Server "prerequisites?"


#1

dear all,
i do not understand the prerequisites section. after completing the server installation that short section reads as really abrupt and makes a lot of assumptions about my knowledge of development terms. i am not sure what is meant by “the base of the SecureDrop repo” or what machine/hardware to initiate any of that on.
the reference to an “admin tails stick” is also not intuitive in relation to the installation of securedrop on the newly setup servers. it could also mean the admin workstation which has a usb stick!? with all of the different hardware for this it can get confusing what is being worked on in the documentation.
can someone break this whole thing down for me with some additional instruction on what is needed prior to getting the app and monitor software installed?

i appreciate your input.

                                  - hacker

https://docs.securedrop.org/en/latest/install.html


#2

Hello hacker,

The pre-requisites section you are referring to states that you need to run that command in the Admin Workstation, inside the SecureDrop git repository that you have downloaded as part of this Admin Workstation setup.

Once you have set up both the Admin Workstation (installed Tails, activated persistent storage, downloaded the SecureDrop Repository) and the SVS, you should be able to run the ./securedrop-admin setup command and proceed with the installation.

The hardware section, as well as subsequent sections on the index on the left-hand-side, should provide additional background on the various components of a SecureDrop install.

Hope this helps,
m


#3

is there a distinct path to that? i’m clear that i run it from the admin workstation now. where is that on this workstation?

~/Persistent/securedrop/ ???

thanks!
- hacker


#4

going back over the install i noticed a couple things:

the gpg --recv-key steps seem to work but…

‘git checkout 0.4.4’ from ~/Persistant/securedrop returns "error:path spec “0.4.4 did not match any files known to git” i don’t remember this step being a problem when i first cloned /securedrop…

‘git tag 0.4.4’ doesn’t show a good signature response now. i thought this checked out when i first set it up. should we somehow re-clone the repo or check some other part of our install? i’m getting concerned we’ve made a mistake or something that is making the setup and install steps impossible.

confused,

  • hacker

#5

Hello,

Correct, the SecureDrop repository should have been cloned in ~/Persistent/securedrop per the Admin Tails Setup guide.
If you cloned the repository prior to the 0.4.4 release, I suggest you perform git fetch in ~/Persistent/securedrop to download latest branches/tags. You may also need to refresh the signing key by issuing the following command:

gpg --refresh-keys "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77"```

#6

dear mickael,
thank you! refreshing the key returned no change with that but ‘git fetch’ did retrieve a bunch of files and now running the ‘git checkout 0.4.4’ and ‘git tag 0.4.4’ worked. the “HEAD” was replaced from securedrop 0.3.x => 0.4.4 etc… you’ve helped get us back on track with the install steps. cheers!

                                               - hacker

#7

dear all,
everything seems to have been loaded with admin setup but i did get an error regarding “pip” at the end? it says “check your connection and try again…” how do you reattempt? just run the same setup command again? thanks.

“no such option --require-hashes”

pip install wants at least one arguement…

  • hacker

#8

Hi hacker,

run that ./securedrop-admin setup command again and make sure you have an Internet connection by opening up your Tor Browser.


#9

dear mickael,

ok. i loaded a site or two with the browser and then tried the setup command again a couple times. i will try later too but have been getting the same pip error at this stage.

"INFO: Virtualenv already exists, not creating
INFO: Checking Python dependencies for securedrop-admin

Usage:
pip install [options] …
pip install [options] -r …
pip install [options] [-e] …
pip install [options] [-e] …
pip install [options] <archive url/path> …

no such option: --require-hashes
ERROR: Failed to install pip dependencies. Check network connection and try again."

thanks again,
- hacker


#10

dear all,

it failed again today. same error. is it possible there is something wrong where this is project is hosted? is there any way to fix the script with less/better arguments? the script is requiring hashes and pip is not playing nice with it right? any ideas to get past this? thanks.
- hacker


#11

Hi hacker,

So let’s do some basic checks here. Please confirm all of these by sending us the terminal output or screenshots of your computer:

a) Are you using the latest Tails version (3.2)?
b) Are you in the Securedrop directory cd ~/Persistance/securedrop?
c) Are you connected to Tor? (You can open the Tor Browser or run a command like torify curl google.com).
d) Do you have a static IP assigned to your computer?
e) if all of the above are true, then you should be able to execute ./securedrop-admin setup.


#12

dear bmeson,
hi. i can confirm everything but a) albeit without the terminal output you requested. the admin tails version might have changed. what commands would check that specifically and how do i update it? is it ‘apt-get tails update’ or something on the admin workstation? thanks.
- hacker


#13

i am proceeding with a manual upgrade to tails 3.2 on our admin workstation. i will try the setup command thereafter. thanks.

-hacker


#14

dear all,

we now have the admin workstation on Tails 3.2. when i ran the setup command again it returned a slightly different error and pip failed:

amnesia@amnesia:~/Persistent/securedrop$ ./securedrop-admin setup
INFO: Virtualenv already exists, not creating
INFO: Checking Python dependencies for securedrop-admin
/usr/bin/torsocks: 170: exec: /home/amnesia/Persistent/securedrop/.venv/bin/pip: not found
ERROR: Failed to install pip dependencies. Check network connection and try again.

am i forgetting something?
- hacker


#15

Hi @hacker

If you’re able to run Tor Browser and if torify curl google.com works for you, this pip install should also work for you. Occasionally we see that it fails when getting dependencies over the Tor network. You should be able to run it again if it fails for that reason. Also, if you’re not able to capture the terminal output, I recommend saving that to a file and using Onionshare which is build into Tails to send the files to another computer so that you can add them to your forum post.


#16

dear bmeson,
i can capture the output and share it here. let me know what commands of logs i ought to provide in this scenerio. torify does seem to work i think. here it is what i got:

amnesia@amnesia:~$ torify curl google.com

302 Moved

302 Moved

The document has moved here.

it’s a google domain in ukraine or something? anyway i’ll try setup again periodically but it sounds like it ought to work. please advise.
- hacker


#17

Hi @hacker

Yes that is the normal output when you try to curl google.com so you are getting the right command output. You should try to rerun the ~/.securedrop-admin setup command from the directory we described above.


#18

dear all,
okay. we’re sort of stuck then. i tried ‘git update’ again. it did some stuff and then the setup command with the same error:

amnesia@amnesia:~/Persistent/securedrop$ git fetch
remote: Counting objects: 1579, done.
remote: Total 1579 (delta 646), reused 647 (delta 646), pack-reused 932
Receiving objects: 100% (1579/1579), 251.75 KiB | 0 bytes/s, done.
Resolving deltas: 100% (1090/1090), completed with 162 local objects.
From https://github.com/freedomofpress/securedrop

  • 7a3fb885…d826508f 2332-use-admin -> origin/2332-use-admin (forced update)
  • 9ebd42f2…9aac4826 ExtendTorURL -> origin/ExtendTorURL (forced update)
  • [new branch] consolidate-requirements-files -> origin/consolidate-requirements-files
    fcf30bd0…2f468cc4 develop -> origin/develop
  • [new branch] docs-branch-explain -> origin/docs-branch-explain
    7a3fb885…bdb29333 docs-fix-2332 -> origin/docs-fix-2332
  • 1a6cf381…a5ae98f6 fix-otp-error-webapp -> origin/fix-otp-error-webapp (forced update)
    d3fcd125…365dc82b master -> origin/master
  • [new branch] python3 -> origin/python3
  • [new branch] wip-dachary-2516-i18n-sdconfig -> origin/wip-dachary-2516-i18n-sdconfig
  • [new branch] wip-dachary-2517-i18n-query-override -> origin/wip-dachary-2517-i18n-query-override
  • 833ce2a3…56203700 wip-dachary-i18n-desktop -> origin/wip-dachary-i18n-desktop (forced update)


and then:

amnesia@amnesia:~/Persistent/securedrop$ ./securedrop-admin setup
INFO: Virtualenv already exists, not creating
INFO: Checking Python dependencies for securedrop-admin
/usr/bin/torsocks: 170: exec: /home/amnesia/Persistent/securedrop/.venv/bin/pip: not found
ERROR: Failed to install pip dependencies. Check network connection and try again.

         - hacker

#19

Hello hacker, I may have actually reproduced your issue.
When you boot your admin Tails stick, do you enable a temporary admin password? If not, you must enable it to install dependencies (without that password, Tails disables admin actions by default). At the Tails login screen (where you enter persistence passphrase) there is a plus (+) button bottom left. Set a temporary (session) admin password, and use that when prompted during ./securedrop-admin setup. This should no longer fail if your admin workstation has Internet access.


#20

dear mickael,
hi again. i do have that session password set up. should i be typing sudo or something? it doesn’t prompt me for a password when i run the admin setup command normally. i rebooted and tried with sudo and got the same error. thanks for looking into this.

         - hacker