Closed zenmonkeykstop closed 1 year ago
2.6.0-rc1
(.venv) root@sd-staging:~/securedrop# virsh domifaddr libvirt-prod-focal_app-prod
Name MAC address Protocol Address
-------------------------------------------------------------------------------
vnet5 52:54:00:4c:4d:c1 ipv4 192.168.121.215/24
(.venv) root@sd-staging:~/securedrop# virsh domifaddr libvirt-prod-focal_mon-prod
Name MAC address Protocol Address
-------------------------------------------------------------------------------
vnet7 52:54:00:c4:7e:e5 ipv4 192.168.121.36/24
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] #6657 - switch to argon2id hashes
[x] #6681 - remove i18n globals
[x] #6738 - add descriptive titles
Cross-Origin-Resource-Policy
header is set with value same-origin
Cross-Origin-Resource-Policy
header is set with value same-origin
[x] #6826 - remove stale pending sources
sudo -u www-data bash
cd /var/www/securedrop/
./loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0
sudo systemctl start securedrop-remove-pending-sources.service
agrant@app-prod:~$ sudo -u www-data sqlite3 /var/lib/securedrop/db.sqlite "SELECT COUNT(*) FROM sources;"
111
vagrant@app-prod:~$ sudo systemctl start securedrop-remove-pending-sources.service
vagrant@app-prod:~$ sudo -u www-data sqlite3 /var/lib/securedrop/db.sqlite "SELECT COUNT(*) FROM sources;"
101
./securedrop-admin tailsconfig
, verify that:cd Persistent/securedrop
git checkout 2.6.0-rcN # Where N is latest version
./securedrop-admin setup
./securedrop-admin tailsconfig
tailsconfig
playbook message directs you to reboot./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] #6657 - switch to argon2id hashes
[x] #6681 - remove i18n globals
[x] #6738 - add descriptive titles
Cross-Origin-Resource-Policy
header is set with value same-origin
Cross-Origin-Resource-Policy
header is set with value same-origin
[x] #6826 - remove stale pending sources
On the app server, generate more than 100 pending sources using eg:
sudo -u www-data bash
cd /var/www/securedrop/
./loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0
Trigger the removal service with sudo systemctl start securedrop-remove-pending-sources.service
[x] Verify that only 100 pending sources remain in the database
[x] #6712 - add a Gnome shell extension
./securedrop-admin tailsconfig
, verify that:./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
[x] #6657 - switch to argon2id hashes
[x] #6681 - remove i18n globals
[x] #6738 - add descriptive titles
Cross-Origin-Resource-Policy
header is set with value same-origin
Cross-Origin-Resource-Policy
header is set with value same-origin
[x] #6826 - remove stale pending sources
On the app server, generate more than 100 pending sources using eg:
sudo -u www-data bash
cd /var/www/securedrop/
./loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0
Trigger the removal service with sudo systemctl start securedrop-remove-pending-sources.service
[x] Verify that only 100 pending sources remain in the database (Note: related to above, wasn't sure how to check DB directly, but the behavior on multiple passes confirmed the correct number of pending sources)
[x] #6712 - add a Gnome shell extension
./securedrop-admin tailsconfig
, verify that:2.6.0-rc2
../securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
sdadmin@app:~$ sudo journalctl | grep -E "securedrop-(clean-tmp|remove-pending-sources|submissions-today)" | tail -n 10
Jun 19 03:00:40 app systemd[1]: securedrop-submissions-today.service: Succeeded.
Jun 19 04:00:00 app systemd[1]: securedrop-clean-tmp.timer: Succeeded.
Jun 19 04:00:00 app systemd[1]: securedrop-remove-pending-sources.timer: Succeeded.
Jun 19 04:00:00 app systemd[1]: securedrop-submissions-today.timer: Succeeded.
Jun 20 00:00:02 app systemd[1]: securedrop-clean-tmp.service: Succeeded.
Jun 20 00:00:02 app systemd[1]: securedrop-remove-pending-sources.service: Succeeded.
Jun 20 03:00:21 app systemd[1]: securedrop-submissions-today.service: Succeeded.
Jun 20 04:00:00 app systemd[1]: securedrop-clean-tmp.timer: Succeeded.
Jun 20 04:00:00 app systemd[1]: securedrop-remove-pending-sources.timer: Succeeded.
Jun 20 04:00:00 app systemd[1]: securedrop-submissions-today.timer: Succeeded.
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
No, only journalists who have logged in since the upgrade to a v2.6.0 RC have updated password hashes. (This is an error in the test plan, not the implementation of #6657.)
[x] #6738 - add descriptive titles
Cross-Origin-Resource-Policy
header is set with value same-origin
Cross-Origin-Resource-Policy
header is set with value same-origin
[x] #6826 - remove stale pending sources
sudo -u www-data bash
cd /var/www/securedrop/
./loaddata.py --source-count 110 --files-per-source 0 --messages-per-source 0 --replies-per-source 0
This is a long-running instance with a useful amount of junk:
amnesia@amnesia:~$ ssh app 'sudo -u www-data sqlite3 /var/lib/securedrop/db.sqlite "SELECT COUNT(*) FROM sources;"'
177
sudo systemctl start securedrop-remove-pending-sources.service
This is a long-running instance with a useful amount of junk:
amnesia@amnesia:~$ ssh app sudo systemctl start securedrop-remove-pending-sources.service
amnesia@amnesia:~$ ssh app 'sudo -u www-data sqlite3 /var/lib/securedrop/db.sqlite "SELECT COUNT(*) FROM sources;"'
123
[x] #6712 - add a Gnome shell extension
Fresh install only After running ./securedrop-admin tailsconfig
, verify that:
The playbook message directs you to reboot
After rebooting, a SecureDrop menu is available in the top menubar including options to access the SI and JI, SSH to servers, access the Persistent directory, and start KeePassXC
after setting up a Journalist Workstation and rebooting, the same menu and options are available with the exception of the SSH options.
Upgrade only Upgrade the Tails Workstation to the latest RC by running the following commands in a terminal:
cd Persistent/securedrop
git checkout 2.6.0-rcN # Where N is latest version
./securedrop-admin setup
./securedrop-admin tailsconfig
verify that:
[x] The tailsconfig
playbook message directs you to reboot
[x] After rebooting, a SecureDrop menu is available in the top menubar including options to access the SI and JI, SSH to servers, access the Persistent directory, and start KeePassXC
[x] after setting up a Journalist Workstation and rebooting, the same menu and options are available with the exception of the SSH options.
./securedrop-admin verify
are passing:
cd ~/Persistent/securedrop && ./securedrop-admin setup -t
./securedrop-admin verify
(this will take a while)rm -rf admin/.venv3/ && ./securedrop-admin setup
After updating to this release candidate and running securedrop-admin tailsconfig
apt-qa.freedom.press
per preflight procedure)Can also confirm:
New SecureDrop menu appeared for me after reboot & connecting to network, and is working as expected.
Fresh install preflight checks out.
This is a tracking issue for the release of SecureDrop 2.6.0
Tentatively scheduled as follows:
Pre-release announcement: 06-15-2023 Release date: 06-22-2023
Release manager: @legoktm Deputy release manager: @zenmonkeykstop Localization manager: @cfm Communications manager: @nathandyer
SecureDrop maintainers and testers: As you QA 2.6.0, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release".
Test debian packages will be posted on https://apt-test.freedom.press signed with the test key.
QA Matrix for 2.6.0
Test Plan for 2.6.0
Prepare release candidate (2.6.0~rc1)
2.6.0~rc1
on test apt serverAfter each test, please update the QA matrix and post details for Basic Server Testing, Application Acceptance Testing and release-specific testing below in comments to this ticket.
Final release
release
branch in the LFS repo)release
branch in the LFS repo for the debs)main
in the LFS repo)main
and verify new docs build in securedrop-docs repoPost release
securedrop-docs
and Wagtaildevelop