diff --git a/docs/development/qubes_staging.rst b/docs/development/qubes_staging.rst index 1afca5e664..85e75329d4 100644 --- a/docs/development/qubes_staging.rst +++ b/docs/development/qubes_staging.rst @@ -22,9 +22,9 @@ Download Ubuntu Trusty server ISO --------------------------------- On ``sd-dev``, download the Ubuntu Trusty server ISO, along with corresponding -checksum and signature files. See the :ref:`hardware installation docs ` -for detailed instructions. If you opt for the command line instructions, -omit the ``torify`` prepended to the ``curl`` command. +checksum and signature files. See the :ref:`hardware installation docs ` +for detailed instructions, replacing Xenial with Trusty (``16.04`` with ``14.04``). If you opt for the command line +instructions, omit the ``torify`` prepended to the ``curl`` command. Create the Trusty base VM ------------------------- @@ -58,7 +58,7 @@ In ``dom0``: You may need to edit the filepath above if you downloaded the ISO to a different location within the ``sd-dev`` VM. Choose **Install Ubuntu**. For the most part, the install process matches the -:ref:`hardware install flow `, with a few exceptions: +:ref:`hardware install flow `, with a few exceptions: - Server IP address: use value returned by ``qvm-prefs sd-trusty-base ip``, with ``/24`` netmask suffix - Gateway: use value returned by ``qvm-prefs sd-trusty-base visible_gateway`` diff --git a/docs/images/install/ubuntu_server.png b/docs/images/install/ubuntu_server.png index 865e1ef27c..f04081e6f7 100644 Binary files a/docs/images/install/ubuntu_server.png and b/docs/images/install/ubuntu_server.png differ diff --git a/docs/servers.rst b/docs/servers.rst index 83eb84fddb..82ea236fe8 100644 --- a/docs/servers.rst +++ b/docs/servers.rst @@ -14,11 +14,11 @@ Install Ubuntu exactly as there are some "gotchas" that may cause your SecureDrop set up to break. The SecureDrop *Application Server* and *Monitor Server* run **Ubuntu Server -14.04.5 LTS (Trusty Tahr)**. To install Ubuntu on the servers, you must first +16.04.5 LTS (Xenial Xerus)**. To install Ubuntu on the servers, you must first download and verify the Ubuntu installation media. You should use the *Admin Workstation* to download and verify the Ubuntu installation media. -.. _download_trusty: +.. _download_ubuntu: Download the Ubuntu Installation Media ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -26,7 +26,7 @@ Download the Ubuntu Installation Media The installation media and the files required to verify it are available on the `Ubuntu Releases page`_. You will need to download the following files: -* `ubuntu-14.04.5-server-amd64.iso`_ +* `ubuntu-16.04.5-server-amd64.iso`_ * `SHA256SUMS`_ * `SHA256SUMS.gpg`_ @@ -42,16 +42,16 @@ Alternatively, you can use the command line: .. code:: sh cd ~/Persistent - torify curl -OOO http://releases.ubuntu.com/14.04.5/{ubuntu-14.04.5-server-amd64.iso,SHA256SUMS{,.gpg}} + torify curl -OOO http://releases.ubuntu.com/16.04.5/{ubuntu-16.04.5-server-amd64.iso,SHA256SUMS{,.gpg}} .. note:: Downloading Ubuntu on the *Admin Workstation* can take a while because Tails does everything over Tor, and Tor is typically slow relative to the speed of your upstream Internet connection. .. _Ubuntu Releases page: http://releases.ubuntu.com/ -.. _ubuntu-14.04.5-server-amd64.iso: http://releases.ubuntu.com/14.04.5/ubuntu-14.04.5-server-amd64.iso -.. _SHA256SUMS: http://releases.ubuntu.com/14.04.5/SHA256SUMS -.. _SHA256SUMS.gpg: http://releases.ubuntu.com/14.04.5/SHA256SUMS.gpg +.. _ubuntu-16.04.5-server-amd64.iso: http://releases.ubuntu.com/16.04.5/ubuntu-16.04.5-server-amd64.iso +.. _SHA256SUMS: http://releases.ubuntu.com/16.04.5/SHA256SUMS +.. _SHA256SUMS.gpg: http://releases.ubuntu.com/16.04.5/SHA256SUMS.gpg Verify the Ubuntu Installation Media ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -85,13 +85,13 @@ Verify the ``SHA256SUMS`` file and move on to the next step if you see The next and final step is to verify the Ubuntu image. :: - sha256sum -c <(grep ubuntu-14.04.5-server-amd64.iso SHA256SUMS) + sha256sum -c <(grep ubuntu-16.04.5-server-amd64.iso SHA256SUMS) If the final verification step is successful, you should see the following output in your terminal. :: - ubuntu-14.04.5-server-amd64.iso: OK + ubuntu-16.04.5-server-amd64.iso: OK .. caution:: If you do not see the line above it is not safe to proceed with the installation. If this happens, please contact us at @@ -119,9 +119,9 @@ Ubuntu installer. If your USB is mapped to /dev/sdX and you are currently in the directory that contains the Ubuntu ISO, you would use dd like so: :: - sudo dd conv=fdatasync if=ubuntu-14.04.5-server-amd64.iso of=/dev/sdX + sudo dd conv=fdatasync if=ubuntu-16.04.5-server-amd64.iso of=/dev/sdX -.. _install_trusty: +.. _install_ubuntu: Perform the Installation ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -204,9 +204,9 @@ Partition the Disks ~~~~~~~~~~~~~~~~~~~ Before setting up the server's disk partitions and filesystems in the -next step, you will need to decide if you would like to enable `*Full +next step, you will need to decide if you would like to enable `Full Disk Encryption -(FDE)* `__. +(FDE) `__. If the servers are ever powered down, FDE will ensure all of the information on them stays private in case they are seized or stolen. @@ -261,8 +261,9 @@ regular software updates. :ref:`OSSEC guide ` for example notifications generated by the reboots. -When you get to the software selection screen, only choose **OpenSSH -server** by hitting the space bar. +When you get to the software selection screen, deselect the preselected +**Standard system utilities** and select **OpenSSH server** by highlighting each +option and pressing the space bar. .. caution:: Hitting enter before the space bar will force you to start the installation process over.