Proposal to elect new release rc--2024-08-08_07-48

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 131697.

Here is a summary of the changes since the last release:

Release Notes for release-2024-08-08_07-48-base (94fd38099f0e63950eb5d5673b7b9d23780ace2d)

This release is based on changes since release-2024-08-02_01-30-base (3d0b3f10417fc6708e8b5d844a0bac5e86f3e17d).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • 23af050fb Crypto,Interface(crypto): Support key derivation in ic_crypto_ecdsa_secp256k1 (#706)
  • 951e895c7 Execution,Interface: Handle stable_read/write with Wasm64 heaps and testing infrastructure (#781)
  • 07786ecc4 Execution,Interface: add allowed_viewers to canister log visibility management canister types (#606)
  • f116e5713 Execution,Interface: Limit number of snapshots stored per canister (#726)
  • 78dca2f91 Execution,Interface: add support on canister manager for get block headers (#381)
  • c0373c673 Execution,Interface,Message Routing: Parallel dirty page copying for page allocator (#733)
  • 2e6584c42 Interface(nns): Implement the execution of UpdateCanisterSettings proposals (#731)
  • 168e5cc2f Interface(ckerc20): NNS proposal to add ckWSTETH (#612)
  • 71838e9c1 Interface,Message Routing: Checkpointing for canister snapshots (#702)
  • 2bf9d4463 Interface,Message Routing: State layout of canister snapshots (#645)

Bugfixes:

  • 799cf9f94 Consensus,Interface(types): Remove serde derive from ThresholdSigInputRefs (#760)
  • e8a163fda Execution,Interface: Fix the return type of some System APIs (#785)
  • 82c76c1bb Execution,Interface: Fix a debug assertion in update_socket_timeout (#779)
  • 8db01a49c Execution,Interface: Update heap delta debit and estimate when handling snapshots (#727)
  • 83b0fa536 Execution,Interface,Message Routing: Consider canister snapshots when calculating available subnet memory (#753)

Chores:

  • 0a12c4b66 Crypto,Interface(crypto): Annotate where parallelism can be used in NIDKG (#671)
  • dae6bbe95 Interface: Update visibility of dfn_* libraries (#804)
  • 80ebdebe5 Interface: Update gz references (#701)
  • fc4f2e385 Interface(IDX): specify which NNS canisters to use via env vars (#675)
  • b0f4527a2 Interface,Networking(http-handler): Only log every 10 second in the call-v3 handler (#717)
  • 44a966ec6 Interface,Networking(http-handler): Add a 1 second timeout when creating a subscriber in call-v3 handler (#716)
  • 0bd54a27f Interface,Node: Remove obsolete set-node-id command (#778)
  • 4b51b1e23 Node: Update Base Image Refs [2024-08-06-0146] (#765)

Refactoring:

  • 12e89bb81 Interface: Migrate more type dependencies to use ic_nns_governance_api (#628)

Tests:

  • 1a5c96918 Consensus,Interface(consensus): Add exhaustive serialization->deserialization test for ConsensusMessage (#795)
  • d5511c98e Interface,Message Routing: more complex input queues scenario for queue compatibility tests (#745)

Documentation:

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/94fd38099f0e63950eb5d5673b7b9d23780ace2d/gitlab-ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 94fd38099f0e63950eb5d5673b7b9d23780ace2d

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

5 Likes

Thanks for this proposal @DRE-Team

Can I ask why/how this commit has been omitted from the change log? → refactor: Use ic_cdk::api::time for ingress message validator crate (… · dfinity/ic@00dc67f (github.com)

Isn’t the ingress message validator a GuestOS component (and an important one)?

2 Likes

Similarly, can I ask why/how this commit has been omitted from the change log? → chore: update default dkg-interval-length to use 499 for all subnets … · dfinity/ic@5b07641 (github.com)

This commit makes the default dkg-interval-length 499 instead of 199, which is inline with recent subnet management proposals (131699 is currently the last open proposal that needs to be executed for all subnets to have a dkg-interval-length of 499).

I believe this commit affects GuestOS given that it alters the initialisation of SubnetConfig which is utilised by GuestOS, and therefore should have been included in this proposal’s change log - unless I’m mistaken.

1 Like

Checking with Luka, since he was the last to modify the release notes generation automation, so he’s most familiar with the code.

2 Likes

this one is indeed not used in replica and therefore removed. i checked both bazel and cargo dependency paths and verified with developers.

2 Likes

from what i can tell this doesn’t modify replica directly (again checking bazel and cargo dependency tree). it seems ic-admin uses this when proposing new subnets: ic/rs/registry/admin/src/create_subnet.rs at master · dfinity/ic · GitHub

2 Likes

It’s interesting that a modification to the ingress message verifier was recently included in a GuestOS proposal (this commit → b029bf49b on this proposal change log → 124487). Ingress message verification/validation is surely a responsibility of GuestOS, :thinking: but it perhaps no longer uses this component (whereas it once did…) is that right, or am I still misunderstanding?

Thanks for looking into this other case. There appear to be numerous source files under /rs/execution_environment/ that utilise this object (/rs/execution_environment/benches/lib/src/common.rs is an example). The CODEOWNERS file indicates that these files are the responsibility of the execution-owners and runtime-owners team, which are both recognised as replica teams.

There are no shortage of examples where bazel recognises components as GuestOS dependencies even when they have no chance of modifying GuestOS behaviour (and can therefore arguably be wrong, in real terms). Is it conceivable that under certain circumstances bazel could fail to recognise certain dependencies and/or filter them out for some reason?

2 Likes

I think it was never used and it was just included in previous changelog because we didn’t qualify bazel targets properly before this change.

The former is quite easy to occur. One could just add a random dependency to GuestOS even if no code ever called that dependency and then bazel would have to say that package is a dependency. The opposite I cannot imagine. It would mean that Bazel is somehow utilizing that code to build the GuestOS but saying it’s not. Due to sandboxing in bazel, this would be impossible (i.e. only packages that are explicitly added as dependencies can be used to build the target). It’s still possible if we have bugs in the code that’s querying Bazel and we obviously had bugs as we’ve seen above. That of course wouldn’t be fault of Bazel.

2 Likes

Thanks for taking a look. I’ve had a peek at the change to release_notes.py. There’s various refactoring, such as making the bazel query an argument of bazel_query rather than defined within the function (but ultimately the query looks the same). It’s not immediately clear to me what the ‘qualify bazel targets properly’ fix aspect of this commit is.

Interesting that a hardcoded list of bazel_packages_all is added (this looks a little brittle, how is this kept up-to-date? :thinking:).

In any case, I gather that bazel recognised the ingress message verifier commit as modifying a GuestOS dependency. You’re saying it should have been filtered out as a ‘hard’ or ‘soft’ exclusion by the release notes generator - is that correct? Otherwise I’m not sure how it was considered for inclusion in the first place.


Thanks @Luka, this comment got me thinking (more generally, rather than specifically about this release)… If I were a DFINITY engineer or an external contributor (in a hopeful future where IC-OS modifications from external contributors may occur), and I wanted to try and slip some GuestOS changes under the wider community’s radar. Couldn’t I just do this:

  • Modify a source code file or set of files
  • Reset the file metadata so that the modification timestamps are unchanged
  • Wait, knowing that these sneaky changes will likely go unnoticed by bazel (assuming checksum caching), and therefore also likely unnoticed by the wider community
  • Much later, to action my sneaky changes, I make a simple, justifiable, and unrelated change to those same files, simply to trigger bazel to rebuild GuestOS with those updated files (now including my old sneaky changes as well that were previously ignored)

Aren’t the above steps a conceivable way of modifying GuestOS without those commits being included in the GuestOS change log that’s published with the proposal?

^ sorry this was a brain fart! :sweat_smile: The build wouldn’t be reproducible, because the file modification timestamp would be set for others based on when the changes were pulled from origin.

Nevertheless, there do appear to be documented cases where bazel has failed to acknowledge changes (just sharing as a matter of potential interest) → Error with external dependencies: some change are not seen · Issue #1525 · bazelbuild/bazel (github.com)

1 Like

This is important part of the change: Fix soft and hard exclusions based on packages (#683) · dfinity/dre@3d42730 · GitHub

We previously tried to assign a file change to a package based on guestos dependencies list, instead of all. so some file changes were assigned to incorrect packages.

this is unfortunate limitation of testing this. i didn’t figure out how to run bazel binary within bazel test so i had to hardcode it. but this is just a test, and test is pinned to a specific commit, so it should be fine.

specifically, we wrongly assigned lots of file changes to rs package, whereas it should’ve been some subpackage. and since rs package is in dependency list of guestos, we ended up not hard excluding lots of commits.

any software can have bugs of course :slight_smile:
i think in this specific case our notes changelog wouldn’t be affected but maybe building the guestos would. proper dependency and sanbdoxing is a core feature of bazel, so any bugs like this seem highly unlikely to happen in the future and seems like a bad use of effort to engineer changelog generation accounting for bazel build bugs. correct changelog with a wrong build doesn’t make much sense.

2 Likes

Understood, thanks for explaining further :slight_smile:

1 Like