diff --git a/docs/admin/installation/set_up_admin_tails.rst b/docs/admin/installation/set_up_admin_tails.rst index e189a89af..61a252e18 100644 --- a/docs/admin/installation/set_up_admin_tails.rst +++ b/docs/admin/installation/set_up_admin_tails.rst @@ -139,7 +139,7 @@ signed with the release signing key: cd ~/Persistent/securedrop/ git fetch --tags - git tag -v 2.10.0 + git tag -v 2.10.1 The output should include the following two lines: @@ -160,9 +160,9 @@ screen of your workstation. If it does, you can check out the new release: .. code:: sh - git checkout 2.10.0 + git checkout 2.10.1 -.. important:: If you see the warning ``refname '2.10.0' is ambiguous`` in the +.. important:: If you see the warning ``refname '2.10.1' is ambiguous`` in the output, we recommend that you contact us immediately at securedrop@freedom.press (`GPG encrypted `__). diff --git a/docs/admin/maintenance/backup_and_restore.rst b/docs/admin/maintenance/backup_and_restore.rst index 7422d9797..cb61a0aa4 100644 --- a/docs/admin/maintenance/backup_and_restore.rst +++ b/docs/admin/maintenance/backup_and_restore.rst @@ -229,7 +229,7 @@ Migrating Using a V2+V3 or V3-Only Backup cd ~/Persistent/securedrop/ git fetch --tags - git tag -v 2.10.0 + git tag -v 2.10.1 The output should include the following two lines: @@ -250,10 +250,10 @@ Migrating Using a V2+V3 or V3-Only Backup .. code:: sh - git checkout 2.10.0 + git checkout 2.10.1 .. important:: - If you see the warning ``refname '2.10.0' is ambiguous`` in the + If you see the warning ``refname '2.10.1' is ambiguous`` in the output, we recommend that you contact us immediately at securedrop@freedom.press (`GPG encrypted `__). @@ -472,7 +472,7 @@ source accounts, and journalist accounts. To do so, follow the steps below: cd ~/Persistent/securedrop/ git fetch --tags - git tag -v 2.10.0 + git tag -v 2.10.1 The output should include the following two lines: @@ -491,11 +491,11 @@ source accounts, and journalist accounts. To do so, follow the steps below: .. code:: sh - git checkout 2.10.0 + git checkout 2.10.1 .. important:: - If you see the warning ``refname '2.10.0' is ambiguous`` in the + If you see the warning ``refname '2.10.1' is ambiguous`` in the output, we recommend that you contact us immediately at securedrop@freedom.press (`GPG encrypted `__). diff --git a/docs/admin/maintenance/update_workstations.rst b/docs/admin/maintenance/update_workstations.rst index 75441fc0f..181634cda 100644 --- a/docs/admin/maintenance/update_workstations.rst +++ b/docs/admin/maintenance/update_workstations.rst @@ -24,7 +24,7 @@ update by running the following commands: :: git fetch --tags gpg --keyserver hkps://keys.openpgp.org --recv-key \ "2359 E653 8C06 13E6 5295 5E6C 188E DD3B 7B22 E6A3" - git tag -v 2.10.0 + git tag -v 2.10.1 The output should include the following two lines: :: @@ -37,9 +37,9 @@ on the screen of your workstation. A warning that the key is not certified is normal and expected. If the output includes the lines above, you can check out the new release: :: - git checkout 2.10.0 + git checkout 2.10.1 -.. important:: If you do see the warning "refname '2.10.0' is ambiguous" in the +.. important:: If you do see the warning "refname '2.10.1' is ambiguous" in the output, we recommend that you contact us immediately at securedrop@freedom.press (`GPG encrypted `__). diff --git a/docs/conf.py b/docs/conf.py index 772cd950a..f4239c786 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -46,7 +46,7 @@ # built documents. # # The short X.Y version. -version = "2.10.0" +version = "2.10.1" # The full version, including alpha/beta/rc tags. # On the live site, this will be overridden to "stable" or "latest". release = os.environ.get("SECUREDROP_DOCS_RELEASE", version) diff --git a/docs/index.rst b/docs/index.rst index 3808051f1..588bded28 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -151,6 +151,7 @@ Get Started :maxdepth: 2 :hidden: + upgrade/2.10.0_to_2.10.1.rst upgrade/2.9.0_to_2.10.0.rst upgrade/2.8.0_to_2.9.0.rst upgrade/2.7.0_to_2.8.0.rst diff --git a/docs/upgrade/2.10.0_to_2.10.1.rst b/docs/upgrade/2.10.0_to_2.10.1.rst new file mode 100644 index 000000000..92d59dcf1 --- /dev/null +++ b/docs/upgrade/2.10.0_to_2.10.1.rst @@ -0,0 +1,136 @@ +.. _latest_upgrade_guide: + +Upgrade from 2.10.0 to 2.10.1 +============================= + +Update Servers to SecureDrop 2.10.1 +------------------------------------ + +Servers running Ubuntu 20.04 will be updated to the latest version of SecureDrop +automatically within 24 hours of the release. + +Update Workstations to SecureDrop 2.10.1 and Tails 6 +---------------------------------------------------- +If you have not already upgraded to Tails 6 alogside the 2.10.0 release, +you should do so as part of this upgrade. Please note that the upgrade +from Tails 6 must be performed manually. If you have already upgraded +to Tails 6, you only need to complete Step 1 below. + +.. important:: We always recommend backing up your workstations prior to + an upgrade, but we *especially* recommend it before a major Tails version + bump. This upgrade is an excellent occasion to make sure you have fresh + backups for each of your Tails drives. See our :ref:`backup instructions ` + for more information. + +To upgrade your *Secure Viewing Station* Tails USB, follow our instructions +to :ref:`update Tails manually `. The *SVS* upgrade +to Tails 6 **must** be fully performed on an air-gapped machine. + +To upgrade your *Journalist Workstation* and *Admin Workstation* USB drives, +complete the following steps for each USB drive: + +1. Update to SecureDrop 2.10.1 using the graphical updater +2. Perform a manual upgrade to Tails 6 +3. Apply SecureDrop-specific configuration +4. Verify that the workstation works as expected. + +These steps are further explained below. If these steps fail unexpectedly, please get +in touch. + +Step 1: Update to SecureDrop 2.10.1 using the graphical updater +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +On the next boot of your SecureDrop *Journalist* and *Admin Workstations*, +the *SecureDrop Workstation Updater* will alert you to workstation updates. You +must have `configured an administrator password `_ +on the Tails welcome screen in order to use the graphical updater. + +Perform the update to 2.10.1 by clicking "Update Now": + +.. image:: ../images/securedrop-updater.png + +Fallback: Perform a manual update +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +If the graphical updater fails and you want to perform a manual update instead, +first delete the graphical updater's temporary flag file, if it exists (the +``.`` before ``securedrop`` is not a typo): :: + + rm ~/Persistent/.securedrop/securedrop_update.flag + +This will prevent the graphical updater from attempting to re-apply the failed +update and has no bearing on future updates. You can now perform a manual +update by running the following commands: :: + + cd ~/Persistent/securedrop + git fetch --tags + gpg --keyserver hkps://keys.openpgp.org --recv-key \ + "2359 E653 8C06 13E6 5295 5E6C 188E DD3B 7B22 E6A3" + git tag -v 2.10.1 + +The output should include the following two lines: :: + + gpg: using RSA key 2359E6538C0613E652955E6C188EDD3B7B22E6A3 + gpg: Good signature from "SecureDrop Release Signing Key " [unknown] + + +Please verify that each character of the fingerprint above matches what is +on the screen of your workstation. A warning that the key is not certified +is normal and expected. If the output includes the lines above, you can check +out the new release: :: + + git checkout 2.10.1 + +.. important:: If you do see the warning "refname '2.10.1' is ambiguous" in the + output, we recommend that you contact us immediately at securedrop@freedom.press + (`GPG encrypted `__). + +Finally, run the following commands: :: + + sudo apt update + ./securedrop-admin setup + ./securedrop-admin tailsconfig + +Step 2: Perform a manual upgrade to Tails 6 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Because Tails 6 represents a major release, an automatic update from Tails 5 is +not possible. + +Follow our instructions to :ref:`update Tails manually `. + +Step 3: Apply SecureDrop-specific configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Boot up the updated workstation, connect to the Tor network, and run the +following commands in a terminal: :: + + cd ~/Persistent/securedrop + sudo apt update + ./securedrop-admin setup + ./securedrop-admin tailsconfig + +You must run these commands on Tails 6 even if you have just run them on +Tails 5. This will create a Python virtual environment compatible with Tails 6 +and re-apply the SecureDrop-specific configuration on your workstation. + +Step 4: Verify that the workstation works as expected +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +You should now see the SecureDrop Menu in the menu bar at the top: + +|The SecureDrop Menu| + +Note that the options listed in the menu will depend on whether +you are booting a *Journalist Workstation* or an *Admin Workstation*. +Confirm that all options work as expected. + +.. note:: Support for desktop shortcuts has been removed in Tails 6. + Use the *Securedrop Menu* to access all SecureDrop-related features. + +.. |The SecureDrop Menu| image:: ../images/securedrop_menu.png + :alt: The SecureDrop Menu, showing all available options. + +Getting Support +--------------- + +Should you require further support with your SecureDrop installation, we are +happy to help! + +.. include:: ../includes/getting-support.txt diff --git a/docs/upgrade/2.9.0_to_2.10.0.rst b/docs/upgrade/2.9.0_to_2.10.0.rst index 6cc7dbe69..097fdd5b8 100644 --- a/docs/upgrade/2.9.0_to_2.10.0.rst +++ b/docs/upgrade/2.9.0_to_2.10.0.rst @@ -1,5 +1,3 @@ -.. _latest_upgrade_guide: - Upgrade from 2.9.0 to 2.10.0 ============================