Proposal 134336
Vote: Adopt
Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound.
I’ve selectively reviewed Consensus, Crypto and Interface commits as detailed below.
Review
Features:
[925acaec1]
Adds a new function sync_and_trim_fs which calls a new script sync_fstrim.sh which calls sync and fstrim (filesystem trim) from root. This function is now called via async fn remove_state when a node is to be unassigned. Error logging and tests are added.
[e3540ad62]
Adds a variant VetKd(VetKdArguments) to enum ThresholdArguments. Adds type IDkgSignWithThresholdContext, wrapping SignWithThresholdContext and using flag is_idkg() so that this is only used for tEcdsa and tSchnorr contexts given that these rely on IDKG, and not for vetKD contexts, which rely on NiDKG.
[fd4d35f4a]
Installs dante as a SOCKS proxy and applies it to API boundary nodes as per the commit notes.
[fd6561a04]
Adds functions to rs/crypto/secp256k1/src/lib.rs to enable Taproot / BIP-341 signature support. Changes relevant dependencies and adds tests.
[7d8134765]
Various changes, matching the description such that previously discarded bitcoin UTXOs are re-evaluated when the user calls update_balance.
[f68da752b]
Changes to support the ICRC-3 standard for certification of blocks, as per description, although “latest_…” should read “last_…” in the text of these notes. In particular, last_block_hash is used instead of tip_hash in fn construct_hash_tree, and LEB128 encoding is used for last_block_index in fn get_certified_chain_tip when tip_hash is not present in the hash tree.
[e3ee0072c]
Replaces checkpointed_state field with state in CreateCheckpointResult.
[90c56a39f]
Enables the hashes-in-blocks feature, intended to be used for the NNS subnet as has already been done for all the other subnets.
[260f1cc09]
Upgrades IC build container version.
[245e13ebd]
Shifts deterministic_ips out of dev_test_tools and utilises it in place of mac_address. Adds logic (as fn resolve_mgmt_mac) to get the management MAC address either from a provided parameter or from ipmitool.
[e9f61b877]
Test changes, as per commit notes.
Bugfixes:
[052b85232]
Typo correction.
[a55ac1812]
Adds clear_dir function, which serves to clear the recovery directory’s contents instead of attempting to delete the directory.
[e7ce87bf2]
Removes Grüezi handshake function, deemed unnecessary now that SEV attestation is no longer used.
[e9a0f1894]
Changes QUIC_STREAM_CANCELLED error code.
[8869fff65]
Reverts commit 245e13e (replace mac_address with deterministic_ips) above.
Chores:
[cdf85cbaf]
Adds further emphasis to the log message indicating that node onboarding is not yet complete.
[32cf9b0f8]
Replaces redundant num_messages variable with messages_in_payload.len().
[bef38d077]
Version changes for thiserror and anyhow + minor error log code changes.
[ac6341599]
Version updates to several crates + minor boundary node code changes.
[385cf07ae]
Fuzz testing code changes, matching description.
[0cdfbb49f]
Adds crate ic-tracing-logging-layer, used for tracing in rs/replica/src/main.rs.
[bbae0dd15]
Version updates to several crates.
Refactoring:
[ccd5e2921]
Flags TaggedNiDkgTranscript types as deprecated and adds ‘_new’ equivalents, flagged as such.
[cf2727ce9]
Renames dkg::Dealings to dkg::DataPayload.
[7d5f65756]
Renames VetKdArgs::encryption_key to VetKdArgs::encryption_public_key to clarify that sensitive information is not being exposed.
[2f4c1fca1]
Re-attempts replacement of mac_address with deterministic_ips as per 245e13e above, with additional changes to hostos-scripts/ and setupos-scripts/.
Tests:
[e16e7f255]
Adds assertion for reset reason in dropped_connection_handle_resets_the_stream QUIC transport test.
Documentation:
[ef0c2e44c]
Added more detail to error tracking and error messages.
[b2a094f7e]
Changes to comments + relabeling of WriteError::ClosedStream and WriteError::ZeroRttRejected as infallible.
Proposal 134337
Vote: Adopt
Reason: Build is successful and hashes match. The proposal contains a single commit, serving to revert the enabling of the hashes-in-blocks feature, in case this is needed as a fallback for some reason.