Deaddrop release information
Information about the Deaddrop 4.0.0 release
This is the new main release of Deaddrop, the secure file sharing service provided by Sysctl as an appliance to our customers that want to control their file transports.
The driver for this release is our migration to a new platform, Sysctl Linux. Our old platform was CentOS based and had reached end-of-life. With this new platform, we greatly upgrade and enhance the kernel, all system components, all dependencies, all libraries, etc. Besides stability and security enhancements, this also comes with modern variants of all the modules and tools we built upon thus giving us new possibilities to use new features, new protocol versions, new hardening mechanisms, etc. We have also needed to update the security hardening since SELinux policies needed to be written or rewritten for the new platform. Once over on this new platform, we will incorporate and use more of these new mechanisms in several upcoming releases.
This release contains new features, enhancements and some fixes to the software. The features have been requested by customers who want to have more information at various times. Bug fixes mostly address issues and usability problems that have been reported to us by customers.
This release will also come with a SBOM, a software bill of material, to be used by customers for their software inventories.
As always, with the release, we also update the operating system components, which in turn fixes errors and bugs in those packages.
Existing customers with active service contracts are entitled to download and install this new release.
New installs
Fresh Deaddrop installs will work out of the box with this release. If you have an existing deaddrop instance, you have to do an upgrade and a migration. More info below on that process
Upgrade and migration process
An upgrade from an existing deaddrop implies a migration as well, where the configuration must be transferred from the old deaddrop installation to the new installation.
The deaddrop application is delivered as an ISO file, available from sysctl. This is used as installation media from which an installation is made into a physical or virtual server.
If a virtual server is to be used, the new server must be setup beforehand in accordance with the minimum specifications mentioned here: https://sysctl.se/deaddrop/documentation/server-requirements/#virtual-server
If a physical server is to be used, the new server must be setup beforehand in accordance with the minimum specifications mentioned here: https://sysctl.se/deaddrop/documentation/server-requirements/#physical-server
You should examine your actual disk usage from the existing server, but also verify that you are well aligned with the disk usage recommendations mentioned here: https://sysctl.se/deaddrop/documentation/server-requirements/#disk-usage
Since this is a major upgrade from 3 -> 4, and we have also made significant changes when we replaced the old Linux platform to our new Linux platform, this release
- is not intended for any automatic upgrading. It is not possible to run an upgrade inside an existing installation, since the base OS is so different and requires a full install in itself.
- require completely a new install for the 4.0 server
- with new install, we mean an installation of a new virtual, or physical, machine that will run the new Deaddrop while decommissioning the old installation
- a special backup and restore script is supplied to be used by your organization to backup the configuration of the old deaddrop instance and to be used for restoring the configuration and settings into the newly installed deaddrop server.
- deaddrop 3.6.1 will soon be released with the full backup script. This must be installed on the old server, so you are able to run the backup script and later use that backup as the basis for the new server settings.
The backup-restore task should be performed as soon as the new server is up, and the old server is ready to be retired.
If you are uncertain how to perform this task, contact support@sysctl.se before doing any changes to your environment!
Frontend
- Minor graphical enhancement
Backend
Rebase on Sysctl Linux. Update all system components.
- Ship SBOM. This is the first release for which we will make available a Software Bill of Material, SBOM. This is a specially structured document that lists all components that make up deaddrop. SBOM’s is mandated in some upcoming legislation. SBOM’s also usable for software inventories and housekeeping as it can be used by various tools.
- core: Update userland components
- core: rewrite SELinux to work with new base and with all new services we use
- core: Replace ntpd with chrony. Harden ntp service
- core: Replace iptables with nftables
- core: Replace shibboleth SAML service provider with Mellon
- web: Enable support for the TLSv1.3 protocol
- Lets encrypt module: properly handle changed ca-chains
- Lets encrypt module: decouple proxy settings from system
- email: Tag subjects on file email notifications with uuids
Repo
The repo is our repository of software packages used to install components on the deaddrop server.
- Completely redo how we handle updates and software packages. Instead of distributing massive amounts of packages, some not needed, we now optimize the storage and the network bandwidth with a minimized repo. This will lead to reduced disk usage of repomirrors on the local system.
DDadm
DDadm is the separate admin tool and admin interface for deaddrop
- ddadm: Replace Admin cgi scripts with python processes. This is a major write
- ddadm: Remove requirement on sudo
SMS
- add support for cellsynt sms gateway
Operating system packages
- This new release brings upstream operating system updates and fixes
Documentation
- General documentation enhancement to reflect the new release
Known issues
- When Session cookie users get logged out from inactivity, they will be redirected to the main login page. Previously a logged-out user was given a prompt to re-login without needing to fill in their username. This will be resolved in a future release