Securedrop: Test SecureDrop on Tails 3.0

Created on 2 Feb 2017  路  18Comments  路  Source: freedomofpress/securedrop

We will need to test SecureDrop on Tails 3.0 (especially the functionality provided by tails_files) before it is released. The first beta just became available: https://tails.boum.org/news/test_3.0-beta1/index.en.html.

In addition, we will need to devise, test, and document an upgrade path for all SecureDrop users, because this is a major version change (from Tails 2.x -> 3.x), and I expect it will not be possible for them to automatically upgrade their Tails devices.

Most helpful comment

would be happy to test this if there is a need to have multiple people test besides FPF developers.

All 18 comments

We should also contact the Tails project and find out how long they plan to support the 2.x release series, because the primary motivation for upgrading SecureDrop Tails users is to ensure they will continue to be able to receive security updates in a timely manner.

would be happy to test this if there is a need to have multiple people test besides FPF developers.

@freddymartinez9 Yeah, especially if you would be willing to switch to using Tails 3 beta for your JWs/AW that would definitely help us catch bugs.

Leaving a note about linking this to the issue that (presumably) triggered it. #1549

I was thinking about how to do this testing and it seems to me we need to someone to test using a fresh install of SD using tails 3.0 with persistent storage, especially the tails_files scripts. Separately, I will dd my current Tails 2.0 USBs (JA/AW) to a new USB, upgrade to tails 3.0 on that (while preserving persistent storage) and test away. My feeling is that someone at FPF should test the former, and I can test the latter.

The only issue I found is that Tails 3.0 seems to have dropped support for the .kdb extension in support of .kdbx (Keypass 2 DB). You can go to KeePass's Settings > Database > Import KeePass 1 database > Import but this is a one-way function. This might be fine but needs to be documented.

The update process I followed: Download Tails 3.0beta1 to a clean USB device. For all Tails devices, I created a clone of my USB devices on a reasonably secure OS (Qubes) sudo dd if=/dev/xvdi of=/dev/xvdj bs=4M; sync; for Admin and for the SVS. Update both to tails 3.0 beta1 by cloning. Login to Journalist Workstation as normal (FWIW: I tested with TBB security slider set to High). Move archives to the DTD and on to the SVS. Decrypt archives as always.

Everything worked as intended, with the exception of the database I described above. That being said: "worked for me" isn't a robust testing strategy, but I will try on the next few betas and RCs.

Thanks @freddymartinez9. Fun dd options you might like: conv=fdatasync makes sure buffered data is flushed to disk before the program exits, and status=progress gives you a progress bar.

Update both to tails 3.0 beta1 by cloning.

I'm not sure what you mean here.

Everything worked as intended, with the exception of the database I described above. That being said: "worked for me" isn't a robust testing strategy, but I will try on the next few betas and RCs.

Since everything worked are you going to stick w/ using the beta for now since you have another USB w/ stable in case you need to fallback? "Worked for me" for an extended period of time w/o problem is a little better than "worked for me" for one short test run. Although we'll definitely be doing other kinds of testing.

I'm not sure what you mean here.

"Update by cloning" is an option in the Tails installer. I booted the Tails 3.0 live USB, then plugged in the cloned USB device with persistent storage. "Update by cloning" will copy the tails 3.0 files to the USB while leaving the encrypted persistent storage alone. (This is the middle option of the three options in the "Tails Installer" offered by the live USB).

I found the Tails 3.0 Keepass issue I describes is a known issue for the Tails project , you can find it here: https://labs.riseup.net/code/issues/10956
I'll track the feedback there and update this issue as needed (and continue testing)

The only issue I found is that Tails 3.0 seems to have dropped support for the .kdb extension in support of .kdbx (Keypass 2 DB). You can go to KeePass's Settings > Database > Import KeePass 1 database > Import but this is a one-way function. This might be fine but needs to be documented.

The latest Tails 3.0 Beta 3 now has built-in support for migrating the databases from KeePass 1 to Keypass 2. So the question becomes about documentation, I suspect we should add a new section "Upgrading to Tails 2.x to 3.x", which can follow the convention of existing documentation.

I will retest the migration, either in beta 3 or in Beta 4.

"First release candidate for Tails 3.0 around May 19. Tails 3.0 is scheduled for June 13"

Given the schedule here (SecureDrop 0.4 should come out around the same time as Tails 3.0), we should do 0.4 testing on Tails 3.0 and include the upgrade directions in the SecureDrop 0.4 documentation.

Using Tails 3.0~beta4, I've ran through the following test procedure:

  1. Submit a test document to the source interface.
  2. Log in to the journalist interface.
  3. Download the test document.
  4. Transfer the test document over to the SVS.
  5. Decrypt the test document.
  6. Delete the submission.

While some of the UI has changed (we needed to take all the screenshots again anyway), there were no issues with the procedure as described in the Journalist guide. I've tested and documented the upgrade from Tails 2.x to 3.x in #1688.

We should also test a hardware install from Tails 3.0 before SecureDrop 0.4 is released.

I ran into a problem where Tails 3 beta 4's use of Sandbox 1 in torrc prevented tor from properly restarting after resuming from ACPI S3. Going to try to reproduce and file an issue.

Opened PR #1793, which will involve heavy use of Tails for QA prior to merge. Any changes to the logic for configuring the custom SecureDrop-specific persistence settings should be noted there, or filed in separate issues.

I think this looks mostly ready for closing. I think we should include a "update to tails 3.0 from 2.x" part in the documentation that mentions how to update your database (I have not re-tested from KePass 1 to kePass 2 on 3.0, so the behavior I described in the betas might have changed). We should also document the updates to ansible for the 0.4 release and that might require a test re-install of SecureDrop. From my experience the _upgrade_ path "works for me", but a fresh install is a different questions.

I can take a stab at updating the documentation as described above this week.

@freddymartinez9 Thanks for chiming in.

we should include a "update to tails 3.0 from 2.x" part in the documentation

Shazam: https://docs.securedrop.org/en/latest/upgrade_to_tails_3x.html

that mentions how to update your database

Great point, we may need a separate issue for that. The existing upgrade docs don't specifically mention keepass, and they definitely should. Related changes were made in #1919, but your point stands.

We should also document the updates to ansible for the 0.4 release

We've mentioned the new Admin-centric tooling in the changelog in the release/0.4 branch, and in the pre-release announcement that went out yesterday. More detail I suspect would be tedious for readers, even Admins, but I'm happy to hear specific suggestions for improving clarity on the changes.

that might require a test re-install of SecureDrop. From my experience the upgrade path "works for me", but a fresh install is a different questions.

The whole team is knee-deep in QA right now, and any issues that crop up during the test installs, test upgrades, or manual interactive testing of the web application are tagged with QA: Release. We'll continue knocking those issues down as we move forward to the July 25 release date. If you encounter any such problems during QA, please open issues!

I can take a stab at updating the documentation as described above this week.

Opened #1970 to track鈥攖hanks, @freddymartinez9!

The concerns raised by @freddymartinez9 in https://github.com/freedomofpress/securedrop/issues/1551#issuecomment-314818161 have been moved to discrete issues: #1970 and #1997. Will still have a bit more Tails 3-related problems to shake out in #1862, as well. Given that we have separate narrowly scoped issues for these problems, I'm closing this high-level tracking issue to keep the release milestone lean.

Was this page helpful?
0 / 5 - 0 ratings