Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: [IC NNS Proposal Proposal for version 7147f471c7ac27f518e6c0eeb2015952b5e93e1b submitted with ID 135421](https://dashboard.internetcomputer.org/proposal/Proposal for version 7147f471c7ac27f518e6c0eeb2015952b5e93e1b submitted with ID 135421).

Here is a summary of the changes since the last release:

Release Notes for release-2025-02-20_10-16-base (7147f471c7ac27f518e6c0eeb2015952b5e93e1b)

This release is based on changes since release-2025-02-13_03-06-base (2008d47a169c4984631c87f2efaa88798e6f14dc).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

• 49d6101af Consensus,Interface: Call crypto in vetKD payload builder (#3905)
• 7dda5ff7f Consensus,Interface: Don’t use rsync to copy the state during recoveries (#3853)
• 3deb76dff Consensus,Interface: Bitcoin serialize blocks first (#3919)
• 5d0fcce40 Execution,Interface: Bump allowed code section size (#4012)
• 20b0caf9e Execution,Interface: Add a metric tracking Wasm code section sizes (#3983)
• 396b461cd Interface,Message Routing: Add size limits as fields to the stream builder (#3885)

Bugfixes:

• 4eec0b4b3 Consensus,Interface: Don’t panic in make_registry_cup (#3980)
• 20b675c6e Consensus,Interface: Don’t panic in get_dkg_summary_from_cup_contents (#3974)
• 9d6eea446 Consensus,Interface: Use correct registry version to validate dealings inside of block payloads (#3944)
• 0923aa8f3 Execution,Interface: Hook condition should be checked after every mgmt canister call (#3988)
• a286970c5 Owners: bump cloudflare-rs crate (#3927)

Chores:

• 7147f471c Consensus,Interface: Allow any order of change actions in purging_non_finalized_blocks_test (#4033)
• 43add58cb Consensus,Interface: add some unit tests and a metric for how long it takes to fetch NNS delegations + how big they are (#4017)
• 9ef5605e1 Consensus,Interface: Inline make_genesis_summary test function (#3970)
• d054caa61 Crypto: Update version of ic-ed25519 to 0.2 (#3946)
• 882e7af8e Crypto,Interface(crypto): Move getrandom wasm32-unknown-unknown workaround to packages (#3926)
• 2fd87b60a Crypto,Interface(crypto): Change key derivation used in VetKD to BLS12-381 hash_to_scalar (#3736)
• f577fe349 Execution,Interface: Upgrade Wasm crates to wasmtime 29 (#3929)
• 59abceebc Interface(Ledger): Update some comments (#3847)
• 810eeb14c Interface: use cdk::api::in_replicated_execution (#3949)
• 6612119c3 Interface: Bump ic_cdk version (#3939)
• 4d9768af1 Interface,Message Routing: Update debug assertions of Tip thread; flush PageMaps in make_unvalidated_checkpoint (#3950)
• 711b78eb0 Owners: bump ic-http-gateway lib (#3995)
• 4e132abd8 Node(IDX): Simplify versioning (#3984)
• 483f05324 Node: Processes robust against restarts (#3693)
• 1e014f09f Node: Update Base Image Refs [2025-02-13-0813] (#3931)

Refactoring:

• 069dc97d0 Consensus,Interface: Extract common functionality of verifying NiDKG dealings (#3951)
• 7d99df628 Execution,Interface: Remove install_code from production code and move it to the tests that use it (#4015)
• 075a36404 Execution,Interface: Use two instances of the query service for queries and https outcall transform functions (#3992)
• b368e3de3 Execution,Interface: Take cycles from call context when a refund is to be returned (#3985)
• 4627f3307 Execution,Interface: Move log_dirty_pages to the module where it’s used (#3957)
• 57464b9ab Execution,Interface: Simplify logic to get a CallOrigin from a Query (#3953)
• 9747838c6 Execution,Interface: Rename reached to instructions_reached (#3952)
• 125db7f4f Execution,Interface: Check wasm execution output only in sandbox (#3728)
• cba557d53 Node: check-hardware.sh (#3679)

Tests:

• edcb5ab41 Consensus,Interface: vetKD payload builder/verifier unit tests (#3886)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/7147f471c7ac27f518e6c0eeb2015952b5e93e1b/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 7147f471c7ac27f518e6c0eeb2015952b5e93e1b --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: [IC NNS Proposal Proposal for version 2f02a660f6f17b5a78c13d9b372f74c8228f79b8 submitted with ID 135422](https://dashboard.internetcomputer.org/proposal/Proposal for version 2f02a660f6f17b5a78c13d9b372f74c8228f79b8 submitted with ID 135422).

Here is a summary of the changes since the last release:

Release Notes for release-2025-02-20_10-16-disable-best-effort-messaging (2f02a660f6f17b5a78c13d9b372f74c8228f79b8)

This release is based on changes since release-2025-02-20_10-16-base (7147f471c7ac27f518e6c0eeb2015952b5e93e1b).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Other changes:

• 2f02a660f Consensus,Execution,Interface: Revert “feat(MR): Roll out best-effort calls to the first few subnets (#3816)”

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/2f02a660f6f17b5a78c13d9b372f74c8228f79b8/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 2f02a660f6f17b5a78c13d9b372f74c8228f79b8 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

Proposal 135421 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Screenshot 2025-02-22 at 16.14.451996×874 285 KB

Full review:

Features:

• 49d6101af Consensus,Interface: Call crypto in vetKD payload builder (#3905)
  Review: Looks fine + matches description
  Notes: Updates the VetKdPayloadBuilderImpl to call into the crypto component to combine VetKD key shares and to verify encrypted keys + adds metrics to measure VetKD usage and track duration to build payloads and validate keys.

• 7dda5ff7f Consensus,Interface: Don’t use rsync to copy the state during recoveries (#3853)
  Review: Looks fine + matches description
  Notes: Adds the checkpoint state to the exclusion list passed to rsync when recovering from a local IC state, then instead copies the checkpoint data into the recovery directory using cp + adds a system test to cover local recoveries.

• 3deb76dff Consensus,Interface: Bitcoin serialize blocks first (#3919)
  Review: Looks fine + matches description
  Notes: Updates the Bitcoin adapter such that blocks are serialized before being stored in the block cache, making block retrieval more lightweight.

• 5d0fcce40 Execution,Interface: Bump allowed code section size (#4012)
  Review: Looks fine + matches description
  Notes: Bumps the max allowed wasm code section to 11MB (we requested this as we exceeded the previous limit, thanks DFINITY!).

• 20b0caf9e Execution,Interface: Add a metric tracking Wasm code section sizes (#3983)
  Review: Looks fine + matches description
  Notes: Adds the code_section_size histogram metric and writes to it after compiling each canister wasm.

• 396b461cd Interface,Message Routing: Add size limits as fields to the stream builder (#3885)
  Review: Looks fine + matches description
  Notes: Adds max_stream_messages and target_stream_size_bytes as fields to StreamBuilderImpl so that they can differ between mainnet and tests where it can be useful to have small limits so that the limits can be reached quickly during testing.

Bugfixes:

• 4eec0b4b3 Consensus,Interface: Don’t panic in make_registry_cup (#3980)
  Review: Looks fine + matches description
  Notes: Updates make_registry_cup by replacing 3 calls to expect(..) with code which instead logs a warning then returns None.

• 20b675c6e Consensus,Interface: Don’t panic in get_dkg_summary_from_cup_contents (#3974)
  Review: Looks fine + matches description
  Notes: Updates get_dkg_summary_from_cup_contents to avoid using expect(..) and explicit panics and instead returns an Err(String) which is logged, and then the process continues.

• 9d6eea446 Consensus,Interface: Use correct registry version to validate dealings inside of block payloads (#3944)
  Review: Looks fine + matches description
  Notes: Modified the payload validator so that when verifying each NiDKG message it verifies each message using the registry version for that specific message rather than always using the latest registry version.

• 0923aa8f3 Execution,Interface: Hook condition should be checked after every mgmt canister call (#3988)
  Review: Looks fine + matches description
  Notes: Moves the update_on_low_wasm_memory_hook_condition check to within finish_subnet_message_execution so that it is run after every call to the management canister.

• a286970c5 Owners: bump cloudflare-rs crate (#3927)
  Review: Looks fine + matches description
  Notes: Bumps the cloudflare-rs git dependency to a later commit.

Chores:

• 7147f471c Consensus,Interface: Allow any order of change actions in purging_non_finalized_blocks_test (#4033)
  Review: Looks fine + matches description
  Notes: Makes the consensus purger tests more resilient by making remove_from_validated_changeset a set rather than a list so that ordering doesn’t matter.

• 43add58cb Consensus,Interface: add some unit tests and a metric for how long it takes to fetch NNS delegations + how big they are (#4017)
  Review: Looks fine + matches description
  Notes: Adds 2 metrics, nns_delegation_manager_update_duration and nns_delegation_manager_delegation_size to track how long it takes to fetch NNS delegations and track their sizes + adds some unit tests which cover loading NNS delegations.

• 9ef5605e1 Consensus,Interface: Inline make_genesis_summary test function (#3970)
  Review: Looks fine + matches description
  Notes: Removes the make_genesis_summary function which was only used by tests, then updates those tests to instead use get_dkg_summary_from_cup_contents.

• d054caa61 Crypto: Update version of ic-ed25519 to 0.2 (#3946)
  Review: Looks fine + matches description
  Notes: Bumps ic-ed25519 to 0.2.0 and updates its changelog in preparation for it being published to crates.io.

• 882e7af8e Crypto,Interface(crypto): Move getrandom wasm32-unknown-unknown workaround to packages (#3926)
  Review: Looks fine + matches description
  Notes: Renames ic-crypto-getrandom-for-wasm to ic-dummy-getrandom-for-wasm to more accurately convey that it only provides dummy functionality and solely exists as a workaround to make the getrandom crate successfully build when targeting wasm.

• 2fd87b60a Crypto,Interface(crypto): Change key derivation used in VetKD to BLS12-381 hash_to_scalar (#3736)
  Review: Looks fine + matches description
  Notes: Switches how the derivation path is calculated for VetKeys such that the hash is generated by RFC 9380’s hash_to_field as opposed to using SHAKE, allowing SHAKE to be removed and therefore reducing the total number of cryptographic primitives in the system.

• f577fe349 Execution,Interface: Upgrade Wasm crates to wasmtime 29 (#3929)
  Review: Looks fine + matches description
  Notes: Bumps a few wasm related crates to later versions (eg. wasm-encoder, wasm-smith, wasmparser, etc).

• 59abceebc Interface(Ledger): Update some comments (#3847)
  Review: Looks fine + matches description
  Notes: Updates the wording within a few comments.

• 810eeb14c Interface: use cdk::api::in_replicated_execution (#3949)
  Review: Looks fine + matches description
  Notes: Switches a few usages of ic_cdk::api::data_certificate().is_none() to instead use ic_cdk::api::in_replicated_execution() which much more clearly conveys the intention.

• 6612119c3 Interface: Bump ic_cdk version (#3939)
  Review: Looks fine + matches description
  Notes: Bumps ic-cdk and ic-cdk-macros to 0.17.1.

• 4d9768af1 Interface,Message Routing: Update debug assertions of Tip thread; flush PageMaps in make_unvalidated_checkpoint (#3950)
  Review: Looks fine + matches description
  Notes: Updates make_unvalidated_checkpoint to first flush all page maps to disk, then also updates TipState to contain more data and adds a few debug assertions to validate its data at various stages.

• 711b78eb0 Owners: bump ic-http-gateway lib (#3995)
  Review: Looks fine + matches description
  Notes: Bumps ic-http-gateway from 0.1.0 to 0.2.0 and also bumps a few related packages.

• 4e132abd8 Node(IDX): Simplify versioning (#3984)
  Review: Looks fine + matches description
  Notes: Simplifies how release artifacts are stamps with versions by simply using the commit Id + commit timestamp.

• 483f05324 Node: Processes robust against restarts (#3693)
  Review: Looks fine + matches description
  Notes: Adds Restart=on-failure and RestartSec=10 to a few IC services to ensure they restart after any failures.

• 1e014f09f Node: Update Base Image Refs [2025-02-13-0813] (#3931)
  Review: Looks fine + matches description
  Notes: Updates the base IC-OS image references.

Refactoring:

• 069dc97d0 Consensus,Interface: Extract common functionality of verifying NiDKG dealings (#3951)
  Review: Looks fine + matches description
  Notes: Adds the crypto_validate_dealing function which encapsulates the logic that was previously duplicated within validate_dealings_for_dealer and validate_dealings_payload, then updates those 2 functions to make use of crypto_validate_dealing.

• 7d99df628 Execution,Interface: Remove install_code from production code and move it to the tests that use it (#4015)
  Review: Looks fine + matches description
  Notes: Removes install_code from CanisterManager since it was only used by tests, then updates the usages in tests to instead use install_code_dts (which is also used in production).

• 075a36404 Execution,Interface: Use two instances of the query service for queries and https outcall transform functions (#3992)
  Review: Looks fine + matches description
  Notes: Uses 2 instances of the HttpQueryHandler, one for handling normal query calls and one for handling HTTP outcall transform functions, this improves scalability by removing resource contention between the 2.

• b368e3de3 Execution,Interface: Take cycles from call context when a refund is to be returned (#3985)
  Review: Looks fine + matches description
  Notes: Updates how cycles refunds are handled by always setting the available cycles to 0 after issuing a refund, which allows the special casing within ic0_msg_cycles_accept_helper to be removed since the available_cycles is now always accurate.

• 4627f3307 Execution,Interface: Move log_dirty_pages to the module where it’s used (#3957)
  Review: Looks fine + matches description
  Notes: Simply moves the location of the log_dirty_pages function within the execution environment package.

• 57464b9ab Execution,Interface: Simplify logic to get a CallOrigin from a Query (#3953)
  Review: Looks fine + matches description
  Notes: Simplifies how call_origin is calculated by using of query.source().into() rather than using a match statement and then handling the various QuerySource types.

• 9747838c6 Execution,Interface: Rename reached to instructions_reached (#3952)
  Review: Looks fine + matches description
  Notes: Renames RoundLimits::reached to instructions_reached for clarity.

• 125db7f4f Execution,Interface: Check wasm execution output only in sandbox (#3728)
  Review: Looks fine + matches description
  Notes: Modifies SystemStateModifications::apply_changes so that it additionally handles appending canister logs and bumping the canister version so that these actions can be removed from the various places they were previously handled.

• cba557d53 Node: check-hardware.sh (#3679)
  Review: Looks fine + matches description
  Notes: Refactors the check-hardware.sh by adding comments and renaming things for clarity.

Tests:

• edcb5ab41 Consensus,Interface: vetKD payload builder/verifier unit tests (#3886)
  Review: Looks fine + matches description
  Notes: Adds some VetKD unit tests.

Proposal 135422

Vote: Adopt
Reason: I have successfully run the build script and there is only a single additional commit which disables the new best-effort calls feature. This is done as a precaution in case there is an issue with the feature and it needs to quickly be disabled.

Screenshot 2025-02-22 at 16.26.591996×874 285 KB

proposal - 135421 – Cyberowl | CodeGov

signal-2025-02-22-234756_0021254×817 135 KB

Vote: ADOPT

Reason:

All commits match their description and no errors were found. The verification build hash also matches release_package_sha256_hex.

Hash Match: MATCH

2 Urls: MATCH

Feedback: NONE

Proposer Check: MATCH

Overall Summary:

The execution environment now includes combine_encrypted_key_shares and verify_encrypted_key for secure threshold key processing, introduces structured error handling, and enforces centralized stream limits with TARGET_STREAM_SIZE_BYTES and MAX_STREAM_MESSAGES.

The state_manager refactor integrates page map flushing into checkpoint creation, the recovery process now supports both local and remote operations via DataLocation, and https_outcalls_service improves HTTPS request handling with dedicated metrics.

proposal - 135422 – Cyberowl | CodeGov

Screenshot from 2025-02-22 23-45-401254×817 135 KB

Vote: ADOPT

Reason:

One commit to revert “Roll out best-effort calls to the first few subnets”. Commit matches description and no errors were found. The verification build hash also matches release_package_sha256_hex.

Hash Match: MATCH

2 Urls: MATCH

Feedback: NONE

Proposer Check: MATCH

Proposal 135421 – ilbert | CodeGov

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

build-2025-02-23 at 16.34.512672×756 272 KB

Review:
For the Execution and Runtime layers, the main changes introduced in this proposal are:

• Minor fixes and refactoring

I’ve reviewed all the commits listed in the proposal, for the Execution and Runtime layers:

5d0fcce40:
Changes the MAX_CODE_SECTION_SIZE_IN_BYTES constant from 10 MiB to 11 MiB.

20b0caf9e:
Adds the code_section_size field to the CompilationResult and WasmValidationDetails structs. The field is calculated in the validate_wasm_binary function from the result of the check_code_section_size function.
This field is used in the observe_compilation_metrics method of the HypervisorMetrics struct to observe the newly introduced code_section_size histogram metric.

0923aa8f3:
Removes the call to update_on_low_wasm_memory_hook_condition in the do_update_settings method of the CanisterManager struct.
Changes the response field of the ExecuteSubnetMessageResult::Finished variant to include an optional canister id in the Ok result and changes the code where this variant is constructed and used. This way, the returned canister id can be used in the finish_subnet_message_execution method of the ExecutionEnvironment struct to retrieve the corresponding canister state and call the update_on_low_wasm_memory_hook_condition hook.

f577fe349:
Matches description.

7d99df628:
Removes the install_code method from the CanisterManager struct.

075a36404:
Adds the https_outcalls_service field to the ExecutionServices struct, of type QueryExecutionService. This newly introduced service is used in the construct_ic_stack function to instantiate the HTTPS Outcalls adapter.

b368e3de3:
Adds the take_available_cycles method to the CallContext struct, which sets the available cycles of the context to 0 and returns the previous available cycles. This method is used instead of the direct access to the available_cycles field in the on_canister_result method of the CallContextManager struct.

4627f3307:

Moves the log_dirty_pages function to the common module of the execution environment.

57464b9ab:
Matches description.

9747838c6:
Matches description.

125db7f4f:
Removes the canister_log field from the WasmExecutionOutput struct.
Adds the should_bump_canister_version boolean field to the SystemStateModifications struct, which is used in the apply_changes method of the same struct to increase the canister_version field of the system state by one if set to true. This way, we don’t need to check for the condition to update the canister version anywhere else in the code. The apply_changes method now appends the logs to the canister logs of the system state too.
Refactors the take_system_state_modifications method of the SystemApiImpl struct to handle all the ApiType variants explicitly. The method returns a SystemStateModifications struct, for which this method sets the should_bump_canister_version field.
This method also calls the newly introduced add_canister_log_for_trap method, so that we don’t have to care about checking the conditions for registering the logs anywhere else in the code.

Proposal 135422 – ilbert | CodeGov

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

build-2025-02-23 at 16.37.162672×756 275 KB

Review:
This release is the same as the one in 135421 with the addition of the commit 2f02a660f, which matches its description.

Proposal: 135421 | Manvick - Zenith Code

Summary:

1. Build Hash: Build has from the proposal, local build and CDN matches and is “9b1919ffc0e0dd6f4646280edf2c745cbdc7b80e7b23b23601f881e99e53005d”.
2. Summary: The release notes matches the code changes
3. Vote: I vote to adopt the proposals
   
   

   image1022×343 13.1 KB

Detailed Review:

Proposal: 135422 | Manvick - Zenithcode

Summary:

1. Build Hash: Build has from the proposal, local build and CDN matches and is “1562de62fbff6c945e2a3c720eeae505be5b80fc7a489d0ffc2a62c751b8e95d”.
2. Summary: The release notes matches the code changes
3. Vote: I vote to adopt the proposals
   
   

   image1021×323 13.1 KB

Detailed Review:

Proposal 135421 | Yuvika - Zentih Code

Summary

1. Vote: Adopt
2. Hash: Hashes match
3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

build-1354211283×334 16.4 KB

Proposal 135422

Summary

1. Vote: Adopt
2. Hash: Hashes match
3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

build-1354221331×343 16.4 KB

Proposal 135421 | Tim - CodeGov

image1289×326 21.6 KB

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. I’ve reviewed commits for Consensus, Crypto and Interface as detailed below.

Review

Features:

[49d6101af]
Adds code to call crypto.combine_encrypted_key_shares and crypto.verify_encrypted_key endpoints. Adds related metrics and associated code.

[7dda5ff7f]
Various changes to subnet recovery logic and tests, matching description.

[3deb76dff]
Changes to block caching in the bitcoin adapter, such that blocks are now stored in serialised form.

[396b461cd]
Adds new constants TARGET_STREAM_SIZE_BYTES and MAX_STREAM_MESSAGES within message_routing.rs , set to 10MB and 10000 respectively, so as to limit the queuing of messages into an outgoing stream accordingly.

Bugfixes:

[4eec0b4b3]
Changes error handling in make_registry_cup_from_cup_contents and make_registry_cup_from_cup_contents so that instead of panicking it will issue a warning and return None.

[20b675c6e]
Changes error handling in get_dkg_summary_from_cup_contents so that instead of panicking it will return an error.

[9d6eea446]
Changes signature verification in validate_dealings_payload to use config.registry_version() instead of last_summary.registry_version so as to use the correct registry version as explained in the commit notes.

Chores:

[7147f471c]
Changes purging_non_finalized_blocks_test to use HashSet::from instead of vec! for change actions so that the order of change actions does not affect the test.

[43add58cb]
As described, adds unit tests and metrics for how long it takes to fetch NNS delegations and their size.

[9ef5605e1]
Removes make_genesis_summary to use already existing get_dkg_summary_from_cup_contents function instead.

[d054caa61]
Updates ic-ed25519 to version 0.2.0.

[882e7af8e]
Moves getrandom_for_wasm from rs/crypto to packages and renames it to ic-dummy-getrandom-for-wasm.

[2fd87b60a]
Adds method Scalar::hash, now to be used instead of Shake256 for VetKD key derivation.

[59abceebc]
Updates comments within rs/ledger_suite/common/ledger_core/src/balances.rs to clarify maximum values for tokens.

[810eeb14c]
Uses in_replicated_execution() instead of data_certificate().is_none() in token-related http requests.

[6612119c3]
Version changes for ic-cdk and related crates.

[4d9768af1]
Moves PageMapType enum and strip_page_map_deltas and flush_canister_snapshots_and_page_maps functions from rs/state_manager/src/lib.rs to rs/state_manager/src/checkpoint.rs. Removes flush_canister_snapshots_and_page_maps method from StateManagerImpl. Removes DirtyPageMap type. Further changes as per the commit notes.

Refactoring:

[069dc97d0]
Adds function crypto_validate_dealing to replace functionality in a few other parts of the consensus/dkg code.

Tests:

[edcb5ab41]
Adds several tests related to the VetKD payload builder.

Proposal 135422 | Tim - CodeGov

image1289×326 21.6 KB

Vote: Adopt

Reason: Build is successful and hashes match. The proposal consists of a single commit which reverts the roll out of best-effort calls to the first few subnets from commit df5828f, as reviewed previously.

Proposal 135421 - Ipsita | ZenithCode

Summary

1. Vote: Adopt
2. Hash: All the hashes match
3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

1354212018×816 125 KB

Features

• 49d6101af
  Summary: Call crypto in vetKD payload builder
  Notes: Adds missing crypto calls to create and validate combines vetKD key shares.
  Review: Code changes match the commit message.

• 7dda5ff7f
  Summary: Don’t use rsync to copy the state during recoveries
  Notes: Uses cp command instead of rsync to copy the state during recoveries
  Review: Code changes match the commit message.

• 3deb76dff
  Summary: Bitcoin serialize blocks first
  Notes: Blocks are now serialized during storing them instead of serializing them we requesting them. This makes request calls lighter and improves time efficiency.
  Review: Code changes match the commit message.

• 5d0fcce40
  Summary: Bump allowed code section size
  Notes: Increases MAX_CODE_SECTION_SIZE_IN_BYTES from 10mb to 11mb
  Review: Code changes match the commit message.

• 20b0caf9e
  Summary: Add a metric tracking Wasm code section sizes
  Notes: Adds a metric to track how often users get close to the limit on wasm code.
  Review: Code changes match the commit message.

• 396b461cd
  Summary: Add size limits as fields to the stream builder
  Notes: Adds size limits to streams so that smaller streams are possible since it can take up a long time fill entire streams.
  Review: Code changes match the commit message.

Bugfixes

• 4eec0b4b3
  Summary: Don’t panic in make_registry_cup
  Notes: Orchestrator calls the code in the PR to create registry cpu’s so it should not panic.
  Review: Code changes match the commit message.

• 20b675c6e
  Summary: Don’t panic in get_dkg_summary_from_cup_contents
  Notes: Orchestrator calls this code every ~10 seconds to make the latest registry. The the NiDKG summary is not created we should return the error instead of panicking.
  Review: Code changes match the commit message.

• 9d6eea446
  Summary: Use correct registry version to validate dealings inside of block payloads
  Notes: Uses the same registry version when validating NiDKG, regardless of if they come from consensus block pool or the DKG pool.
  Review: Code changes match the commit message.

• 0923aa8f3
  Summary: Hook condition should be checked after every mgmt canister call
  Notes: Ensures that the condition for low wasm memory hook will be met after every management canister call.
  Review: Code changes match the commit message.

• a286970c5
  Summary: bump cloudflare-rs crate
  Notes: Updates cloudflare-rs crate version.
  Review: Code changes match the commit message.

Chores

• 7147f471c
  Summary: Allow any order of change actions in purging_non_finalized_blocks_test
  Notes: This test was needed to be updated whenever payload struct changed lexicographic order of block hashes.With this new PR it allows for any lexicographic order to be validated with this test case.
  Review: Code changes match the commit message.

• 43add58cb
  Summary: add some unit tests and a metric for how long it takes to fetch NNS delegations + how big they are
  Notes: Adds some unit test cases and metric for how long NNS calls take.
  Review: Code changes match the commit message.

• 9ef5605e1
  Summary: Inline make_genesis_summary test function
  Notes: Removes the retry logic since it is not required, and inlines the remaining functionality.
  Review: Code changes match the commit message.

• d054caa61
  Summary: Update version of ic-ed25519 to 0.2
  Notes: updates version of ic-ed25519 from 0.1.0 to 0.2.0.
  Review: Code changes match the commit message.

• 882e7af8e
  Summary: Move getrandom wasm32-unknown-unknown workaround to packages
  Notes: This PR allows to publish it to crates.io for use by canister developers.
  Review: Code changes match the commit message.

• 2fd87b60a
  Summary: Change key derivation used in VetKD to BLS12-381 hash_to_scalar
  Notes: Switches to using hash_to_scalar instead of SHAKE for vetKD prototype.
  Review: Code changes match the commit message.

• f577fe349
  Summary: Upgrade Wasm crates to wasmtime 29
  Notes: Updates various wasm crates.
  Review: Code changes match the commit message.

• 59abceebc
  Summary: Update some comments
  Notes: Just some comments are updated.
  Review: Code changes match the commit message.

• 810eeb14c
  Summary: use cdk::api::in_replicated_execution
  Notes: Switches to using the new in_replicated_execution method to check if canister is running in replicated or query mode.
  Review: Code changes match the commit message.

• 6612119c3
  Summary: Bump ic_cdk version
  Notes: updates various ic_cdk versions.
  Review: Code changes match the commit message.

• 4d9768af1
  Summary: Update debug assertions of Tip thread; flush PageMaps in make_unvalidated_checkpoint
  Notes: Adds debug assertion to validate the data in TipState
  Review: Code changes match the commit message.

• 711b78eb0
  Summary: bump ic-http-gateway lib
  Notes: Upgrades ic-http-gateway library
  Review: Code changes match the commit message.

• 4e132abd8
  Summary: Simplify versioning
  Notes: Simplifies code logic to stamp released artifacts.
  Review: Code changes match the commit message.

• 483f05324
  Summary: Processes robust against restarts
  Notes: Ensures that all critical services restarts on failure.
  Review: Code changes match the commit message.

• 1e014f09f
  Summary: Update Base Image Refs [2025-02-13-0813]
  Notes: Updates base ic os image references.
  Review: Code changes match the commit message.

Refactoring

• 069dc97d0
  Summary: Extract common functionality of verifying NiDKG dealings
  Notes: Extract common functionalities of verifying NiDKG dealings to make sure that logic remains consistent.
  Review: Code changes match the commit message.

• 7d99df628
  Summary: Remove install_code from production code and move it to the tests that use it
  Notes: Removes install_code from production and moves it to test cases.
  Review: Code changes match the commit message.

• 075a36404
  Summary: Use two instances of the query service for queries and https outcall transform functions
  Notes: Uses two instance of QueryService so that we get code reusability and isolation between both the queries.
  Review: Code changes match the commit message.

• b368e3de3
  Summary: Take cycles from call context when a refund is to be returned
  Notes: Whenever refund needs to be computed when processing the result of a canister execution. The available cycles in the call context are emptied. This is important
  to maintain spec compliance and stop accepting cycles after the call
  has been replied.
  Review: Code changes match the commit message.

• 4627f3307
  Summary: Move log_dirty_pages to the module where it’s used
  Notes: Code refactoring to move log_dirty_pages method to where it is used.
  Review: Code changes match the commit message.

• 57464b9ab
  Summary: Simplify logic to get a CallOrigin from a Query
  Notes: Refactors code to get call origin from a query.
  Review: Code changes match the commit message.

• 9747838c6
  Summary: Rename reached to instructions_reached
  Notes: Renames function from round_limits.reached() to round_limits.instructions_reached.
  Review: Code changes match the commit message.

• 125db7f4f
  Summary: Check wasm execution output only in sandbox
  Notes: Code to check wasm execution is spread out to multiple places. This PR moves all the logic to one single place.
  Review: Code changes match the commit message.

• cba557d53
  Summary: check-hardware.sh
  Notes: Refactors code in check-hardware.sh.
  Review: Code changes match the commit message.

Tests

• edcb5ab41
  Summary: CON-1422 vetKD payload builder/verifier unit tests
  Notes: Adds unit tests for the new vetKD payload builder.
  Review: Code changes match the commit message.

Proposal 135422 - Ipsita | ZenithCode

Summary

1. Vote: Adopt
2. Hash: All the hashes match
3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

1354222002×822 124 KB

Other changes

• 2f02a660f
  Summary: Revert "feat(MR): Roll out best-effort calls to the first few subnets
  Notes: Reverts commit df5828f
  Review: Code changes match the commit message.

Proposal #135421 — Zack | CodeGov

for release-2025-02-20_10-16-base.

Vote: Adopted.
Reason: Builds fine and the hash matches for GUESTOS, HOSTOS and SETUPOS.

Screenshot 2025-02-22 1619331899×863 54.6 KB

Proposal #135422 — Zack | CodeGov

for release-2025-02-20_10-16-disable-best-effort-messaging.

Vote: Adopted.
Reason: Builds fine and the hash matches for GUESTOS, HOSTOS and SETUPOS.

Screenshot 2025-02-22 1636271868×847 57.4 KB

Other changes:
2f02a660f Consensus,Execution,Interface: Revert "feat(MR): Roll out best-effort calls to the first few subnets.
Matches description.

Proposal 135421 – Zane | CodeGov

Vote: ADOPT
Reason: Build completes successfully, both hashes and reviewed commits match their descriptions, so I’ve decided voted to adopt.

1354211894×468 102 KB

Features:

5d0fcce40 Increased MAX_CODE_SECTION_SIZE_IN_BYTES from 10 to 11 MiB. Updated large_code_section_rejected test and hypervisor_code_section_size field of hypervisor metrics accordingly.

20b0caf9e Modified CompilationResult and WasmValidationDetails structs to include a field which holds wasm code section byte size. Added code_section_size to HypervisorMetrics to keep track of this value everytime observe_compilation_metrics is called.

396b461cd Modified BatchProcessorImpl, MessageRoutingImpl, SyncMessageRouting and StreamBuilderImpl constructors so that max_stream_messages and target_stream_size_bytes values can be passed to them and finally be stored in StreamBuilderImpl struct, which now has 2 additional fields with the same name. This change allows to dynamically define the message count limit when a new stream builder instance is created instead of having the values hardcoded, making it possible to decouple values used for tests from the one used on main net. Finally the constants used have been made public and moved to the message routing config to avoid duplication.

Bugfixes:

0923aa8f3 Moved low_wasm_memory hook check from do_update_settings to finish_subnet_message_execution so that it runs after every call to the management canister. Extended ExecuteSubnetMessageResult enum so when a message finishes processing correctly, the canister id for which the call was requested is returned alongside the response. This id is then used in finish_subnet_message_execution to know for which canister the hook has to be checked.

a286970c5 Bumped cloudflare-rs crate git revision.

Chores:

f577fe349 Same as description.

59abceebc Same as description.

810eeb14c Replaced usage of data_certificate().is_none to check execution mode with in_replicated_execution api.

6612119c3 Bumped ic_cdk from 0.16.0 to 0.17.1, ic-cdk-macros from 0.9.0 to 0.17.1 and evm_rpc_types to 1.3. Also updated candid definition of `LogVisibility for cketh/ckbtc minter and evm rpc canisters to include allowed_viewers variant.

4d9768af1 Modified make_unvalidated_checkpoint method to flush all the canister heap deltas to disk and strip deltas from page maps. Moved PageMapType struct alongside its implementation from state_manager/src/lib.rs to state_manager/src/checkpoint.rs and deleted DirtyPageMap. Refactored TipState to be a struct which holds state of both latest checkpoint and current tip, this data is updated on each tip request and is used to add new debug asserts in the tip thread. Overall the changes look good and match the commit’s description, though they are more extensive than what one would initially think based solely on it. For instance the page_map_flushes metric has been removed too and the tip thread no longer accepts no-op requests, which were sent immediately after FlushPageMapDelta.

711b78eb0 Bumped ic-http-gateway to from 0.1.0 to 0.2.0 and a bunch of related packages from 3.0.2 to 3.0.3.

483f05324 Updated systemd service unit files for critical components so that they are restarted automatically after 10 seconds in case of failures.

1e014f09f Updated ICOS image refs.

Refactoring:

7d99df628 Deleted production implementation of install_code method from canister manage and moved its logic to the install_code in the canister manager tests.

075a36404 Added https_outcalls_service field to ExecutionServices and initialize it with a separate instance of the QueryExecutionService, so that one is reserved for actual queries and one for https outcalls.

b368e3de3 Modified on_canister_result so that available cycles are always set to 0 by calling take_available_cycles when a refund is issued and deleted special case from ic0_msg_cycles_accept_helper which has been made redundant by the aforementioned change, as the amount of cycles available in the call context is already correct.

4627f3307 Moved log_dirty_pages from execution_environment.rs to common.rs module and updated imports to reflect this change.

57464b9ab In run method of QueryContext use Query’s source function to construct CallOrigin rather than doing it explicitly using a match statement.

9747838c6 Renamed reached method to instructions_reached and updated all its references.

125db7f4f Consolidate system state changes, such as logging canister traps and canister_version increments, to take place in apply_changes instead of having them spread around all over the codebase. Moved logic to determine whether to add logs for canister traps in add_canister_log_for_trap. In take_system_state_modifications handle explicitly which modifications should happen for each ApiType, i.e which require version increment and logs for traps.

Proposal 135422 – Zane | CodeGov

Vote: ADOPT
Reason: Build completes successfully and hashes match. Proposed changes are the same as 135421 but with commit df5828f reverted in case the subnets where the new message model is enabled start experiencing issues.

1354221890×463 100 KB