior to installation or rebase, download the key and run the following:
sudo mokutil --timeout -1
sudo mokutil --import secure_boot.der
Note:
If you encounter an issue with a password being recognized as incorrect, try using the -
key on the numpad instead.
Installing Applications
Graphical Applications
Use the GNOME Software Center or KDE Discover applications to install applications from Flathub. Unlike stock Fedora, system updates and upgrades are not handled by this application, it’s scope has been reduced to only install Flatpaks from Flathub. The Warehouse tool is included for management.
Command Line Applications
The brew application is the package manager used for installing command line applications in Bluefin and Aurora.
System Updates
Bluefin and Aurora are designed to be “hands off”. System updates apply once a day, and Flatpaks update twice a day in the background. Updates are applied when the system reboots. Therefore, it is recommended to routinely power off your device when it’s not being used to ensure kernel updates are being applied. Application updates (like the browser) happen independently of this and don’t require a reboot.
See configuration of updates if you want to change the default behavior.
Machine firmware updates are provided through the standard Software Center:
- See also: Using rpm-ostree
Upgrades and Throttle Settings
Bluefin publishes images for the current and last stable version of Fedora. This is to give users the maximum flexibility by allowing them to rebase to the version they want.
The latest stable release of Fedora is always tagged latest
. The still-supported but older release is labelled as gts
, which is slang for “Grand Touring Series”, for those who wish to enjoy the ride from a slower cadence. It is the default Bluefin and Aurora experience starting with Fedora 38. In the future we hope to offer lts
→ gts
→ latest
as settings.
rpm-ostree reset
Then run a status:
rpm-ostree status
and look for the image you are on, look for a terribly long line like this: ostree-image-signed:docker://ghcr.io/ublue-os/bluefin:latest
That is the image you are currently on. Look for :gts
, :latest
, or in certain cases the version like :39
or :40
. Use a rebase command to move to a newer or older version:
In this example we’re rebasing to :latest
, which is the latest stable release of Fedora (currently 40):
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/bluefin:latest
To always be on the :gts
(default) release, which is currently Fedora 39:
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/bluefin:gts
Explicit version tags of the Fedora release are available for users who wish to handle their upgrade cycle manually:
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/bluefin:40
Additionally rebasing to a specific date tag is encouraged if you need to “pin” to a specific day or version:
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/bluefin:38-20231101
Check the Fedora Silverblue User Guide for more information.
Overwriting System Defaults
Most Bluefin and Aurora system defaults are shipped on the base image along with Fedora configuration in /usr/etc
. Most of these can be overriden by placing a file in /etc
.
For example, the Distrobox configuration is in /usr/etc/distrobox/distrobox.ini
. Your customization options will be placed in /etc/distrobox/distrobox.ini
. This is useful for situations where you need a copy of the original file for reference.
Check the XDG Base Directory Specification for more information on configuration options, in particular ~/.local
and ~/.config
.
Power Management
By default Bluefin will switch the power profile depending on if you’re on AC or battery. You can adjust this setting by going to the logo menu → extensions manager, and then selecting what you want.
You can also turn off the extensions entirely with this command:
- To turn it off:
ujust configure-auto-power-profile disable
- To turn it on:
ujust configure-auto-power-profile enable
Remote Management
Note
This feature is incomplete and needs contributors to make it a reality
Bluefin and Aurora include Cockpit for machine management. We’re hoping to include more out-of-the-box management templates, please check this issue if you’re interested in volunteering.
Verification
These images are signed with sigstore’s cosign. You can verify the signature by downloading the cosign.pub
key from this repo and running the following command:
cosign verify --key cosign.pub ghcr.io/ublue-os/bluefin
Building Locally (Bluefin Example)
-
Clone this repository and
cd
into the working directorygit clone https://github.com/ublue-os/bluefin.git cd bluefin
-
Make modifications if desired
-
Build the image (Note that this will download and the entire image)
podman build . -t bluefin
-
Podman push to a registry of your choice.
-
Rebase to your image to wherever you pushed it:
sudo rpm-ostree rebase ostree-image-signed:docker://whatever/bluefin:latest