Release SecureDrop 2.6.0

[zenmonkeykstop]

This is a tracking issue for the release of SecureDrop 2.6.0

Tentatively scheduled as follows:

Pre-release announcement: 06-15-2023
Release date: 06-22-2023

Release manager: @legoktm
Deputy release manager: @zenmonkeykstop
Localization manager: @cfm
Communications manager: @nathandyer

SecureDrop maintainers and testers: As you QA 2.6.0, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release".

Test debian packages will be posted on https://apt-test.freedom.press signed with the test key.

QA Matrix for 2.6.0

Test Plan for 2.6.0

Prepare release candidate (2.6.0~rc1)

• Link to latest version of Tails, including release candidates, to test against during QA
• Prepare 2.6.0~rc1 release changelog
• Branch off release/2.6.0 from develop
• Prepare 2.6.0
• Build debs, preserving build log, and put up 2.6.0~rc1 on test apt server
• Commit build log.

After each test, please update the QA matrix and post details for Basic Server Testing, Application Acceptance Testing and release-specific testing below in comments to this ticket.

Final release

• Ensure builder in release branch is updated and/or update builder image
• Push signed tag
• Pre-Flight: Test updater logic in Tails (apt-qa tracks the release branch in the LFS repo)
• Build final Debian packages(and preserve build log)
• Commit package build log to https://github.com/freedomofpress/build-logs
• Pre-Flight: Test that install and upgrade from 2.5.2 to 2.6.0 works w/ prod repo debs (apt-qa.freedom.press polls the release branch in the LFS repo for the debs)
• Flip apt QA server to prod status (merge to main in the LFS repo)
• Merge Docs branch changes to main and verify new docs build in securedrop-docs repo
• Prepare release messaging

Post release

• Create GitHub release object
• Once release object is created, update versions in securedrop-docs and Wagtail
• Verify new docs show up on https://docs.securedrop.org
• Publish announcements
• Merge changelog back to develop
• Update roadmap wiki page: https://github.com/freedomofpress/securedrop/wiki/Development-Roadmap

[cfm]

Environment

• Install target: virtual machines
• Tails version: 5.14
• Test Scenario: clean installation
• SSH over Tor: yes
• Release candidate: 2.6.0-rc1
• General notes: The servers passed all tests. Admin Workstation testing surfaced [2.6.0-rc1] Application Server's SSH alias is configured incorrectly #6847.

(.venv) root@sd-staging:~/securedrop# virsh domifaddr libvirt-prod-focal_app-prod
 Name       MAC address          Protocol     Address
-------------------------------------------------------------------------------
 vnet5      52:54:00:4c:4d:c1    ipv4         192.168.121.215/24
(.venv) root@sd-staging:~/securedrop# virsh domifaddr libvirt-prod-focal_mon-prod
 Name       MAC address          Protocol     Address
-------------------------------------------------------------------------------
 vnet7      52:54:00:c4:7e:e5    ipv4         192.168.121.36/24

Basic Server Testing

• After installing the testinfra dependencies, all tests in ./securedrop-admin verify are passing:
  • Install dependencies on Admin Workstation with cd ~/Persistent/securedrop && ./securedrop-admin setup -t
  • Run tests with ./securedrop-admin verify (this will take a while)
  • Remove test dependencies: rm -rf admin/.venv3/ && ./securedrop-admin setup
• QA Matrix checks pass

Command Line User Generation

• Can successfully add admin user and login

(Optional) Administration

• I have backed up and successfully restored the app server following the backup documentation
• If doing upgrade testing, make a backup on 2.5.2 and restore this backup on this release candidate
• "Send Test OSSEC Alert" button in the journalist triggers an OSSEC alert and an email is sent
• Can successfully add journalist account with HOTP authentication

(Optional) Application Acceptance Testing

Source Interface

Landing page base cases

• JS warning bar does not appear when using Security Slider high
• JS warning bar does appear when using Security Slider Low

First submission base cases

• On generate page, refreshing page produces a new 7-word codename
• On submit page, empty submissions produce flashed message
• On submit page, short message submitted successfully
• On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
• On submit page, file less than 500 MB submitted successfully

Returning source base cases

• Nonexistent codename cannot log in
• Empty codename cannot log in
• Legitimate codename can log in
• Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases

• Can log in with 2FA tokens
• incorrect password cannot log in
• invalid 2fa token cannot log in
• 2fa immediate reuse cannot log in
• Journalist account with HOTP can log in

Index base cases

• Filter by codename works
• Starring and unstarring works
• Click select all selects all submissions
• Selecting all and clicking "Download" works

Individual source page

• You can submit a reply and a flashed message and new row appears
• You cannot submit an empty reply
• Clicking "Delete Source Account" and the source and docs are deleted
• You can click on a document and successfully decrypt using application private key

Basic Tails Testing

After updating to this release candidate and running securedrop-admin tailsconfig

• The Updater GUI appears on boot

2.6.0 release-specific changes

• #6657 - switch to argon2id hashes

  • Upgrade only Before upgrading, create a journalist or admin account
  • Upgrade only After upgrading, verify that existing journalist accounts can still log in
  • Verify that new journalist accounts can log in
  • In the application db, verify that all journalist account password hashes start with '$argon2id$...'

• #6681 - remove i18n globals

  • in SI, locale switcher works as expected
  • In JI, locale switcher works as expected

• #6738 - add descriptive titles

  • SI pages have descriptive titles based on the pages' main headers
  • JI pages have descriptive titles based on the pages' main headers

• #6768 - update CSP policy

  • In the SI, the Cross-Origin-Resource-Policy header is set with value same-origin
  • In the JI, the Cross-Origin-Resource-Policy header is set with value same-origin

• #6826 - remove stale pending sources

  • On the app server, generate more than 100 pending sources using eg:

    sudo -u www-data bash
    cd /var/www/securedrop/
    ./loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0
    

  • Trigger the removal service with sudo systemctl start securedrop-remove-pending-sources.service
  • Verify that only 100 pending sources remain in the database

agrant@app-prod:~$ sudo -u www-data sqlite3 /var/lib/securedrop/db.sqlite "SELECT COUNT(*) FROM sources;" 
111 
vagrant@app-prod:~$ sudo systemctl start securedrop-remove-pending-sources.service 
vagrant@app-prod:~$ sudo -u www-data sqlite3 /var/lib/securedrop/db.sqlite "SELECT COUNT(*) FROM sources;" 
101 

• #6712 - add a Gnome shell extension
  • Fresh install only After running ./securedrop-admin tailsconfig, verify that:
    • The playbook message directs you to reboot
    • After rebooting, a SecureDrop menu is available in the top menubar including options to access the SI and JI, SSH to servers, access the Persistent directory, and start KeePassXC
    • after setting up a Journalist Workstation and rebooting, the same menu and options are available with the exception of the SSH options.
  • Upgrade only Upgrade the Tails Workstation to the latest RC by running the following commands in a terminal:

    cd Persistent/securedrop
    git checkout 2.6.0-rcN   # Where N is latest version
    ./securedrop-admin setup
    ./securedrop-admin tailsconfig
    

#6847

• verify that:
  • The tailsconfig playbook message directs you to reboot
  • After rebooting, a SecureDrop menu is available in the top menubar including options to access the SI and JI, SSH to servers, access the Persistent directory, and start KeePassXC
  • after setting up a Journalist Workstation and rebooting, the same menu and options are available with the exception of the SSH options.

[legoktm]

Environment

• Install target: NUC11 (app) & NUC 10 (mon)
• Tails version: 5.14
• Test Scenario: Clean install
• SSH over Tor: yes
• Release candidate: rc1
• General notes: Looks good but there's a visual glitch where the label for English is actually "English (United States)" and cuts off the globe icon.

Basic Server Testing

• After installing the testinfra dependencies, all tests in ./securedrop-admin verify are passing:
  • Install dependencies on Admin Workstation with cd ~/Persistent/securedrop && ./securedrop-admin setup -t
  • Run tests with ./securedrop-admin verify (this will take a while)
  • Remove test dependencies: rm -rf admin/.venv3/ && ./securedrop-admin setup
• QA Matrix checks pass

Command Line User Generation

• Can successfully add admin user and login

(Optional) Administration

• I have backed up and successfully restored the app server following the backup documentation
• If doing upgrade testing, make a backup on 2.5.2 and restore this backup on this release candidate
• "Send Test OSSEC Alert" button in the journalist triggers an OSSEC alert and an email is sent
• Can successfully add journalist account with HOTP authentication

(Optional) Application Acceptance Testing

Source Interface

Landing page base cases

• JS warning bar does not appear when using Security Slider high
• JS warning bar does appear when using Security Slider Low

First submission base cases

• On generate page, refreshing page produces a new 7-word codename
• On submit page, empty submissions produce flashed message
• On submit page, short message submitted successfully
• On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
• On submit page, file less than 500 MB submitted successfully

Returning source base cases

• Nonexistent codename cannot log in
• Empty codename cannot log in
• Legitimate codename can log in
• Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases

• Can log in with 2FA tokens
• incorrect password cannot log in
• invalid 2fa token cannot log in
• 2fa immediate reuse cannot log in
• Journalist account with HOTP can log in

Index base cases

• Filter by codename works
• Starring and unstarring works
• Click select all selects all submissions
• Selecting all and clicking "Download" works

Individual source page

• You can submit a reply and a flashed message and new row appears
• You cannot submit an empty reply
• Clicking "Delete Source Account" and the source and docs are deleted
• You can click on a document and successfully decrypt using application private key

Basic Tails Testing

After updating to this release candidate and running securedrop-admin tailsconfig

• The Updater GUI appears on boot

2.6.0 release-specific changes

• #6657 - switch to argon2id hashes

  • Verify that new journalist accounts can log in
  • In the application db, verify that all journalist account password hashes start with '$argon2id$...'

• #6681 - remove i18n globals

  • in SI, locale switcher works as expected
  • In JI, locale switcher works as expected

• #6738 - add descriptive titles

  • SI pages have descriptive titles based on the pages' main headers
  • JI pages have descriptive titles based on the pages' main headers

• #6768 - update CSP policy

  • In the SI, the Cross-Origin-Resource-Policy header is set with value same-origin
  • In the JI, the Cross-Origin-Resource-Policy header is set with value same-origin

• #6826 - remove stale pending sources

  • On the app server, generate more than 100 pending sources using eg:

    sudo -u www-data bash
    cd /var/www/securedrop/
    ./loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0
    

  • Trigger the removal service with sudo systemctl start securedrop-remove-pending-sources.service

  • Verify that only 100 pending sources remain in the database

• #6712 - add a Gnome shell extension

  • Fresh install only After running ./securedrop-admin tailsconfig, verify that:
    • The playbook message directs you to reboot
    • After rebooting, a SecureDrop menu is available in the top menubar including options to access the SI and JI, SSH to servers, access the Persistent directory, and start KeePassXC
    • after setting up a Journalist Workstation and rebooting, the same menu and options are available with the exception of the SSH options.

[nathandyer]

Environment

• Install target: NUC12 (app) & NUC 11 (mon)
• Tails version: 5.13
• Test Scenario: Clean install
• SSH over Tor: yes
• Release candidate: rc1
• General notes: No issues spotted!

Basic Server Testing

• After installing the testinfra dependencies, all tests in ./securedrop-admin verify are passing:
  • Install dependencies on Admin Workstation with cd ~/Persistent/securedrop && ./securedrop-admin setup -t
  • Run tests with ./securedrop-admin verify (this will take a while)
  • Remove test dependencies: rm -rf admin/.venv3/ && ./securedrop-admin setup
• QA Matrix checks pass

Command Line User Generation

• Can successfully add admin user and login

(Optional) Administration

• I have backed up and successfully restored the app server following [the backup documentation](https://docs.securedrop.org/en/latest/backup_and_restore.html)
• If doing upgrade testing, make a backup on 2.5.2 and restore this backup on this release candidate
• "Send Test OSSEC Alert" button in the journalist triggers an OSSEC alert and an email is sent
• Can successfully add journalist account with HOTP authentication

(Optional) Application Acceptance Testing

Source Interface

Landing page base cases

• JS warning bar does not appear when using Security Slider high
• JS warning bar does appear when using Security Slider Low

First submission base cases

• On generate page, refreshing page produces a new 7-word codename
• On submit page, empty submissions produce flashed message
• On submit page, short message submitted successfully
• On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
• On submit page, file less than 500 MB submitted successfully

Returning source base cases

• Nonexistent codename cannot log in
• Empty codename cannot log in
• Legitimate codename can log in
• Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases

• Can log in with 2FA tokens
• incorrect password cannot log in
• invalid 2fa token cannot log in
• 2fa immediate reuse cannot log in
• Journalist account with HOTP can log in

Index base cases

• Filter by codename works
• Starring and unstarring works
• Click select all selects all submissions
• Selecting all and clicking "Download" works

Individual source page

• You can submit a reply and a flashed message and new row appears
• You cannot submit an empty reply
• Clicking "Delete Source Account" and the source and docs are deleted
• You can click on a document and successfully decrypt using application private key

Basic Tails Testing

After updating to this release candidate and running securedrop-admin tailsconfig

• The Updater GUI appears on boot

2.6.0 release-specific changes

• #6657 - switch to argon2id hashes

  • Verify that new journalist accounts can log in
  • In the application db, verify that all journalist account password hashes start with '$argon2id$...' NOTE: Unsure how to directly check DB from prod server

• #6681 - remove i18n globals

  • in SI, locale switcher works as expected
  • In JI, locale switcher works as expected

• #6738 - add descriptive titles

  • SI pages have descriptive titles based on the pages' main headers
  • JI pages have descriptive titles based on the pages' main headers

• #6768 - update CSP policy

  • In the SI, the Cross-Origin-Resource-Policy header is set with value same-origin
  • In the JI, the Cross-Origin-Resource-Policy header is set with value same-origin

• #6826 - remove stale pending sources

  • On the app server, generate more than 100 pending sources using eg:

    sudo -u www-data bash
    cd /var/www/securedrop/
    ./loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0
    

  • Trigger the removal service with sudo systemctl start securedrop-remove-pending-sources.service

  • Verify that only 100 pending sources remain in the database (Note: related to above, wasn't sure how to check DB directly, but the behavior on multiple passes confirmed the correct number of pending sources)

• #6712 - add a Gnome shell extension

  • Fresh install only After running ./securedrop-admin tailsconfig, verify that:
    • The playbook message directs you to reboot
    • After rebooting, a SecureDrop menu is available in the top menubar including options to access the SI and JI, SSH to servers, access the Persistent directory, and start KeePassXC
    • after setting up a Journalist Workstation and rebooting, the same menu and options are available with the exception of the SSH options.

[cfm]

Environment

• Install target: NUC11s
• Tails version: 5.13
• Test Scenario: upgrade
• SSH over Tor: yes
• Release candidate: 2.6.0-rc1
• General notes: Rest of test plan to follow on 2.6.0-rc2.

Basic Server Testing

• After installing the testinfra dependencies, all tests in ./securedrop-admin verify are passing:
  • Install dependencies on Admin Workstation with cd ~/Persistent/securedrop && ./securedrop-admin setup -t
  • Run tests with ./securedrop-admin verify (this will take a while)
  • Remove test dependencies: rm -rf admin/.venv3/ && ./securedrop-admin setup
• QA Matrix checks pass

Truncated release-specific testing

• New systemd timers are firing.

sdadmin@app:~$ sudo journalctl | grep -E "securedrop-(clean-tmp|remove-pending-sources|submissions-today)" | tail -n 10
Jun 19 03:00:40 app systemd[1]: securedrop-submissions-today.service: Succeeded.
Jun 19 04:00:00 app systemd[1]: securedrop-clean-tmp.timer: Succeeded.
Jun 19 04:00:00 app systemd[1]: securedrop-remove-pending-sources.timer: Succeeded.
Jun 19 04:00:00 app systemd[1]: securedrop-submissions-today.timer: Succeeded.
Jun 20 00:00:02 app systemd[1]: securedrop-clean-tmp.service: Succeeded.
Jun 20 00:00:02 app systemd[1]: securedrop-remove-pending-sources.service: Succeeded.
Jun 20 03:00:21 app systemd[1]: securedrop-submissions-today.service: Succeeded.
Jun 20 04:00:00 app systemd[1]: securedrop-clean-tmp.timer: Succeeded.
Jun 20 04:00:00 app systemd[1]: securedrop-remove-pending-sources.timer: Succeeded.
Jun 20 04:00:00 app systemd[1]: securedrop-submissions-today.timer: Succeeded.

[cfm]

Environment

• Install target: NUC11s
• Tails version: 5.13
• Test Scenario: upgrade
• SSH over Tor: yes
• Release candidate: 2.6.0-rc2
• General notes: Except for [2.6.0] Journalist Interface: Redis raises NameError: name 'hasattr' is not defined #6866, tests check out, but see nit on Drop passlib, switch to argon2id hashes #6657.

Basic Server Testing

• After installing the testinfra dependencies, all tests in ./securedrop-admin verify are passing:
  • Install dependencies on Admin Workstation with cd ~/Persistent/securedrop && ./securedrop-admin setup -t
  • Run tests with ./securedrop-admin verify (this will take a while)
  • Remove test dependencies: rm -rf admin/.venv3/ && ./securedrop-admin setup
• QA Matrix checks pass

Command Line User Generation

• Can successfully add admin user and login

(Optional) Administration

• I have backed up and successfully restored the app server following the backup documentation
• If doing upgrade testing, make a backup on 2.5.2 and restore this backup on this release candidate
• "Send Test OSSEC Alert" button in the journalist triggers an OSSEC alert and an email is sent
• Can successfully add journalist account with HOTP authentication

(Optional) Application Acceptance Testing

Source Interface

Landing page base cases

• JS warning bar does not appear when using Security Slider high
• JS warning bar does appear when using Security Slider Low

First submission base cases

• On generate page, refreshing page produces a new 7-word codename
• On submit page, empty submissions produce flashed message
• On submit page, short message submitted successfully
• On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
• On submit page, file less than 500 MB submitted successfully

Returning source base cases

• Nonexistent codename cannot log in
• Empty codename cannot log in
• Legitimate codename can log in
• Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases

• Can log in with 2FA tokens
• incorrect password cannot log in
• invalid 2fa token cannot log in
• 2fa immediate reuse cannot log in
• Journalist account with HOTP can log in

Index base cases

• Filter by codename works
• Starring and unstarring works
• Click select all selects all submissions
• Selecting all and clicking "Download" works

Individual source page

• You can submit a reply and a flashed message and new row appears
• You cannot submit an empty reply
• Clicking "Delete Source Account" and the source and docs are deleted
• You can click on a document and successfully decrypt using application private key

Basic Tails Testing

After updating to this release candidate and running securedrop-admin tailsconfig

• The Updater GUI appears on boot

2.6.0 release-specific changes

• #6657 - switch to argon2id hashes
  • Upgrade only Before upgrading, create a journalist or admin account
  • Upgrade only After upgrading, verify that existing journalist accounts can still log in
  • Verify that new journalist accounts can log in
  • In the application db, verify that all journalist account password hashes start with '$argon2id$...'

No, only journalists who have logged in since the upgrade to a v2.6.0 RC have updated password hashes. (This is an error in the test plan, not the implementation of #6657.)

• #6681 - remove i18n globals
  • in SI, locale switcher works as expected
  • In JI, locale switcher works as expected

• #6738 - add descriptive titles

  • SI pages have descriptive titles based on the pages' main headers
  • JI pages have descriptive titles based on the pages' main headers

• #6768 - update CSP policy

  • In the SI, the Cross-Origin-Resource-Policy header is set with value same-origin
  • In the JI, the Cross-Origin-Resource-Policy header is set with value same-origin

• #6826 - remove stale pending sources

  • On the app server, generate more than 100 pending sources using eg:

    sudo -u www-data bash
    cd /var/www/securedrop/
    ./loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0
    

This is a long-running instance with a useful amount of junk:

amnesia@amnesia:~$ ssh app 'sudo -u www-data sqlite3 /var/lib/securedrop/db.sqlite "SELECT COUNT(*) FROM sources;"'
177

• Trigger the removal service with sudo systemctl start securedrop-remove-pending-sources.service
• Verify that only 100 appropriately fewer pending sources remain in the database

This is a long-running instance with a useful amount of junk:

amnesia@amnesia:~$ ssh app sudo systemctl start securedrop-remove-pending-sources.service
amnesia@amnesia:~$ ssh app 'sudo -u www-data sqlite3 /var/lib/securedrop/db.sqlite "SELECT COUNT(*) FROM sources;"'
123

• #6712 - add a Gnome shell extension

  • Fresh install only After running ./securedrop-admin tailsconfig, verify that:

    • The playbook message directs you to reboot
    • After rebooting, a SecureDrop menu is available in the top menubar including options to access the SI and JI, SSH to servers, access the Persistent directory, and start KeePassXC
    • after setting up a Journalist Workstation and rebooting, the same menu and options are available with the exception of the SSH options.

  • Upgrade only Upgrade the Tails Workstation to the latest RC by running the following commands in a terminal:

    cd Persistent/securedrop
    git checkout 2.6.0-rcN   # Where N is latest version
    ./securedrop-admin setup
    ./securedrop-admin tailsconfig
    

  • verify that:

    • The tailsconfig playbook message directs you to reboot
    • After rebooting, a SecureDrop menu is available in the top menubar including options to access the SI and JI, SSH to servers, access the Persistent directory, and start KeePassXC
    • after setting up a Journalist Workstation and rebooting, the same menu and options are available with the exception of the SSH options.

[legoktm]

Environment

• Install target: NUC11 (app) + NUC10 (mon)
• Tails version: 5.14
• Test Scenario: clean install
• SSH over Tor: yes
• Release candidate: 2.6.0-rc2 with fix(ossec): ignore NameError on builtin hasattr() #6867 cherry-picked on top
• General notes: looks ready to me. I found some more visual issues with the locale switcher when playing with it, but none are 2.6.0 regressions AFAICT (will file shortly)

Basic Server Testing

• After installing the testinfra dependencies, all tests in ./securedrop-admin verify are passing:
  • Install dependencies on Admin Workstation with cd ~/Persistent/securedrop && ./securedrop-admin setup -t
  • Run tests with ./securedrop-admin verify (this will take a while)
  • Remove test dependencies: rm -rf admin/.venv3/ && ./securedrop-admin setup
• QA Matrix checks pass

Command Line User Generation

• Can successfully add admin user and login

(Optional) Administration

• I have backed up and successfully restored the app server following the backup documentation
• If doing upgrade testing, make a backup on 2.5.2 and restore this backup on this release candidate
• "Send Test OSSEC Alert" button in the journalist triggers an OSSEC alert and an email is sent
• Can successfully add journalist account with HOTP authentication

(Optional) Application Acceptance Testing

Source Interface

Landing page base cases

• JS warning bar does not appear when using Security Slider high
• JS warning bar does appear when using Security Slider Low

First submission base cases

• On generate page, refreshing page produces a new 7-word codename
• On submit page, empty submissions produce flashed message
• On submit page, short message submitted successfully
• On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser quickly before the entire file is uploaded
• On submit page, file less than 500 MB submitted successfully

Returning source base cases

• Nonexistent codename cannot log in
• Empty codename cannot log in
• Legitimate codename can log in
• Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases

• Can log in with 2FA tokens
• incorrect password cannot log in
• invalid 2fa token cannot log in
• 2fa immediate reuse cannot log in
• Journalist account with HOTP can log in

Index base cases

• Filter by codename works
• Starring and unstarring works
• Click select all selects all submissions
• Selecting all and clicking "Download" works

Individual source page

• You can submit a reply and a flashed message and new row appears
• You cannot submit an empty reply
• Clicking "Delete Source Account" and the source and docs are deleted
• You can click on a document and successfully decrypt using application private key

Basic Tails Testing

After updating to this release candidate and running securedrop-admin tailsconfig

• The Updater GUI appears on boot

2.6.0 rc2 release-specific changes

• No ossec notifications for NameError missing hasattr
• Setting en_US in the locale options shows up as "English", not "English (United States)"

[cfm]

Environment

• Install target: NUC11s
• Tails version: 5.13
• Test Scenario: upgrade
• SSH over Tor: yes
• Release candidate: 2.6.0
• General notes: All happy.

Preflight testing

Basic testing

• Install or upgrade occurs without error (from apt-qa.freedom.press per preflight procedure)
• Source interface is available and version string indicates it is 2.6.0
  • A language other than English can be selected
• A message can be successfully submitted

Tails

• The updater GUI appears on boot
• The update successfully occurs to 2.6.0
• After reboot, updater GUI no longer appears

[eloquence]

Can also confirm:

• The updater GUI appears on boot
• The update successfully occurs to 2.6.0
• After reboot, updater GUI no longer appears

New SecureDrop menu appeared for me after reboot & connecting to network, and is working as expected.

[zenmonkeykstop]

Fresh install preflight checks out.