Install on Linux
To install BleachBit, first download the latest installation package for your system.
BleachBit version 2.2 required Python 2.7 and GTK version 2. It did not support Python 2.5, Python 2.7, Python 3, or GTK 3.
BleachBit 3 required GTK 3 and Python 2.7.
BleachBit 4 (the latest release) requires GTK 3 and Python 3. (It no longer supports Python 2.)
Ubuntu, Mint, and Debian
Graphical package manager
Double click on the downloaded installation package which has a name like
bleachbit_3.0_all_ubuntu1910.deb. Then, follow the prompts.
Install using the command line like this:
sudo dpkg -i bleachbit_3.0_all_ubuntu1910.deb
Installing using apt from the distribution’s repositories is not recommended because they tend to carry old releases of BleachBit.
Fedora, Red Hat, CentOS
Graphical package manager
To install BleachBit using the graphic package manager, double click on the downloaded installation package which has a name like
bleachbit-3.0-1.1.fc28.noarch.rpm. Then, follow the prompts.
The 3.0 package has a bug: it will not ask you to install the dependency
python2-gobject, so you will need to install it yourself.
Alternatively, install using the command line like this.
First, install these dependencies for BleachBit 3.0. (BleachBit versions 2.x and 4.0 have different dependencies.)
sudo dnf install python2-gobject python2-scandir
To avoid a key error, import the public key:
wget http://bleachbit.sourceforge.net/bleachbit_public.key -O /tmp/bleachbit_public.key sudo rpm --import /tmp/bleachbit_public.key
The following command installs BleachBit using the command line:
sudo rpm -Uvh bleachbit-3.0-1.1.fc28.noarch.rpm
Verifying the digital signature protects you against file corruption and tampering.
To verify the digital signature, first you will need a public key. BleachBit versions 3.0 and later are signed with key 0xd6d447b02b4d4c9d (gnupg.net or SF). Older releases before BleachBit version 3.0 were signed with key 0x51416DE60E6887FD (gpupg.net or SF). After downloading the key to a local file, import it into GnuPG like this:
$ gpg --import andrew2019.key gpg: key D6D447B02B4D4C9D: public key "Andrew Ziem <email@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1
Notice the key ID D6D447B02B4D4C9D in the console output matches the key ID above on this web page. The key ID is case insensitive, and the leading
0x is sometimes omitted, so the key IDs match.
Second, download either detached signatures or signed checksums. You do not need both.
There is one detached signature per download. Look in the SourceForge release directory for a folder called
detached_signatures, and in the folder will be a file with the same name as the download plus the
.sig extension. For example, the detached signature for
bleachbit_3.0_all_ubuntu1910.deb is named
bleachbit_3.0_all_ubuntu1910.deb.sig. Here is an example of how to verfy it.
$ gpg --verify bleachbit_3.0_all_ubuntu1910.deb.sig bleachbit_3.0_all_ubuntu1910.deb gpg: Signature made Sat 26 Oct 2019 08:04:00 AM MDT gpg: using RSA key A9E582E4054A159315EDC943D6D447B02B4D4C9D gpg: Good signature from "Andrew Ziem <firstname.lastname@example.org>" [ultimate]
Instead of detached signatures, another option is the signed checksums. There is one signed checksum file per version of BleachBit. Verification is a two-step process. In the first step, verify the signature.
$ gpg --verify bleachbit-3.0-sha256sum.txt.asc gpg: Signature made Sat 26 Oct 2019 07:58:09 AM MDT gpg: using RSA key A9E582E4054A159315EDC943D6D447B02B4D4C9D gpg: Good signature from "Andrew Ziem <email@example.com>" [ultimate] gpg: WARNING: not a detached signature; file 'bleachbit-3.0-sha256sum.txt' was NOT verified!
Watch for the “Good signature,” and ignore the warning.
Second, verify the checksums like this:
$ sha256sum -c bleachbit-3.0-sha256sum.txt.asc bleachbit_3.0_all_debian10.deb: OK bleachbit_3.0_all_debian8.deb: OK bleachbit_3.0_all_debian9.deb: OK bleachbit_3.0_all_ubuntu1404.deb: OK bleachbit_3.0_all_ubuntu1604.deb: OK bleachbit_3.0_all_ubuntu1804.deb: OK bleachbit_3.0_all_ubuntu1810.deb: OK bleachbit_3.0_all_ubuntu1904.deb: OK bleachbit_3.0_all_ubuntu1910.deb: OK BleachBit-3.0-portable.zip: OK BleachBit-3.0-setup.zip: OK bleachbit-3.0-1.1.centos7.noarch.rpm: OK bleachbit-3.0-1.1.centosCentOS-6.noarch.rpm: OK bleachbit-3.0-1.1.el6.noarch.rpm: OK bleachbit-3.0-1.1.el7.noarch.rpm: OK bleachbit-3.0-1.1.fc28.noarch.rpm: OK bleachbit-3.0-1.1.opensuse423.noarch.rpm: OK bleachbit-3.0-1.1.sle11.noarch.rpm: OK BleachBit-3.0-setup-English.exe: OK BleachBit-3.0-setup.exe: OK bleachbit-3.0.tar.gz: OK bleachbit-3.0.tar.bz2: OK bleachbit-3.0.tar.lzma: OK sha256sum: WARNING: 17 lines are improperly formatted
If you don’t download all the files, you will see “No such file or directory errors.” Instead, focus on the “OK” for the file you downloaded. Also, ignore the “improperly formatted” warning because sha256sum doesn’t recognize lines added by PGP.