This is a tracking issue for the upcoming release of SecureDrop 0.7.0 - tasks may get added or modified.
Feature freeze: April 24, 2018
String freeze: May 1, 2018
Pre-release announcement: May 1, 2018
Release date: ~May 8, 2018~ May 15th, 2018
_SecureDrop maintainers and testers:_ As you QA 0.7.0, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the 0.7 milestone for tracking.
Test debian packages are posted on https://apt-test.freedom.press signed with the test key. An Ansible playbook testing the upgrade path is here.
release/0.7 off develop - @emkll0.7.0~rc1 on test apt server - @emkllTest plan (see https://github.com/freedomofpress/securedrop/issues/3061#issuecomment-369339018 for basic acceptance testing script). Anyone should feel free to edit this comment and add/remove items as they see fit.
For both upgrades and fresh installs, here is a list of functionality that requires testing. You can use this for copy/pasting into your QA report.
sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)daily_reboot_time can be set via securedrop-admin sdconfig (#3172)./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)./securedrop-admin sdconfigfile <file>.gz should not contain a date (#3305)./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )./securedrop-admin update or the updater UI will not check out an unsigned tag (e.g. create a new tag locally, like 0.6.1):red_circle: IN PROGRESS :red_circle:
sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)sudo apt update does not indicate there are duplicate tor-apt repos (#3172)./securedrop-admin sdconfigsudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)sudo apt update does not indicate there are duplicate tor-apt repos (#3172)./securedrop-admin sdconfigsudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)daily_reboot_time can be set via securedrop-admin sdconfig (#3172)./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)./securedrop-admin sdconfig~I was doing Application QA using the French translation, and noted that a message was not being translated:~

sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158) - This also needs testing on hardware / prod VMs made from iso./securedrop-admin sdconfigsudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)sudo apt update does not indicate there are duplicate tor-apt repos (#3172)./securedrop-admin sdconfigfile <file>.gz should not contain a date (#3305)./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)daily_reboot_time can be set via securedrop-admin sdconfig (#3172)./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)./securedrop-admin sdconfigfile <file>.gz should not contain a date (#3305)./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)./securedrop-admin sdconfigfile <file>.gz should not contain a date (#3305)./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )Michael's fantastical upgrade checklist... 0.6 --> 0.7.0rc4
sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)daily_reboot_time can be set via securedrop-admin sdconfig (#3172)./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)./securedrop-admin sdconfigfile <file>.gz should not contain a date (#3305)./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )file <file>.gz should not contain a date (#3305)./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)[x] Verify that SSH over Local/Tor prompts are more user-friendly (see https://github.com/freedomofpress/securedrop/issues/3324)
[x] Submissions are sent through the source interface when https is enabled (#3351)
./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )SecureDrop Submissions Error message when activating SSH over Local (see below). I opened a ticket in #3393 ./securedrop-admin update or the updater UI will not check out an unsigned tag (e.g. create a new tag locally, like 0.6.1)SecureDrop 0.7.0 has been released: https://securedrop.org/news/securedrop-070-released/.
Any issues with this upgrade should be reported via the FPF support portal, the community forum, or by filing a GitHub issue here.
Most helpful comment
Test plan (see https://github.com/freedomofpress/securedrop/issues/3061#issuecomment-369339018 for basic acceptance testing script). Anyone should feel free to edit this comment and add/remove items as they see fit.
Checklist
For both upgrades and fresh installs, here is a list of functionality that requires testing. You can use this for copy/pasting into your QA report.
Basic Server Testing
Command Line User Generation
Administration
Application Acceptance Testing
Source Interface
Landing page base cases
First submission base cases
Returning source base cases
Journalist Interface
Login base cases
Index base cases
Individual source page
0.7.0-specific testing
sudo apt list --installed | grep linux-imagedoes not return a generic (non grsec) kernel (#3158)sudo apt updatedoes not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/returns 2 entries, not 3)daily_reboot_timecan be set viasecuredrop-admin sdconfig(#3172)Admin Updater GUI (#3300)
./securedrop-admin tailsconfigand reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)Journalist Notifications (#1195, #2803):
./securedrop-admin sdconfigSSH over local network (#2592):
0.7.0-rc2 specific testing
file <file>.gzshould not contain a date (#3305)./securedrop-admin sdconfigshould not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)0.7.0-rc3 specific testing
./securedrop-admin sdconfigwill now prompt for certificates and key when https is enabled on the prompt (#3366 )0.7.0-rc4 specific testing
0.7.0-rc5 specific testing
./securedrop-admin updateor the updater UI will not check out an unsigned tag (e.g. create a new tag locally, like 0.6.1)