Closed eloquence closed 3 years ago
(Just a placeholder for now based on the last release, will likely need some fleshing out to account for the additional complexity of adding and testing support for Ubuntu 20.04.)
Initial testing on NUC5 hardware looks solid. I do have a few questions:
-rw-rw-r--
permission on /var/ossec/.gnupg/pubring.kbx
on the mon
server?/var/crash/_usr_bin_lscpu.1000.crash
file on both the servers?/libx32
and /lib32
?[ ] V2 SSH only configured when v2 services are enabled #5718
/var/lib/tor/services/ssh
was not created on either the Application or Monitor Server/etc/tor/torrc
does not contain HiddenServiceVersion 2
on either the Application or Monitor Server[x] SSHd config updates #5666
Error: Unable to load host key: /etc/ssh/ssh_host_dsa_key
(#5660)[x] Safe deletion #5770
[x] With Tor Browser's security setting at "standard", sources' files and messages can be deleted on the All Sources page :
log into the SI and submit multiple messages/files
log into the JI and click Delete on the All Sources page without selecting any sources' checkboxes
select the checkbox for the source created above in the "All Sources" page and Click Delete..:
click Cancel
ensure that the source is selected and click Delete.. again, then click Files and Messages
0
in the SI, submit a message
Return to the All Sources page, select the source, and choose Delete > Files and Messages
[x] With TBB security set to "standard", source accounts can be deleted with a double confirm on the All Sources page:
log into the SI, recording the source codename, and submit multiple messages/files
log into the JI and select the checkbox for the source created above in the "All Sources" page
Click Delete..:
Click Source Accounts
Click Yes, Delete Source Accounts
return to the SI and attempt to log in as the source:
return to the JI and open the All Sources page
select two sources, choose Delete > Source Accounts > Yes, Delete Source Accounts
[ ] With TBB security at "safest", the test cases above pass with the the following exceptions:
[ ] the selected source count is not displayed on the initial deletion modal when deleting files and messages or source accounts on the All Sources page
[ ] the modals are centered in the page, not displayed under the delete button on the All sources page
[ ] a flash error message is displayed instead of the error modal when the user clicks Delete on All Sources with nothing selected.
[x] Empty files are no longer created for disconnected database entries #5724
/var/lib/securedrop/store
and delete the file of the message you just submitted.2-...
and 3-...
) and that their timestamps are identical.[ ] Remove cloud-init package during installation #5771
ssh app apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.ssh app apt list --installed | grep cloud-init
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
cloud-initramfs-copymods/now 0.27ubuntu1.6 all [installed,local]
cloud-initramfs-dyn-netconf/now 0.27ubuntu1.6 all [installed,local]
amnesia@amnesia:~/Persistent/securedrop$ ssh mon apt list --installed | grep cloud-init
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
cloud-initramfs-copymods/now 0.27ubuntu1.6 all [installed,local]
cloud-initramfs-dyn-netconf/now 0.27ubuntu1.6 all [installed,local]
[x] Install release-upgrader in prepare-servers role (#5792)
ssh app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS) ubuntu-release-upgrader-core/now
mon app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)[x] Update Tor to 0.4.5.6 #5803
ssh app tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."ssh mon tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."[x] LTS upgrade prompt is disabled #5786
ssh app cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh app cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminal[x] Update and annotate Apache configuration #5797
curl -I http://<onion>
, where <onion>
is the SI onion address. The response should include the following:no-referrer
[ ] Check for updates before most securedrop-admin commands #5788
~/Persistent/securedrop
git status
, switching if necessary with , e.g., git checkout 1.8.0-rc1
../securedrop-admin logs
. Verify that it does an update check, does not run the subcommand, prints an error, and exits with exit code 1 ( check with echo $?
)
HEAD detached at 1.8.0-rc1
).git tag -d 1.8.0-rc1 && git tag -d 1.7.1
). Retag your current HEAD as 1.7.1 with an annotated tag (git tag -a 1.7.1 -m 'TEST TAG ONLY'
). This tells the updater that you are using the expected tag even though you are on 1.8.0-rc1../securedrop-admin logs
. Confirm that the command prints "All updates applied" and proceeds to fetch logs.git tag -d 1.7.1
, restore the tags from the server with git fetch --tags --all
, and check out the latest RC again with, e.g., git checkout 1.8.0-rc1
./securedrop-admin logs
again, confirming that the error is displayed and the subcommand not run./securedrop-admin --force logs
. Confirm that the version check is skipped and logs are fetched../securedrop-admin
subcommands and verify that version checks are performed.[x] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[x] IPv6 disabled in init in Focal only#5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you may see address information, for localhost, ethernet, or both.sudo cat /proc/cmdline
: you should NOT see "ipv6.disable=1" in the output.sudo ip6tables -S
: a brief list of "DROP" policies. Each line you see should have "DROP", but no lines should have "ALLOW".[ ] Focal support added #4728
[ ] Update Kernel to 5.4.97 for Focal #5785
ssh app uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
ssh mon uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
[ ] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[ ] resolvconf is not present on focal #5809
ssh app apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh app dig freedom.press
is run via an Admin Workstation terminal:./securedrop-admin sdconfig
(e.g. 8.8.8.8
)[ ] Remove aptitude and disable install-recommends #5793
ssh app apt list --installed | grep aptitude
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep aptitude
is run via an Admin Workstation terminal, it should return an empty stringssh app sudo apt install vlc
is run via an Admin Workstation terminal:ssh app apt list --installed | grep vlc-l10n
should return an empty string[ ] IPv6 disabled in init in Focal only #5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you should see no output.sudo cat /proc/cmdline
: you should see "ipv6.disable=1" in the output.sudo ip6tables -S
: you should see an error about functionality not being supported. [ ] replace ntp with systemd-timesyncd [#5806]()https://github.com/freedomofpress/securedrop/issue/5806)
ntp
and ntpdate
are not installed on the Application Server with the Admin Workstation command ssh app apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsntp
and ntpdate
are not installed on the Monitor Server with the Admin Workstation command ssh mon apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsssh app timedatectl show
and ssh mon timedatectl show
should both contain NTPSynchronized=yes
ssh app timedatectl show-timesync
and ssh mon timedatectl show
should both contain ServerName=ntp.ubuntu.com
, with an NTPMessage
indicating that the server has been reached[ ] Use paxctld, not paxctl on Focal #5808
ssh app apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh app apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh mon apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh app systemctl status paxctld
is run, its output should indicate that paxctld is active.[ ] Replace cron-apt with unattended-upgrades #5684 RC2 or later only
ssh app unattended-upgrades --dry-run
works without returning errorsssh app unattended-upgrades -d
works without returning errors, and the Application Server log at /var/logs/unattended-upgrades.log
contains no errors[ ] v2 services cannot be installed on Focal #5819
./securedrop-admin sdconfig
, choosing to enable v2 onion services but leaving all other settings unchanged../securedrop-admin install
is run, it errors out immediately after the prepare-servers role with an message including Please run sdconfig again, disabling v2 services.
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[ ] V2 SSH only configured when v2 services are enabled #5718 N/A
/var/lib/tor/services/ssh
was not created on either the Application or Monitor Server/etc/tor/torrc
does not contain HiddenServiceVersion 2
on either the Application or Monitor Server[x] SSHd config updates #5666
Error: Unable to load host key: /etc/ssh/ssh_host_dsa_key
(#5660)[x] Safe deletion #5770
[x] With Tor Browser's security setting at "standard", sources' files and messages can be deleted on the All Sources page :
log into the SI and submit multiple messages/files
log into the JI and click Delete on the All Sources page without selecting any sources' checkboxes
select the checkbox for the source created above in the "All Sources" page and Click Delete..:
click Cancel
ensure that the source is selected and click Delete.. again, then click Files and Messages
0
in the SI, submit a message
Return to the All Sources page, select the source, and choose Delete > Files and Messages
[x] With TBB security set to "standard", source accounts can be deleted with a double confirm on the All Sources page:
log into the SI, recording the source codename, and submit multiple messages/files
log into the JI and select the checkbox for the source created above in the "All Sources" page
Click Delete..:
Click Source Accounts
Click Yes, Delete Source Accounts
return to the SI and attempt to log in as the source:
return to the JI and open the All Sources page
select two sources, choose Delete > Source Accounts > Yes, Delete Source Accounts
[x] With TBB security at "safest", the test cases above pass with the the following exceptions:
[x] the selected source count is not displayed on the initial deletion modal when deleting files and messages or source accounts on the All Sources page
[x] the modals are centered in the page, not displayed under the delete button on the All sources page
[x] a flash error message is displayed instead of the error modal when the user clicks Delete on All Sources with nothing selected.
[x] Empty files are no longer created for disconnected database entries #5724
/var/lib/securedrop/store
and delete the file of the message you just submitted.2-...
and 3-...
) and that their timestamps are identical.[ ] Remove cloud-init package during installation #5771 *FAILED - but could be a test problem - 2 packages used for PXE boot match `clout-init`**
ssh app apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.[x] Install release-upgrader in prepare-servers role (#5792)
ssh app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)mon app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)[x] Update Tor to 0.4.5.6 #5803
ssh app tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."ssh mon tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."[x] LTS upgrade prompt is disabled #5786
ssh app cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh app cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminal[x] Update and annotate Apache configuration #5797
curl -I http://<onion>
, where <onion>
is the SI onion address. The response should include the following:no-referrer
[x] Check for updates before most securedrop-admin commands #5788
~/Persistent/securedrop
git status
, switching if necessary with , e.g., git checkout 1.8.0-rc1
../securedrop-admin logs
. Verify that it does an update check, does not run the subcommand, prints an error, and exits with exit code 1 ( check with echo $?
)
HEAD detached at 1.8.0-rc1
).git tag -d 1.8.0-rc1 && git tag -d 1.7.1
). Retag your current HEAD as 1.7.1 with an annotated tag (git tag -a 1.7.1 -m 'TEST TAG ONLY'
). This tells the updater that you are using the expected tag even though you are on 1.8.0-rc1../securedrop-admin logs
. Confirm that the command prints "All updates applied" and proceeds to fetch logs.git tag -d 1.7.1
, restore the tags from the server with git fetch --tags --all
, and check out the latest RC again with, e.g., git checkout 1.8.0-rc1
./securedrop-admin logs
again, confirming that the error is displayed and the subcommand not run./securedrop-admin --force logs
. Confirm that the version check is skipped and logs are fetched../securedrop-admin
subcommands and verify that version checks are performed.[x] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[x] IPv6 disabled in init in Focal only#5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you may see address information, for localhost, ethernet, or both. no outputsudo cat /proc/cmdline
: you should NOT see "ipv6.disable=1" in the output.sudo ip6tables -S
: a brief list of "DROP" policies. Each line you see should have "DROP", but no lines should have "ALLOW".[ ] Focal support added #4728
[ ] Update Kernel to 5.4.97 for Focal #5785
ssh app uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
ssh mon uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
[ ] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[ ] resolvconf is not present on focal #5809
ssh app apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh app dig freedom.press
is run via an Admin Workstation terminal:./securedrop-admin sdconfig
(e.g. 8.8.8.8
)[ ] Remove aptitude and disable install-recommends #5793
ssh app apt list --installed | grep aptitude
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep aptitude
is run via an Admin Workstation terminal, it should return an empty stringssh app sudo apt install vlc
is run via an Admin Workstation terminal:ssh app apt list --installed | grep vlc-l10n
should return an empty string[ ] IPv6 disabled in init in Focal only #5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you should see no output.sudo cat /proc/cmdline
: you should see "ipv6.disable=1" in the output.sudo ip6tables -S
: you should see an error about functionality not being supported. [ ] replace ntp with systemd-timesyncd [#5806]()https://github.com/freedomofpress/securedrop/issue/5806)
ntp
and ntpdate
are not installed on the Application Server with the Admin Workstation command ssh app apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsntp
and ntpdate
are not installed on the Monitor Server with the Admin Workstation command ssh mon apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsssh app timedatectl show
and ssh mon timedatectl show
should both contain NTPSynchronized=yes
ssh app timedatectl show-timesync
and ssh mon timedatectl show
should both contain ServerName=ntp.ubuntu.com
, with an NTPMessage
indicating that the server has been reached[ ] Use paxctld, not paxctl on Focal #5808
ssh app apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh app apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh mon apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh app systemctl status paxctld
is run, its output should indicate that paxctld is active.[ ] Replace cron-apt with unattended-upgrades #5684 RC2 or later only
ssh app unattended-upgrades --dry-run
works without returning errorsssh app unattended-upgrades -d
works without returning errors, and the Application Server log at /var/logs/unattended-upgrades.log
contains no errors[ ] v2 services cannot be installed on Focal #5819
./securedrop-admin sdconfig
, choosing to enable v2 onion services but leaving all other settings unchanged../securedrop-admin install
is run, it errors out immediately after the prepare-servers role with an message including Please run sdconfig again, disabling v2 services.
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[ ] V2 SSH only configured when v2 services are enabled #5718
/var/lib/tor/services/ssh
was not created on either the Application or Monitor Server/etc/tor/torrc
does not contain HiddenServiceVersion 2
on either the Application or Monitor Server[ ] SSHd config updates #5666
Error: Unable to load host key: /etc/ssh/ssh_host_dsa_key
(#5660)[ ] Safe deletion #5770
[ ] With Tor Browser's security setting at "standard", sources' files and messages can be deleted on the All Sources page :
log into the SI and submit multiple messages/files
log into the JI and click Delete on the All Sources page without selecting any sources' checkboxes
select the checkbox for the source created above in the "All Sources" page and Click Delete..:
click Cancel
ensure that the source is selected and click Delete.. again, then click Files and Messages
0
in the SI, submit a message
Return to the All Sources page, select the source, and choose Delete > Files and Messages
[ ] With TBB security set to "standard", source accounts can be deleted with a double confirm on the All Sources page:
log into the SI, recording the source codename, and submit multiple messages/files
log into the JI and select the checkbox for the source created above in the "All Sources" page
Click Delete..:
Click Source Accounts
Click Yes, Delete Source Accounts
return to the SI and attempt to log in as the source:
return to the JI and open the All Sources page
select two sources, choose Delete > Source Accounts > Yes, Delete Source Accounts
[ ] With TBB security at "safest", the test cases above pass with the the following exceptions:
[ ] the selected source count is not displayed on the initial deletion modal when deleting files and messages or source accounts on the All Sources page
[ ] the modals are centered in the page, not displayed under the delete button on the All sources page
[ ] a flash error message is displayed instead of the error modal when the user clicks Delete on All Sources with nothing selected.
[ ] Empty files are no longer created for disconnected database entries #5724
/var/lib/securedrop/store
and delete the file of the message you just submitted.2-...
and 3-...
) and that their timestamps are identical.[ ] Remove cloud-init package during installation #5771
ssh app apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.[ ] Install release-upgrader in prepare-servers role (#5792)
ssh app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)mon app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)[ ] Update Tor to 0.4.5.6 #5803
ssh app tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."ssh mon tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."[ ] LTS upgrade prompt is disabled #5786
ssh app cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh app cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminal[ ] Update and annotate Apache configuration #5797
curl -I http://<onion>
, where <onion>
is the SI onion address. The response should include the following:no-referrer
[ ] Check for updates before most securedrop-admin commands #5788
~/Persistent/securedrop
git status
, switching if necessary with , e.g., git checkout 1.8.0-rc1
../securedrop-admin logs
. Verify that it does an update check, does not run the subcommand, prints an error, and exits with exit code 1 ( check with echo $?
)
HEAD detached at 1.8.0-rc1
).git tag -d 1.8.0-rc1 && git tag -d 1.7.1
). Retag your current HEAD as 1.7.1 with an annotated tag (git tag -a 1.7.1 -m 'TEST TAG ONLY'
). This tells the updater that you are using the expected tag even though you are on 1.8.0-rc1../securedrop-admin logs
. Confirm that the command prints "All updates applied" and proceeds to fetch logs.git tag -d 1.7.1
, restore the tags from the server with git fetch --tags --all
, and check out the latest RC again with, e.g., git checkout 1.8.0-rc1
./securedrop-admin logs
again, confirming that the error is displayed and the subcommand not run./securedrop-admin --force logs
. Confirm that the version check is skipped and logs are fetched../securedrop-admin
subcommands and verify that version checks are performed.[ ] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[ ] IPv6 disabled in init in Focal only#5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you may see address information, for localhost, ethernet, or both.sudo cat /proc/cmdline
: you should NOT see "ipv6.disable=1" in the output.sudo ip6tables -S
: a brief list of "DROP" policies. Each line you see should have "DROP", but no lines should have "ALLOW".[ ] Focal support added #4728
[ ] Update Kernel to 5.4.97 for Focal #5785
ssh app uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
ssh mon uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
[ ] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[ ] resolvconf is not present on focal #5809
ssh app apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh app dig freedom.press
is run via an Admin Workstation terminal:./securedrop-admin sdconfig
(e.g. 8.8.8.8
)[ ] Remove aptitude and disable install-recommends #5793
ssh app apt list --installed | grep aptitude
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep aptitude
is run via an Admin Workstation terminal, it should return an empty stringssh app sudo apt install vlc
is run via an Admin Workstation terminal:ssh app apt list --installed | grep vlc-l10n
should return an empty string[ ] IPv6 disabled in init in Focal only #5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you should see no output.sudo cat /proc/cmdline
: you should see "ipv6.disable=1" in the output.sudo ip6tables -S
: you should see an error about functionality not being supported. [ ] replace ntp with systemd-timesyncd [#5806]()https://github.com/freedomofpress/securedrop/issue/5806)
ntp
and ntpdate
are not installed on the Application Server with the Admin Workstation command ssh app apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsntp
and ntpdate
are not installed on the Monitor Server with the Admin Workstation command ssh mon apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsssh app timedatectl show
and ssh mon timedatectl show
should both contain NTPSynchronized=yes
ssh app timedatectl show-timesync
and ssh mon timedatectl show
should both contain ServerName=ntp.ubuntu.com
, with an NTPMessage
indicating that the server has been reached[ ] Use paxctld, not paxctl on Focal #5808
ssh app apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh app apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh mon apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh app systemctl status paxctld
is run, its output should indicate that paxctld is active.[ ] Replace cron-apt with unattended-upgrades #5684 RC2 or later only
ssh app unattended-upgrades --dry-run
works without returning errorsssh app unattended-upgrades -d
works without returning errors, and the Application Server log at /var/logs/unattended-upgrades.log
contains no errors[ ] v2 services cannot be installed on Focal #5819
./securedrop-admin sdconfig
, choosing to enable v2 onion services but leaving all other settings unchanged../securedrop-admin install
is run, it errors out immediately after the prepare-servers role with an message including Please run sdconfig again, disabling v2 services.
Just completed a migration from a v2+v3 Xenial to a v3 Focal (using the branch in #5834 for the restore, as this is currently broken in RC1). Steps are as follows, starting in ~/Persistent
on the same admin stick as was used for the Xenial install:
securedrop
to sd.bak
securedrop
site-specific
, GPG keys, tor_v3_keys.json
from sd.bak
to the appropriate locations in securedrop
~/.ssh
(or just delete them)securedrop
, flip fpf apt repo to apt-test.freedom.press
as per regular QA processsetup -> sdconfig (disabling v2) -> install -> tailsconfig
sd.bak/install_files/ansible-base
to securedrop/install_files/ansible-base
app*.auth_private, app-sourcev3-ths
from sd.bak
to securedrop/install_files/ansible-base
tailsconfig
againThe v3 addresses and auth keys for the JI, SI, and ssh should match the ones in sd.bak
. The mon ssh address will change but the key should be the same. All services should be accessible without any manual editing of the configuration. V2 services should not be present.
The process should be identical to the v2+v3 case, except it should not be necessary to disable v2 in sdconfig (vbut step through sdconfig anyway
As v2 onion services can't be migrated to Focal, this case should be easier (again, using #5834 if it's not merged and RCed yet):
securedrop
to sd.bak
securedrop
~/.ssh
(or just delete them)securedrop
, flip fpf apt repo to apt-test.freedom.press
as per regular QA processsetup -> sdconfig (disabling v2) -> install -> tailsconfig
sd.bak/install_files/ansible-base
to securedrop/install_files/ansible-base
--preserve-tor-config
flag - this should complete successfullyTested RC2 for specially:
As v2 onion services can't be migrated to Focal, this case should be easier (again, using #5834 if it's not merged and RCed yet):
securedrop
to sd.bak
securedrop
~/.ssh
(or just delete them)securedrop
, flip fpf apt repo to apt-test.freedom.press
as per regular QA processsetup -> sdconfig (disabling v2) -> install -> tailsconfig
sd.bak/install_files/ansible-base
to securedrop/install_files/ansible-base
--preserve-tor-config
flag - this should complete successfully****I can still do ssh, both source and journalist address work. I can also do standard application specific steps (source submission + decryption at the journalist end) following regular steps.
[x] SSHd config updates #5666
Error: Unable to load host key: /etc/ssh/ssh_host_dsa_key
(#5660)[x] Safe deletion #5770
[x] With Tor Browser's security setting at "standard", sources' files and messages can be deleted on the All Sources page :
log into the SI and submit multiple messages/files
log into the JI and click Delete on the All Sources page without selecting any sources' checkboxes
select the checkbox for the source created above in the "All Sources" page and Click Delete..:
click Cancel
ensure that the source is selected and click Delete.. again, then click Files and Messages
0
in the SI, submit a message
Return to the All Sources page, select the source, and choose Delete > Files and Messages
[x] With TBB security set to "standard", source accounts can be deleted with a double confirm on the All Sources page:
log into the SI, recording the source codename, and submit multiple messages/files
log into the JI and select the checkbox for the source created above in the "All Sources" page
Click Delete..:
Click Source Accounts
Click Yes, Delete Source Accounts
return to the SI and attempt to log in as the source:
return to the JI and open the All Sources page
select two sources, choose Delete > Source Accounts > Yes, Delete Source Accounts
[ ] With TBB security at "safest", the test cases above pass with the the following exceptions:
[ ] the selected source count is not displayed on the initial deletion modal when deleting files and messages or source accounts on the All Sources page
[ ] the modals are centered in the page, not displayed under the delete button on the All sources page
[ ] a flash error message is displayed instead of the error modal when the user clicks Delete on All Sources with nothing selected.
[x] Empty files are no longer created for disconnected database entries #5724
/var/lib/securedrop/store
and delete the file of the message you just submitted.2-...
and 3-...
) and that their timestamps are identical.[x] Remove cloud-init package during installation #5771
ssh app apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.[x] Install release-upgrader in prepare-servers role (#5792)
ssh app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS) ubuntu-release-upgrader-core/now
mon app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)[x] Update Tor to 0.4.5.6 #5803
ssh app tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."ssh mon tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."[x] LTS upgrade prompt is disabled #5786
ssh app cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh app cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminal[x] Update and annotate Apache configuration #5797
curl -I http://<onion>
, where <onion>
is the SI onion address. The response should include the following:no-referrer
[ ] Check for updates before most securedrop-admin commands #5788
~/Persistent/securedrop
git status
, switching if necessary with , e.g., git checkout 1.8.0-rc1
../securedrop-admin logs
. Verify that it does an update check, does not run the subcommand, prints an error, and exits with exit code 1 ( check with echo $?
)
HEAD detached at 1.8.0-rc1
).git tag -d 1.8.0-rc1 && git tag -d 1.7.1
). Retag your current HEAD as 1.7.1 with an annotated tag (git tag -a 1.7.1 -m 'TEST TAG ONLY'
). This tells the updater that you are using the expected tag even though you are on 1.8.0-rc1../securedrop-admin logs
. Confirm that the command prints "All updates applied" and proceeds to fetch logs.git tag -d 1.7.1
, restore the tags from the server with git fetch --tags --all
, and check out the latest RC again with, e.g., git checkout 1.8.0-rc1
./securedrop-admin logs
again, confirming that the error is displayed and the subcommand not run./securedrop-admin --force logs
. Confirm that the version check is skipped and logs are fetched../securedrop-admin
subcommands and verify that version checks are performed.[x] Focal support added #4728
[x] Update Kernel to 5.4.97 for Focal #5785
ssh app uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
ssh mon uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
[x] resolvconf is not present on focal #5809
ssh app apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh app dig freedom.press
is run via an Admin Workstation terminal:./securedrop Remove aptitude and disable install-recommends [#5793](https://github.com/fre When the command
ssh app apt list --installed | grep aptitudeis run via an Admin Workstation terminal, When the command
ssh mon apt list --installed | grep aptitude` is run via an Admin Workstation terminal, it should return an empty stringssh app sudo apt install vlc
is run vi The subsequent command `ssh app apt list --installed | grep vlc-l1 IPv6 disabled in init in Focal only #5810ssh app
, the commands sudo ip -4 addr
: you should see two addresses, one for localhost sudo ip -6
sudo cat /proc/cmdline: you should see
sudo ip6tables -S`: you should see an error about fu Repeating the process above on the Monitor Server, you should see the same results.[x] replace ntp with systemd-timesyncd [#5806]()https://github.com/freedomofpress/securedrop/issue/5806)
ntp
and ntpdate
are not installed on the Application Server with the Admin Workstation command ssh app apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsntp
and ntpdate
are not installed on the Monitor Server with the Admin Workstation command ssh mon apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsssh app timedatectl show
and ssh mon timedatectl show
should both contain NTPSynchronized=yes
ssh app timedatectl show-timesync
and ssh mon timedatectl show
should both contain ServerName=ntp.ubuntu.com
, with an NTPMessage
indicating that the server has been reached[x] Use paxctld, not paxctl on Focal #5808
ssh app apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh app apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh mon apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh app systemctl status paxctld
is run, its output should indicate that paxctld is active.[ ] Replace cron-apt with unattended-upgrades #5684 RC2 or later only
ssh app unattended-upgrades --dry-run
works without returning errorsssh app unattended-upgrades -d
works without returning errors, and the Application Server log at /var/logs/unattended-upgrades.log
contains no errors[x] v2 services cannot be installed on Focal #5819
./securedrop-admin sdconfig
, choosing to enable v2 onion services but leaving all other settings unchanged../securedrop-admin install
is run, it errors out immediately after the prepare-servers role with an message including Please run sdconfig again, disabling v2 services.
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[ ] V2 SSH only configured when v2 services are enabled #5718
/var/lib/tor/services/ssh
was not created on either the Application or Monitor Server/etc/tor/torrc
does not contain HiddenServiceVersion 2
on either the Application or Monitor Server[ ] SSHd config updates #5666
Error: Unable to load host key: /etc/ssh/ssh_host_dsa_key
(#5660)[ ] Safe deletion #5770
[ ] With Tor Browser's security setting at "standard", sources' files and messages can be deleted on the All Sources page :
log into the SI and submit multiple messages/files
log into the JI and click Delete on the All Sources page without selecting any sources' checkboxes
select the checkbox for the source created above in the "All Sources" page and Click Delete..:
click Cancel
ensure that the source is selected and click Delete.. again, then click Files and Messages
0
in the SI, submit a message
Return to the All Sources page, select the source, and choose Delete > Files and Messages
[ ] With TBB security set to "standard", source accounts can be deleted with a double confirm on the All Sources page:
log into the SI, recording the source codename, and submit multiple messages/files
log into the JI and select the checkbox for the source created above in the "All Sources" page
Click Delete..:
Click Source Accounts
Click Yes, Delete Source Accounts
return to the SI and attempt to log in as the source:
return to the JI and open the All Sources page
select two sources, choose Delete > Source Accounts > Yes, Delete Source Accounts
[ ] With TBB security at "safest", the test cases above pass with the the following exceptions:
[ ] the selected source count is not displayed on the initial deletion modal when deleting files and messages or source accounts on the All Sources page
[ ] the modals are centered in the page, not displayed under the delete button on the All sources page
[ ] a flash error message is displayed instead of the error modal when the user clicks Delete on All Sources with nothing selected.
[ ] Empty files are no longer created for disconnected database entries #5724
/var/lib/securedrop/store
and delete the file of the message you just submitted.2-...
and 3-...
) and that their timestamps are identical.[ ] Remove cloud-init package during installation #5771
ssh app apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.[ ] Install release-upgrader in prepare-servers role (#5792)
ssh app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)mon app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)[ ] Update Tor to 0.4.5.6 #5803
ssh app tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."ssh mon tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."[ ] LTS upgrade prompt is disabled #5786
ssh app cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh app cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminal[ ] Update and annotate Apache configuration #5797
curl -I http://<onion>
, where <onion>
is the SI onion address. The response should include the following:no-referrer
[ ] Check for updates before most securedrop-admin commands #5788
~/Persistent/securedrop
git status
, switching if necessary with , e.g., git checkout 1.8.0-rc1
../securedrop-admin logs
. Verify that it does an update check, does not run the subcommand, prints an error, and exits with exit code 1 ( check with echo $?
)
HEAD detached at 1.8.0-rc1
).git tag -d 1.8.0-rc1 && git tag -d 1.7.1
). Retag your current HEAD as 1.7.1 with an annotated tag (git tag -a 1.7.1 -m 'TEST TAG ONLY'
). This tells the updater that you are using the expected tag even though you are on 1.8.0-rc1../securedrop-admin logs
. Confirm that the command prints "All updates applied" and proceeds to fetch logs.git tag -d 1.7.1
, restore the tags from the server with git fetch --tags --all
, and check out the latest RC again with, e.g., git checkout 1.8.0-rc1
./securedrop-admin logs
again, confirming that the error is displayed and the subcommand not run./securedrop-admin --force logs
. Confirm that the version check is skipped and logs are fetched../securedrop-admin
subcommands and verify that version checks are performed.[ ] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[ ] IPv6 disabled in init in Focal only#5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you may see address information, for localhost, ethernet, or both.sudo cat /proc/cmdline
: you should NOT see "ipv6.disable=1" in the output.sudo ip6tables -S
: a brief list of "DROP" policies. Each line you see should have "DROP", but no lines should have "ALLOW"../securedrop-admin verify
are passing: FAIL #5825
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] V2 SSH only configured when v2 services are enabled #5718
/var/lib/tor/services/ssh
was not created on either the Application or Monitor Server/etc/tor/torrc
does not contain HiddenServiceVersion 2
on either the Application or Monitor Server[x] SSHd config updates #5666
Error: Unable to load host key: /etc/ssh/ssh_host_dsa_key
(#5660)[x] Safe deletion #5770
[x] With Tor Browser's security setting at "standard", sources' files and messages can be deleted on the All Sources page :
log into the SI and submit multiple messages/files
log into the JI and click Delete on the All Sources page without selecting any sources' checkboxes
select the checkbox for the source created above in the "All Sources" page and Click Delete..:
click Cancel
ensure that the source is selected and click Delete.. again, then click Files and Messages
0
in the SI, submit a message
Return to the All Sources page, select the source, and choose Delete > Files and Messages
[x] With TBB security set to "standard", source accounts can be deleted with a double confirm on the All Sources page:
log into the SI, recording the source codename, and submit multiple messages/files
log into the JI and select the checkbox for the source created above in the "All Sources" page
Click Delete..:
Click Source Accounts
Click Yes, Delete Source Accounts
return to the SI and attempt to log in as the source:
return to the JI and open the All Sources page
select two sources, choose Delete > Source Accounts > Yes, Delete Source Accounts
[x] With TBB security at "safest", the test cases above pass with the the following exceptions:
[x] the selected source count is not displayed on the initial deletion modal when deleting files and messages or source accounts on the All Sources page
[x] the modals are centered in the page, not displayed under the delete button on the All sources page
[x] a flash error message is displayed instead of the error modal when the user clicks Delete on All Sources with nothing selected.
[x] Empty files are no longer created for disconnected database entries #5724
/var/lib/securedrop/store
and delete the file of the message you just submitted.2-...
and 3-...
) and that their timestamps are identical.[x] Remove cloud-init package during installation #5771
ssh app apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep cloud-init
is run via an Admin Workstation terminal, it returns an empty string.[x] Install release-upgrader in prepare-servers role (#5792)
ssh app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)mon app apt list --installed | grep release-upgrader
is run via an Admim Workstation terminal, it returns ubuntu-release-upgrader-core/{focal,xenial}
(depending on the server OS)[x] Update Tor to 0.4.5.6 #5803
ssh app tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."ssh mon tor --version
is run via an Admim Workstation terminal, it returns "Tor Version 0.4.5.6."[x] LTS upgrade prompt is disabled #5786
ssh app cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh app cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=never" | wc -l
outputs 1
when run from the Adminm Workstation terminalssh mon cat /etc/update-manager/release-upgrades | grep "Prompt=lts" | wc -l
outputs 0
when run from the Adminm Workstation terminal[x] Update and annotate Apache configuration #5797
curl -I http://<onion>
, where <onion>
is the SI onion address. The response should include the following:no-referrer
[x] Check for updates before most securedrop-admin commands #5788
~/Persistent/securedrop
git status
, switching if necessary with , e.g., git checkout 1.8.0-rc1
../securedrop-admin logs
. Verify that it does an update check, does not run the subcommand, prints an error, and exits with exit code 1 ( check with echo $?
)
HEAD detached at 1.8.0-rc1
).git tag -d 1.8.0-rc1 && git tag -d 1.7.1
). Retag your current HEAD as 1.7.1 with an annotated tag (git tag -a 1.7.1 -m 'TEST TAG ONLY'
). This tells the updater that you are using the expected tag even though you are on 1.8.0-rc1../securedrop-admin logs
. Confirm that the command prints "All updates applied" and proceeds to fetch logs.git tag -d 1.7.1
, restore the tags from the server with git fetch --tags --all
, and check out the latest RC again with, e.g., git checkout 1.8.0-rc1
./securedrop-admin logs
again, confirming that the error is displayed and the subcommand not run./securedrop-admin --force logs
. Confirm that the version check is skipped and logs are fetched../securedrop-admin
subcommands and verify that version checks are performed.[ ] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[ ] IPv6 disabled in init in Focal only#5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you may see address information, for localhost, ethernet, or both.sudo cat /proc/cmdline
: you should NOT see "ipv6.disable=1" in the output.sudo ip6tables -S
: a brief list of "DROP" policies. Each line you see should have "DROP", but no lines should have "ALLOW".[x] Focal support added #4728
[x] Update Kernel to 5.4.97 for Focal #5785
ssh app uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
ssh mon uname -r
is run via the Admin Workstation terminal, it outputs 5.4.97-grsec-securedrop
[x] End-of-life messaging#5789
/var/www/securedrop/server_os.py
, changing XENIAL_EOL_DATE
value to date(2021,2,23)
, and restart Apache with the command sudo systemctl restart apache2
[x] resolvconf is not present on focal #5809
ssh app apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh mon apt list --installed | grep resolvconf
is run via an Admin Workstation terminal, it returns an empty string.ssh app dig freedom.press
is run via an Admin Workstation terminal:./securedrop-admin sdconfig
(e.g. 8.8.8.8
)[x] Remove aptitude and disable install-recommends #5793
ssh app apt list --installed | grep aptitude
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep aptitude
is run via an Admin Workstation terminal, it should return an empty stringssh app sudo apt install vlc
is run via an Admin Workstation terminal:ssh app apt list --installed | grep vlc-l10n
should return an empty string[x] IPv6 disabled in init in Focal only #5810
ssh app
, the commands below have the following output:sudo ip -4 addr
: you should see two addresses, one for localhost and one for the ethernet device.sudo ip -6 addr
: you should see no output.sudo cat /proc/cmdline
: you should see "ipv6.disable=1" in the output.sudo ip6tables -S
: you should see an error about functionality not being supported. [x] replace ntp with systemd-timesyncd [#5806]()https://github.com/freedomofpress/securedrop/issue/5806)
ntp
and ntpdate
are not installed on the Application Server with the Admin Workstation command ssh app apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsntp
and ntpdate
are not installed on the Monitor Server with the Admin Workstation command ssh mon apt list --installed | egrep (ntp|ntpdate)
- it should not return any package listingsssh app timedatectl show
and ssh mon timedatectl show
should both contain NTPSynchronized=yes
ssh app timedatectl show-timesync
and ssh mon timedatectl show
should both contain ServerName=ntp.ubuntu.com
, with an NTPMessage
indicating that the server has been reached[x] Use paxctld, not paxctl on Focal #5808
ssh app apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh mon apt list --installed | grep paxctl/focal
is run via an Admin Workstation terminal, it should return an empty stringssh app apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh mon apt list --installed | grep paxctld/focal
is run via an Admin Workstation terminal, it should return a listing for paxctldssh app systemctl status paxctld
is run, its output should indicate that paxctld is active.[x] Replace cron-apt with unattended-upgrades #5684 RC2 or later only
ssh app unattended-upgrades --dry-run
works without returning errorsssh app unattended-upgrades -d
works without returning errors, and the Application Server log at /var/logs/unattended-upgrades.log
contains no errors[x] v2 services cannot be installed on Focal #5819
./securedrop-admin sdconfig
, choosing to enable v2 onion services but leaving all other settings unchanged../securedrop-admin install
is run, it errors out immediately after the prepare-servers role with an message including Please run sdconfig again, disabling v2 services.
The fresh VM I created yesterday on RC4
did get apply the RC5
update. Other than that the rest of the standard tests + focal based tests are good. I will post a detailed copy later in the evening.
Update upgrade testing boxes
I took a quick stab at this on Friday, but was surprised to encounter https://github.com/freedomofpress/securedrop/issues/5781. Will need to adjust the box slightly, perhaps fall back to an older version, to get it to build. I can do that today if no one else is looking at it.
Will need to adjust the box slightly, perhaps fall back to an older version, to get it to build.
Falling back to box version v202008.16.0 was enough to clear the problem. PR in #5870.
1.8.0 was released on 2021-03-11; as usual we have left this ticket open until upgrade boxes for the next release are ready. Due to complications, this may be only done for Focal; tracked separately in #5512.
This is a tracking issue for the release of SecureDrop 1.8.0
Tentatively scheduled as follows:
String and feature freeze: 2021-02-23 String comment period: 2021-02-23 - 2021-02-26 Translation period: 2021-02-26 - 2021-03-08 Pre-release announcement: 2021-03-02 Release date: ~2021-03-09~ 2021-03-11
Release manager: @zenmonkeykstop Deputy release manager: @emkll Localization manager: @rmol Deputy localization manager: @emkll Communications manager:: @rocodes
SecureDrop maintainers and testers: As you QA 1.8.0, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the 1.8.0 milestone for tracking (or ask a maintainer to do so).
Test debian packages will be posted on https://apt-test.freedom.press signed with the test key. An Ansible playbook testing the upgrade path is here.
QA Matrix for 1.8.0
Test Plan for 1.8.0
Supplementary notes for Xenial->Focal Migrations
Prepare release candidate (1.8.0~rc1)
1.8.0~rc1
on test apt server: https://github.com/freedomofpress/securedrop-dev-packages-lfs/pull/94Prepare release candidate (1.8.0~rc2)
1.8.0~rc2
on test apt server: https://github.com/freedomofpress/securedrop-dev-packages-lfs/pull/96After each test, please update the QA matrix and post details for Basic Server Testing, Application Acceptance Testing and 1.8.0-specific testing below in comments to this ticket.
Final release
release
branch in the LFS repo)release
branch in the LFS repo for the debs)main
in the LFS repo)main
and verify new docs build in securedrop-docs repoPost release
securedrop-docs
and Wagtaildevelop