Securedrop: Release SecureDrop 0.7.0

Created on 25 Apr 2018  路  12Comments  路  Source: freedomofpress/securedrop

This is a tracking issue for the upcoming release of SecureDrop 0.7.0 - tasks may get added or modified.

Feature freeze: April 24, 2018
String freeze: May 1, 2018
Pre-release announcement: May 1, 2018
Release date: ~May 8, 2018~ May 15th, 2018

_SecureDrop maintainers and testers:_ As you QA 0.7.0, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the 0.7 milestone for tracking.

Test debian packages are posted on https://apt-test.freedom.press signed with the test key. An Ansible playbook testing the upgrade path is here.

Prepare release candidate (0.7.0)

  • [x] Prepare 0.7.0 release changelog - @emkll
  • [x] Write (#3277) and send (#3278) pre-release announcement - @eloquence
  • [x] Check for Tor stable release (Latest stable is 0.3.2.10 released on March 3rd)
  • [x] Prepare test plan for 0.7.0 - @emkll
  • [x] Branch release/0.7 off develop - @emkll
  • [x] Build debs and put up 0.7.0~rc1 on test apt server - @emkll

QA (0.7.0~rc1)

  • [x] Test upgrade from 0.6 works on prod w/ test repo debs
  • [x] Test fresh install (not upgrade) of 0.7.0 works on prod w/ test repo debs

QA (0.7.0~rc2)

  • [x] Test upgrade from 0.6 works on prod w/ test repo debs
  • [x] Test fresh install (not upgrade) of 0.7.0 works on prod w/ test repo debs

QA (0.7.0~rc3)

  • [x] Test upgrade from 0.6 works on prod w/ test repo debs
  • [x] Test fresh install (not upgrade) of 0.7.0 works on prod w/ test repo debs

QA (0.7.0~rc4)

  • [x] Test upgrade from 0.6 works on prod w/ test repo debs
  • [x] Test fresh install (not upgrade) of 0.7.0 works on prod w/ test repo debs

QA (0.7.0~rc5)

  • [x] Test upgrade from 0.6 works on prod w/ test repo debs
  • [x] Test fresh install (not upgrade) of 0.7.0 works on prod w/ test repo debs

Final release

  • [x] Merge final translations (#3377, #3383 )
  • [x] Push signed tag
  • [x] Build final Debian packages for 0.7.0
  • [x] Pre-Flight: Test install (not upgrade) of 0.7.0 works w/ prod repo debs
  • [x] Publish blog post about 0.7.0 Debian package release and instructions for admins (#3346)

Most helpful comment

Test plan (see https://github.com/freedomofpress/securedrop/issues/3061#issuecomment-369339018 for basic acceptance testing script). Anyone should feel free to edit this comment and add/remove items as they see fit.

Checklist

For both upgrades and fresh installs, here is a list of functionality that requires testing. You can use this for copy/pasting into your QA report.

Basic Server Testing

  • [ ] I can access both the source and journalist interfaces
  • [ ] I can SSH into both machines over Tor
  • [ ] AppArmor is loaded on app
  • [ ] AppArmor is loaded on mon
  • [ ] Both servers are running grsec kernels
  • [ ] iptables rules loaded
  • [ ] OSSEC emails begin to flow after install
  • [ ] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [ ] Can successfully add admin user and login

Administration

Source Interface

Landing page base cases
  • [ ] JS warning bar does not appear when using Security Slider high
  • [ ] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [ ] On generate page, refreshing codename produces a new 7-word codename
  • [ ] On submit page, empty submissions produce flashed message
  • [ ] On submit page, short message submitted successfully
  • [ ] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [ ] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [ ] Nonexistent codename cannot log in
  • [ ] Empty codename cannot log in
  • [ ] Legitimate codename can log in
  • [ ] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • [ ] Can log in with 2FA tokens
  • [ ] incorrect password cannot log in
  • [ ] invalid 2fa token cannot log in
  • [ ] 2fa immediate reuse cannot log in
Index base cases
  • [ ] Filter by codename works
  • [ ] Starring and unstarring works
  • [ ] Click select all selects all submissions
  • [ ] Selecting all and clicking "Download all" works
Individual source page
  • [ ] You can submit a reply and a flashed message and new row appears
  • [ ] You cannot submit an empty reply
  • [ ] Clicking "Delete collection" and the source and docs are deleted
  • [ ] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [ ] Validate that the logo update functionality works correctly and there are no AppArmor violations
  • [ ] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)
  • [ ] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)
  • [ ] Verify daily_reboot_time can be set via securedrop-admin sdconfig (#3172)
  • [ ] An Orbot-specific message appears on the source interface (#3215)

Admin Updater GUI (#3300)

  • [ ] Run ./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)
  • [ ] Click "Update Now" in the GUI and confirm an update of the code to the latest stable release (0.6)

Journalist Notifications (#1195, #2803):

  • [ ] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [ ] Submit a document, wait (up to 24 hours in default configuration), and receive a journalist notification
  • [ ] Do not submit a document, wait (up to 24 hours in default configuration), and receive a different journalist notification

SSH over local network (#2592):

  • [ ] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [ ] Verify that iptables-based SSH connection rate limiting works
  • [ ] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

0.7.0-rc2 specific testing

  • [ ] Verify that decrypted submission gz file does not contain compression time metadata (file <file>.gz should not contain a date (#3305)
  • [ ] Verify that network handler does not raise an error (see https://github.com/freedomofpress/securedrop/issues/3337)
  • [ ] If journalist notification GPG key file is not given, ./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)
  • [ ] Verify that SSH over Local/Tor prompts are more user-friendly (see https://github.com/freedomofpress/securedrop/issues/3324)

0.7.0-rc3 specific testing

  • [ ] Submissions are sent through the source interface when https is enabled (#3351)
  • [ ] Verify that ./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )
  • [ ] SSH over Tor message is user-friendly and the default option is automatically populated (#3357)

0.7.0-rc4 specific testing

  • [ ] SecureDrop instance logos can be properly change (without any AppArmor violations) (#3379)
  • [ ] Journalist are sent at most once every 24h (#3374)
  • [ ] Translations are functional (specifically new translations, Hindi and Russian) (#3377)

0.7.0-rc5 specific testing

  • [ ] Verify that ./securedrop-admin update or the updater UI will not check out an unsigned tag (e.g. create a new tag locally, like 0.6.1)

All 12 comments

Test plan (see https://github.com/freedomofpress/securedrop/issues/3061#issuecomment-369339018 for basic acceptance testing script). Anyone should feel free to edit this comment and add/remove items as they see fit.

Checklist

For both upgrades and fresh installs, here is a list of functionality that requires testing. You can use this for copy/pasting into your QA report.

Basic Server Testing

  • [ ] I can access both the source and journalist interfaces
  • [ ] I can SSH into both machines over Tor
  • [ ] AppArmor is loaded on app
  • [ ] AppArmor is loaded on mon
  • [ ] Both servers are running grsec kernels
  • [ ] iptables rules loaded
  • [ ] OSSEC emails begin to flow after install
  • [ ] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [ ] Can successfully add admin user and login

Administration

Source Interface

Landing page base cases
  • [ ] JS warning bar does not appear when using Security Slider high
  • [ ] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [ ] On generate page, refreshing codename produces a new 7-word codename
  • [ ] On submit page, empty submissions produce flashed message
  • [ ] On submit page, short message submitted successfully
  • [ ] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [ ] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [ ] Nonexistent codename cannot log in
  • [ ] Empty codename cannot log in
  • [ ] Legitimate codename can log in
  • [ ] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • [ ] Can log in with 2FA tokens
  • [ ] incorrect password cannot log in
  • [ ] invalid 2fa token cannot log in
  • [ ] 2fa immediate reuse cannot log in
Index base cases
  • [ ] Filter by codename works
  • [ ] Starring and unstarring works
  • [ ] Click select all selects all submissions
  • [ ] Selecting all and clicking "Download all" works
Individual source page
  • [ ] You can submit a reply and a flashed message and new row appears
  • [ ] You cannot submit an empty reply
  • [ ] Clicking "Delete collection" and the source and docs are deleted
  • [ ] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [ ] Validate that the logo update functionality works correctly and there are no AppArmor violations
  • [ ] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)
  • [ ] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)
  • [ ] Verify daily_reboot_time can be set via securedrop-admin sdconfig (#3172)
  • [ ] An Orbot-specific message appears on the source interface (#3215)

Admin Updater GUI (#3300)

  • [ ] Run ./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)
  • [ ] Click "Update Now" in the GUI and confirm an update of the code to the latest stable release (0.6)

Journalist Notifications (#1195, #2803):

  • [ ] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [ ] Submit a document, wait (up to 24 hours in default configuration), and receive a journalist notification
  • [ ] Do not submit a document, wait (up to 24 hours in default configuration), and receive a different journalist notification

SSH over local network (#2592):

  • [ ] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [ ] Verify that iptables-based SSH connection rate limiting works
  • [ ] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

0.7.0-rc2 specific testing

  • [ ] Verify that decrypted submission gz file does not contain compression time metadata (file <file>.gz should not contain a date (#3305)
  • [ ] Verify that network handler does not raise an error (see https://github.com/freedomofpress/securedrop/issues/3337)
  • [ ] If journalist notification GPG key file is not given, ./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)
  • [ ] Verify that SSH over Local/Tor prompts are more user-friendly (see https://github.com/freedomofpress/securedrop/issues/3324)

0.7.0-rc3 specific testing

  • [ ] Submissions are sent through the source interface when https is enabled (#3351)
  • [ ] Verify that ./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )
  • [ ] SSH over Tor message is user-friendly and the default option is automatically populated (#3357)

0.7.0-rc4 specific testing

  • [ ] SecureDrop instance logos can be properly change (without any AppArmor violations) (#3379)
  • [ ] Journalist are sent at most once every 24h (#3374)
  • [ ] Translations are functional (specifically new translations, Hindi and Russian) (#3377)

0.7.0-rc5 specific testing

  • [ ] Verify that ./securedrop-admin update or the updater UI will not check out an unsigned tag (e.g. create a new tag locally, like 0.6.1)

:red_circle: IN PROGRESS :red_circle:

Update from 0.6 to 0.7.0~rc1

Basic Server Testing

  • [x] I can access both the source and journalist interfaces
  • [x] I can SSH into both machines over Tor
  • [x] AppArmor is loaded on app
  • [x] AppArmor is loaded on mon
  • [x] Both servers are running grsec kernels
  • [x] iptables rules loaded
  • [x] OSSEC emails begin to flow after install
  • [x] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [x] Can successfully add admin user and login

Application Acceptance Testing

Source Interface

Landing page base cases
  • [x] JS warning bar does not appear when using Security Slider high
  • [x] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [x] On generate page, refreshing codename produces a new 7-word codename
  • [x] On submit page, empty submissions produce flashed message
  • [x] On submit page, short message submitted successfully
  • [x] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [x] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [x] Nonexistent codename cannot log in
  • [x] Empty codename cannot log in
  • [x] Legitimate codename can log in
  • [x] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface journalist / likeness squiggly squealer platypus freehand pauper oblong

Login base cases
  • [x] Can log in with 2FA tokens
  • [x] incorrect password cannot log in
  • [x] invalid 2fa token cannot log in
  • [x] 2fa immediate reuse cannot log in
Index base cases
  • [x] Filter by codename works
  • [x] Starring and unstarring works
  • [x] Click select all selects all submissions
  • [x] Selecting all and clicking "Download all" works
Individual source page
  • [x] You can submit a reply and a flashed message and new row appears
  • [x] You cannot submit an empty reply
  • [x] Clicking "Delete collection" and the source and docs are deleted
  • [x] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [x] Validate that the logo update functionality works correctly and there are no AppArmor violations
  • [x] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)
  • [x] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3172)
  • [x] An Orbot-specific appears on the source interface (#3215)
  • [x] Validate that the SecureDrop updater GUI functions correctly (#3300): Starts at reboot, updates to the latest signed tag.

Journalist Notifications (#1195, #2803):

  • [x] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [x] Submit a document, wait, and receive a journalist notification
  • [x] Do not submit a document, wait, and receive a different journalist notification

SSH over local network (#2592):

  • [ ] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [ ] Verify that iptables-based SSH connection rate limiting works
  • [x] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

Update from 0.6 to 0.7.0~rc1

Basic Server Testing

  • [x] I can access both the source and journalist interfaces
  • [x] I can SSH into both machines over Tor
  • [x] AppArmor is loaded on app
  • [x] AppArmor is loaded on mon
  • [x] Both servers are running grsec kernels
  • [x] iptables rules loaded
  • [x] OSSEC emails begin to flow after install
  • [x] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [x] Can successfully add admin user and login

Application Acceptance Testing

Source Interface

Landing page base cases
  • [x] JS warning bar does not appear when using Security Slider high
  • [x] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [x] On generate page, refreshing codename produces a new 7-word codename
  • [x] On submit page, empty submissions produce flashed message
  • [x] On submit page, short message submitted successfully
  • [x] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [x] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [x] Nonexistent codename cannot log in
  • [x] Empty codename cannot log in
  • [x] Legitimate codename can log in
  • [x] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • [x] Can log in with 2FA tokens
  • [x] incorrect password cannot log in
  • [x] invalid 2fa token cannot log in
  • [x] 2fa immediate reuse cannot log in
Index base cases
  • [x] Filter by codename works
  • [x] Starring and unstarring works
  • [x] Click select all selects all submissions
  • [x] Selecting all and clicking "Download all" works
Individual source page
  • [x] You can submit a reply and a flashed message and new row appears
  • [x] You cannot submit an empty reply
  • [x] Clicking "Delete collection" and the source and docs are deleted
  • [x] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [ ] Validate that the logo update functionality works correctly and there are no AppArmor violations [DID NOT TEST THIS ONE]
  • [x] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)
  • [x] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3172)
  • [ ] An Orbot-specific appears on the source interface (#3215) [DID NOT TEST THIS ONE]
  • [x] Validate that the SecureDrop updater GUI functions correctly (#3300): Starts at reboot, updates to the latest signed tag.

Journalist Notifications (#1195, #2803):

  • [x] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [ ] Submit a document, wait, and receive a journalist notification [DID NOT TEST THIS ONE]
  • [ ] Do not submit a document, wait, and receive a different journalist notification [DID NOT TEST THIS ONE]

SSH over local network (#2592):

  • [x] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [ ] Verify that iptables-based SSH connection rate limiting works
  • [x] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

0.7-rc1 new install with prod VMs

Basic Server Testing

  • [x] I can access both the source and journalist interfaces
  • [x] I can SSH into both machines over Tor
  • [x] AppArmor is loaded on app
  • [x] AppArmor is loaded on mon
  • [x] Both servers are running grsec kernels
  • [x] iptables rules loaded
  • [x] OSSEC emails begin to flow after install
  • [x] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [x] Can successfully add admin user and login

Administration

Source Interface

Landing page base cases
  • [x] JS warning bar does not appear when using Security Slider high
  • [x] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [x] On generate page, refreshing codename produces a new 7-word codename
  • [x] On submit page, empty submissions produce flashed message
  • [x] On submit page, short message submitted successfully
  • [x] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [x] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [x] Nonexistent codename cannot log in
  • [x] Empty codename cannot log in
  • [x] Legitimate codename can log in
  • [x] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • [x] Can log in with 2FA tokens
  • [x] incorrect password cannot log in
  • [x] invalid 2fa token cannot log in
  • [x] 2fa immediate reuse cannot log in
Index base cases
  • [x] Filter by codename works
  • [x] Starring and unstarring works
  • [x] Click select all selects all submissions
  • [x] Selecting all and clicking "Download all" works
Individual source page
  • [x] You can submit a reply and a flashed message and new row appears
  • [x] You cannot submit an empty reply
  • [x] Clicking "Delete collection" and the source and docs are deleted
  • [x] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [x] Validate that the logo update functionality works correctly and there are no AppArmor violations
  • [x] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)
  • [x] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)
  • [x] Verify daily_reboot_time can be set via securedrop-admin sdconfig (#3172)
  • [x] An Orbot-specific message appears on the source interface (#3215)

Admin Updater GUI (#3300)

  • [x] Run ./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)
  • [x] Click "Update Now" in the GUI and confirm an update of the code to the latest stable release (0.6)

Journalist Notifications (#1195, #2803):

  • [x] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [x] Submit a document, wait (up to 24 hours in default configuration), and receive a journalist notification
  • [x] Do not submit a document, wait (up to 24 hours in default configuration), and receive a different journalist notification

SSH over local network (#2592):

  • [x] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [ ] Verify that iptables-based SSH connection rate limiting works
  • [x] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

~I was doing Application QA using the French translation, and noted that a message was not being translated:~
screenshot from 2018-04-27 11-31-45

Fresh install of 0.7.0-rc1 in prod VMs

Basic Server Testing

  • [x] I can access both the source and journalist interfaces
  • [x] I can SSH into both machines over Tor
  • [x] AppArmor is loaded on app
  • [x] AppArmor is loaded on mon
  • [x] Both servers are running grsec kernels
  • [x] iptables rules loaded
  • [x] OSSEC emails begin to flow after install
  • [x] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [x] Can successfully add admin user and login

Administration

Application Acceptance Testing

Source Interface

Landing page base cases
  • [x] JS warning bar does not appear when using Security Slider high
  • [x] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [x] On generate page, refreshing codename produces a new 7-word codename
  • [x] On submit page, empty submissions produce flashed message
  • [x] On submit page, short message submitted successfully
  • [x] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [x] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [x] Nonexistent codename cannot log in
  • [x] Empty codename cannot log in
  • [x] Legitimate codename can log in
  • [x] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • [x] Can log in with 2FA tokens
  • [x] incorrect password cannot log in
  • [x] invalid 2fa token cannot log in
  • [x] 2fa immediate reuse cannot log in
Index base cases
  • [x] Filter by codename works
  • [x] Starring and unstarring works
  • [x] Click select all selects all submissions
  • [x] Selecting all and clicking "Download all" works
Individual source page
  • [x] You can submit a reply and a flashed message and new row appears
  • [x] You cannot submit an empty reply
  • [x] Clicking "Delete collection" and the source and docs are deleted
  • [x] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [x] Validate that the logo update functionality works correctly and there are no AppArmor violations
  • [x] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158) - This also needs testing on hardware / prod VMs made from iso
  • [x] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)
  • [x] Verify daily_reboot_time can be set via securedrop-admin sdconfig (#3172)
  • [ ] An Orbot-specific message appears on the source interface (#3215) - DID NOT TEST, no Android phone at the ready
  • [x] Validate that the SecureDrop updater GUI functions correctly (#3300): Starts at reboot, updates to the latest signed tag (0.6).

Journalist Notifications (#1195, #2803):

  • [x] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [x] Submit a document, wait, and receive a journalist notification
  • [x] Do not submit a document, wait, and receive a different journalist notification

SSH over local network (#2592):

  • [ ] Enable SSH over local network and ensure hosts can be accessed via SSH over local network - DID NOT TEST, will do on my test hardware instance
  • [ ] Verify that iptables-based SSH connection rate limiting works - DID NOT TEST, will do on my test hardware instance
  • [ ] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor - DID NOT TEST, will do on my test hardware instance

Update from 0.7.0\~rc1 to 0.7.0\~rc2

Basic Server Testing

  • [x] I can access both the source and journalist interfaces
  • [x] I can SSH into both machines over Tor
  • [x] AppArmor is loaded on app
  • [x] AppArmor is loaded on mon
  • [x] Both servers are running grsec kernels
  • [x] iptables rules loaded
  • [x] OSSEC emails begin to flow after install
  • [x] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [x] Can successfully add admin user and login

Application Acceptance Testing

Source Interface

Landing page base cases
  • [x] JS warning bar does not appear when using Security Slider high
  • [x] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [x] On generate page, refreshing codename produces a new 7-word codename
  • [x] On submit page, empty submissions produce flashed message
  • [x] On submit page, short message submitted successfully
  • [x] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [x] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [x] Nonexistent codename cannot log in
  • [x] Empty codename cannot log in
  • [x] Legitimate codename can log in
  • [x] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • [x] Can log in with 2FA tokens
  • [x] incorrect password cannot log in
  • [x] invalid 2fa token cannot log in
  • [x] 2fa immediate reuse cannot log in
Index base cases
  • [x] Filter by codename works
  • [x] Starring and unstarring works
  • [x] Click select all selects all submissions
  • [x] Selecting all and clicking "Download all" works
Individual source page
  • [x] You can submit a reply and a flashed message and new row appears
  • [x] You cannot submit an empty reply
  • [x] Clicking "Delete collection" and the source and docs are deleted
  • [x] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [x] Validate that the logo update functionality works correctly and there are no AppArmor violations
  • [x] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)
  • [x] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3172)
  • [ ] An Orbot-specific appears on the source interface (#3215) [DID NOT TEST THIS ONE]
  • [x] Validate that the SecureDrop updater GUI functions correctly (#3300): Starts at reboot, updates to the latest signed tag.

Journalist Notifications (#1195, #2803):

  • [x] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [ ] Submit a document, wait, and receive a journalist notification [DID NOT TEST THIS ONE]
  • [ ] Do not submit a document, wait, and receive a different journalist notification [DID NOT TEST THIS ONE]

SSH over local network (#2592):

  • [x] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [ ] Verify that iptables-based SSH connection rate limiting works
  • [x] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

0.7.0-rc2 specific testing

  • [x] Verify that decrypted submission gz file does not contain compression time metadata (file <file>.gz should not contain a date (#3305)
  • [x] Verify that network handler does not raise an error (see https://github.com/freedomofpress/securedrop/issues/3337)
  • [x] If journalist notification GPG key file is not given, ./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)
  • [x] Verify that SSH over Local/Tor prompts are more user-friendly (see https://github.com/freedomofpress/securedrop/issues/3324)

0.6 -> 0.7.0 upgrade testing on physical instance with 3.14.79 kernels (In progress)

Basic Server Testing

  • [x] I can access both the source and journalist interfaces
  • [x] I can SSH into both machines over Tor
  • [x] AppArmor is loaded on app
  • [x] AppArmor is loaded on mon
  • [x] Both servers are running grsec kernels
  • [x] iptables rules loaded
  • [x] OSSEC emails begin to flow after install
  • [x] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [x] Can successfully add admin user and login

Administration

Source Interface

Landing page base cases
  • [x] JS warning bar does not appear when using Security Slider high
  • [x] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [x] On generate page, refreshing codename produces a new 7-word codename
  • [x] On submit page, empty submissions produce flashed message
  • [x] On submit page, short message submitted successfully
  • [x] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [x] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [x] Nonexistent codename cannot log in
  • [x] Empty codename cannot log in
  • [x] Legitimate codename can log in
  • [x] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • [x] Can log in with 2FA tokens
  • [x] incorrect password cannot log in
  • [x] invalid 2fa token cannot log in
  • [x] 2fa immediate reuse cannot log in
Index base cases
  • [x] Filter by codename works
  • [x] Starring and unstarring works
  • [x] Click select all selects all submissions
  • [x] Selecting all and clicking "Download all" works
Individual source page
  • [ ] You can submit a reply and a flashed message and new row appears
  • [ ] You cannot submit an empty reply
  • [ ] Clicking "Delete collection" and the source and docs are deleted
  • [ ] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [ ] Validate that the logo update functionality works correctly and there are no AppArmor violations
  • [ ] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)
  • [ ] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)
  • [ ] Verify daily_reboot_time can be set via securedrop-admin sdconfig (#3172)
  • [x] An Orbot-specific message appears on the source interface (#3215)

Admin Updater GUI (#3300)

  • [x] Run ./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)
  • [x] Click "Update Now" in the GUI and confirm an update of the code to the latest stable release (0.6)

Journalist Notifications (#1195, #2803):

  • [ ] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [ ] Submit a document, wait (up to 24 hours in default configuration), and receive a journalist notification
  • [ ] Do not submit a document, wait (up to 24 hours in default configuration), and receive a different journalist notification

SSH over local network (#2592):

  • [x] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [x] Verify that iptables-based SSH connection rate limiting works
  • [x] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

0.7.0-rc2 specific testing

  • [x] Verify that decrypted submission gz file does not contain compression time metadata (file <file>.gz should not contain a date (#3305)
  • [x] Verify that network handler does not raise an error (see https://github.com/freedomofpress/securedrop/issues/3337)
  • [x] If journalist notification GPG key file is not given, ./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)
  • [x] Verify that SSH over Local/Tor prompts are more user-friendly (see https://github.com/freedomofpress/securedrop/issues/3324)

0.6 -> 0.7.0~rc3 upgrade testing on physical instance

0.7.0-specific testing

  • [x] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)

Admin Updater GUI (#3300)

  • [x] Run ./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)
  • [x] Click "Update Now" in the GUI and confirm an update of the code to the latest stable release (0.6)

Journalist Notifications (#1195, #2803):

  • [x] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [x] Submit a document, wait (up to 24 hours in default configuration), and receive a journalist notification
  • [ ] Do not submit a document, wait (up to 24 hours in default configuration), and receive a different journalist notification - waiting

SSH over local network (#2592):

  • [x] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [x] Verify that iptables-based SSH connection rate limiting works
  • [x] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

0.7.0-rc2 specific testing

  • [x] Verify that decrypted submission gz file does not contain compression time metadata (file <file>.gz should not contain a date (#3305)
  • [x] Verify that network handler does not raise an error (see https://github.com/freedomofpress/securedrop/issues/3337)
  • [x] If journalist notification GPG key file is not given, ./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)
  • [x] Verify that SSH over Local/Tor prompts are more user-friendly (see https://github.com/freedomofpress/securedrop/issues/3324)

0.7.0-rc3 specific testing

  • [x] Submissions are sent through the source interface when https enabled (#3351)
  • [x] Verify that ./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )
  • [x] SSH over Tor message is user-friendly and the default option is automatically populated (#3357)

Michael's fantastical upgrade checklist... 0.6 --> 0.7.0rc4

Basic Server Testing

  • [x] I can access both the source and journalist interfaces
  • [x] I can SSH into both machines over Tor
  • [x] AppArmor is loaded on app
  • [x] AppArmor is loaded on mon
  • [x] Both servers are running grsec kernels
  • [x] iptables rules loaded
  • [x] OSSEC emails begin to flow after install
  • [x] OSSEC emails are decrypted to correct key and I am able to decrypt them

Command Line User Generation

  • [x] Can successfully add admin user and login

Administration

Source Interface

Landing page base cases
  • [x] JS warning bar does not appear when using Security Slider high
  • [x] JS warning bar does appear when using Security Slider Low
First submission base cases
  • [x] On generate page, refreshing codename produces a new 7-word codename
  • [x] On submit page, empty submissions produce flashed message
  • [x] On submit page, short message submitted successfully
  • [ ] On submit page, file greater than 500 MB produces "The connection was reset" in Tor Browser _quickly_ before the entire file is uploaded
  • [ ] On submit page, file less than 500 MB submitted successfully
Returning source base cases
  • [x] Nonexistent codename cannot log in
  • [x] Empty codename cannot log in
  • [x] Legitimate codename can log in
  • [x] Returning user can view journalist replies - need to log into journalist interface to test

Journalist Interface

Login base cases
  • [x] Can log in with 2FA tokens
  • [x] incorrect password cannot log in
  • [x] invalid 2fa token cannot log in
  • [x] 2fa immediate reuse cannot log in
Index base cases
  • [x] Filter by codename works
  • [x] Starring and unstarring works
  • [x] Click select all selects all submissions
  • [x] Selecting all and clicking "Download all" works
Individual source page
  • [x] You can submit a reply and a flashed message and new row appears
  • [x] You cannot submit an empty reply
  • [x] Clicking "Delete collection" and the source and docs are deleted
  • [x] You can click on a document and successfully decrypt using application private key

0.7.0-specific testing

  • [x] Validate that the logo update functionality works correctly and there are no AppArmor violations
  • [x] SSH into app and mon and validate that non-grsec kernels are properly removed: sudo apt list --installed | grep linux-image does not return a generic (non grsec) kernel (#3158)
  • [x] SSH into app and mon and validate that sudo apt update does not indicate there are duplicate tor-apt repos (#3189) (grep -rl tor-apt /etc/apt/ returns 2 entries, not 3)
  • [x] Verify daily_reboot_time can be set via securedrop-admin sdconfig (#3172)
  • [ ] An Orbot-specific message appears on the source interface (#3215)

Admin Updater GUI (#3300)

  • [x] Run ./securedrop-admin tailsconfig and reboot the tails admin workstation. Validate that the updater runs on startup (as we are on an RC and not the previous stable release)
  • [ ] Click "Update Now" in the GUI and confirm an update of the code to the latest stable release (0.6)

Journalist Notifications (#1195, #2803):

  • [x] Journalist email and GPG key can be added via ./securedrop-admin sdconfig
  • [ ] Submit a document, wait (up to 24 hours in default configuration), and receive a journalist notification
  • [ ] Do not submit a document, wait (up to 24 hours in default configuration), and receive a different journalist notification

SSH over local network (#2592):

  • [x] Enable SSH over local network and ensure hosts can be accessed via SSH over local network
  • [ ] Verify that iptables-based SSH connection rate limiting works
  • [ ] Disable SSH over local network and ensure hosts can be accessed via SSH over Tor

0.7.0-rc2 specific testing

  • [ ] Verify that decrypted submission gz file does not contain compression time metadata (file <file>.gz should not contain a date (#3305)
  • [x] Verify that network handler does not raise an error (see https://github.com/freedomofpress/securedrop/issues/3337)
  • [ ] If journalist notification GPG key file is not given, ./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)
  • [x] Verify that SSH over Local/Tor prompts are more user-friendly (see https://github.com/freedomofpress/securedrop/issues/3324)

0.7.0-rc3 specific testing

  • [ ] Submissions are sent through the source interface when https is enabled (#3351)
  • [ ] Verify that ./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )
  • [x] SSH over Tor message is user-friendly and the default option is automatically populated (#3357)

0.7.0-rc4 specific testing

  • [x] SecureDrop instance logos can be properly change (without any AppArmor violations) (#3379)
  • [ ] Journalist are sent at most once every 24h (#3374)
  • [x] Translations are functional (specifically new translations, Hindi and Russian) (#3377)

Hardware upgrade 0.7.0-rc3 to 0.7.0-rc4 testing

  • [x] SecureDrop instance logos can be properly changed (without any AppArmor violations) (#3379)
  • [x] Journalist are sent at most once every 24h (#3374) - will check after a couple of days to make sure the alert is rolling in, so far so good
  • [x] Reboots more than once per day do not trigger journalist notifications (#3374)
  • [x] Translations are functional (specifically new translations, Hindi and Russian) (#3377)

Hardware upgrade 0.7.0~rc4 to 0.7.0-rc5 testing

0.7.0-rc2 specific testing

  • [x] Verify that decrypted submission gz file does not contain compression time metadata (file <file>.gz should not contain a date (#3305)
  • [x] Verify that network handler does not raise an error (see https://github.com/freedomofpress/securedrop/issues/3337)
  • [x] If journalist notification GPG key file is not given, ./securedrop-admin sdconfig should not prompt for GPG fingerprint and journalist email address (see https://github.com/freedomofpress/securedrop/issues/3320)
  • [x] Verify that SSH over Local/Tor prompts are more user-friendly (see https://github.com/freedomofpress/securedrop/issues/3324)

    0.7.0-rc3 specific testing

  • [x] Submissions are sent through the source interface when https is enabled (#3351)

  • [x] Verify that ./securedrop-admin sdconfig will now prompt for certificates and key when https is enabled on the prompt (#3366 )
  • [x] SSH over Tor message is user-friendly and the default option is automatically populated (#3357)

0.7.0-rc4 specific testing

  • [x] SecureDrop instance logos can be properly change (without any AppArmor violations) (#3379)
    Note that it requires a hard refresh of the page (I think this is consistent with previous behavior)
  • [x] Journalist are sent at most once every 24h (#3374) I did receive a SecureDrop Submissions Error message when activating SSH over Local (see below). I opened a ticket in #3393
  • [x] Translations are functional (specifically new translations, Hindi and Russian) (#3377)

0.7.0-rc5 specific testing

  • [x] Verify that ./securedrop-admin update or the updater UI will not check out an unsigned tag (e.g. create a new tag locally, like 0.6.1)

SecureDrop 0.7.0 has been released: https://securedrop.org/news/securedrop-070-released/.

Any issues with this upgrade should be reported via the FPF support portal, the community forum, or by filing a GitHub issue here.

Was this page helpful?
0 / 5 - 0 ratings