Upgrade from 2.11.0 to 2.11.1

Preparing for the Ubuntu 24.04 (Noble) migration

The 2.11.1 release includes a number of features that will help ensure your SecureDrop server is prepared for the automated migration to Ubuntu 24.04 (Noble) in early 2025.

SecureDrop 2.11.1 will automatically run checks to ensure all servers are ready for migration to Ubuntu 24.04 (Noble). If issues are found, a banner will be displayed in the Journalist Interface to both admins and journalists. Administrators are encouraged to review the Ubuntu 24.04 (Noble) migration guide explaining how to resolve any errors and perform any necessary steps before Jan. 31st, 2025.

We will have more details on the migration itself early next year.

Update Servers to SecureDrop 2.11.1

Servers running Ubuntu 20.04 will be updated to the latest version of SecureDrop automatically within 24 hours of the release.

Update Workstations to SecureDrop 2.11.1

Important

We recommend backing up your workstations prior to any upgrades. See our backup instructions for more information.

Update to SecureDrop 2.11.1 using the graphical updater

On the next boot of your SecureDrop Journalist and Admin Workstations, the SecureDrop Workstation Updater will alert you to workstation updates. You must have configured an administrator password on the Tails welcome screen in order to use the graphical updater.

Perform the update to 2.11.1 by clicking “Update Now”:

../_images/securedrop-updater.png

Fallback: Perform a manual update

If the graphical updater fails and you want to perform a manual update instead, first delete the graphical updater’s temporary flag file, if it exists (the . before securedrop is not a typo):

rm ~/Persistent/.securedrop/securedrop_update.flag

This will prevent the graphical updater from attempting to re-apply the failed update and has no bearing on future updates. You can now perform a manual update by running the following commands:

cd ~/Persistent/securedrop
git fetch --tags
gpg --keyserver hkps://keys.openpgp.org --recv-key \
 "2359 E653 8C06 13E6 5295 5E6C 188E DD3B 7B22 E6A3"
git tag -v 2.11.1

The output should include the following two lines:

gpg:                using RSA key 2359E6538C0613E652955E6C188EDD3B7B22E6A3
gpg: Good signature from "SecureDrop Release Signing Key <securedrop-release-key-2021@freedom.press>" [unknown]

Please verify that each character of the fingerprint above matches what is on the screen of your workstation. A warning that the key is not certified is normal and expected. If the output includes the lines above, you can check out the new release:

git checkout 2.11.1

Important

If you do see the warning “refname ‘2.11.1’ is ambiguous” in the output, we recommend that you contact us immediately at securedrop@freedom.press (GPG encrypted).

Finally, run the following commands:

sudo apt update
./securedrop-admin setup
./securedrop-admin tailsconfig

Getting Support

Should you require further support with your SecureDrop installation, we are happy to help!

  • If you are already a member of our support portal, please don’t hesitate to open a ticket there. If you would like to request access, please contact us at securedrop@freedom.press (GPG encrypted). Note that your ticket will be visible to all support portal users at your organization; if this is a concern, reach out by email to the above address or to a staff member directly.

  • The Freedom of the Press Foundation offers training and priority support services. See https://securedrop.org/priority-support/ for more information.