A configuration error in Tails 3.9 will cause the following operations to fail:
- Installing SecureDrop using an Admin Workstation running Tails 3.9
- Updating the SecureDrop code on an Admin or Journalist workstation running Tails 3.9
securedrop-admin setup step will fail with the following error:
W: The repository 'tor+http://sdscoq7snqtznauu.onion/torproject.org tor-experimental-0.3.4.x-stretch Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch tor+http://sdscoq7snqtznauu.onion/torproject.org/dists/tor-experimental-0.3.4.x-stretch/main/binary-amd64/Packages 404 Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.
The cause of this error, which is expected to be fixed in Tails 3.9.1 later this month, is that the package configuration refers to an experimental version of Tor which no longer exists, and which is not required.
You can work around this problem manually prior to the next Tails release. Before running
securedrop-admin setup, please perform the following steps:
- Start the Journalist or Admin Workstation with Persistent Storage unlocked and an administration password set.
- Open a terminal and run this command:
sudo nano /etc/apt/sources.list.d/torproject.list
- Delete the second line, which should look like this:
deb tor+http://sdscoq7snqtznauu.onion/torproject.org/ tor-experimental-0.3.4.x-stretch main
- Save changes and quit the text editor
sudo apt-get updateand ensure it completes without an error message.
Please note that this change will not be persistent across reboots, so it will be necessary to run it before running
./securedrop-admin setup for the first time after booting into Tails 3.9.
Questions and comments
If this workaround does not work for you, or if you have other questions or comments regarding this issue, please don't hesitate to reach out:
- Via our Support Portal, if you are a member (membership is approved on a case-by-case basis);
- Via firstname.lastname@example.org (GPG encrypted) for sensitive security issues (please use judiciously);
- Via our community forums.
We also encourage you to file non-sensitive issues you encounter in our GitHub repository (issue report form).Updated October 1, 2018: The Tails team has committed to cutting a point release that will include the necessary fix well ahead of the Tails 3.10 release in late October.