-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
fc6dbc3
commit e724d7d
Showing
3 changed files
with
135 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,3 @@ | ||
| .. _latest_upgrade_guide: | ||
|
|
||
| Upgrade from 2.7.0 to 2.8.0 | ||
| =========================== | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| .. _latest_upgrade_guide: | ||
|
|
||
| Upgrade from 2.8.0 to 2.9.0 | ||
| =========================== | ||
|
|
||
| Update Servers to SecureDrop 2.9.0 | ||
| ---------------------------------- | ||
| Servers running Ubuntu 20.04 will be updated to the latest version of SecureDrop | ||
| automatically within 24 hours of the release. | ||
|
|
||
| Update Workstations to SecureDrop 2.9.0 and Tails 6 | ||
| --------------------------------------------------- | ||
| If you have not already upgraded to Tails 6 alogside the 2.8.0 release, | ||
| you should do so as part of this upgrade. Please note that the upgrade | ||
| from Tails 6 must be performed manually. | ||
|
|
||
| .. important:: We always recommend backing up your workstations prior to | ||
| an upgrade, but we *especially* recommend it before a major Tails version | ||
| bump. This upgrade is an excellent occasion to make sure you have fresh | ||
| backups for each of your Tails drives. See our :ref:`backup instructions <backup_workstations>` | ||
| for more information. | ||
|
|
||
| To upgrade your *Secure Viewing Station* Tails USB, follow our instructions | ||
| to :ref:`update Tails manually <Update Tails Manually>`. The *SVS* upgrade | ||
| to Tails 6 **must** be fully performed on an air-gapped machine. | ||
|
|
||
| To upgrade your *Journalist Workstation* and *Admin Workstation* USB drives, | ||
| complete the following steps for each USB drive: | ||
|
|
||
| 1. Update to SecureDrop 2.9.0 using the graphical updater | ||
| 2. Perform a manual upgrade to Tails 6 | ||
| 3. Apply SecureDrop-specific configuration | ||
| 4. Verify that the workstation works as expected. | ||
|
|
||
| These steps are further explained below. If these steps fail unexpectedly, please get | ||
| in touch. | ||
|
|
||
| Step 1: Update to SecureDrop 2.9.0 using the graphical updater | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| On the next boot of your SecureDrop *Journalist* and *Admin Workstations*, | ||
| the *SecureDrop Workstation Updater* will alert you to workstation updates. You | ||
| must have `configured an administrator password <https://tails.net/doc/first_steps/welcome_screen/administration_password/>`_ | ||
| on the Tails welcome screen in order to use the graphical updater. | ||
|
|
||
| Perform the update to 2.9.0 by clicking "Update Now": | ||
|
|
||
| .. image:: ../images/securedrop-updater.png | ||
|
|
||
| Fallback: Perform a manual update | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| If the graphical updater fails and you want to perform a manual update instead, | ||
| first delete the graphical updater's temporary flag file, if it exists (the | ||
| ``.`` before ``securedrop`` is not a typo): :: | ||
|
|
||
| rm ~/Persistent/.securedrop/securedrop_update.flag | ||
|
|
||
| This will prevent the graphical updater from attempting to re-apply the failed | ||
| update and has no bearing on future updates. You can now perform a manual | ||
| update by running the following commands: :: | ||
|
|
||
| cd ~/Persistent/securedrop | ||
| git fetch --tags | ||
| gpg --keyserver hkps://keys.openpgp.org --recv-key \ | ||
| "2359 E653 8C06 13E6 5295 5E6C 188E DD3B 7B22 E6A3" | ||
| git tag -v 2.9.0 | ||
|
|
||
| The output should include the following two lines: :: | ||
|
|
||
| gpg: using RSA key 2359E6538C0613E652955E6C188EDD3B7B22E6A3 | ||
| gpg: Good signature from "SecureDrop Release Signing Key <[email protected]>" [unknown] | ||
|
|
||
|
|
||
| Please verify that each character of the fingerprint above matches what is | ||
| on the screen of your workstation. A warning that the key is not certified | ||
| is normal and expected. If the output includes the lines above, you can check | ||
| out the new release: :: | ||
|
|
||
| git checkout 2.9.0 | ||
|
|
||
| .. important:: If you do see the warning "refname '2.9.0' is ambiguous" in the | ||
| output, we recommend that you contact us immediately at [email protected] | ||
| (`GPG encrypted <https://securedrop.org/sites/default/files/fpf-email.asc>`__). | ||
|
|
||
| Finally, run the following commands: :: | ||
|
|
||
| sudo apt update | ||
| ./securedrop-admin setup | ||
| ./securedrop-admin tailsconfig | ||
|
|
||
| Step 2: Perform a manual upgrade to Tails 6 | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| Because Tails 6 represents a major release, an automatic update from Tails 5 is | ||
| not possible. | ||
|
|
||
| Follow our instructions to :ref:`update Tails manually <Update Tails Manually>`. | ||
|
|
||
| Step 3: Apply SecureDrop-specific configuration | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| Boot up the updated workstation, connect to the Tor network, and run the | ||
| following commands in a terminal: :: | ||
|
|
||
| cd ~/Persistent/securedrop | ||
| sudo apt update | ||
| ./securedrop-admin setup | ||
| ./securedrop-admin tailsconfig | ||
|
|
||
| You must run these commands on Tails 6 even if you have just run them on | ||
| Tails 5. This will create a Python virtual environment compatible with Tails 6 | ||
| and re-apply the SecureDrop-specific configuration on your workstation. | ||
|
|
||
| Step 4: Verify that the workstation works as expected | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| You should now see the SecureDrop Menu in the menu bar at the top: | ||
|
|
||
| |The SecureDrop Menu| | ||
|
|
||
| Note that the options listed in the menu will depend on whether | ||
| you are booting a *Journalist Workstation* or an *Admin Workstation*. | ||
| Confirm that all options work as expected. | ||
|
|
||
| .. note:: Support for desktop shortcuts has been removed in Tails 6. | ||
| Use the *Securedrop Menu* to access all SecureDrop-related features. | ||
|
|
||
| .. |The SecureDrop Menu| image:: ../images/securedrop_menu.png | ||
| :alt: The SecureDrop Menu, showing all available options. | ||
|
|
||
| Getting Support | ||
| --------------- | ||
|
|
||
| Should you require further support with your SecureDrop installation, we are | ||
| happy to help! | ||
|
|
||
| .. include:: ../includes/getting-support.txt |