[xenial] Update fresh install guide

docs/development/qubes_staging.rst

@@ -22,9 +22,9 @@ Download Ubuntu Trusty server ISO
 ---------------------------------
 
 On ``sd-dev``, download the Ubuntu Trusty server ISO, along with corresponding
-checksum and signature files. See the :ref:`hardware installation docs <download_trusty>`
-for detailed instructions. If you opt for the command line instructions,
-omit the ``torify`` prepended to the ``curl`` command.
+checksum and signature files. See the :ref:`hardware installation docs <download_ubuntu>`
+for detailed instructions, replacing Xenial with Trusty (``16.04`` with ``14.04``). If you opt for the command line
+instructions, omit the ``torify`` prepended to the ``curl`` command.
 
 Create the Trusty base VM
 -------------------------
@@ -58,7 +58,7 @@ In ``dom0``:
 You may need to edit the filepath above if you downloaded the ISO to a
 different location within the ``sd-dev`` VM. Choose **Install Ubuntu**.
 For the most part, the install process matches the
-:ref:`hardware install flow <install_trusty>`, with a few exceptions:
+:ref:`hardware install flow <install_ubuntu>`, with a few exceptions:
 
   -  Server IP address: use value returned by ``qvm-prefs sd-trusty-base ip``, with ``/24`` netmask suffix
   -  Gateway: use value returned by ``qvm-prefs sd-trusty-base visible_gateway``

docs/servers.rst

@@ -14,19 +14,19 @@ Install Ubuntu
   exactly as there are some "gotchas" that may cause your SecureDrop set up to break.
 
 The SecureDrop *Application Server* and *Monitor Server* run **Ubuntu Server
-14.04.5 LTS (Trusty Tahr)**. To install Ubuntu on the servers, you must first
+16.04.5 LTS (Xenial Xerus)**. To install Ubuntu on the servers, you must first
 download and verify the Ubuntu installation media. You should use the *Admin
 Workstation* to download and verify the Ubuntu installation media.
 
-.. _download_trusty:
+.. _download_ubuntu:
 
 Download the Ubuntu Installation Media
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 The installation media and the files required to verify it are available on the
 `Ubuntu Releases page`_. You will need to download the following files:
 
-* `ubuntu-14.04.5-server-amd64.iso`_
+* `ubuntu-16.04.5-server-amd64.iso`_
 * `SHA256SUMS`_
 * `SHA256SUMS.gpg`_
 
@@ -42,16 +42,16 @@ Alternatively, you can use the command line:
 .. code:: sh
 
    cd ~/Persistent
-   torify curl -OOO http://releases.ubuntu.com/14.04.5/{ubuntu-14.04.5-server-amd64.iso,SHA256SUMS{,.gpg}}
+   torify curl -OOO http://releases.ubuntu.com/16.04.5/{ubuntu-16.04.5-server-amd64.iso,SHA256SUMS{,.gpg}}
 
 .. note:: Downloading Ubuntu on the *Admin Workstation* can take a while
    because Tails does everything over Tor, and Tor is typically slow relative
    to the speed of your upstream Internet connection.
 
 .. _Ubuntu Releases page: http://releases.ubuntu.com/
-.. _ubuntu-14.04.5-server-amd64.iso: http://releases.ubuntu.com/14.04.5/ubuntu-14.04.5-server-amd64.iso
-.. _SHA256SUMS: http://releases.ubuntu.com/14.04.5/SHA256SUMS
-.. _SHA256SUMS.gpg: http://releases.ubuntu.com/14.04.5/SHA256SUMS.gpg
+.. _ubuntu-16.04.5-server-amd64.iso: http://releases.ubuntu.com/16.04.5/ubuntu-16.04.5-server-amd64.iso
+.. _SHA256SUMS: http://releases.ubuntu.com/16.04.5/SHA256SUMS
+.. _SHA256SUMS.gpg: http://releases.ubuntu.com/16.04.5/SHA256SUMS.gpg
 
 Verify the Ubuntu Installation Media
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -85,13 +85,13 @@ Verify the ``SHA256SUMS`` file and move on to the next step if you see
 
 The next and final step is to verify the Ubuntu image. ::
 
-    sha256sum -c <(grep ubuntu-14.04.5-server-amd64.iso SHA256SUMS)
+    sha256sum -c <(grep ubuntu-16.04.5-server-amd64.iso SHA256SUMS)
 
 
 If the final verification step is successful, you should see the
 following output in your terminal. ::
 
-    ubuntu-14.04.5-server-amd64.iso: OK
+    ubuntu-16.04.5-server-amd64.iso: OK
 
 .. caution:: If you do not see the line above it is not safe to proceed with the
              installation. If this happens, please contact us at
@@ -119,9 +119,9 @@ Ubuntu installer.
 If your USB is mapped to /dev/sdX and you are currently in the directory that
 contains the Ubuntu ISO, you would use dd like so: ::
 
-   sudo dd conv=fdatasync if=ubuntu-14.04.5-server-amd64.iso of=/dev/sdX
+   sudo dd conv=fdatasync if=ubuntu-16.04.5-server-amd64.iso of=/dev/sdX
 
-.. _install_trusty:
+.. _install_ubuntu:
 
 Perform the Installation
 ~~~~~~~~~~~~~~~~~~~~~~~~
@@ -204,9 +204,9 @@ Partition the Disks
 ~~~~~~~~~~~~~~~~~~~
 
 Before setting up the server's disk partitions and filesystems in the
-next step, you will need to decide if you would like to enable `*Full
+next step, you will need to decide if you would like to enable `Full
 Disk Encryption
-(FDE)* <https://www.eff.org/deeplinks/2012/11/privacy-ubuntu-1210-full-disk-encryption>`__.
+(FDE) <https://www.eff.org/deeplinks/2012/11/privacy-ubuntu-1210-full-disk-encryption>`__.
 If the servers are ever powered down, FDE will ensure all of the
 information on them stays private in case they are seized or stolen.
 
@@ -261,8 +261,9 @@ regular software updates.
           :ref:`OSSEC guide <AnalyzingAlerts>` for example notifications
           generated by the reboots.
 
-When you get to the software selection screen, only choose **OpenSSH
-server** by hitting the space bar.
+When you get to the software selection screen, deselect the preselected
+**Standard system utilities** and select **OpenSSH server** by highlighting each
+option and pressing the space bar.
 
 .. caution:: Hitting enter before the space bar will force you to start the
              installation process over.