Deaddrop release information

Information about the Deaddrop 4.0.0 release

This is the new main release of Deaddrop, the secure file sharing service provided by Sysctl as an appliance to our customers that want to control their file transports.

The driver for this release is our migration to a new platform, Sysctl Linux. Our old platform was CentOS based and had reached end-of-life. With this new platform, we greatly upgrade and enhance the kernel, all system components, all dependencies, all libraries, etc. Besides stability and security enhancements, this also comes with modern variants of all the modules and tools we built upon thus giving us new possibilities to use new features, new protocol versions, new hardening mechanisms, etc. We have also needed to update the security hardening since SELinux policies needed to be written or rewritten for the new platform. Once over on this new platform, we will incorporate and use more of these new mechanisms in several upcoming releases.

This release contains new features, enhancements and some fixes to the software. The features have been requested by customers who want to have more information at various times. Bug fixes mostly address issues and usability problems that have been reported to us by customers.

This release will also come with a SBOM, a software bill of material, to be used by customers for their software inventories.

As always, with the release, we also update the operating system components, which in turn fixes errors and bugs in those packages.

Existing customers with active service contracts are entitled to download and install this new release.

New installs

Fresh Deaddrop installs will work out of the box with this release. If you have an existing deaddrop instance, you have to do an upgrade and a migration. More info below on that process

Upgrade and migration process

An upgrade from an existing deaddrop implies a migration as well, where the configuration must be transferred from the old deaddrop installation to the new installation.

The deaddrop application is delivered as an ISO file, available from sysctl. This is used as installation media from which an installation is made into a physical or virtual server.

If a virtual server is to be used, the new server must be setup beforehand in accordance with the minimum specifications mentioned here: https://sysctl.se/deaddrop/documentation/server-requirements/#virtual-server

If a physical server is to be used, the new server must be setup beforehand in accordance with the minimum specifications mentioned here: https://sysctl.se/deaddrop/documentation/server-requirements/#physical-server

You should examine your actual disk usage from the existing server, but also verify that you are well aligned with the disk usage recommendations mentioned here: https://sysctl.se/deaddrop/documentation/server-requirements/#disk-usage

Since this is a major upgrade from 3 -> 4, and we have also made significant changes when we replaced the old Linux platform to our new Linux platform, this release

is not intended for any automatic upgrading. It is not possible to run an upgrade inside an existing installation, since the base OS is so different and requires a full install in itself.
require completely a new install for the 4.0 server
with new install, we mean an installation of a new virtual, or physical, machine that will run the new Deaddrop while decommissioning the old installation
a special backup and restore script is supplied to be used by your organization to backup the configuration of the old deaddrop instance and to be used for restoring the configuration and settings into the newly installed deaddrop server.
deaddrop 3.6.1 will soon be released with the full backup script. This must be installed on the old server, so you are able to run the backup script and later use that backup as the basis for the new server settings.

The backup-restore task should be performed as soon as the new server is up, and the old server is ready to be retired.

If you are uncertain how to perform this task, contact support@sysctl.se before doing any changes to your environment!

Frontend

Minor graphical enhancement

Backend

Rebase on Sysctl Linux. Update all system components.

Ship SBOM. This is the first release for which we will make available a Software Bill of Material, SBOM. This is a specially structured document that lists all components that make up deaddrop. SBOM’s is mandated in some upcoming legislation. SBOM’s also usable for software inventories and housekeeping as it can be used by various tools.
core: Update userland components
core: rewrite SELinux to work with new base and with all new services we use
core: Replace ntpd with chrony. Harden ntp service
core: Replace iptables with nftables
core: Replace shibboleth SAML service provider with Mellon
web: Enable support for the TLSv1.3 protocol
Lets encrypt module: properly handle changed ca-chains
Lets encrypt module: decouple proxy settings from system
email: Tag subjects on file email notifications with uuids

Repo

The repo is our repository of software packages used to install components on the deaddrop server.

Completely redo how we handle updates and software packages. Instead of distributing massive amounts of packages, some not needed, we now optimize the storage and the network bandwidth with a minimized repo. This will lead to reduced disk usage of repomirrors on the local system.

DDadm

DDadm is the separate admin tool and admin interface for deaddrop

ddadm: Replace Admin cgi scripts with python processes. This is a major write
ddadm: Remove requirement on sudo

SMS

add support for cellsynt sms gateway

Operating system packages

This new release brings upstream operating system updates and fixes

Documentation

General documentation enhancement to reflect the new release

Known issues

When Session cookie users get logged out from inactivity, they will be redirected to the main login page. Previously a logged-out user was given a prompt to re-login without needing to fill in their username. This will be resolved in a future release