Add 0.11.1 to 0.12.0 upgrade docs

Resolves #4180

docs/index.rst

@@ -89,6 +89,7 @@ anonymous sources.
    upgrade/xenial_prep.rst
    upgrade/xenial_upgrade_in_place.rst
    upgrade/xenial_backup_install_restore.rst
+   upgrade/0.11.1_to_0.12.0.rst
    upgrade/0.10.0_to_0.11.0.rst
    upgrade/0.9.1_to_0.10.0.rst
    upgrade/0.8.0_to_0.9.1.rst

docs/upgrade/0.11.1_to_0.12.0.rst

@@ -0,0 +1,116 @@
+Upgrade from 0.11.1 to 0.12.0
+=============================
+
+.. important:: If you installed SecureDrop before the release of SecureDrop
+  0.12.0, the operating system on your SecureDrop servers is now out of date and
+  must be  upgraded before April 30, 2019. See :ref:`Ubuntu_Upgrade` below.
+
+Updating the Tails Workstations
+-------------------------------
+If you have not already done so, we recommend that you update all Tails drives
+to version 3.12.1, which was released on February 13, 2019. Follow the Tails
+graphical prompts on your workstations to perform this upgrade.
+
+On a subsequent boot of your SecureDrop *Journalist* and *Admin Workstations*,
+the *SecureDrop Workstation Updater* will alert you to workstation updates.
+Choose "Update Now" on each of the workstations:
+
+.. image:: ../images/0.6.x_to_0.7/securedrop-updater.png
+
+Please note that this only updates the SecureDrop code on your Tails
+workstations. Tails upgrades must be performed separately.
+
+.. note:: The graphical updater uses keyservers to obtain the release signing
+  key. If the graphical updater fails, it may be due to a keyserver not being
+  reachable. You can try again, or you can perform the manual procedure outlined
+  below (you may have to run the ``--recv-key`` command repeatedly for it to
+  work).
+
+If you don't see a graphical updater, you may be running an older version of the
+SecureDrop code on your workstation (earlier than 0.7.0). You can update as
+follows: ::
+
+    cd ~/Persistent/securedrop
+    git fetch --tags
+    gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"
+    git tag -v 0.12.0
+
+The output should include the following two lines: ::
+
+    gpg:                using RSA key 22245C81E3BAEB4138B36061310F561200F4AD77
+    gpg: Good signature from "SecureDrop Release Signing Key"
+
+Please verify that each character of the fingerprint above matches what
+on the screen of your workstation. If it does, you can check out the
+new release: ::
+
+    git checkout 0.12.0
+
+.. important:: If you do see the warning "refname '0.12.0' is ambiguous" in the
+  output, we recommend that you contact us immediately at [email protected]
+  (`GPG encrypted <https://securedrop.org/sites/default/files/fpf-email.asc>`__).
+
+Finally, run the following commands: ::
+
+  ./securedrop-admin setup
+  ./securedrop-admin tailsconfig
+
+Troubleshooting Kernel Issues
+-----------------------------
+
+As part of the the automatic update to SecureDrop 0.12.0, the default Linux
+kernel will change to the latest released kernel (version 4.4.167).
+
+We have tested this kernel extensively against :ref:`recommended hardware <Specific Hardware Recommendations>`
+and other common configurations. Please consult our :doc:`kernel troubleshooting guide <../kernel_troubleshooting>`
+for instructions on how to compare the differences between kernel versions and
+how to roll back to an earlier version if necessary.
+
+
+.. _Ubuntu_Upgrade:
+
+Upgrading to Ubuntu 16.04
+-------------------------
+SecureDrop installations set up prior to the release of SecureDrop 0.12.0 use
+Ubuntu 14.04 (Trusty) as the base operating system. Trusty was released in April
+2014, and as part of the standard Long Term Support (LTS) cycle, it will no
+longer receive security updates after April 30, 2019.
+
+After the 0.12.x series, updates to SecureDrop itself will only be issued to
+systems running Ubuntu 16.04.
+
+It is therefore of critical importance that you upgrade your servers to
+Ubuntu 16.04 (Xenial). Once you are running SecureDrop 0.12.0, you are ready to
+upgrade. However, we recommend that you wait until at least March 6 before you
+perform the upgrade, to allow for changes to this documentation based on the
+first set of assisted upgrades we will perform.
+
+Before then, we strongly recommend following the steps outlined in
+:doc:`xenial_prep`.
+
+As part of planning the upgrade, choose which upgrade method you want to follow:
+
+- :doc:`Upgrading in place <xenial_upgrade_in_place>`.
+  This method can be performed remotely without physical access to the servers.
+  It requires significant downtime, and you may encounter upgrade-related prompts
+  specific to your configuration which we have not documented.
+
+- :doc:`Backing up your data and restoring it to a new installation <xenial_backup_install_restore>`.
+  This method requires that you have physical access to the servers and hardware
+  firewall you wish to use for the new installation. If you perform the new
+  installation against redundant hardware, you can minimize downtime by
+  following this method.
+
+Getting Support
+---------------
+
+Should you require further support with your SecureDrop installation or the
+upgrade to Ubuntu 16.04, we are happy to help!
+
+- Community support is available at https://forum.securedrop.org
+- If you are already a member of our support portal, please don't hesitate to
+  open a ticket there. If you would like to request access, please contact us
+  at [email protected]
+  (`GPG encrypted <https://securedrop.org/sites/default/files/fpf-email.asc>`__).
+- The Freedom of the Press Foundation offers training and priority support
+  services. See https://securedrop.org/priority-support/ for more information.