Proposal to elect new HostOS release (68fc31a1)

Governance NNS proposal discussions
1

Greetings! We’re very happy to offer to you the following proposal 136070 to elect a new HostOS binary revision 68fc31a141b25f842f078c600168d8211339f422

Change log since git revision 2e269c77aa2f6b2353ddad6a4ac3d5ddcac196b1

Features:

  • [f0c82237a] node: Upgrade components to SEV-SNP compatible versions (#4320)

  • [c05b185fe] node: Log guestos.service console logs to tty1 (#3645)

  • [c44f6612a] node: Disable start/stop logs for timers (#3244)

  • [b6e0faa05] node: update-config.service (#2393)

  • [a0be7baf6] node: Allow local network to access metrics through firewall (#2703)

  • [32d152815] node: Remove retries from docker build (#2500)

  • [e17d99af7] node: replace fetch-mgmt-mac.sh with hostos_tool command (#1883)

  • [47590772d] node: Upgrade HostOS to 24.04 (#1588)

  • [09ddd7d5b] node: Change monitoring strategy for GuestOS VM (#1586)

  • [cc5e5060d] node: Upgrade HostOS base image to 24.04 (#1587)

  • [e880042de] node: Configuration revamp (define config structure and config tool) (#1539)

  • [3cd7ee343] node: Add cpu field to deployment.json (#1199)

  • [4a6cdcc47] node: Consolidate manageboot.sh (#819)

  • [7d70776f8] node: Pull HostOS upgrade file in chunks

  • [78e491e1c] node: Add verbose flag to help debug NP support issues and add logrotation to host

  • [2a0016327] node: Send generate-network-config logs to console and journald

  • [76c16843a] node: Switch IC-OS to newer FS build tools

Bugfixes:

  • [07090259b] node: extracting of sampling period for power measurements (#4266)

  • [00be225f3] node: Add ahci to HostOS initramfs to fix gen1 spms (#3894)

  • [ac71086bf] node: update development nns_url (#3486)

  • [bc83b42ae] node: fix update-config when reward.conf does not exist (#3290)

  • [9064779bd] node: Add node reward type update-config parsing (#3132)

  • [582ce51a6] node: Fix confusing logging of ipmitool (#2297)

  • [9f068bb16] node: Fix handling of microcode for 24.04 (#1888)

  • [fcad095e7] node: verbose logging service file failure (#1858)

  • [fdbd50e3e] node: Small change in how we enable systemd services (#1824)

  • [8d630c57d] node: Fix long-standing typo (#1602)

  • [dfb1c634d] node: Update fetch-mgmt-mac (#1422)

  • [ab306b022] node: Fix missing log function (#1256)

  • [703c513ae] node: disable node exporter netlink metrics collection (#826)

Performance improvements:

  • [fb75bf40f] node: Move file system population to mkfs.ext4 invocation (#3476)

  • [33b782cad] node: Optimize strip_files function (#959)

  • [6ec7a4977] node: Optimize the inject_files tool (#957)

Chores:

  • [4cece3a67] boundary-node,node: Update Base Image Refs [2024-10-02-1854] (#1810)

  • [588ad7a46] IDX,execution: upgrade rust version to 1.82 (#2137)

  • [1e5e864a9] node: Increase HostOS upgrade download timeout (#4422)

  • [5e8587031] node: address guestOS/hostOS FW findings (#4093)

  • [483f05324] node: Processes robust against restarts (#3693)

  • [5ea5e0928] node: systemd tidying-up (#3699)

  • [639657530] node: export cpu microcode metrics (#3787)

  • [9bf488d5c] node: update mount settings (#3798)

  • [0ba0edf44] node: move metrics services to run before node_exporter (#3678)

  • [86473052e] node: Update Base Image Refs [2025-02-06-0807] (#3813)

  • [192b37ddd] node: Update Base Image Refs [2025-01-30-0807] (#3680)

  • [0b1d6e41d] node: tidy up systemd dependencies (#3574)

  • [145aff3e5] node(nftables): update IPv6 prefix list in the HostOS firewall (#3414)

  • [f42fe638d] node: Remove legacy mercury.dfinity.systems logging targets (#2740)

  • [0f35ac817] node: networking touch-ups (#2926)

  • [f96dec1db] node: remove setupos/hostos network bonding and clean up docs (#2579)

  • [dff73c67c] node: Fixup services (#1837)

  • [0501f7b07] node: remove BUILD_TAR_ONLY conditional (#2029)

  • [c918618eb] node: assorted ic-os bash script clean-ups and tweaks (#1857)

  • [db67ca341] node: Choose new dummy URL (#1399)

  • [574e00d70] node: Extract logging functionality (#1202)

  • [98423a211] node: Improve partition_tools (#1209)

  • [6fd620f4a] node: Move the setup/teardown of temporary build directories to a process wrapper (#1142)

  • [0bd54a27f] node: Remove obsolete set-node-id command (#778)

  • [3aae377ca] node: Log HostOS config partition (config.ini and deployment.json)

  • [af3d92a0f] node: Fix etc/ permissions Dockerfile comments

  • [f7d92170e] node: Update node exporter version

  • [80ebdebe5] node,NNS: Update gz references (#701)

Refactoring:

  • [fcc88deb5] node: Remove inject_files rule invocations and move injection of binaries to ext4_image (#3497)

  • [a4dd63884] node: rename ssh services (#3548)

  • [697c20ccd] node: follow-ups to deterministic_ips/ consolidation (#2845)

  • [dab484292] node: rename use_nns_public_key and use_node_operator_private_key (#2700)

  • [1c0bd6862] node: rename nns_url nns_urls (#1970)

  • [d544428d8] node: miscellaneous icos refactoring and clean-up (#1937)

  • [a7d5b717a] node: Config types refactor (#1667)

  • [41a9d9db7] node: refactor os_tools and networking code (#1666)

Tests:

  • [e9ff67e25] node: update-config in testnet environment (#3072)

  • [8e149ef62] node: Optimize the implementation of dflate and add a test (#954)

Documentation:

  • [7809eee25] node: update configuration documentation (#1089)

Other changes:

  • [1205f6ceb] node: “feat: Upgrade components to SEV-SNP compatible versions” (#4369)

IC-OS Verification

To build and verify the IC-OS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 68fc31a141b25f842f078c600168d8211339f422 --hostos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image,
must be identical, and must match the SHA256 from the payload of the NNS proposal.

4 Likes
2

Proposal 136070 – ilbert | CodeGov

Vote: ADOPTED.
Reason: Hashes match.

build-2025-04-06 at 12.32.15
build-2025-04-06 at 12.32.151300×342 65.4 KB

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like
3

Proposal 136070 | Tim - CodeGov

Screenshot 2025-04-06 220603
Screenshot 2025-04-06 2206031231×137 6.99 KB

Vote: Adopt

Reason: Build is successful, hashes match and commits have all been seen previously.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

2 Likes
4

Proposal: 136070 | Ipsita - ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: release_package_sha256_hex, CDN and local hash matches.
  3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

136070
1360701920×767 140 KB

Commits

Features:

Bugfixes:

Performance improvements:

Chores:

Refactoring:

  • [[fcc88deb5] (https://github.com/dfinity/ic/commit/fcc88deb5)] node: Remove inject_files rule invocations and move injection of binaries to ext4_image (#3497)
    Notes: Refactored the image build process by removing rootfs file injection, adding extra_files support with path/permission control, and enhancing ext4_image for deferred injection and better caching.
    Review: Code changes look good and match release notes.
  • [[a4dd63884] (https://github.com/dfinity/ic/commit/a4dd63884)] node: rename ssh services (#3548)
    Notes: Rename ssh services, setup-ssh-account-keys to setup-ssh-user-keys and setup-ssh-keys to generate-host-ssh-keys.
    Review: Code changes look good and match release notes.
  • [[697c20ccd] (https://github.com/dfinity/ic/commit/697c20ccd)] node: follow-ups to deterministic_ips/ consolidation (#2845)
    Notes: Moved Deployment to types.rs, added node_type.rs from the old mac_address library, integrated the macaddr crate, and replaced the HwAddr wrapper with MacAddr6 for cleaner IP and MAC address handling.
    Review: Code changes look good and match release notes.
  • [[dab484292] (https://github.com/dfinity/ic/commit/dab484292)] node: rename use_nns_public_key and use_node_operator_private_key (#2700)
    Notes: Renames nns_public_key_exists to use_nns_public_key and node_operator_private_key_exists to use_node_operator_private_key to emphasize that these variables are used as access controls.
    Review: Code changes look good and match release notes.
  • [[1c0bd6862] (https://github.com/dfinity/ic/commit/1c0bd6862)] node: rename nns_url nns_urls (#1970)
    Notes: Rename nns_url to nns_urls to improve naming accuracy.
    Review: Code changes look good and match release notes.
  • [[d544428d8] (https://github.com/dfinity/ic/commit/d544428d8)] node: miscellaneous icos refactoring and clean-up (#1937)
    Notes: Removed unused hostname field from a script, cleaned up outdated documentation links, replaces ipv6_subnet to ipv6_prefix_length in has_ipv6_connectivity function, remove references to deleted ConfigStore-SetupOSHostOS documentation and add comment to get_ipmi_mac.
    Review: Code changes look good and match release notes.
  • [[a7d5b717a] (https://github.com/dfinity/ic/commit/a7d5b717a)] node: Config types refactor (#1667)
    Notes: Creates enums for NetworkSettings, relocates mgmt_mac into the new ICOSDevSettings struct, and renames GuestosDevConfig to GuestosDevSettings to maintain consistency.
    Review: Code changes look good and match release notes.
  • [[41a9d9db7] (https://github.com/dfinity/ic/commit/41a9d9db7)] node: refactor os_tools and networking code (#1666)
    Notes: Moves the mgmt_mac conditional to os_tool to simplify generate_network_config, reduce passing optional values and makes the testing logic around mgmt_mac more explicit.
    Review: Code changes look good and match release notes.

Tests:

  • [[e9ff67e25] (https://github.com/dfinity/ic/commit/e9ff67e25)] node: update-config in testnet environment (#3072)
    Notes: Adds a check in the update-config so that testnet configurations are not overwritten, allow an empty hostname field in GuestOS for nested tests and switch the testing environment to “testnet” to avoid issues with deployment configurations.
    Review: Code changes look good and match release notes.
  • [[8e149ef62] (https://github.com/dfinity/ic/commit/8e149ef62)] node: Optimize the implementation of dflate and add a test (#954)
    Notes: Use a BufReader and pre-allocated buffer (MAX_BLOCK_SIZE) instead of allocating a new buffer for every 512 bytes read, also improving the is_empty function so Rust generates more efficiently.
    Review: Code changes look good and match release notes.

Documentation:

  • [[7809eee25] (https://github.com/dfinity/ic/commit/7809eee25)] node: update configuration documentation (#1089)
    Notes: Update configuration documentation such as SetupOS validates, sanitizes, and copies configuration files to the HostOS config partition, listing specific files like config.ini, ssh_authorized_keys, and node_operator_private_key.pem.
    Review: Code changes look good and match release notes.

Other changes:

2 Likes
5

Proposal: 136070 | Zenith Code

Summary:

  1. Build Hash: Build hash from proposal, CDN and local hash matches
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

136070
1360701920×808 143 KB

Commits

Features:

  • [[f0c82237a] (feat: [NODE-1574] Upgrade components to SEV-SNP compatible versions (… · dfinity/ic@f0c8223 · GitHub)] node: Upgrade components to SEV-SNP compatible versions (#4320)
    Review: Matches description + changes are appropriate, rolled back to maintain consistency.
    Note: This commit updates the base image build process to support SEV=SNP compatibility for host OS images. This commit pulls the image from newer versions of Ubuntu releases fetching specific versions. Main changes are in Dockerfile.base, manual QEMU 6.2.0 has been removed. They are now directly downloaded through apt.

  • [[c05b185fe] (feat(node): Log guestos.service console logs to tty1 (#3645) · dfinity/ic@c05b185 · GitHub)] node: Log guestos.service console logs to tty1 (#3645)
    Review: Matches description + changes are appropriate
    Note: This commit addresses the “black console” issue when the GuestOS VM fails to start. Previously, when guestos.servvice launched QEMU, the VM cleared the screen and if it failed to start then the user would just see a blank console with no feedback, however, with this commit, it will now show a clear ERROR message and will be logged in guestos-serial.log as well. A success message will also be shown if QEMU launches successfully. Moreover, a timer of 5 minutes has been added before trying to start the service again.

  • [[c44f6612a] (feat: [NODE-1549] Disable start/stop logs for timers (#3244) · dfinity/ic@c44f661 · GitHub)] node: Disable start/stop logs for timers (#3244)
    Review: Matches description + changes are appropriate
    Note: This commit reduces the spam by disabling noisy systemd logs for timer-triggered units. Previously, when timers trigger .service, systemd emitted Starting and Finished message but this would create a lot of text which would make it difficult to sift through, with this commit, levels have been added to the messages. 2 levels are introduced LogLevelMax=1 and SyslogLevel=2. The former suppresses messages unless logged explicitly as <0> (emergency) or 1 while the latter ensures that logs are still written but with way less spam.

  • [[b6e0faa05] (feat(node): update-config.service (#2393) · dfinity/ic@b6e0faa · GitHub)] node: update-config.service (#2393)
    Review: Matches description + changes are appropriate
    Note: This commit introduces a migration service for nodes to upgrade from the legacy network.conf and deployment.json config format to the new unified config.json format. It added update-config.service to automatically migrate legacy config on start. Tests have also been added for this commit.

  • [[a0be7baf6] (feat: [NODE-1530] Allow local network to access metrics through firew… · dfinity/ic@a0be7ba · GitHub)] node: Allow local network to access metrics through firewall (#2703)
    Review: Matches description + changes are appropriate
    Note: This commit introduces a mechanism to enable metric access from local iPv6 network through the hostOS firewall. It does so with the use of nftables firewall. nftable updates hostOS firewall rules to allow incoming connections from the IPv6 subnet to metrics-related ports like 7070, 9090, 9091.

  • [[32d152815] (feat: Remove retries from docker build (#2500) · dfinity/ic@32d1528 · GitHub)] node: Remove retries from docker build (#2500)
    Review: Matches description + changes are appropriate
    Note: This commit removes the retry mechanism from the docker build logic, previously when a docker image failed and led to an exception, the system would retry upto 3 times to rebuild it, but now, no retries will take place. I am not sure what led to this decision, it could be that developers wanted the build to fail without retries for testing purposes or to gain more clarity into the errors.

  • [[e17d99af7] (feat(NODE-1491): replace fetch-mgmt-mac.sh with hostos_tool command (… · dfinity/ic@e17d99a · GitHub)] node: replace fetch-mgmt-mac.sh with hostos_tool command (#1883)
    Review: Matches description + changes are appropriate
    Note: This commit replaces the legacy fetch-mgmt-mac.sh script with a new subcommand, hostos_tool fetch-mac-address in hostos_tool utility. This ensures that hostos_tools are testable not only for shell scripts but also for system-level logic. This commit allows us to improve maintainability and enable an easier adoption of the new config formats. This is a good step toward unifying host configuration tooling.

  • [[47590772d] (feat: [NODE-1444] Upgrade HostOS to 24.04 (#1588) · dfinity/ic@4759077 · GitHub)] node: Upgrade HostOS to 24.04 (#1588)
    Review: Matches description + changes are appropriate
    Note: This commit updates the hostOS base image to Ubuntu 24.04, changes have been made in the OVMF path to match with the 24.04 conventions. Also, redundant migratable=‘off’ from config has been removed. Python path has also been changed to reflect python 3.12 on Ubuntu. Deprecated and redundant code like legacy firmware blobs have also been removed.

  • [[09ddd7d5b] (feat: [NODE-1469] Change monitoring strategy for GuestOS VM (#1586) · dfinity/ic@09ddd7d · GitHub)] node: Change monitoring strategy for GuestOS VM (#1586)
    Review: Matches description + changes are appropriate
    Note: This commit replaces PIDFIle based tracking with virsh-based lifecycle control. We were previously using PIDFile but it is not too compatible with the new OS, Ubuntu 24.4, thus, we had to switch to virsh driven lifecycle management. In guestos.service, systemd now delegates actual VM state tracking to libvirt(virsh).

  • [[cc5e5060d] (feat: [NODE-1444] Upgrade HostOS base image to 24.04 (#1587) · dfinity/ic@cc5e506 · GitHub)] node: Upgrade HostOS base image to 24.04 (#1587)
    Review: Matches description + changes are appropriate
    Note: This commit ensures all stages, download, build, and final are now based on Ubuntu 24.04. It upgrades linux-image-generic-hwe-20.04 to linux-image-generic-hwe-24.04 and other packages. Also systemd-resolved is now required as a separate package which has also been added.

  • [[e880042de] (feat(NODE-1475): Configuration revamp (define config structure and co… · dfinity/ic@e880042 · GitHub)] node: Configuration revamp (define config structure and config tool) (#1539)
    Review: Matches description + changes are appropriate
    Note: Couple of new features defined in this commit, CreateSetuposConfig constructs a SetupOSConfig from existing inputs like config.ini, deployment.json etcetera. GenerateHostosConfig converts setupOSConfig to HostOSConfig. This commit also organizes config structs by domain. Additionally, centralized config parsing has been introduced, files like config_ini_rs handle config.ini with normalization, validation, and error messaging.

  • [[3cd7ee343] (feat(NODE-1463): Add cpu field to deployment.json (#1199) · dfinity/ic@3cd7ee3 · GitHub)] node: Add cpu field to deployment.json (#1199)
    Review: Matches description + changes are appropriate
    Note: This commit adds a cpu field to deployment.json enabling to be fully supported across the config ecosystem. Previously, the cpu mode was hard coded in logic, this commit allows it to be explicitly mentioned and enabled per-deployment virtualization mode handling. Tests have also been also been added to cover the commit. Also by mentioning cpu mode explicitly we don’t have to worry about divergence.

  • [[4a6cdcc47] (feat(NODE-1450): Consolidate manageboot.sh (#819) · dfinity/ic@4a6cdcc · GitHub)] node: Consolidate manageboot.sh (#819)
    Review: Matches description + changes are appropriate
    Note: This commit integrates manageboot.sh script for both HostOS and GuestOS into a single shared script. Also, previously hostOS would use upgrade commit and upgrade install in the same flow but now it has been split like GuestOS. Now that they share flow, testing will be made easier with less duplication and will also lead to a unified managebooth.sh.

  • [[7d70776f8] (feat: [NODE-1435] Pull HostOS upgrade file in chunks · dfinity/ic@7d70776 · GitHub)] node: Pull HostOS upgrade file in chunks
    Review: Matches description + changes are appropriate
    Note: This commit changes how HostOS upgrade files are downloaded. Previously, they were copied and written in a file using write_all() but now a stream has been added which streams the file directly from the http response to disk in chunks which is much more memory efficient and supports large file sizes reliably. Additionally, this switch eliminates the issue of OOM crashes from large image payloads.

  • [[78e491e1c] (feat(ICSUP-3837): Add verbose flag to help debug NP support issues an… · dfinity/ic@78e491e · GitHub)] node: Add verbose flag to help debug NP support issues and add logrotation to host
    Review: Matches description + changes are appropriate
    Note: This commit adds a new verbose flag in config.ini which enables piping in the guestOS console logs directly to the Host terminal and adds a systemd unit, verbose.logging.service which starts if flag is turned true. This commit allows troubleshooting early GuestOS issues especially before the network is up and running.

  • [[2a0016327] (Feat(NODE-1430): Send generate-network-config logs to console and jou… · dfinity/ic@2a00163 · GitHub)] node: Send generate-network-config logs to console and journald
    Review: Matches description + changes are appropriate
    Note: This commit allows the network logs to be sent to host console in addition to journalID, previously, they were only going to journalId. This allows developers to spot the network problems more quickly, overall this commit provides more clarity for system through additional logging.

  • [[76c16843a] (feat: [NODE-1380] Switch IC-OS to newer FS build tools · dfinity/ic@76c1684 · GitHub)] node: Switch IC-OS to newer FS build tools
    Review: Matches description + changes are appropriate
    Note: This commit changes how IC-OS filesystem images are built by replacing legacy android tools with modern and more maintainable Linux-native tools. Also, new rust tool, diroid has been added which generates a fs_config file using fakeroot metadata. Commit also introduces new required packages eg logrotate, clap, anyhow etcetera. Overall, this commit modernizes the IC-OS image building toolchain improving reliability maintainability and security.

Bugfixes:

  • [[07090259b] (fix: extracting of sampling period for power measurements (#4266) · dfinity/ic@0709025 · GitHub)] node: extracting of sampling period for power measurements (#4266)
    Review: Matches description + changes are appropriate
    Note: This commit fixes a parsing bug in the monitorpower.sh script that was introduced due to a change in the output format of the ipmitool command. Previously, the sampling time period appeared on its own line which was causing bugs but now it appears after the timestamp, fixing the bug.

  • [[00be225f3] (fix: Add ahci to HostOS initramfs to fix gen1 spms (#3894) · dfinity/ic@00be225 · GitHub)] node: Add ahci to HostOS initramfs to fix gen1 spms (#3894)
    Review: Matches description + changes are appropriate
    Note: Lack of ahci module in initramfs prevents machines from detecting their boot disks early in the boot process which could result in boot failures or being dropped into emergency shell during early-boot. This commit adds the ahci into initarmfs thus fixing the bug.

  • [[ac71086bf] (fix(node): update development nns_url (#3486) · dfinity/ic@ac71086 · GitHub)] node: update development nns_url (#3486)
    Review: Matches description + changes are appropriate
    Note: This commit updates the default nns_url in development configurations to avoid deployment failures on IPv6- only networks. This is done so by replacing nns_url from a url that only resolved on IPv4 address to a url that resolves on both IPv4 and IPv6.

  • [[bc83b42ae] (fix(node): fix update-config when reward.conf does not exist (#3290) · dfinity/ic@bc83b42 · GitHub)] node: fix update-config when reward.conf does not exist (#3290)
    Review: Matches description + changes are appropriate
    Note: This commit adds an if statement in order to fix the bug of update-config crashing when a file, reward.conf which does not exist, was getting parsed, which was leading to errors. If statement returns None that means that the file does not exist and the function does not try parse it.

  • [[9064779bd] (fix(node): Add node reward type update-config parsing (#3132) · dfinity/ic@9064779 · GitHub)] node: Add node reward type update-config parsing (#3132)
    Review: Matches description + changes are appropriate
    Note: This commit improves update-confid logic by introducing proper parsing and support for the optional node_reward_type configuration from reward.conf. It does so with the help of update_config.rs which now reads reward.conf, extracts the node_reward_type key if it exists. Also, generate_testnet_condfig.rs is now simplified by removing the default assignment from the node_reward_type and is now being passed as is into ICOSS Settings.

  • [[582ce51a6] (fix: Fix confusing logging of ipmitool (#2297) · dfinity/ic@582ce51 · GitHub)] node: Fix confusing logging of ipmitool (#2297)
    Review: Matches description + changes are appropriate
    Note: This commit improves the robustness and clarity of logging around ipmit tool usage. It removes unnecessary unconditionally error logging of ipmitools stderr output and triggers error logging only ig get_mac_address_from_ipmitool_output() fails. Overall, there is no change to actual behavior or logic, moreover, logs are made clearer and spam has been reduced.

  • [[9f068bb16] (fix: [NODE-1490] Fix handling of microcode for 24.04 (#1888) · dfinity/ic@9f068bb · GitHub)] node: Fix handling of microcode for 24.04 (#1888)
    Review: Matches description + changes are appropriate
    Note: This commit updates how intel microcode is excluded from HostOS and SetupOS initramfs images in Ubuntu 24.04. Because of updating the system to 4.04, the initramfs generation scripts for intel microcode no longer respects custom values in initramf.config thus this commit was much needed to add the correct file in order to build correctly.

  • [[fcad095e7] (fix: verbose logging service file failure (#1858) · dfinity/ic@fcad095 · GitHub)] node: verbose logging service file failure (#1858)
    Review: Matches description + changes are appropriate
    Note: This commit fixes systems restarting even if they exit intentionally, the line change is restart-always to restart-on-failiure in the verbose-logging.service. This ensures that only relevant logs are displayed and console is not stick in a restart loop.

  • [[fdbd50e3e] (fix: Small change in how we enable systemd services (#1824) · dfinity/ic@fdbd50e · GitHub)] node: Small change in how we enable systemd services (#1824)
    Review: Matches description + changes are appropriate
    Note: This commit improves how systemd service files are allowed during image builds. Previously, all .service files with [install] section were enabled this included template units which would fail without an instance, additionally, there was a redundant check for the [install] section which systemctl was already handling, with this commit, the template files are now skipped and the redundant checks have been reduced.

  • [[8d630c57d] (fix: Fix long-standing typo (#1602) · dfinity/ic@8d630c5 · GitHub)] node: Fix long-standing typo (#1602)
    Review: Matches description + changes are appropriate
    Note: Typo fixed in a comment, no behavior changes. Improves readability.

  • [[dfb1c634d] (fix(NODE-1465): Update fetch-mgmt-mac (#1422) · dfinity/ic@dfb1c63 · GitHub)] node: Update fetch-mgmt-mac (#1422)
    Review: Matches description + changes are appropriate
    Note: This commit fixes a regression introduced in a previous commit that broke nested registration tests. Previously, fetch-mgmt-mac relied on reading from config.ini using custom parsing and fetched mgmt_mac from .ini using read_variable() loop which was causing bugs. Now, config.ini parsing has been replaced with a json-based config which uses jq to extract mgmt_mac. This allws for a modernized config format and a simpler logic.

  • [[ab306b022] (fix: Fix missing log function (#1256) · dfinity/ic@ab306b0 · GitHub)] node: Fix missing log function (#1256)
    Review: Matches description + changes are appropriate
    Note: This commit fixes the bug caused by a missing import. This commit adds the appropriate import and makes sure that it is actually present in the SetupOS builds by including it in the component_files mapping.

  • [[703c513ae] (fix: disable node exporter netlink metrics collection (#826) · dfinity/ic@703c513 · GitHub)] node: disable node exporter netlink metrics collection (#826)
    Review: Matches description + changes are appropriate
    Note: This commit fixes a bug caused by upgrading node exporter from version 1.2 to 1.8, which also changed the behavior of a few collectors. Collectors like arp and netdev in node exporter now use netlink sockets by default, however, they were not allowed to open netlink on GuestOS, and so their respective metrics disappeared. This issue is fixed by explicitly telling the collectors that want to use netlink to use the legacy method for scraping data.

Performance improvements:

  • [[fb75bf40f] (perf: Move file system population to mkfs.ext4 invocation (#3476) · dfinity/ic@fb75bf4 · GitHub)] node: Move file system population to mkfs.ext4 invocation (#3476)
    Review: Matches description + changes are appropriate
    Note: This commit optimizes image creation workflow by moving the filesystem population from e2fsdroid to mkfs.ext4. Previously, mkfs.ext4 created a blank file image system while e2fsdroid copied in the files, but now mkfs.ext4 directly populates the image with files using the -d option and e2fsdroid is only used to apply fs_config to SELinux labels. This change lef to an increase in efficiency by 25% (26 secs decreased to 19.9).

  • [[33b782cad] (perf: Optimize strip_files function (#959) · dfinity/ic@33b782c · GitHub)] node: Optimize strip_files function (#959)
    Review: Matches description + changes are appropriate
    Note: This commit changes the process of deleting files, previously, a subprocess was called each time a file was to be deleted, but now, the path of the files to be deleted are collected first and then deleted in batch of 100s, this leads to a quicker build time.

  • [[6ec7a4977] (perf: Optimize the inject_files tool (#957) · dfinity/ic@6ec7a49 · GitHub)] node: Optimize the inject_files tool (#957)
    Review: Matches description + changes are appropriate
    Note: This commit optimizes inject_files tool by using tokio::fs::copy for the fast path and falling back to tokio:io:copy if an offset requires a partial copy. Originally, tokio:io::copy was was used for both cases which is much slower than fs::copy, thus by replacing it with fs::copy wherever possible (when copy does not require seeking into input or output) we are saving time.

Chores:

Note: Unable to post the complete review in one thread/post since there is character limit per post. will continue the remaining review in a separate thread/post.

Screenshot 2025-04-06 at 10.07.53 PM
Screenshot 2025-04-06 at 10.07.53 PM1164×266 10.7 KB

1 Like
6

Continued review from above…

Commits ### Refactoring:

  • [[fcc88deb5] (refactor: Remove inject_files rule invocations and move injection of … · dfinity/ic@fcc88de · GitHub)] node: Remove inject_files rule invocations and move injection of binaries to ext4_image (#3497)
    Review: Matches description + changes are appropriate
    Note: This commit simplifies the process of how the IC-OS build system creates ext4 images by removing a redundant rule, inject_files and consolidating the logic for file injection into the ext4_image rule using the new extra_files parameter.

  • [[a4dd63884] (refactor: rename ssh services (#3548) · dfinity/ic@a4dd638 · GitHub)] node: rename ssh services (#3548)
    Review: Matches description + changes are appropriate
    Note: This commit standardizes and improves the naming for SSH related systemd services and scripts across IC-OS components such as HostOS, GuestOS etcetera. There is no functional behavior change just renaming.

  • [[697c20ccd] (refactor(node): follow-ups to deterministic_ips/ consolidation (#2845) · dfinity/ic@697c20c · GitHub)] node: follow-ups to deterministic_ips/ consolidation (#2845)
    Review: Matches description + changes are appropriate
    Note: This commit improves deterministic_ips/ architecturally and also cleans it up by consolidating types, removing outdated wrappers, and introducing a new and clear interface. It introduced macaddr crate which replaces custom HwAddr type. It also moved deployment to config_types. Additionally, it introduces NodeType enums to replace magic nums like 0 or 1.

  • [[dab484292] (refactor(node): rename use_nns_public_key and use_node_operator_priva… · dfinity/ic@dab4842 · GitHub)] node: rename use_nns_public_key and use_node_operator_private_key (#2700)
    Review: Matches description + changes are appropriate
    Note: This commit makes naming consistent for the two configuration flags within the ICOSSettings. The rename has also been addressed by the files using the flags and are fully reflected in the Clap struct as well as subcommand CreateSetuposConfig. Test coverages have also been updated to include deserialization tests.

  • [[1c0bd6862] (refactor: rename nns_url nns_urls (#1970) · dfinity/ic@1c0bd68 · GitHub)] node: rename nns_url nns_urls (#1970)
    Review: Matches description + changes are appropriate
    Note: This commit renames nns_url to nns_urls across the codebase.

  • [[d544428d8] (refactor: miscellaneous icos refactoring and clean-up (#1937) · dfinity/ic@d544428 · GitHub)] node: miscellaneous icos refactoring and clean-up (#1937)
    Review: Matches description + changes are appropriate
    Note: This commit removes unused hostname variable from setup-hostnames.sh, simplifies logic in construct_hostname() while also preserving the fallback behavior. Also removes references of deprecated features from the documentation. Overall, helpful refactor to clean up redundant stuff and also adding an explanation for a known bug.

  • [[a7d5b717a] (refactor(NODE-1474): Config types refactor (#1667) · dfinity/ic@a7d5b71 · GitHub)] node: Config types refactor (#1667)
    Review: Matches description + changes are appropriate
    Note: This commit adds a new NetworkSettings Structure which introduces proper subtypes for network configuration for example Ipv6Config can have subtype deterministic, fixed, RouterAdvertisement, similar for Ipv4Config. Also created a ICOSDevSettings struct and moved mgmt_mac there from NetworkSettings which separates deployment of specific metadata from general network config.

  • [[41a9d9db7] (refactor(NODE-1484): refactor os_tools and networking code (#1666) · dfinity/ic@41a9d9d · GitHub)] node: refactor os_tools and networking code (#1666)
    Review: Matches description + changes are appropriate
    Note: This commit eliminates optional propagation deep in the call stack, reduces complexity of the generate_mac_address logic, isolates responsibility by having os_tools determine the MAC and pass it directly, and makes it obvious that mgmt_mac is used for test/dev env. This refactor modularizes the code and separates the dev/test logic from production flow resulting in a clean interface across the network config system.

Tests:

  • [[e9ff67e25] (fix(node): update-config in testnet environment (#3072) · dfinity/ic@e9ff67e · GitHub)] node: update-config in testnet environment (#3072)
    Review: Matches description + changes are appropriate
    Note: This commit fixes update-config progress, especially in testnet and nested testing environments. The commit also includes fixing update-config which would overwrite freshly injected config files in testnet environment erasing test specific values by checking if these files exist first and if so skipping the update.

  • [[8e149ef62] (perf: Optimize the implementation of dflate and add a test (#954) · dfinity/ic@8e149ef · GitHub)] node: Optimize the implementation of dflate and add a test (#954)
    Review: Matches description + changes are appropriate
    Note: This commit optimized dflate by replacing direct file reads with a BufReader, removing redundant seek calls for each block, now the seeking is done once and not repeatedly. Also, instead of allocating a new buffer for each 512 byte read, a single reusable buffer is preallocated and sliced reducing heap allocation overhead. All of these updates result in approximately 20 second of time saved per image build.

Documentation:

Other changes:

1 Like
7

Proposal: 136070 | Yuvika - ZenithCode

Summary:

  1. Vote: Adopt
  2. Hash: release_package_sha256_hex , CDN and local hash matches.
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

136070
1360702078×1096 338 KB

Commits

Features

  • f0c82237a
    Summary: Upgrade components to SEV-SNP compatible versions
    Notes: Changes to create new ic-os base image2. 3. 3.
    Review: The description matches the code changes.

  • c05b185fe
    Summary: Log guestos.service console logs to tty1
    Notes: Node providers see a blank console after completing the os setup installation, This PR fixing this issue and adds log messages.
    Review: The description matches the code changes.

  • c44f6612a
    Summary: Disable start/stop logs for timers
    Notes: Sets log levels as LogLevelMax=1, SyslogLevel=2 to disable necessary start/stop log messages.
    Review: The description matches the code changes.

  • b6e0faa05
    Summary: update-config.service
    Notes: Simply updates ic-os service config.
    Review: The description matches the code changes.

  • a0be7baf6
    Summary: Allow local network to access metrics through firewall
    Notes: Code changes to allow network access through firewall.
    Review: The description matches the code changes.

  • 32d152815
    Summary: Remove retries from docker build
    Notes: Removes code for retries from docker build.
    Review: The description matches the code changes.

  • e17d99af7
    Summary: replace fetch-mgmt-mac.sh with hostos_tool command
    Notes: fetch-mgmt-mac.sh is replaced with host os tool command which enable code reusing and also we avoid updating fetch-mgmt-mac.sh which is required for new configs.
    Review: The description matches the code changes.

  • 47590772d
    Summary: Upgrade HostOS to 24.04
    Notes: Simple upgrades ic-os host os to 24.04
    Review: The description matches the code changes.

  • 09ddd7d5b
    Summary: Change monitoring strategy for GuestOS VM
    Notes: Updates guest os vm managing to virsh.
    Review: The description matches the code changes.

  • e880042de
    Summary: Configuration revamp (define config structure and config tool)
    Notes: No functional impact on ic-os, simply defines the config structure and config tools for now.
    Review: The description matches the code changes.

  • 3cd7ee343
    Summary: Add cpu field to deployment.json
    Notes: cpu deployment fields have been added to deployment.json and some test cases have been added.
    Review: The description matches the code changes.

  • 4a6cdcc47
    Summary: Consolidate manageboot.sh
    Notes: Merges host os and guest os manageboot.sh script.
    Review: The description matches the code changes.

  • 7d70776f8
    Summary: Pull HostOS upgrade file in chunks
    Notes: Code changes in create_hostos_upgrade_file function to download upgrade file for host os in chunks.
    Review: The description matches the code changes.

  • 78e491e1c
    Summary: Add verbose flag to help debug NP support issues and add logrotation to host
    Notes: Adds verbose flag to log guest os console messages to host terminal. This helps is debugging node provider support issues.
    Review: The description matches the code changes.

  • 2a0016327
    Summary: Send generate-network-config logs to console and journald
    Notes: Adds StandardOutput=journal+console and StandardError=journal+console to generate-network-config.service file to send generate network config log messages to console and journal.
    Review: The description matches the code changes.

  • 76c16843a
    Summary: Switch IC-OS to newer FS build tools
    Notes: Upgrades ic os to use newer build tools.
    Review: The description matches the code changes.

Bugfixes

  • 07090259b
    Summary: extracting of sampling period for power measurements
    Notes: With the change IPMI output both the IMPI time stamp and sampling period are on the same line which resulted in script extracting the date. This PR fixes this issue.
    ts=2025-03-06T12:12:11.776Z caller=textfile.go:245 level=error collector=textfile msg="failed to collect textfile data" file=power_metrics.prom err="failed to parse textfile data from \"/run/node_exporter/collector_textfile/power_metrics.prom\": text format parsing error in line 11: expected float as value, got \"03/06/25\""

Review: The description matches the code changes.

  • 00be225f3
    Summary: Add ahci to HostOS initramfs to fix gen1 spms
    Notes: ahci is added in host os modules.
    Review: The description matches the code changes.

  • ac71086bf
    Summary: update development nns_url
    Notes: updates nns_url for ic-os.
    Review: The description matches the code changes.

  • bc83b42ae
    Summary: fix update-config when reward.conf does not exist
    Notes: Adds code to handle the case where reward.conf does not exists.
    Review: The description matches the code changes.

  • 9064779bd
    Summary: Add node reward type update-config parsing
    Notes: Adds node_reward_type field in ICOSSettings.
    Review: The description matches the code changes.

  • 582ce51a6
    Summary: Fix confusing logging of ipmitool
    Notes: Bugfix for returning error message even when we are able to get the mac address which should not report error messages.
    Review: The description matches the code changes.

  • 9f068bb16
    Summary: Fix handling of microcode for 24.04
    Notes: Bugfix for handling of intel microcode for 24.04.
    Review: The description matches the code changes.

  • fcad095e7
    Summary: verbose logging service file failure
    Notes: Code changes in verbose-logging.service Restart=always -> Restart=on-failure to avoid unnecessary restarts of service file.
    Review: The description matches the code changes.

  • fdbd50e3e
    Summary: Small change in how we enable systemd services
    Notes: Changes in how we enable system services.

    1. Not enable template units.
    2. removes not required checks.
      Review: The description matches the code changes.

  • 8d630c57d
    Summary: Fix long-standing typo
    Notes: Just a small type update, changing an to a
    Review: The description matches the code changes.

  • dfb1c634d
    Summary: Update fetch-mgmt-mac
    Notes: Bugfixes to fix broken tests.
    Review: The description matches the code changes.

  • ab306b022
    Summary: Fix missing log function
    Notes: Bugfixes by adding logging.sh which was missed.
    Review: The description matches the code changes.

  • 703c513ae
    Summary: disable node exporter netlink metrics collection
    Notes: Disables the netlink metric scarping.
    Review: The description matches the code changes.

Performance improvements

  • fb75bf40f
    Summary: Move file system population to mkfs.ext4 invocation
    Notes: Performance improvement from 26.593s to 19.926s, the resulting images are equivalent.
    Review: The description matches the code changes.

  • 33b782cad
    Summary: Optimize strip_files function
    Notes: Performance improvement by running rm once instead of running it for each nested file in directories.
    Review: The description matches the code changes.

  • 6ec7a4977
    Summary: Optimize the inject_files tool
    Notes: Performance improvement of build time of //ic-os/guestos/envs/dev by 30s.
    Review: The description matches the code changes.

Chores:

  • 4cece3a67
    Summary: Update Base Image Refs [2024-10-02-1854].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • 588ad7a46
    Summary: upgrade rust version to 1.82.
    Notes: Upgrade Rust to 1.82, fixes clippy lints, and disables the TLA tool to prevent memory issues by removing its feature flag.
    Review: The description matches the code changes.

  • 1e5e864a9
    Summary: Increase HostOS upgrade download timeout.
    Notes: Extend the HostOS upgrade download timeout to 120 seconds to prevent upgrade failures caused by short timeouts, with minimal impact.
    Review: The description matches the code changes.

  • 5e8587031
    Summary: address guestOS/hostOS FW findings.
    Notes: Refactor firewall rules by consolidating ICMP types, updating IPv6 prefixes, and removing obsolete IPv6 entries for improved network management.
    Review: The description matches the code changes.

  • 483f05324
    Summary: Processes robust against restarts.
    Notes: Configure critical services to automatically restart after a failure, with a 10-second delay between restart attempts.
    Review: The description matches the code changes.

  • 5ea5e0928
    Summary: systemd tidying-up.
    Notes: Clean up service files by removing redundant settings and updating crucial parameters like StartLimitIntervalSec and ExecStartPre for improved efficiency and security.
    Review: The description matches the code changes.

  • 639657530
    Summary: export cpu microcode metrics.
    Notes: Add a custom-metrics.service and custom-metrics.sh to export the CPU microcode version as a metric, facilitating HostOS integration.
    Review: The description matches the code changes.

  • 9bf488d5c
    Summary: update mount settings.
    Notes: Improve service reliability by switching to RequiresMountsFor in key services, ensuring necessary mount points are present before execution, replacing less robust Requires and After dependencies.
    Review: The description matches the code changes.

  • 0ba0edf44]
    Summary: move metrics services to run before node_exporter.
    Notes: Adjust service startup order, ensuring metric services initialize before node_exporter.service to guarantee data readiness for scraping.
    Review: The description matches the code changes.

  • 86473052e
    Summary: Update Base Image Refs [2025-02-06-0807].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • 192b37ddd
    Summary: Update Base Image Refs [2025-01-30-0807].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • 0b1d6e41d
    Summary: tidy up systemd dependencies.
    Notes: Change systemd service dependencies from Requires to Wants for more resilient service handling, along with minor logging tweaks.
    Review: The description matches the code changes.

  • 145aff3e5
    Summary: update IPv6 prefix list in the HostOS firewall.
    Notes: Remove legacy mercury.dfinity.systems logging targets.
    Notes: Update the HostOS firewall’s IPv6 prefix list by removing obsolete entries and adding the new DFINITY Stockholm data center prefix (2001:4c08:2003:b09::/64).
    Review: The description matches the code changes.

  • f42fe638d
    Summary: Remove legacy mercury.dfinity.systems logging targets.
    Notes: Replace deprecated mercury.dfinity.systems logging URLs, removes filebeat.conf configuration, and switches to log-fetcher for log collection by setting default empty logging host values.
    Review: The description matches the code changes.

  • 0f35ac817
    Summary: networking touch-ups.
    Notes: Restructures networking code, refining IP/MAC address generation, interface management, and error handling for improved clarity and reliability.
    Review: The description matches the code changes.

  • f96dec1db
    Summary: remove setupos/hostos network bonding and clean up docs.
    Notes: Replace network bonding (bond6) with a bridge (br6) in systemd network configuration, streamlining the setup and removing outdated deterministic MAC address generation code and documentation.
    Review: The description matches the code changes.

  • dff73c67c
    Summary: Fixup services.
    Notes: Update service dependencies by reordering node_exporter.service and setup-hostname.service for proper boot sequence and improves consistency through file renaming.
    Review: The description matches the code changes.

  • 0501f7b07
    Summary: remove BUILD_TAR_ONLY conditional.
    Notes: Refact the build-bootstrap-config-image.sh script by removing the obsolete BUILD_TAR_ONLY variable and its related conditional code.
    Review: The description matches the code changes.

  • c918618eb
    Summary: assorted ic-os bash script clean-ups and tweaks.
    Notes: Enhance IC-OS bash scripts by streamlining function sourcing, enabling immediate error halting, improving domain validation error logging, and simplifying script structure.
    Review: The description matches the code changes.

  • db67ca341
    Summary: Choose new dummy URL.
    Notes: Update the networking test URL from "
    https://dfinity.org" to “https://wiki.internetcomputer.org” to avoid impacting mainnet registration traffic while preserving test functionality.
    Review: The description matches the code changes.

  • 574e00d70
    Summary: Extract logging functionality.
    Notes: Consolidate redundant write_log functions into a single, centralized logging.sh file, enhancing code maintainability by eliminating duplication.
    Review: The description matches the code changes.

  • 98423a211
    Summary: Improve partition_tools.
    Notes: Improve debugfs command robustness by adding error handling for non-existent directories, centralizing error checks via check_debugfs_result, and adding unit tests for partition file operations.
    Review: The description matches the code changes.

  • 6fd620f4a
    Summary: Move the setup/teardown of temporary build directories to a process wrapper.
    Notes: Implement a process wrapper to manage temporary build directories, guaranteeing cleanup by setting the ICOS_TMPDIR environment variable, even upon unexpected termination.
    Review: The description matches the code changes.

  • 0bd54a27f
    Summary: Remove obsolete set-node-id command.
    Notes: Remove the obsolete set-node-id command and its related code, including the unused NodeIdData import, streamlining the codebase.
    Review: The description matches the code changes.

  • 3aae377ca
    Summary: Log HostOS config partition (config.ini and deployment.json).
    Notes: Add a log-config.sh script and service to automatically log the directory structure and contents of HostOS configuration files, /boot/config/config.ini and /boot/config/deployment.json.
    Review: The description matches the code changes.

  • af3d92a0f
    Summary: Fix etc/ permissions Dockerfile comments.
    Notes: Update Dockerfile configurations by updating comments regarding file permissions within the /etc/ directory.
    Review: The description matches the code changes.

  • f7d92170e
    Summary: Update node exporter version.
    Notes: Upgrade the node exporter to version 1.8.1.
    Review: The description matches the code changes.

  • 80ebdebe5
    Summary: NNS: Update gz references.
    Notes: Update code and link to use .zst files instead of .gz files.
    Review: The description matches the code changes.

Refactoring:

  • fcc88deb5
    Summary: Remove inject_files rule invocations and move injection of binaries to ext4_image.
    Notes: Steamline the image build by eliminating rootfs injection, enabling flexible file inclusion with path/permission control, and optimizing ext4 image creation for deferred injection and improved caching.
    Review: The description matches the code changes.

  • a4dd63884
    Summary: rename ssh services.
    Notes: Rename SSH service names for clarity, changing setup-ssh-account-keys to setup-ssh-user-keys and setup-ssh-keys to generate-host-ssh-keys.
    Review: The description matches the code changes.

  • 697c20ccd
    Summary: follow-ups to deterministic_ips/ consolidation.
    Notes: Refactor network address handling by moving Deployment to types.rs, integrating the macaddr crate, and using MacAddr6 for improved IP and MAC address management.
    Review: The description matches the code changes.

  • dab484292
    Summary: rename use_nns_public_key and use_node_operator_private_key.
    Notes: Renames nns_public_key_exists and node_operator_private_key_exists to use_nns_public_key and use_node_operator_private_key respectively, to clarify their role as access control flags.
    Review: The description matches the code changes.

  • 1c0bd6862
    Summary: rename nns_url nns_urls.
    Notes: Rename nns_url to nns_urls to accurately reflect that it can handle multiple URLs.
    Review: The description matches the code changes.

  • d544428d8
    Summary: miscellaneous icos refactoring and clean-up.
    Notes: Clean up a script by removing an unused hostname field, updates documentation links, corrects an IPv6 parameter name, removes obsolete documentation references, and adds a clarifying comment to get_ipmi_mac.
    Review: The description matches the code changes.

  • a7d5b717a
    Summary: Config types refactor.
    Notes: Refactor network settings by creating enums, moves mgmt_mac to a new ICOSDevSettings struct, and renames GuestosDevConfig to GuestosDevSettings for uniformity.
    Review: The description matches the code changes.

  • 41a9d9db7
    Summary: refactor os_tools and networking code.
    Notes: Relocate the mgmt_mac conditional logic to the os_tool, streamlining network configuration generation, reducing parameter complexity, and improving mgmt_mac testing clarity.
    Review: The description matches the code changes.

Tests:

  • e9ff67e25
    Summary: update-config in testnet environment.
    Notes: Performance improvement of build time of //ic-os/guestos/envs/dev by 30s.
    Review: The description matches the code changes.

  • 8e149ef62
    Summary: Optimize the implementation of dflate and add a test.
    Notes: Optimize file reading by using a BufReader with a pre-allocated MAX_BLOCK_SIZE buffer and enhances the is_empty function for improved Rust code generation, reducing memory allocation and increasing efficiency.
    Review: The description matches the code changes.

Documentation:

  • 7809eee25
    Summary: update configuration documentation.
    Notes: Update configuration documentation to detail SetupOS’s role in validating, sanitizing, and copying essential configuration files (config.ini, SSH keys, node operator keys) to the HostOS config partition.
    Review: The description matches the code changes.

Other changes:

  • 1205f6ceb
    Summary: feat: Upgrade components to SEV-SNP compatible versions.
    Notes: Upgrade software packages to versions compatible with SEV-SNP security features.
    Review: The description matches the code changes.
1 Like
8

Proposal #136070 for HostOS — Zack | CodeGov

for release-2025-04-03_03-15-base.

Vote: Adopted
Reason: The build is reproducible and all three OS hashes match (GUESTOS, HOSTOS and SETUPOS) as well as the listed commits descriptions.

image
image1718×799 161 KB

Commits
About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

2 Likes
9

Proposal 136070 - Hamish | CodeGov

Vote: Adopt
Reason: I haven’t actually had time to review the commits, but I have successfully run the build script and according to other reviewers the commits have been seen in previous IC-OS upgrade proposals. Because of that I have decided to cast my vote to adopt the proposal.

Screenshot 2025-04-07 at 13.07.53
Screenshot 2025-04-07 at 13.07.531902×968 221 KB

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

2 Likes
10

Proposal 136070– Zane | CodeGov

Vote: ADOPT
Reason: Build completes successfully and hashes match. The listed commits were already part of old ICOS releases.

136070
1360701796×447 101 KB

2 Likes
11

:white_check_mark: Appreciate the details along with links to Github. Helps people (like myself) have enough data to research and learn more about nodes.

3 Likes
12

Hey, glad to see more ppl interested in IC-OS (replica) updates, as you probably know or noticed, HostOS is usually only updated every few months (unless there is a need for a bugfix (HOT Fix) and then all the changes are listed since the last release. Depending on your time you can gradually keep up by looking at the weekly releases and filtering out node related commits (if that is what you are interested in).

1 Like