-
Notifications
You must be signed in to change notification settings - Fork 696
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Add upgrade documentation for 1.4.1->1.5.0.
- Split Tails 4 upgrade docs into separate file to reference without referring to old upgrade documentation. - Update references to Tails 4 docs in past version upgrade guides (text does not change).
- Loading branch information
Showing
10 changed files
with
151 additions
and
108 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| Upgrade from 1.4.1 to 1.5.0 | ||
| =========================== | ||
|
|
||
| Automatic server upgrades | ||
| ------------------------- | ||
| As with previous releases, your servers will be upgraded to the latest version | ||
| of SecureDrop automatically within 24 hours of the release. | ||
|
|
||
| Updating Workstations to SecureDrop 1.5.0 | ||
| ----------------------------------------- | ||
|
|
||
| Using the graphical updater | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| On the next boot of your SecureDrop *Journalist* and *Admin Workstations*, | ||
| the *SecureDrop Workstation Updater* will alert you to workstation updates. You | ||
| must have `configured an administrator password <https://tails.boum.org/doc/first_steps/startup_options/administration_password/>`_ | ||
| on the Tails welcome screen in order to use the graphical updater. | ||
|
|
||
| Perform the update to 1.5.0 by clicking "Update Now": | ||
|
|
||
| .. image:: ../images/securedrop-updater.png | ||
|
|
||
| Performing a manual update | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| If the graphical updater fails and you want to perform a manual update instead, | ||
| first delete the graphical updater's temporary flag file, if it exists (the | ||
| ``.`` before ``securedrop`` is not a typo): :: | ||
|
|
||
| rm ~/Persistent/.securedrop/securedrop_update.flag | ||
|
|
||
| This will prevent the graphical updater from attempting to re-apply the failed | ||
| update and has no bearing on future updates. You can now perform a manual | ||
| update by running the following commands: :: | ||
|
|
||
| cd ~/Persistent/securedrop | ||
| git fetch --tags | ||
| gpg --keyserver hkps://keys.openpgp.org --recv-key \ | ||
| "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77" | ||
| git tag -v 1.5.0 | ||
|
|
||
| The output should include the following two lines: :: | ||
|
|
||
| gpg: using RSA key 22245C81E3BAEB4138B36061310F561200F4AD77 | ||
| gpg: Good signature from "SecureDrop Release Signing Key" | ||
|
|
||
| Please verify that each character of the fingerprint above matches what is | ||
| on the screen of your workstation. If it does, you can check out the | ||
| new release: :: | ||
|
|
||
| git checkout 1.5.0 | ||
|
|
||
| .. important:: If you do see the warning "refname '1.5.0' is ambiguous" in the | ||
| output, we recommend that you contact us immediately at securedrop@freedom.press | ||
| (`GPG encrypted <https://securedrop.org/sites/default/files/fpf-email.asc>`__). | ||
|
|
||
| Finally, run the following commands: :: | ||
|
|
||
| ./securedrop-admin setup | ||
| ./securedrop-admin tailsconfig | ||
|
|
||
| Upgrading Tails | ||
| --------------- | ||
| If you have already upgraded your workstations to the Tails 4 series, follow the | ||
| graphical prompts to update to the latest version. | ||
|
|
||
| .. important:: | ||
|
|
||
| If you are still running Tails 3.x on any workstation, we urge you to update | ||
| to the Tails 4 series as soon as possible. Tails 3.x is no longer receiving | ||
| security updates, and is no longer supported by the SecureDrop team. | ||
| Please see our | ||
| :doc:`instructions for upgrading to Tails 4 <../upgrade_to_tails_4>`. | ||
|
|
||
| These instructions will be removed from a future version of this | ||
| documentation. | ||
|
|
||
| Getting Support | ||
| --------------- | ||
|
|
||
| Should you require further support with your SecureDrop installation, we are | ||
| happy to help! | ||
|
|
||
| .. include:: ../includes/getting-support.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| Upgrading workstations to Tails 4 | ||
| --------------------------------- | ||
|
|
||
| .. important:: | ||
|
|
||
| Before upgrading your *Admin Workstation* and your *Journalist Workstation* | ||
| to Tails 4, you must first ensure that the version of the SecureDrop code on | ||
| the workstation (which is used for administrative tasks and for configuring | ||
| the Tails desktop) is at 1.1.0 or a later version. | ||
|
|
||
| If unsure, you can always run the ``git status`` command in the | ||
| ``~/Persistent/securedrop`` directory to determine the current version. If | ||
| the output is not "HEAD detached at 1.1.0" or a later version, you are *not* | ||
| ready to proceed with the upgrade to Tails 4, and you must first update the | ||
| workstation using the procedure described in the previous section. | ||
|
|
||
| As a precaution, we recommend backing up your workstations before the upgrade | ||
| to Tails 4. See our :doc:`Workstation Backup Guide <../backup_workstations>` for | ||
| more information. We also recommend that you keep a USB drive running Tails 3.16 | ||
| on hand in case you need to revert. | ||
|
|
||
| Once you have created the backups, create a *Tails 4 Primary USB* which you will | ||
| use to upgrade your workstation. Follow the | ||
| `instructions on the Tails website <https://tails.boum.org/install/index.en.html>`__ | ||
| to create a fresh Tails drive on a computer running Windows, Mac, or Linux. | ||
|
|
||
| Boot the *Tails 4 Primary USB* on the air-gapped computer you use as the *Secure | ||
| Viewing Station*, and follow the instructions for `manually upgrading from | ||
| another Tails <https://tails.boum.org/upgrade/clone/index.en.html>`__ | ||
| to upgrade each workstation USB in turn. This procedure preserves the persistent | ||
| storage volume of each USB drive you upgrade to Tails 4. | ||
|
|
||
| Boot each workstation into Tails 4 to verify that the upgrade was successful. On | ||
| the *Admin* and *Journalist Workstations*, set an administrator password on the | ||
| Tails welcome screen, and update the SecureDrop environment using the following | ||
| commands: :: | ||
|
|
||
| cd ~/Persistent/securedrop | ||
| ./securedrop-admin setup | ||
| ./securedrop-admin tailsconfig | ||
|
|
||
| During the ``./securedrop-admin setup`` step, Tails will prompt you if you want | ||
| to install a set of packages every time you start Tails. These packages are only | ||
| required for the setup process, so you can safely click **Install Only Once**. | ||
|
|
||
| .. important:: | ||
|
|
||
| Until you run these commands, the SecureDrop shortcuts on the Tails desktop | ||
| will not work, and the graphical updater will no longer report available | ||
| updates for the SecureDrop code on your workstation. | ||
|
|
||
| No additional configuration is required for the *Secure Viewing Station*. | ||
|
|
||
| If you experience difficulties with this upgrade, please do not hesitate to | ||
| contact us using any of the methods below. If the upgrade failed and you need | ||
| to restore from a backup, see our :ref:`guide for restoring workstations <restore_workstations>`. | ||
| Make sure you restore to a Tails drive using Tails 3.16 before attempting | ||
| another upgrade to Tails 4. | ||
|
|