Upgrade from 2.2.0 to 2.2.1¶
Updating Servers to SecureDrop 2.2.1¶
Servers running Ubuntu 20.04 will be updated to the latest version of SecureDrop automatically within 24 hours of the release.
Updating Workstations to SecureDrop 2.2.1¶
If you encounter errors with the graphical updater, perform a manual update. This will ensure that you have imported the new SecureDrop release signing key.
Using the graphical updater¶
On the next boot of your SecureDrop Journalist and Admin Workstations, the SecureDrop Workstation Updater will alert you to workstation updates. You must have configured an administrator password on the Tails welcome screen in order to use the graphical updater.
Perform the update to 2.2.1 by clicking “Update Now”:
Performing a manual update¶
If the graphical updater fails and you want to perform a manual update instead,
first delete the graphical updater’s temporary flag file, if it exists (the
securedrop is not a typo):
This will prevent the graphical updater from attempting to re-apply the failed update and has no bearing on future updates. You can now perform a manual update by running the following commands:
cd ~/Persistent/securedrop git fetch --tags gpg --keyserver hkps://keys.openpgp.org --recv-key \ "2359 E653 8C06 13E6 5295 5E6C 188E DD3B 7B22 E6A3" git tag -v 2.2.1
The output should include the following two lines:
gpg: using RSA key 2359E6538C0613E652955E6C188EDD3B7B22E6A3 gpg: Good signature from "SecureDrop Release Signing Key <firstname.lastname@example.org>" [unknown]
Please verify that each character of the fingerprint above matches what is on the screen of your workstation. If it does, you can check out the new release:
git checkout 2.2.1
Finally, run the following commands:
./securedrop-admin setup ./securedrop-admin tailsconfig
Follow the graphical prompts to update to the latest version of the Tails operating system on your Admin and Journalist Workstations.
Older versions of Tails had problems with automatic updates, which SecureDrop tries to correct automatically. Check the version of Tails on your Admin and Journalist Workstations (Applications ▸ Tails ▸ About Tails). If you are running a version older than Tails 4.23, and did not receive an automatic upgrade prompt after connecting to the Internet, perform a manual update. If this also fails, please don’t hesitate to contact us.
Mac Mini and Intel 5th-gen NUC Deprecation¶
SecureDrop 2.2.x will be the last release series with support for Mac Mini or Intel NUC5 hardware. If you are still using Mac Mini or Intel 5th-gen NUC servers, you must move to a supported hardware platform as soon as possible to continue using SecureDrop. Newer Intel NUC models will continue to be supported.
Troubleshooting Kernel Issues¶
SecureDrop 2.2.1 includes a kernel update on the Application and Monitor Servers, from version 5.15.18 to version 5.15.26. As with all kernel updates, we have extensively tested this update against recommended hardware.
If you are running SecureDrop on hardware that is not officially supported, you may encounter compatibility issues with the new kernel. For example, the servers may not boot, or you may lose network connectivity. If this happens, you can temporarily downgrade to the previous kernel version.
To ensure continued secure operation of your SecureDrop instance, it is of critical importance to resolve any compatibility issues with the new kernel as quickly as possible. If you encounter problems with this update, please get in touch with us urgently, so we can help you run the latest supported kernel version.
For information on how to downgrade to the previous kernel, and for additional troubleshooting information, please see our Kernel Troubleshooting Guide.
Should you require further support with your SecureDrop installation, we are happy to help!
Community support is available at https://forum.securedrop.org
If you are already a member of our support portal, please don’t hesitate to open a ticket there. If you would like to request access, please contact us at email@example.com (GPG encrypted). Note that your ticket will be visible to all support portal users at your organization; if this is a concern, reach out by email to the above address or to a staff member directly.
The Freedom of the Press Foundation offers training and priority support services. See https://securedrop.org/priority-support/ for more information.