From cf81b037999f147b3a38579e3e3079801be2d5ca Mon Sep 17 00:00:00 2001 From: Erik Moeller Date: Fri, 22 Feb 2019 15:54:19 -0800 Subject: [PATCH] Add 0.11.1 to 0.12.0 upgrade docs Resolves #4180 --- docs/index.rst | 1 + docs/upgrade/0.11.1_to_0.12.0.rst | 116 ++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 docs/upgrade/0.11.1_to_0.12.0.rst diff --git a/docs/index.rst b/docs/index.rst index 91041da69d..c0443c4e37 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -89,6 +89,7 @@ anonymous sources. upgrade/xenial_prep.rst upgrade/xenial_upgrade_in_place.rst upgrade/xenial_backup_install_restore.rst + upgrade/0.11.1_to_0.12.0.rst upgrade/0.10.0_to_0.11.0.rst upgrade/0.9.1_to_0.10.0.rst upgrade/0.8.0_to_0.9.1.rst diff --git a/docs/upgrade/0.11.1_to_0.12.0.rst b/docs/upgrade/0.11.1_to_0.12.0.rst new file mode 100644 index 0000000000..36cae89f89 --- /dev/null +++ b/docs/upgrade/0.11.1_to_0.12.0.rst @@ -0,0 +1,116 @@ +Upgrade from 0.11.1 to 0.12.0 +============================= + +.. important:: If you installed SecureDrop before the release of SecureDrop + 0.12.0, the operating system on your SecureDrop servers is now out of date and + must be upgraded before April 30, 2019. See :ref:`Ubuntu_Upgrade` below. + +Updating the Tails Workstations +------------------------------- +If you have not already done so, we recommend that you update all Tails drives +to version 3.12.1, which was released on February 13, 2019. Follow the Tails +graphical prompts on your workstations to perform this upgrade. + +On a subsequent boot of your SecureDrop *Journalist* and *Admin Workstations*, +the *SecureDrop Workstation Updater* will alert you to workstation updates. +Choose "Update Now" on each of the workstations: + +.. image:: ../images/0.6.x_to_0.7/securedrop-updater.png + +Please note that this only updates the SecureDrop code on your Tails +workstations. Tails upgrades must be performed separately. + +.. note:: The graphical updater uses keyservers to obtain the release signing + key. If the graphical updater fails, it may be due to a keyserver not being + reachable. You can try again, or you can perform the manual procedure outlined + below (you may have to run the ``--recv-key`` command repeatedly for it to + work). + +If you don't see a graphical updater, you may be running an older version of the +SecureDrop code on your workstation (earlier than 0.7.0). You can update as +follows: :: + + cd ~/Persistent/securedrop + git fetch --tags + gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77" + git tag -v 0.12.0 + +The output should include the following two lines: :: + + gpg: using RSA key 22245C81E3BAEB4138B36061310F561200F4AD77 + gpg: Good signature from "SecureDrop Release Signing Key" + +Please verify that each character of the fingerprint above matches what +on the screen of your workstation. If it does, you can check out the +new release: :: + + git checkout 0.12.0 + +.. important:: If you do see the warning "refname '0.12.0' is ambiguous" in the + output, we recommend that you contact us immediately at securedrop@freedom.press + (`GPG encrypted `__). + +Finally, run the following commands: :: + + ./securedrop-admin setup + ./securedrop-admin tailsconfig + +Troubleshooting Kernel Issues +----------------------------- + +As part of the the automatic update to SecureDrop 0.12.0, the default Linux +kernel will change to the latest released kernel (version 4.4.167). + +We have tested this kernel extensively against :ref:`recommended hardware ` +and other common configurations. Please consult our :doc:`kernel troubleshooting guide <../kernel_troubleshooting>` +for instructions on how to compare the differences between kernel versions and +how to roll back to an earlier version if necessary. + + +.. _Ubuntu_Upgrade: + +Upgrading to Ubuntu 16.04 +------------------------- +SecureDrop installations set up prior to the release of SecureDrop 0.12.0 use +Ubuntu 14.04 (Trusty) as the base operating system. Trusty was released in April +2014, and as part of the standard Long Term Support (LTS) cycle, it will no +longer receive security updates after April 30, 2019. + +After the 0.12.x series, updates to SecureDrop itself will only be issued to +systems running Ubuntu 16.04. + +It is therefore of critical importance that you upgrade your servers to +Ubuntu 16.04 (Xenial). Once you are running SecureDrop 0.12.0, you are ready to +upgrade. However, we recommend that you wait until at least March 6 before you +perform the upgrade, to allow for changes to this documentation based on the +first set of assisted upgrades we will perform. + +Before then, we strongly recommend following the steps outlined in +:doc:`xenial_prep`. + +As part of planning the upgrade, choose which upgrade method you want to follow: + +- :doc:`Upgrading in place `. + This method can be performed remotely without physical access to the servers. + It requires significant downtime, and you may encounter upgrade-related prompts + specific to your configuration which we have not documented. + +- :doc:`Backing up your data and restoring it to a new installation `. + This method requires that you have physical access to the servers and hardware + firewall you wish to use for the new installation. If you perform the new + installation against redundant hardware, you can minimize downtime by + following this method. + +Getting Support +--------------- + +Should you require further support with your SecureDrop installation or the +upgrade to Ubuntu 16.04, we are happy to help! + +- Community support is available at https://forum.securedrop.org +- If you are already a member of our support portal, please don't hesitate to + open a ticket there. If you would like to request access, please contact us + at securedrop@freedom.press + (`GPG encrypted `__). +- The Freedom of the Press Foundation offers training and priority support + services. See https://securedrop.org/priority-support/ for more information.