Proposal to elect new release rc--2025-02-27_03-09

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 135600.

Here is a summary of the changes since the last release:

Release Notes for release-2025-02-27_03-09-base (6e64281a8e0b4faa1d859f115fc138eee6e136f8)

This release is based on changes since release-2025-02-20_10-16-base (7147f471c7ac27f518e6c0eeb2015952b5e93e1b).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • 5b408281d Consensus,Interface: use socks5h schema and log url format (#4114)
  • e8b3ae98b Consensus,Interface: Deliver NiDkgIds to execution (#4058)
  • 256c59883 Consensus,Interface(crypto): use AlgorithmID::VetKD in batch delivery for vetKD (#4064)
  • 6e327863f Consensus,Interface: Deliver VetKeys to execution (#3860)
  • bf87411d0 Crypto,Interface(crypto): adapt vetKD API to use derivation domain blob instead of path (#4049)
  • 7a36fa012 Execution,Interface: Charge for best-effort memory usage (#4045)
  • 7fac242b3 Execution,Interface,Message Routing(MR): Expose best-effort memory usage (#3999)
  • 88c50f7bb Interface(ICRC_Ledger): Set 10Tcycles default value for cycles for archive creation (#3653)
  • c116fae44 Interface(ICRC_Ledger): Forbid setting interpreted ICRC ledger metadata (#3767)
  • 926010437 Interface(crypto): use dedicated AlgorithmID for vetKD (#3997)
  • 6e64281a8 Node: setupOS drive health check (#3737)
  • ea0ddcc07 Node: Use Ubuntu packaged kernels for ICOS (#4096)

Bugfixes:

Chores:

  • a1df884e9 Consensus,Interface: Reduce frequency of some logs (#4100)
  • d5e0ce5e4 Consensus,Interface(consensus): change the order of random beacon (share) validations (#1918)
  • a4b98fca7 Interface(ICP-Ledger): remove dfn_core from icp ledger lib (#4095)
  • 2c68becf6 Interface(ICP-index): removing dfn_core dependency (#4087)
  • 3ed07ee54 Interface,Message Routing: Adapt dishonest subnet guard for signals. (#3731)
  • 7faa2dc7f Node: Update Base Image Refs [2025-02-22-0151] (#4065)
  • fa7e52784 Node: Update Base Image Refs [2025-02-20-0812] (#4031)

Refactoring:

  • c0b17f575 Consensus,Interface(Consensus): Small cleanups in the DKG crate (#4038)

Tests:

  • 87f0431e3 Interface(nervous-system): Bump Cycles Ledger dependency to the latest version (#3890)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/6e64281a8e0b4faa1d859f115fc138eee6e136f8/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 6e64281a8e0b4faa1d859f115fc138eee6e136f8 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

1 Like

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 135601.

Here is a summary of the changes since the last release:

Release Notes for release-2025-02-27_03-09-disable-best-effort-messaging (35c29d9f4e93f691111471c7059b9abb371dfbe1)

This release is based on changes since release-2025-02-27_03-09-base (6e64281a8e0b4faa1d859f115fc138eee6e136f8).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Other changes:

  • 35c29d9f4 Consensus,Execution,Interface: Revert “feat(MR): Roll out best-effort calls to the first few subnets (#3816)”

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/35c29d9f4e93f691111471c7059b9abb371dfbe1/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 35c29d9f4e93f691111471c7059b9abb371dfbe1 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

Proposal 135600 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Full review:

Features:

  • 5b408281d Consensus,Interface: use socks5h schema and log url format (#4114)
    Review: Looks fine + matches description
    Notes: Adds the url_format label to the new SOCKs proxy metrics so that the success rates can be split between IPv4, IPv6, and domain name urls.

  • e8b3ae98b Consensus,Interface: Deliver NiDkgIds to execution (#4058)
    Review: Looks fine + matches description
    Notes: Adds the ni_dkg_ids field to the Batch instances which get sent through to the execution layer and populates this field by calling get_vetkey_public_keys.

  • 256c59883 Consensus,Interface(crypto): use AlgorithmID::VetKD in batch delivery for vetKD (#4064)
    Review: Looks fine + matches description
    Notes: Fixes the return value of get_vetkey_public_keys to specify that it used AlgorithmId::VetKD rather than the incorrect value of AlgorithmId::ThresBls12_381 which it was previously returning.

  • 6e327863f Consensus,Interface: Deliver VetKeys to execution (#3860)
    Review: Looks fine + matches description
    Notes: Implements the asynchronous get_vetkd_public_key_with_retries which can now be used via get_public_key_with_retries (where previously it would panic if the VetKd was passed in) and also implements the synchronous get_vetkey_public_keys and calls it within deliver_batches to pass the keys through to the execution layer.

  • bf87411d0 Crypto,Interface(crypto): adapt vetKD API to use derivation domain blob instead of path (#4049)
    Review: Looks fine + matches description
    Notes: Changes how derived VetKeys are generated by replacing DerivationPath (which uses a vec of blobs) with DerivationDomain (which uses a single blob), this is because the underlying VetKey public key derivation algorithm is non-hierarchical.

  • 7a36fa012 Execution,Interface: Charge for best-effort memory usage (#4045)
    Review: Looks fine + matches description
    Notes: Updates the canister_current_message_memory_usage field to be a struct containing the best effort memory usage and the guaranteed response memory usage, also replaces a few fields which previously didn’t specify the memory type to explicitly say they are only relating to guaranteed response memory (eg. allocated_message_bytesallocated_guaranteed_response_message_bytes), and also updates the CyclesAccountManager to charge cycles based on the total memory usage rather than just the guaranteed response memory usage.

  • 7fac242b3 Execution,Interface,Message Routing(MR): Expose best-effort memory usage (#3999)
    Review: Looks fine + matches description
    Notes: Adds the best_effort_messages field to the MemoryTaken struct within the replicated state to expose the memory used by best-effort canister messages.

  • 88c50f7bb Interface(ICRC_Ledger): Set 10Tcycles default value for cycles for archive creation (#3653)
    Review: Looks fine + matches description
    Notes: Sets the default amount of cycles used when creating a ledger archive to 10T (rather than the default being 0).

  • c116fae44 Interface(ICRC_Ledger): Forbid setting interpreted ICRC ledger metadata (#3767)
    Review: Looks fine + matches description
    Notes: Forbids setting certain ledger metadata values that are already exposed by the ledger by interpreting the ledger config (eg. icrc1:decimals).

  • 926010437 Interface(crypto): use dedicated AlgorithmID for vetKD (#3997)
    Review: Looks fine + matches description
    Notes: Adds the AlgorithmId::Vetkd variant where previously ThresBls12_381 was being used as a placeholder.

  • 6e64281a8 Node: setupOS drive health check (#3737)
    Review: Looks fine + matches description
    Notes: Adds a load of logging to setup-disk.sh and also adds a verify_drive_health step to the check-hardware.sh script.

  • ea0ddcc07 Node: Use Ubuntu packaged kernels for ICOS (#4096)
    Review: Looks fine + matches description
    Notes: Uses the prepackaged linux-image-extra-virtual-hwe-24.04 which pulls in a load packages rather than having to install each of them manually within the base Docker files.

Bugfixes:

  • 716d2a53d Execution,Interface: Fix InstanceStats metrics (#4062)
    Review: Looks fine + matches description
    Notes: Moves execution metrics from the hypervisor down to the sandbox execution level so that going forward metrics can be collected for more scenarios (eg. DTS).

  • fbd8400ee Node(IDX): fix manual target visibility (#4044)
    Review: Looks fine + matches description
    Notes: Opens up the visibility of a few Bazel build targets to fix a few cases where dependencies were not visible.

  • f31bd1cd3 Node: catch unbound variable errors from setupos sub-scripts (#3965)
    Review: Looks fine + matches description
    Notes: Modifies the setupos.sh script so that it exits if an unbound variable is detected.

Chores:

  • a1df884e9 Consensus,Interface: Reduce frequency of some logs (#4100)
    Review: Looks fine + matches description
    Notes: Reduces noise in the logs by debounding a few log messages using the existing every_n_seconds functionality.

  • d5e0ce5e4 Consensus,Interface(consensus): change the order of random beacon (share) validations (#1918)
    Review: Looks fine + matches description
    Notes: Verifies random beacon shares before checking that their parent hash is valid, by doing it this way, random beacon shares created from previous replica versions can be discarded without creating noise in the logs.

  • a4b98fca7 Interface(ICP-Ledger): remove dfn_core from icp ledger lib (#4095)
    Review: Looks fine + matches description
    Notes: Removes all usages of dfn_core from the ICP ledger library in favour of the CDK.

  • 2c68becf6 Interface(ICP-index): removing dfn_core dependency (#4087)
    Review: Looks fine + matches description
    Notes: Updates the ICP ledger index to use the CDK in a few places instead of using dfn_core then removes the dfn_core dependency.

  • 3ed07ee54 Interface,Message Routing: Adapt dishonest subnet guard for signals. (#3731)
    Review: Looks fine + matches description
    Notes: Updates the “dishonest subnet guard” to check the number of signals against MAX_SIGNALS rather than against MAX_STREAM_MESSAGES.

  • 7faa2dc7f Node: Update Base Image Refs [2025-02-22-0151] (#4065)
    Review: Looks fine + matches description
    Notes: Updates the base IC-OS image references.

  • fa7e52784 Node: Update Base Image Refs [2025-02-20-0812] (#4031)
    Review: Looks fine + matches description
    Notes: Updates the base IC-OS image references.

Refactoring:

  • c0b17f575 Consensus,Interface(Consensus): Small cleanups in the DKG crate (#4038)
    Review: Looks fine + matches description
    Notes: Cleans up a few use statements and fixes a typo.

Tests:

  • 87f0431e3 Interface(nervous-system): Bump Cycles Ledger dependency to the latest version (#3890)
    Review: Looks fine + matches description
    Notes: Updates the CyclesLedger version from v0.2.3 to v1.0.3 and updates the usages accordingly.

Proposal 135601

Vote: Adopt
Reason: I have successfully run the build script and there is only a single additional commit which disables the new best-effort calls feature. This is done as a precaution in case there is an issue with the feature and it needs to quickly be disabled.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal 135600 – ilbert | CodeGov

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

Review:
For the Execution and Runtime layers, the main changes introduced in this proposal are:

  • Continues the work on best-effort messages
  • Adds both internal and public facing canister metrics
  • Adds methods to the management canister

I’ve reviewed all the commits listed in the proposal, for the Execution and Runtime layers:

7a36fa012:
Matches description.

7fac242b3:
Adds the best_effort_messages field to the MemoryTaken struct. Adds the namesake method to the same struct to return the value of the field. Adds the messages_total method to the MemoryTaken struct, which returns the total amount of memory taken by both guaranteed response and best-effort messages.
Updates the memory_taken method of the ReplicatedState struct to calculate the best-effort messages memory taken as the sum of each canister’s best-effort messages used memory plus the subnet queues’ best-effort messages used memory.

716d2a53d:
Adds the accessed_pages (histogram), dirty_pages (histogram), read_before_write_count (histogram), direct_write_count (histogram), allocated_pages (gauge), sigsegv_count (histogram), mmap_count (histogram), mprotect_count (histogram), copy_page_count (histogram) fields to the SandboxedExecutionMetrics struct and removes them from the HypervisorMetrics struct.
Adds the observe_instance_stats method to the SandboxedExecutionMetrics struct, which observes all the newly introduced metrics from the instance_stats argument. This method is called in the process_completion method of the SandboxedExecutionController struct.
Removes the observe method from the HypervisorMetrics struct.

d193e26e3 (not included in the proposal description):
Introduces the cost_call, cost_create_canister, cost_http_request, cost_sign_with_ecdsa, cost_sign_with_schnorr, cost_vetkd_derive_encrypted_key management canister methods, together with their underlying implementations.

a944a8b33 (not included in the proposal description):
Adds the MemoryMetrics struct, which has some fields that enable to break down the canister’s memory usage. This struct is used in the newly introduced memory_metrics field of the CanisterStatusResultV2 struct and is constructed in the new method of the struct, which now accepts the values of the fields needed to populate the memory_metrics struct. Adds the namesake getter methods to the CanisterStatusResultV2.
Calculates the values of the MemoryMetrics struct’s fields in the get_canister_status method of the CanisterManager struct. The values are calculated using the newly introduced stable_memory_usage, global_memory_usage, wasm_binary_memory_usage, snapshots_memory_usage methods of the CanisterState struct. These methods use the newly introduced namesake methods of the ExecutionState.
Refactors the memory_usage method of the ExecutionState struct to use the newly introduced methods.


Proposal 135601 – ilbert | CodeGov

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

Review:
This release is the same as the one in 135600 with the addition of the 35c29d9f4 commit, which matches its description.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

proposal - 135600 – Cyberowl | CodeGov

Vote: ADOPT

Reason:

All commits match their description and no errors were found. The verification build hash also matches release_package_sha256_hex.

Hash Match: MATCH

2 Urls: MATCH

Feedback: NONE

Proposer Check: MATCH

Overall Summary:

Refactors VetKD by replacing ExtendedDerivationPath with VetKdDerivationDomain, simplifying key derivation from a nested vector (Vec<Vec<u8>>) to (Vec<u8>). VetKD public keys are now retrieved via get_vetkey_public_keys from DKG transcripts, integrated into batch delivery, and VetKD’s algorithm ID was reassigned to ThresBls12_381.

Commits Summary

5b408281d
url_format metric label for better private tracking of connection attempts by URL type. Update aims to fix SOCKS proxy failures by letting it resolve hostnames.

e8b3ae98b
Updated deliver_batches to use the ni_dkg_ids returned by get_vetkey_public_keys, which is passed to the execution layer via MessageRouting::deliver_batch.

256c59883
Change algorithm_id to AlgorithmId::VetKD from AlgorithmId::VetKD.

6e327863f
Utility function get_vetkey_public_keys in dkg::utils to fetch VetKD public keys from DKG transcripts. get_vetkey_public_keys extracts transcripts converts them to MasterPublicKey entries, and appends them to chain_key_subnet_public_keys.

bf87411d0
Refactors VetKD by replacing ExtendedDerivationPath with VetKdDerivationDomain, renaming fields to derivation_domain. Replaces the nested ExtendedDerivationPath (with caller: PrincipalId and derivation_path: Vec<Vec<u8>>) with VetKdDerivationDomain (using caller: PrincipalId and a single domain: Vec<u8>).

7a36fa012
Changed allocated_message_bytes to allocated_guaranteed_response_message_bytes in WasmExecutionOutput. Refactors memory tracking to explicitly manage guaranteed response and best-effort messages via MessageMemoryUsage, renames fields and methods for clarity.

7fac242b3
Added best_effort_messages: NumBytes to MemoryTaken. Introduced best_effort_messages() and messages_total() to access best-effort memory and total message memory.

88c50f7bb
10 trillion cycle default for archive creation in ledger_canister_core.

c116fae44
Added METADATA_DECIMALS, METADATA_NAME, METADATA_SYMBOL, METADATA_FEE, and METADATA_MAX_MEMO_LENGTH as reserved metadata keys. Updated from_init_args and upgrade to use map_metadata_or_trap.

926010437
Removes the VetKD variant from AlgorithmId, reassigns its VetKD functionality to ThresBls12_381.

6e64281a8
Add drive health verification to check-hardware.sh, improve disk setup logging and error handling in setup-disk.sh. setup-disk.sh now provides detailed status messages when wiping partitions and setting up storage.

ea0ddcc07
Updates the GuestOS and SetupOS Docker base images by removing explicit kernel installations, leveraging Ubuntu 24.04’s default kernel via linux-image-extra-virtual-hwe-24.04 for GuestOS

Bugfixes:
716d2a53d
Reorganizes WASM page metrics from Hypervisor to SandboxedExecutionController and shifts test logic from a single scenario to a parameterized rstest approach

fbd8400ee
Adjust visibility settings for various IC-OS and test-related targets.

f31bd1cd3
Matches description catch unbound variable errors from setupos sub-scripts

Chores:
a1df884e9
Logs in IDkgPreSignerImpl and ThresholdSignerImpl are now throttled to once every 15 seconds, preventing excessive warnings.

d5e0ce5e4
Moved the verify_artifact call before the last_hash != beacon.content.parent check within the filter_map for random beacons. Reordered to verify the artifact first, then check last_hash != beacon.content.parent only if verification succeeds.

a4b98fca7
Calls like ic_cdk::api::time() instead of dfn_core::api::now(). dfn_candid and dfn_core dependencies are removed. Use CdkRuntime in the ICP ledger.

2c68becf6
Matches description removing dfn_core dependency.

3ed07ee54
The payload builder now enforces MAX_SIGNALS limits, ensuring no more than the allowed number of signals are included in outgoing streams, preventing abuse by dishonest subnets.

7faa2dc7f
Update base image refs.

fa7e52784
Update base image refs.

Refactoring:
c0b17f575
Matches description Small cleanups in the DKG crate

Tests:
87f0431e3
Updates the Cycles Ledger dependency to the latest version. It also addresses a breaking change in which the max_transactions_per_request field was renamed to max_blocks_per_request.

proposal - 135601 – Cyberowl | CodeGov

Vote: ADOPT

Reason:

One commit to revert “Roll out best-effort calls to the first few subnets”. Commit matches description and no errors were found. The verification build hash also matches release_package_sha256_hex.

Hash Match: MATCH

2 Urls: MATCH

Feedback: NONE

Proposer Check: MATCH

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal #135600 — Zack | CodeGov

for release-2025-02-27_03-09-base.

Vote: Adopted.
Reason: Builds fine and the hash matches for GUESTOS, HOSTOS and SETUPOS.

Proposal #135601 — Zack | CodeGov

for release-2025-02-27_03-09-disable-best-effort-messaging.

Vote: Adopted.
Reason: Builds fine and the hash matches for GUESTOS, HOSTOS and SETUPOS.

Other changes:
35c29d9f4 Consensus,Execution,Interface: Revert "feat(MR): Roll out best-effort calls to the first few subnets.
Matches description.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

Proposal 135600 - Ipsita | ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: All the hashes match
  3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

Commit

Features

  • 5b408281d
    Summary: use socks5h schema and log url format
    Notes: Adds log message to log the url format to check if socks5h have more success.
    Review: Code changes match the commit message.

  • e8b3ae98b
    Summary: Deliver NiDkgIds to execution
    Notes: Adds the NiDkgs available to answer VetKdDeriveEncryptedKey to
    execution.
    Review: Code changes match the commit message.

  • 256c59883
    Summary: use AlgorithmID::VetKD in batch delivery for vetKD
    Notes: This PR fixes a system test by adding algorithm ID in batch delivery.
    Review: Code changes match the commit message.

  • 6e327863f
    Summary: Deliver VetKeys to execution
    Notes: Returns MasterPublicKeys and NiDkgId with MasterPublicKeyId which are active in VetKeys and then they are delivered to execution so that vetkd_public_key function can work.
    Review: Code changes match the commit message.

  • bf87411d0
    Summary: adapt vetKD API to use derivation domain blob instead of path
    Notes: vetKD are changed from derivation_path: vec blob to derivation_domain: blob to make the api call simpler.
    Review: Code changes match the commit message.

  • 7a36fa012
    Summary: Charge for best-effort memory usage
    Notes: Adds MessageMemoryUsage type which combines guaranteed response and best effort memory usage and uses it instead of plain NumBytes to track memory usage.
    Review: Code changes match the commit message.

  • 7fac242b3
    Summary: Expose best-effort memory usage
    Notes: ReplicatedState exposes best effort and total memory usage via MemoryTaken struct.
    Review: Code changes match the commit message.

  • 88c50f7bb
    Summary: Set 10Tcycles default value for cycles for archive creation
    Notes: DEFAULT_CYCLES_FOR_ARCHIVE_CREATION is set to 10 trillion cycles.
    Review: Code changes match the commit message.

  • c116fae44
    Summary: Forbid setting interpreted ICRC ledger metadata
    Notes: Does not allows setting the below listed metadata during initialization and upgrades arguments of the icrc ledger.

    icrc1:symbol
    icrc1:name
    icrc1:decimals
    icrc1:fee
    icrc1:max_memo_length
    

    Review: Code changes match the commit message.

  • 926010437
    Summary: use dedicated AlgorithmID for vetKD
    Notes: Uses AlgorithmID for vetKD
    Review: Code changes match the commit message.

  • 6e64281a8
    Summary: setupOS drive health check
    Notes: adds health check to check-hardware.sh and improves log messages in setup-disk.sh.
    Review: Code changes match the commit message.

  • ea0ddcc07
    Summary: Use Ubuntu packaged kernels for ICOS
    Notes: uses ubuntu kernels for ic os.
    Review: Code changes match the commit message.

Bugfixes

  • ea0ddcc07
    Summary: Fix InstanceStats metrics
    Notes: Moves InstanceStats metrics from hypervisor down to sandbox execution level so that the metrics can be reported for the DTS execution.
    Review: Code changes match the commit message.

  • fbd8400ee
    Summary: fix manual target visibility
    Notes: Fixes manual tagged targets which were broken since they depend on targets which are not visible.
    Review: Code changes match the commit message.

  • f31bd1cd3
    Summary: catch unbound variable errors from setupos sub-scripts
    Notes: Bug in setup os is fixed where unbound variable errors were not caught.
    Review: Code changes match the commit message.

Chores

  • f31bd1cd3
    Summary: Reduce frequency of some logs
    Notes: Reduces frequency of some log messages which can appear quite frequently.
    Review: Code changes match the commit message.

  • d5e0ce5e4
    Summary: change the order of random beacon (share) validations
    Notes: Some replicas upgrade faster than the others because of which there are Invalid consensus artifact warning log messages. Since the log message are little misleading the order of the validation of the random beacons is changed. We first check the signature replica and only then we check the parent hash. If there is a replica version mismatch there will be no log messages.
    Review: Code changes match the commit message.

  • a4b98fca7
    Summary: remove dfn_core from icp ledger lib
    Notes: Removes references of dfn_core from icp ledger.
    Review: Code changes match the commit message.

  • 2c68becf6
    Summary: removing dfn_core dependency
    Notes: removes dfn_core and instead uses cdk for icp ledger.
    Review: Code changes match the commit message.

  • 3ed07ee54
    Summary: Adapt dishonest subnet guard for signals
    Notes: Updates dishonest subnet guard.
    Review: Code changes match the commit message.

  • 7faa2dc7f
    Summary: Update Base Image Refs [2025-02-22-0151]
    Notes: updates ic os base container image references.
    Review: Code changes match the commit message.

  • fa7e52784
    Summary: Update Base Image Refs [2025-02-20-0812]
    Notes: updates ic os base container image references.
    Review: Code changes match the commit message.

Refactoring

  • c0b17f575
    Summary: Small cleanups in the DKG crate
    Notes: Small refactoring in dkg crate
    Review: Code changes match the commit message.

Tests

  • 87f0431e3
    Summary: Bump Cycles Ledger dependency to the latest version
    Notes: Updates Cycles Ledger dependency to latest version.
    Review: Code changes match the commit message.

Proposal 135601 - Ipsita | ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: All the hashes match
  3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

Commit

Other changes

  • 35c29d9f4
    Summary: Revert "feat(MR): Roll out best-effort calls to the first few subnets
    Notes: Revert of commit df5828f
    Review: Code changes match the commit message.

Proposal: 135600

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “0a0b521b7fadfd7e56f2dda1dc3ef259a2205def76c6b9940f4f3b48c64f55a8”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

Commits

Detailed Review:

Features:

  • 5b408281d Consensus,Interface: use socks5h schema and log url format (#4114)
    Notes: socks5h is now used instead of socks5 as it has support to resolve hostnames too. Also to measure success rate at ipv4, ipv6 and domain name level, a new metric url_format has been added to socks_connection_attempts metric.
    Review: Code changes look good and match release notes.
  • e8b3ae98b Consensus,Interface: Deliver NiDkgIds to execution (#4058)
    Notes: TODO CON-1420 is addressed in PR by adding ni_dkg_ids to the Batch instances being sent to execution.
    Review: Code changes look good and match release notes.
  • 256c59883 Consensus,Interface(crypto): use AlgorithmID::VetKD in batch delivery for vetKD (#4064)
    Notes: Long running tests vetkd:vetkd_key_life_cycle_test were broken because AlgorithmID::VetKD was not used in batch delivery. Now it is fixed by updating the algorithm from AlgorithmId::ThresBls12_381 to AlgorithmID::VetKD.
    Review: Code changes look good and match release notes.
  • 6e327863f Consensus,Interface: Deliver VetKeys to execution (#3860)
    Notes: This PR introduces the function get_vetkey_public_keys which returns MasterPublicKeys and NiDkgId. These NiDkgIds are then delivered to the execution implemented in commit e8b3ae98b. Unit tests will be added later for this function. Also implemented get_vetkd_public_key_with_retries() which is then called in get_public_key_with_retries.
    Review: Code changes look good and match release notes.
  • bf87411d0 Crypto,Interface(crypto): adapt vetKD API to use derivation domain blob instead of path (#4049)
    Notes: This PR changes the way vetkeys are derived, by changing the hierarchical derivation_path which was vec of blobs to non-hierarchical derivation_domain which just uses a single bloc. The derivation_path name is not set in stone yet, and open to discussion.
    Review: Code changes look good and match release notes.
  • 7a36fa012 Execution,Interface: Charge for best-effort memory usage (#4045)
    Notes: This PR implemented a new struct MessageMemoryUsage which internally uses both guaranteed_response and best_effort. Then uses this new struct all over the code base instead of NumBytes to track message memory usage by updating the type of canister_current_message_memory_usage . Also updates CyclesAccountManager to use this new struct too to account for total memory used.
    Review: Code changes look good and match release notes.
  • 7fac242b3 Execution,Interface,Message Routing(MR): Expose best-effort memory usage (#3999)
    Notes: Exposes both best effort memory usage and total memory usage by adding both of these to MemoryTaken struct within the replicated state.
    Review: Code changes look good and match release notes.
  • 88c50f7bb Interface(ICRC_Ledger): Set 10Tcycles default value for cycles for archive creation (#3653)
    Notes: Adds a default value to amount of cycles used to create a ledger archive canister by introducing a constant DEFAULT_CYCLES_FOR_ARCHIVE_CREATION and setting it to 10T.
    Review: Code changes look good and match release notes.
  • c116fae44 Interface(ICRC_Ledger): Forbid setting interpreted ICRC ledger metadata (#3767)
    Notes: This PR forbids setting some ledger metadata values as these values are already exposed via interpreting the ledger config. Icrc1:max_memo_length, icrc1:fee, icrc1:decimals, icrc1:name, icrc1:symbol are among these metadata.
    Review: Code changes look good and match release notes.
  • 926010437 Interface(crypto): use dedicated AlgorithmID for vetKD (#3997)
    Notes: Replaces ThresBls12_381 and ThresholdEd25519 with VetKD all over the place.
    Review: Code changes look good and match release notes.
  • 6e64281a8 Node: setupOS drive health check (#3737)
    Notes: Added a new functionality verify_drive_health to check drive health in check-hardware.sh and some logging improvements in setup-disk.sh
    Review: Code changes look good and match release notes.
  • ea0ddcc07 Node: Use Ubuntu packaged kernels for ICOS (#4096)
    Notes: Added a package linux-image-extra-virtual-hwe-24.04 which has pre packaged kernels so that they need not be downloaded manually.
    Review: Code changes look good and match release notes.

Bugfixes:

  • 716d2a53d Execution,Interface: Fix InstanceStats metrics (#4062)
    Notes: This PR moves the execution metrics InstanceStats from the hypervisor down to sandbox level. This will enable metrics to be collected for DTS executions and heap dirty pages exceeding 1GB.
    Review: Code changes look good and match release notes.
  • fbd8400ee Node(IDX): fix manual target visibility (#4044)
    Notes: A couple of manual tagged targets were broken as they were dependent other targets which were not visible. This PR make them visible.
    Review: Code changes look good and match release notes to fix
  • f31bd1cd3 Node: catch unbound variable errors from setupos sub-scripts (#3965)
    Notes: Its a simple fix in setupos.sh where unbound variables were not caught. Now in any sub-script if unbound variable is encountered then the setupos script halts.
    Review: Code changes look good and match release notes.

Chores:

  • a1df884e9 Consensus,Interface: Reduce frequency of some logs (#4100)
    Notes: The frequency of some logs is reduced as they could have appeared quite frequently by setting every_n_seconds to 15 and 5 at different places.
    Review: Code changes look good and match release notes.
  • d5e0ce5e4 Consensus,Interface(consensus): change the order of random beacon (share) validations (#1918)
    Notes: The order of the validation of random beacon and its shares is changed by first checking the signatures and replica version and then only checking the parent hash validity. This avoid logging of incorrect warning which was being logged because some replicas being upgraded quicker than others.
    Review: Code changes look good and match release notes.
  • a4b98fca7 Interface(ICP-Ledger): remove dfn_core from icp ledger lib (#4095)
    Notes: Removed all usage of dfn_core from icp ledger.
    Review: Code changes look good and match release notes.
  • 2c68becf6 Interface(ICP-index): removing dfn_core dependency (#4087)
    Notes: cdk runtime is used in icp ledger lib now and dfn_core dependency is now removed.
    Review: Code changes look good and match release notes.
  • 3ed07ee54 Interface,Message Routing: Adapt dishonest subnet guard for signals. (#3731)
    Notes: MAX_SIGNALS which is 2 times MAX_STREAM_MESSAGES is used to check against the number of signals for their validity and hence “dishonest subnet guard”.
    Review: Code changes look good and match release notes.
  • 7faa2dc7f Node: Update Base Image Refs [2025-02-22-0151] (#4065)
    Notes: ic-os base image references are updated.
    Review: Code changes look good and match release notes.
  • fa7e52784 Node: Update Base Image Refs [2025-02-20-0812] (#4031)
    Notes: ic-os base image references are updated.
    Review: Code changes look good and match release notes.

Refactoring:

  • c0b17f575 Consensus,Interface(Consensus): Small cleanups in the DKG crate (#4038)
    Notes: minor refactoring has been done in DKG crate. Some “use” statements are updated. There is also a minor comment typo fix from “aand” to “and”.
    Review: Code changes look good and match release notes.

Tests:

  • 87f0431e3 Interface(nervous-system): Bump Cycles Ledger dependency to the latest version (#3890)
    Notes: Updates the cycle ledger dependency from 0.2.3 to 1.0.3, and updates usage of max_transactions_per_request to max_blocks_per_request.
    Review: Code changes look good and match release notes.

Proposal: 135601

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “4c2d99891f72c3206eecdcc90de11d37d98ddc191b40be0abd7275796815bea8”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

Commits

Detailed Review:

Other changes:

Proposal 135600 - Yuvika | ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

Commits

Features:

  • 5b408281d
    Summary: use socks5h schema and log url format.
    Notes: Add a log message to record the URL format, aiding in debugging and determining if using the socks5h proxy improves connection success.
    Review: The description matches the code changes.

  • e8b3ae98b
    Summary: Deliver NiDkgIds to execution.
    Notes: Enable Network Identity Key Derivation Key Generation System (NiDkgs) during execution to facilitate the VetKdDeriveEncryptedKey process.
    Review: The description matches the code changes.

  • 256c59883
    Summary: use AlgorithmID::VetKD in batch delivery for vetKD.
    Notes: Update system test success by including the algorithm ID in batch delivery, resolving a previous omission.
    Review: The description matches the code changes.

  • 6e327863f
    Summary: Deliver VetKeys to execution.
    Notes: Enable the vetkd_public_key function by retrieving and delivering active MasterPublicKeys and NiDkgIds, linked by MasterPublicKeyId, from VetKeys to the execution environment.
    Review: The description matches the code changes.

  • bf87411d0
    Summary: adapt vetKD API to use derivation domain blob instead of path.
    Notes: Simplify the vetKD API by replacing the derivation_path (a vector of blobs) with a single derivation_domain blob.
    Review: The description matches the code changes.

  • 7a36fa012
    Summary: Charge for best-effort memory usage.
    Notes: Introduce a new type MessageMemoryUsage, replacing NumBytes, to provide more accurate memory tracking by combining guaranteed and best-effort usage data.
    Review: The description matches the code changes.

  • 7fac242b3
    Summary: Expose best-effort memory usage.
    Notes: ReplicatedState provides memory usage details, including best-effort and total consumption, through the MemoryTaken structure.
    Review: The description matches the code changes.

  • 88c50f7bb
    Summary: Set 10Tcycles default value for cycles for archive creation.
    Notes: Set DEFAULT_CYCLES_FOR_ARCHIVE_CREATION to 10T cycles.
    Review: The description matches the code changes.

  • c116fae44
    Summary: Forbid setting interpreted ICRC ledger metadata.
    Notes: Restrict the ability to set core ICRC-1 metadata (symbol, name, decimals, fee, max memo length) through ledger initialization or upgrade arguments.
    Review: The description matches the code changes.

  • 926010437
    Summary: use dedicated AlgorithmID for vetKD.
    Notes: Adopt AlgorithmID for vetKD.
    Review: The description matches the code changes.

  • 6e64281a8
    Summary: setupOS drive health check.
    Notes: Improve system diagnostics by adding a hardware health check to check-hardware.sh and improving log clarity within setup-disk.sh.
    Review: The description matches the code changes.

  • ea0ddcc07
    Summary: Use Ubuntu packaged kernels for ICOS.
    Notes: IC-OS now utilizes Ubuntu kernels.
    Review: The description matches the code changes.

Bugfixes:

  • 716d2a53d
    Summary: Fix InstanceStats metrics.
    Notes: Shift InstanceStats metrics reporting from the hypervisor to the sandbox execution level, enabling metric collection for DTS executions.
    Review: The description matches the code changes.

  • fbd8400ee
    Summary: fix manual target visibility.
    Notes: Resolve issues with manually tagged targets by restoring their visibility to dependent targets, which were previously inaccessible.
    Review: The description matches the code changes.

  • f31bd1cd3
    Summary: catch unbound variable errors from setupos sub-scripts.
    Notes: Resolve a bug in SetupOS that prevented the detection of unbound variable errors.
    Review: The description matches the code changes.

Chores:

  • a1df884e9
    Summary: Reduce frequency of some logs.
    Notes: Decrease the frequency of certain high-volume log messages.
    Review: The description matches the code changes.

  • d5e0ce5e4
    Summary: change the order of random beacon (share) validations.
    Notes: Resolve misleading “Invalid consensus artifact” warnings during replica upgrades by reordering random beacon validation, prioritizing signature checks to avoid false positives due to version mismatches.
    Review: The description matches the code changes.

  • a4b98fca7
    Summary: remove dfn_core from icp ledger lib.
    Notes: Delete references of dfn_core from icp ledger.
    Review: The description matches the code changes.

  • 2c68becf6
    Summary: removing dfn_core dependency.
    Notes: Replace references of dfn_core with CDK.
    Review: The description matches the code changes.

  • 3ed07ee54
    Summary: Adapt dishonest subnet guard for signals.
    Notes: Modify the dishonest subnet guard.
    Review: The description matches the code changes.

  • 7faa2dc7f
    Summary: Update Base Image Refs [2025-02-22-0151]
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • fa7e52784
    Summary: Update Base Image Refs [2025-02-20-0812].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

Refactoring:

  • c0b17f575
    Summary: Small cleanups in the DKG crate.
    Notes: Minor code improvement within the dkg crate.
    Review: The description matches the code changes.

Tests:

  • 87f0431e3
    Summary: Bump Cycles Ledger dependency to the latest version.
    Notes: Upgrade the Cycles Ledger dependency to its newest release.
    Review: The description matches the code changes.

Proposal 135601 - Yuvika | ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

Commits

Other changes:

  • 35c29d9f4
    Summary: Revert "feat(MR): Roll out best-effort calls to the first few subnets.
    Notes: Revert commit df5828f.
    Review: The description matches the code changes.

Proposal 135600 | Tim - CodeGov

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. I’ve reviewed commits for Consensus, Crypto and Interface as detailed below.

Review

Features:

[5b408281d]
Changes get_socks_proxy_addrs to use socks5h schema instead of socks5. Adds url_format to logging.

[e8b3ae98b]
Adds ni_dkg_ids field (NiDKG Ids corresponding to available transcripts to be used to answer vetkd requests) to Batch type, which is provided to Message Routing for deterministic processing.

[256c59883]
Utilises AlgorithmId::VetKD from 926010437 below in get_vetkey_public_keys function from 6e327863f below.

[6e327863f]
Adds new function get_vetkey_public_keys, which returns MasterPublicKeys and NiDkgIds corresponding to active VetKD keys in the subnet. This is then utilised in deliver_batches to deliver MasterPublicKeys (but not NiDkgIds yet) to execution.

[bf87411d0]
Adds type VetKdDerivationDomain, containing metadata used to derive keys for vetKD, and uses this in place of ExtendedDerivationPath in type VetKdArgs. The effect of the change is to use domain: Vec<u8> instead of derivation_path: Vec<Vec<u8>> to derive keys, in keeping with the explanation given in the commit notes.

[88c50f7bb]
Adds constant DEFAULT_CYCLES_FOR_ARCHIVE_CREATION, set at 10 trillion, utilised in several tests.

[c116fae44]
Adds function map_metadata_or_trap in order to disallow setting specific metadata ("icrc1:symbol", "icrc1:name", etc) in ICRC ledger from_init_args and upgrade methods, as explained in the commit notes.

[926010437]
Adds VetKD to the AlgorithmId enum.

Chores:

[a1df884e9]
Uses every_n_seconds within macros to reduce the frequency of logging in send_dealing_support, create_signature_share and QuicTransport rpc methods.

[d5e0ce5e4]
Changes to validate_beacons and validate_beacon_shares methods as per the description in order to reduce the occurrence of ambiguous log warnings.

[a4b98fca7]
Removes DfnRuntime type and moves CdkRuntime type to ledger_canister_core, along with related changes matching the description.

[2c68becf6]
Removes dfn_core as a dependency and replaces dfn_core::api::caller with ic_base_types::PrincipalId in ledger_suite/icp/index.

[3ed07ee54]
Changes to dishonest subnet detection in the XNet payload builder, in particular changing the limit for signals allowed in a stream to 2 * MAX_SIGNALS. @DRE-Team Please note that the link provided in the description is not publicly viewable.

Refactoring:

[c0b17f575]
Adjusted use statements to remove duplications, and corrected a comment typo.

Tests:

[87f0431e3]
Version change for cycles-ledger + associated code fixes.

Proposal 135601 | Tim - CodeGov

Vote: Adopt

Reason: Build is successful and hashes match. The proposal consists of a single commit which reverts the roll out of best-effort calls to the first few subnets from commit df5828f, as reviewed previously.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal 135600 – Zane | CodeGov

Vote: ADOPT
Reason: Build completes successfully and hashes match. While checking the commit diffs from last release I’ve noticed a handful of relevant commits have been omitted from the changelogs, not sure if due to an error with the scripts used internally to generate them. While reviewing them I haven’t found any anomalies, so I’ve voted to adopt.

Features:

92bbc875c6 Removed subnet_type field from embedders config. Modified replacement_functions function to not skip charging for bytes used in stable memory operations, i.e write/reads, for system subnets.

d193e26e3 Implemented and exposed new system APIs that allow canisters to retrieve the amount of cycles for some system calls: i.e cost_call, cost_create_canister, cost_http_request, cost_sign_with_ecdsa, cost_sign_with_schnorr and cost_vetkd_derive_encrypted_key. Extended SandboxSafeSystemState struct with network_topology field and added 2 methods to its implementation: get_cycles_account_manager and get_key_replication_factor. The former is used in the new system APIs to get cost of certain actions from the cycles account manager the latter is used to get the node count of the biggest subnet with a given key id, which is then used to scale the threshold signature fee. Added zero_cost helper method in CyclesAccountManagerConfig which returns a subnet config with all fees set to 0, exception made for threshold sigs fees, this will be likely used for testing or rented subnets, but at this time isn’t called anywhere.

a944a8b331 Added memory_metrics to CanisterStatusResultV2 struct, the new field contains various canister memory related metrics such as wasm/stable memory usage, size of the wasm binary, size of the canister’s snapshot(s), etc…
All these values are populated by the canister manager when calling get_canister_status.

c53ff89996 Perform both bounded/unbounded wait calls in xnet_compatibility tests.

7a36fa012 Modified canister_current_message_memory_usage field to use new MessageMemoryUsage struct as type instead of NumBytes, which contains both memory used by bounded and unbounded wait messages. In idle_cycles_burned_rate_by_resource of the cycles account manager the sum of both calls resource usage is used when charging for memory.
Renamed some fields to better reflect their purpose e.g allocated_message_bytes is now allocated_guaranteed_response_message_bytes and subnet_message_memory_capacity is guaranteed_response_message_memory_capacity.

7fac242b3 Added best_effort_messages field to MemoryTaken alongside 2 new getter methods to fetch amount of memory taken by bounded wait calls and sum of all messages’ memory usage. Modified memory_taken method of replicated state to compute bounded wait calls memory usage and return it through MemoryTaken struct.

88c50f7bb Increased cycles_for_archive_creation default value to 10T cycles instead of 0.

c116fae44 Added map_metadata_or_trap method which checks all metadata passed as argument and triggers a panic if they contain disallowed keys, e.g icrc1:decimals. It is called when metadata are set both during canister initialization and upgrades.

Bugfixes:

716d2a53d Fixed InstanceStats metrics not being always tracked by moving them from HypervisorMetrics down to the SandboxedExecutionMetrics.

Chores:

[1766732cef] Same as description.

a4b98fca7 Deprecated dfn_core in favour of ic_cdk. Updated CanisterId import to use ic_base_types instead of dfn_core.

2c68becf6 Removed dfn_core dependency from the ledger suite and replaced caller() api calls with the ic_cdk implementation.

7faa2dc7f, fa7e52784 Updated ICOS image refs.

Proposal 135601– Zane | CodeGov

Vote: ADOPT
Reason: Build completes successfully and hashes match. Proposed changes are the same as 135600 but with commit df5828f reverted in case the subnets where the new message model is enabled start experiencing issues.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like