Closed zenmonkeykstop closed 3 years ago
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] Removed support for v2 service configuration #5915
sdconfig
, there are no prompts to choose either v2 or v3 services/etc/tor/torrc
for app and monsourcev3
and journalistv3
for app, and sshv3
for app and mon if SSH-over-tor is enabled.[x] Updated Tor to 0.4.5.8 #5971
[x] Removed flag-for-reply #5954
www-data
user:
sqlite3 /var/lib/securedrop/db.sqlite "select filesystem_id from sources where journalist_designation = '<journalist designation>'"
www-data
):
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-secret-keys FILESYSTEM_ID
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-keys FILESYSTEM_ID
root
) with: redis-cli del sd/crypto-util/fingerprints
[x] Removed v2 field from metadata endpoint #5926
http://<source interface>/metadata
endpoint and confirm that the source_v2_url
field is not displayed and the source_v3_url
address is displayed and has the correct value.[x] Store directory is recreated if missing for an existing source #5944
/var/lib/securedrop/store/<filesystem ID>
[x] Missing file error message text update #5905
[x] invalid image error message text update #5932
/var/www/securedrop/static/i
directory, and change them via chmod 555 /var/www/securedrop/static/i
Logo image served as static resource #5874
i/logo.png
i/custom_logo.png
/sources/<uuid>/conversation
endpoint deletes source files while retaining source account #5963
upload-screenshots.py
removed from application package #5941
/var/www/securedrop/upload-screenshots.py
is not present.Jounalist workstation can be configured without tor_v3_keys.json
being present #5965
app-sourcev3-ths
and app-journalist.auth_private
files from the Admin Workstation, and that no errors about tor_v3_keys.json
are obverved during the tailsconfig
command on the new workstation. deferred to rc2 due to changes in #5990./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] Removed support for v2 service configuration #5915
sdconfig
, there are no prompts to choose either v2 or v3 services/etc/tor/torrc
for app and monsourcev3
and journalistv3
for app, and sshv3
for app and mon if SSH-over-tor is enabled.[x] Updated Tor to 0.4.5.8 #5971
[x] Removed flag-for-reply #5954
www-data
user:
sqlite3 /var/lib/securedrop/db.sqlite "select filesystem_id from sources where journalist_designation = '<journalist designation>'"
www-data
):
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-secret-keys FILESYSTEM_ID
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-keys FILESYSTEM_ID
root
) with: redis-cli del sd/crypto-util/fingerprints
[x] Removed v2 field from metadata endpoint #5926
http://<source interface>/metadata
endpoint and confirm that the source_v2_url
field is not displayed and the source_v3_url
address is displayed and has the correct value.[x] Store directory is recreated if missing for an existing source #5944
/var/lib/securedrop/store/<filesystem ID>
[x] Missing file error message text update #5905
[x] invalid image error message text update #5932
/var/www/securedrop/static/i
directory, and change them via chmod 555 /var/www/securedrop/static/i
Logo image served as static resource #5874
i/logo.png
i/custom_logo.png
/sources/<uuid>/conversation
endpoint deletes source files while retaining source account #5963
upload-screenshots.py
removed from application package #5941
/var/www/securedrop/upload-screenshots.py
is not present.Jounalist workstation can be configured without tor_v3_keys.json
being present #5965
app-sourcev3-ths
and app-journalist.auth_private
files from the Admin Workstation, and that no errors about tor_v3_keys.json
are obverved during the tailsconfig
command on the new workstation. deferred to rc2 due to changes in #5990I did fresh install on 2.0.0-rc2
couple of time with #5990 in mind. By keeping all the ths
and private key files, and after removing all of those files.
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] Removed support for v2 service configuration #5915
sdconfig
, there are no prompts to choose either v2 or v3 services/etc/tor/torrc
for app and monsourcev3
and journalistv3
for app, and sshv3
for app and mon if SSH-over-tor is enabled.[x] Updated Tor to 0.4.5.8 #5971
[x] Removed flag-for-reply #5954
www-data
user:
sqlite3 /var/lib/securedrop/db.sqlite "select filesystem_id from sources where journalist_designation = '<journalist designation>'"
www-data
):
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-secret-keys FILESYSTEM_ID
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-keys FILESYSTEM_ID
root
) with: redis-cli del sd/crypto-util/fingerprints
[x] Removed v2 field from metadata endpoint #5926
http://<source interface>/metadata
endpoint and confirm that the source_v2_url
field is not displayed and the source_v3_url
address is displayed and has the correct value.[x] Store directory is recreated if missing for an existing source #5944
/var/lib/securedrop/store/<filesystem ID>
[x] Missing file error message text update #5905
[x] invalid image error message text update #5932
/var/www/securedrop/static/i
directory, and change them via chmod 555 /var/www/securedrop/static/i
Logo image served as static resource #5874
i/logo.png
i/custom_logo.png
/sources/<uuid>/conversation
endpoint deletes source files while retaining source account #5963
upload-screenshots.py
removed from application package #5941
/var/www/securedrop/upload-screenshots.py
is not present.Jounalist workstation can be configured without tor_v3_keys.json
being present #5965
app-sourcev3-ths
and app-journalist.auth_private
files from the Admin Workstation, and that no errors about tor_v3_keys.json
are obverved during the tailsconfig
command on the new workstation. See #59972.0.0 QA Checklist - Upgrade hardware installation Environment • Install target: NUC 7i5BNH • Tails version: 4.17 • Test Scenario: upgrade from 1.8.2 • SSH over Tor: yes • Release candidate: rc2 • General notes: Upgrade
0.1.4+2.0.0~rc2+focal
• apt-cache policy securedrop-app-code -> Installed: 2.0.0~rc2+focal
• apt-cache policy securedrop-ossec-agent -> Installed: 3.6.0+2.0.0~rc2+focal
• apt-cache policy securedrop-ossec-server -> Installed: 3.6.0+2.0.0~rc2+focal
(mon)- No tests come back as
STATUS:VULNERABLE` Since this is the second RC that I'm testing, I downgraded the servers back to 1.8.2 by following these steps:
/etc/apt/sources.list.d/apt_freedom_press.list
and /etc/apt/security.list
to point to apt.freedom.press
on app and mon serverssecuredrop-*
packages and make sure apt-cache is cleansecuredrop-admin install
on my app and mon servers. I ran into this issue: https://github.com/freedomofpress/securedrop/issues/4839 but got around it by following the workaround in that issue.apt-cache policy securedrop-app-code
-> Installed: 1.8.2+focalapt-cache policy securedrop-config
-> Installed: 0.1.4+1.8.2+focalapt-cache policy securedrop-keyring
-> Installed: 0.1.5+1.8.2+focalapt-cache policy securedrop-ossec-agent
-> Installed: 3.6.0+1.8.2+focalapt-cache policy securedrop-ossec-server
-> Installed: 3.6.0+1.8.2+focal (mon)securedrop-admin backup
/etc/apt/sources.list.d/apt_freedom_press.list
and /etc/apt/security.list
to point to apt-test.freedom.press
sudo unattended-upgrades -d
and confirm package versions:
apt-cache policy securedrop-app-code
-> Installed: 2.0.0~rc3+focalapt-cache policy securedrop-config
-> Installed: 0.1.4+2.0.0~rc3+focalapt-cache policy securedrop-keyring
-> Installed: 0.1.5+2.0.0~rc3+focalapt-cache policy securedrop-ossec-agent
-> Installed: 3.6.0+2.0.0~rc3+focalapt-cache policy securedrop-ossec-server
-> Installed: 3.6.0+2.0.0~rc3+focal (mon)paxtest blackhat
has expected results
memcpy
and memcpy, PIE
shows vulnerable (see https://github.com/freedomofpress/securedrop/issues/1039#issuecomment-790033219)strcpy and
strcpy, PIEshow
paxtest: return address contains a NULL byte`curl -L https://meltdown.ovh -o meltdown.sh && sudo bash meltdown.sh -v
CVE-2018-365
aka 'Foreshadow (SGX), L1 terminal fault' shows vulnerable (see https://github.com/freedomofpress/securedrop/issues/5040#issuecomment-559597643):x: ./securedrop-admin --force verify
has expected results
git checkout 2.0.0~rc3 && cd ~/Persistent/securedrop && ./securedrop-admin setup -t && ./securedrop-admin --force verify
common/test_fpf_apt_repo.py::test_fpf_apt_repo_present
(app)common/test_fpf_apt_repo.py::test_fpf_apt_repo_present
(mon)common/test_grsecurity.py::test_apt_autoremove
(app)mon/test_postfix.py::test_postfix_generic_maps
(mon)See notes in QA Matrix
After updating to this release candidate and running securedrop-admin tailsconfig
[x] Removed support for v2 service configuration #5915
sdconfig
, there are no prompts to choose either v2 or v3 services/etc/tor/torrc
for app and monsourcev3
and journalistv3
for app, and sshv3
for app and mon if SSH-over-tor is enabled.[x] Updated Tor to 0.4.5.8 #5971
[x] Removed flag-for-reply #5954
www-data
user:
sqlite3 /var/lib/securedrop/db.sqlite "select filesystem_id from sources where journalist_designation = '<journalist designation>'"
www-data
):
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-secret-keys FILESYSTEM_ID
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-keys FILESYSTEM_ID
root
) with: redis-cli del sd/crypto-util/fingerprints
[x] Removed v2 field from metadata endpoint #5926
http://<source interface>/metadata
endpoint and confirm that the source_v2_url
field is not displayed and the source_v3_url
address is displayed and has the correct value.[x] Store directory is recreated if missing for an existing source #5944
/var/lib/securedrop/store/<filesystem ID>
[x] Missing file error message text update #5905
[x] invalid image error message text update #5932
/var/www/securedrop/static/i
directory, and change them via chmod 555 /var/www/securedrop/static/i
Logo image served as static resource #5874
i/logo.png
i/custom_logo.png
/sources/<uuid>/conversation
endpoint deletes source files while retaining source account #5963
upload-screenshots.py
removed from application package #5941
/var/www/securedrop/upload-screenshots.py
is not present.Jounalist workstation can be configured without tor_v3_keys.json
being present #5965
app-sourcev3-ths
and app-journalist.auth_private
files from the Admin Workstation, and that no errors about tor_v3_keys.json
are obverved during the tailsconfig
command on the new workstation. I can now verify what @zenmonkeykstop also noticed via unattended-upgrade -d
, securedrop-app-code
was not upgraded.
<snipped>
Checking: securedrop-app-code ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])
sanity check failed for: {'haveged=1.9.1-6ubuntu1', 'securedrop-app-code=2.0.0~rc3+focal'} : pkg haveged is marked to be deleted
falling back to adjusting securedrop-app-code's dependencies
sanity check failed for: {'haveged=1.9.1-6ubuntu1', 'securedrop-app-code=2.0.0~rc3+focal'} : pkg haveged is marked to be deleted
Checking: securedrop-config ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])
Checking: securedrop-keyring ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])
Checking: securedrop-ossec-agent ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])
Checking: tor ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])
pkgs that look like they should be upgraded: securedrop-config
securedrop-keyring
securedrop-ossec-agent
tor
Get:1 https://apt-test.freedom.press focal/main amd64 securedrop-config all 0.1.4+2.0.0~rc3+focal [3064 B]
Get:2 https://apt-test.freedom.press focal/main amd64 securedrop-keyring amd64 0.1.5+2.0.0~rc3+focal [8120 B]
Get:3 https://apt-test.freedom.press focal/main amd64 securedrop-ossec-agent amd64 3.6.0+2.0.0~rc3+focal [4664 B]
Get:4 https://apt-test.freedom.press focal/main amd64 tor amd64 0.4.5.8-1~focal+1 [1488 kB]
Fetched 1503 kB in 0s (0 B/s)
fetch.run() result: 0
dpkg is configured not to cause conffile prompts
Packages that will be upgraded: securedrop-config securedrop-keyring securedrop-ossec-agent tor
<snipped>
Log started: 2021-06-21 06:57:55
(Reading database ... 46453 files and directories currently installed.)
Preparing to unpack .../tor_0.4.5.8-1~focal+1_amd64.deb ...
Unpacking tor (0.4.5.8-1~focal+1) over (0.4.5.7-1~focal+1) ...
Setting up tor (0.4.5.8-1~focal+1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.7) ...
left to upgrade set()
All upgrades installed
InstCount=0 DelCount=0 BrokenCount=0
Package securedrop-app-code has a higher version available, checking if it is from an allowed origin and is not pinned down.
Package securedrop-app-code is kept back because a related package is kept back or due to local apt_preferences(5).
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2021-06-21 06:57:34
From 1.8.2
I can upgrade to SecureDrop 2.0.0~rc5
using the command sudo unattended-upgrade -d
. I can also verify that the haveged
is masked.
vagrant@app-prod:~$ sudo systemctl status haveged
● haveged.service
Loaded: masked (Reason: Unit haveged.service is masked.)
Active: inactive (dead)
Jun 23 16:16:05 app-prod systemd[1]: Started Entropy daemon using the HAVEGE algorithm.
Jun 23 16:16:05 app-prod haveged[541]: haveged starting up
Jun 23 16:16:06 app-prod haveged[541]: haveged: ver: 1.9.1; arch: x86; vend: GenuineIntel; build: (gcc 8.3.0 ITV); collect: 128K
Jun 23 16:16:06 app-prod haveged[541]: haveged: cpu: (L4 VC); data: 32K (L2 L4 V); inst: 32K (L2 L4 V); idx: 24/40; sz: 31410/52825
Jun 23 16:16:06 app-prod haveged[541]: haveged: tot tests(BA8): A:1/1 B:1/1 continuous tests(B): last entropy estimate 7.9984
Jun 23 16:16:06 app-prod haveged[541]: haveged: fills: 0, generated: 0
Jun 23 16:22:27 app-prod systemd[1]: Stopping Entropy daemon using the HAVEGE algorithm...
Jun 23 16:22:27 app-prod haveged[541]: haveged: Stopping due to signal 15
Jun 23 16:22:27 app-prod systemd[1]: haveged.service: Succeeded.
Jun 23 16:22:27 app-prod systemd[1]: Stopped Entropy daemon using the HAVEGE algorithm.
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] Removed support for v2 service configuration #5915
sdconfig
, there are no prompts to choose either v2 or v3 services/etc/tor/torrc
for app and monsourcev3
and journalistv3
for app, and sshv3
for app and mon if SSH-over-tor is enabled.[x] Updated Tor to 0.4.5.8 #5971
[x] Removed flag-for-reply #5954
www-data
user:
sqlite3 /var/lib/securedrop/db.sqlite "select filesystem_id from sources where journalist_designation = '<journalist designation>'"
www-data
):
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-secret-keys FILESYSTEM_ID
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-keys FILESYSTEM_ID
root
) with: redis-cli del sd/crypto-util/fingerprints
[x] Removed v2 field from metadata endpoint #5926
http://<source interface>/metadata
endpoint and confirm that the source_v2_url
field is not displayed and the source_v3_url
address is displayed and has the correct value.[x] Store directory is recreated if missing for an existing source #5944
/var/lib/securedrop/store/<filesystem ID>
[x] Missing file error message text update #5905
[x] invalid image error message text update #5932
/var/www/securedrop/static/i
directory, and change them via chmod 555 /var/www/securedrop/static/i
Logo image served as static resource #5874
i/logo.png
i/custom_logo.png
[ ] /sources/<uuid>/conversation
endpoint deletes source files while retaining source account #5963 SKIPPED
upload-screenshots.py
removed from application package #5941
/var/www/securedrop/upload-screenshots.py
is not present.Jounalist workstation can be configured without tor_v3_keys.json
being present #5965
app-sourcev3-ths
and app-journalist.auth_private
files from the Admin Workstation, and that no errors about tor_v3_keys.json
are obverved during the tailsconfig
command on the new workstation../securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
[x] Removed support for v2 service configuration #5915
sdconfig
, there are no prompts to choose either v2 or v3 services/etc/tor/torrc
for app and monsourcev3
and journalistv3
for app, and sshv3
for app and mon if SSH-over-tor is enabled.[x] Updated Tor to 0.4.5.8 #5971
[x] Removed flag-for-reply #5954, #6008, #6011
gpg --homedir /var/lib/securedrop/keys --list-keys
and confirm that you see one key for the new source.www-data
user:
sqlite3 /var/lib/securedrop/db.sqlite "select filesystem_id from sources where journalist_designation = '<journalist designation>'"
www-data
):
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-secret-keys FILESYSTEM_ID
gpg --homedir /var/lib/securedrop/keys --yes --pinentry-mode=loopback --delete-keys FILESYSTEM_ID
root
) with: redis-cli del sd/crypto-util/fingerprints
ssh app sudo systemctl status haveged
shows that haveged
is stopped, disabled, and maskedssh app apt-cache policy haveged
shows that haveged
is not installed.[x] Removed v2 field from metadata endpoint #5926
http://<source interface>/metadata
endpoint and confirm that the source_v2_url
field is not displayed and the source_v3_url
address is displayed and has the correct value.[x] Store directory is recreated if missing for an existing source #5944
/var/lib/securedrop/store/<filesystem ID>
[x] Missing file error message text update #5905
[x] invalid image error message text update #5932
/var/www/securedrop/static/i
directory, and change them via chmod 555 /var/www/securedrop/static/i
Logo image served as static resource #5874
i/logo.png
i/custom_logo.png
/sources/<uuid>/conversation
endpoint deletes source files while retaining source account #5963
upload-screenshots.py
removed from application package #5941
/var/www/securedrop/upload-screenshots.py
is not present.Jounalist workstation can be configured without tor_v3_keys.json
being present #5965
app-sourcev3-ths
and app-journalist.auth_private
files from the Admin Workstation, and that no errors about tor_v3_keys.json
are obverved during the tailsconfig
command on the new workstation.
This is a tracking issue for the release of SecureDrop 2.0.0
Tentatively scheduled as follows:
String and feature freeze: 2021-06-08 String comment period: 2021-06-08 - 2021-06-11 Translation period: 2021-06-11 - 2021-06-21 Pre-release announcement: 2021-06-15 Release date: ~2021-06-22
Release manager: @zenmonkeykstop Deputy release manager: @kushaldas Localization manager: @rmol
Deputy localization manager: @kushaldas Communications manager:: @rocodes
SecureDrop maintainers and testers: As you QA 2.0.0, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the 2.0.0 milestone for tracking (or ask a maintainer to do so).
Test debian packages will be posted on https://apt-test.freedom.press signed with the test key. An Ansible playbook testing the upgrade path is here.
QA Matrix for 2.0.0
Test Plan for 2.0.0
Prepare release candidate (2.0.0~rc1)
2.0.0~rc1
on test apt serverPrepare release candidate (2.0.0~rc2)
2.0.0~rc2
on test apt serverPrepare release candidate (2.0.0~rc3)
2.0.0~rc3
on test apt serverPrepare release candidate (2.0.0~rc4)
2.0.0~rc4
on test apt serverPrepare release candidate (2.0.0~rc5)
2.0.0~rc5
on test apt serverAfter each test, please update the QA matrix and post details for Basic Server Testing, Application Acceptance Testing and 1.8.0-specific testing below in comments to this ticket.
Final release
release
branch in the LFS repo)release
branch in the LFS repo for the debs)main
in the LFS repo)main
and verify new docs build in securedrop-docs repoPost release
securedrop-docs
and Wagtaildevelop