As of May 2021, an unfortunate oversight in security key management has resulted in all Endless OS installations that are running a version older than Endless OS 3.6.1 being unable to upgrade to the latest release.
This only affects out-of-date installations found in the present day, typically only affecting users that have not had sufficient connectivity to perform an OS update since July 2019, and/or dated computer stock that has had Endless OS preinstalled years ago and is now being distributed in the present day.
Installations that were upgraded to EOS-3.6.1 or beyond before May 2021 are not affected by this issue.
To confirm that you are affected by this problem, please first check that you are running Endless OS 3.6.0 or older. To check this:
If affected, you'll find yourself unable to update the OS and certain apps. You may find that the App Center does not progress beyond the "Getting flatpak metadata" stage shown below, meaning that you cannot access any OS/app update functionality.
If you have attempted to diagnose this issue by looking at system logs or using command-line tools, this situation is highlighted by the error message:
GPG signatures found, but none are in trusted keyring
Establish internet connectivity, if you are not already online.
Open the Terminal app
Enter or copy-paste the following commands.
wget -nv https://ostree.endlessm.com/keys/eos-ostree-keyring.gpg wget -nv https://ostree.endlessm.com/keys/eos-flatpak-keyring.gpg sudo ostree remote gpg-import -k eos-ostree-keyring.gpg eos sudo ostree remote gpg-import -k eos-ostree-keyring.gpg eos-runtimes sudo ostree remote gpg-import -k eos-flatpak-keyring.gpg eos-apps sudo ostree remote gpg-import -k eos-flatpak-keyring.gpg eos-sdk
These commands will produce brief output and return you to the command shell when done.
You may be prompted for your user account password during this process. Your password may not appear as you type it in, but if prompted, type it in anyway and press Enter.
If you are running a split-disk system (Endless One 32GB edition, Endless Mini or Mission Mini), additionally execute these commands:
sudo ostree remote --repo=/var/endless-extra/flatpak/repo gpg-import -k eos-ostree-keyring.gpg eos-runtimes sudo ostree remote --repo=/var/endless-extra/flatpak/repo gpg-import -k eos-flatpak-keyring.gpg eos-apps sudo ostree remote --repo=/var/endless-extra/flatpak/repo gpg-import -k eos-flatpak-keyring.gpg eos-sdk
If you are not sure if you are on such a system, you safely can run these commands anyway, and ignore any errors that appear.
Reboot your computer
Open the App Center and perform an OS update.
The following supplemental information is intended for developers and technicians.
In 2019, we became aware that the keys used to to verify Endless OS ostree updates and apps were due to expire in May 2021. We took action by releasing EOS-3.6.1 on July 9th 2019 with the keys updated to expire in 2026 and 2029. All users that upgrade to EOS-3.6.1 or newer before the 2021 expiry would therefore avoid this issue.
We also put measures in place to periodically extend the expiry of these keys going forward, and in terms of a more comprehensive solution, we are exploring Flatpak's key update mechanism and looking to add GPG key update capabilities to ostree.