Merge pull request #217 from freedomofpress/181-to-182

Add upgrade guide; remove old guides; bump version

docs/backup_and_restore.rst

@@ -229,7 +229,7 @@ Migrating Using a V2+V3 or V3-Only Backup
 
       cd ~/Persistent/securedrop/
       git fetch --tags
-      git tag -v 1.8.1
+      git tag -v 1.8.2
 
    The output should include the following two lines:
 
@@ -250,10 +250,10 @@ Migrating Using a V2+V3 or V3-Only Backup
 
    .. code:: sh
 
-      git checkout 1.8.1
+      git checkout 1.8.2
 
    .. important::
-      If you see the warning ``refname '1.8.1' is ambiguous`` in the
+      If you see the warning ``refname '1.8.2' is ambiguous`` in the
       output, we recommend that you contact us immediately at
       [email protected]
       (`GPG encrypted <https://securedrop.org/sites/default/files/fpf-email.asc>`__).
@@ -471,7 +471,7 @@ source accounts, and journalist accounts. To do so, follow the steps below:
 
       cd ~/Persistent/securedrop/
       git fetch --tags
-      git tag -v 1.8.1
+      git tag -v 1.8.2
 
    The output should include the following two lines:
 
@@ -491,11 +491,11 @@ source accounts, and journalist accounts. To do so, follow the steps below:
 
    .. code:: sh
 
-      git checkout 1.8.1
+      git checkout 1.8.2
 
 
    .. important::
-      If you see the warning ``refname '1.8.1' is ambiguous`` in the
+      If you see the warning ``refname '1.8.2' is ambiguous`` in the
       output, we recommend that you contact us immediately at
       [email protected] (`GPG encrypted <https://securedrop.org/sites/default/files/fpf-email.asc>`__).
 

docs/conf.py

@@ -68,9 +68,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = "1.8.1"
+version = "1.8.2"
 # The full version, including alpha/beta/rc tags.
-release = "1.8.1"
+release = "1.8.2"
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/index.rst

@@ -83,7 +83,6 @@ anonymous sources.
    getting_support
    v3_services
    update_bios
-   upgrade_to_tails_4
    offboarding
    decommission
 
@@ -93,10 +92,10 @@ anonymous sources.
    :maxdepth: 2
 
    upgrade/focal_migration.rst
+   upgrade/1.8.1_to_1.8.2.rst
    upgrade/1.8.0_to_1.8.1.rst
    upgrade/1.7.1_to_1.8.0.rst
    upgrade/1.7.0_to_1.7.1.rst
-   upgrade/1.6.0_to_1.7.0.rst
 
 .. toctree::
    :caption: Developer Documentation

docs/set_up_admin_tails.rst

@@ -137,7 +137,7 @@ signed with the release signing key:
 
     cd ~/Persistent/securedrop/
     git fetch --tags
-    git tag -v 1.8.1
+    git tag -v 1.8.2
 
 The output should include the following two lines:
 
@@ -158,9 +158,9 @@ screen of your workstation. If it does, you can check out the new release:
 
 .. code:: sh
 
-    git checkout 1.8.1
+    git checkout 1.8.2
 
-.. important:: If you see the warning ``refname '1.8.1' is ambiguous`` in the
+.. important:: If you see the warning ``refname '1.8.2' is ambiguous`` in the
                output, we recommend that you contact us immediately at
                [email protected] (`GPG encrypted <https://securedrop.org/sites/default/files/fpf-email.asc>`__).
 

docs/upgrade/1.7.0_to_1.7.1.rst

@@ -3,8 +3,7 @@ Upgrade from 1.7.0 to 1.7.1
 
 SecureDrop 1.7.1 is a bugfix release to address an issue introduced in
 SecureDrop 1.7.0 which caused an outage for some long-running SecureDrop
-instances. Please see :doc:`1.6.0_to_1.7.0` for important information about
-SecureDrop 1.7.0.
+instances.
 
 Automatic server upgrades
 -------------------------

docs/upgrade/1.8.1_to_1.8.2.rst

@@ -0,0 +1,88 @@
+Upgrade from 1.8.1 to 1.8.2
+===========================
+
+.. important::
+
+   If you have not migrated your servers to Ubuntu 20.04 yet, you must do so
+   at the earliest opportunity. Servers running on Ubuntu 16.04 no longer
+   receive operating system or SecureDrop software updates at this point.
+
+   Please see our :doc:`migration guide <focal_migration>` for instructions
+   for performing a migration, or :doc:`reinstall SecureDrop <../overview>`.
+
+Updating Servers to SecureDrop 1.8.2
+------------------------------------
+Servers running Ubuntu 20.04 will be updated to the latest version of SecureDrop
+automatically within 24 hours of the release.
+
+Updating Workstations to SecureDrop 1.8.2
+-----------------------------------------
+
+Using the graphical updater
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+On the next boot of your SecureDrop *Journalist* and *Admin Workstations*,
+the *SecureDrop Workstation Updater* will alert you to workstation updates. You
+must have `configured an administrator password <https://tails.boum.org/doc/first_steps/welcome_screen/administration_password/>`_
+on the Tails welcome screen in order to use the graphical updater.
+
+Perform the update to 1.8.2 by clicking "Update Now":
+
+.. image:: ../images/securedrop-updater.png
+
+Performing a manual update
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+If the graphical updater fails and you want to perform a manual update instead,
+first delete the graphical updater's temporary flag file, if it exists (the
+``.`` before ``securedrop`` is not a typo): ::
+
+  rm ~/Persistent/.securedrop/securedrop_update.flag
+
+This will prevent the graphical updater from attempting to re-apply the failed
+update and has no bearing on future updates. You can now perform a manual
+update by running the following commands: ::
+
+  cd ~/Persistent/securedrop
+  git fetch --tags
+  gpg --keyserver hkps://keys.openpgp.org --recv-key \
+   "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"
+  git tag -v 1.8.2
+
+The output should include the following two lines: ::
+
+    gpg:                using RSA key 22245C81E3BAEB4138B36061310F561200F4AD77
+    gpg: Good signature from "SecureDrop Release Signing Key"
+
+Please verify that each character of the fingerprint above matches what is
+on the screen of your workstation. If it does, you can check out the
+new release: ::
+
+    git checkout 1.8.2
+
+.. important:: If you do see the warning "refname '1.8.2' is ambiguous" in the
+  output, we recommend that you contact us immediately at [email protected]
+  (`GPG encrypted <https://securedrop.org/sites/default/files/fpf-email.asc>`__).
+
+Finally, run the following commands: ::
+
+  ./securedrop-admin setup
+  ./securedrop-admin tailsconfig
+
+Updating Tails
+--------------
+Check the version of Tails on your *Admin* and *Journalist Workstations*
+(**Applications ▸ Tails ▸ About Tails**). If your workstations are running Tails
+version 4.14 or earlier, you will not receive an update notification due to a
+bug. Perform a :ref:`manual update <Update Tails Manually>`, or reinstate
+automatic updates by following the steps in the
+`Tails advisory <https://tails.boum.org/news/version_4.14/broken_upgrades/index.en.html>`__.
+
+If you are running Tails 4.15 or later, follow the graphical prompts to update
+to the latest version.
+
+Getting Support
+---------------
+
+Should you require further support with your SecureDrop installation, we are
+happy to help!
+
+.. include:: ../includes/getting-support.txt