Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 135696.

Here is a summary of the changes since the last release:

Release Notes for release-2025-03-06_03-10-base (de6e339b323f59fc07b18c23f37c3cd2aa8ceb55)

This release is based on changes since release-2025-02-27_03-09-base (6e64281a8e0b4faa1d859f115fc138eee6e136f8).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

• 33fd3f2cd Consensus,Interface: Introduce VetKD payload section and deliver completed agreements (#4022)
• ea73f6e20 Consensus,Interface: Adjust priority function to accept vetKD shares (#3829)
• 572970938 Crypto: Add utility crate for public key encryption (#4179)
• 226346ead Crypto,Interface(crypto): adapt vetKD public key derivation to have two steps (#4057)
• b8bca6a63 Execution,Interface: Enable on-disk compilation cache (#3554)
• 6215de943 Execution,Interface: Increase max snapshots allowed per canister (#4169)
• 92749f5d0 Execution,Interface: Implement VetKdDeriveEncryptedKey on execution side (#4129)
• ac9a806ff Execution,Interface: Publish ic-error-types (#4120)
• dc7cbfa68 Interface: make ic-gateway a monorepo dependency (#4216)
• f0ed1f226 Interface(ICRC_Ledger): Add to list of supported standards of ICRC ledger (#4175)
• 90a8aa927 Interface(governance): Move Rewards Distribution into timer (#3969)
• 0d96610b8 Interface(ICRC-Ledger): migrate ledger blocks to stable structures (#3695)

Bugfixes:

• bbc4c5646 Execution,Interface: Sanitize transport public key input bytes in execution (#4231)
• a61450863 Node: Fix size and console for new kernels (#4140)

Chores:

• 86f751e85 Execution,Interface(crypto): Validate Schnorr aux field in management canister interface (#4234)
• ddcdb2e92 Interface: Remove last management canister types from PocketIC and its users (#4178)
• e0d36caf9 Interface,Message Routing: streamline BUILD.bazel file for State Manager (#4212)
• 33a340638 Interface,Message Routing: refactor to use test_strategy in State Layout proptests (#4204)
• 751e615af Interface,Message Routing: refactor to use test_strategy in Tree Deserializer proptests (#4210)
• 3eb4c22af Interface,Message Routing: refactor to use test_strategy in State Manager proptests (#4195)
• 41d5409c0 Owners(IDX): Don’t upload artifacts on non-release (#4108)
• a79ae06a5 Node: Update Base Image Refs [2025-03-04-0147] (#4215)
• 08c2865d1 Node: Update Base Image Refs [2025-02-27-1657] (#4158)

Refactoring:

• a03bf1af3 Execution,Interface: Renaming for ReshareChainKeys (#4131)
• 4bec7b884 Execution,Interface: Add types to memory tracker (#4139)

Tests:

• 735e9df96 Consensus,Interface: add integration tests for the socks proxy path in the outcalls adapter (#4168)
• 973f571ec Interface(registry/node_provider_rewards): Add unit tests for calculate_rewards_v0 (#4118)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/de6e339b323f59fc07b18c23f37c3cd2aa8ceb55/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c de6e339b323f59fc07b18c23f37c3cd2aa8ceb55 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 135697.

Here is a summary of the changes since the last release:

Release Notes for release-2025-03-06_03-10-disable-best-effort-messaging (9769228872b351a7443d7e867d67afd65d96212b)

This release is based on changes since release-2025-03-06_03-10-base (de6e339b323f59fc07b18c23f37c3cd2aa8ceb55).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Other changes:

• 976922887 Consensus,Execution,Interface: Revert “feat(MR): Roll out best-effort calls to the first few subnets (#3816)”

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/9769228872b351a7443d7e867d67afd65d96212b/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 9769228872b351a7443d7e867d67afd65d96212b --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

Proposal 135696 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Screenshot 2025-03-08 at 09.45.472002×886 290 KB

Features:

• 33fd3f2cd Consensus,Interface: Introduce VetKD payload section and deliver completed agreements (#4022)
  Review: Looks fine + matches description
  Notes: Adds VetKD as a new payload builder section then passes the recently implemented VetKdPayloadBuilderImpl through to the payload builder and uses it to build and validate the new VetKD payload sections.

• ea73f6e20 Consensus,Interface: Adjust priority function to accept vetKD shares (#3829)
  Review: Looks fine + matches description
  Notes: Updates the IDKG bouncer rules so that it wants VetKdKeyShares rather than always treating them as unwanted.

• 572970938 Crypto: Add utility crate for public key encryption (#4179)
  Review: Looks fine + matches description
  Notes: Introduces the ic-hpke crate for performing public key encryption.

• 226346ead Crypto,Interface(crypto): adapt vetKD public key derivation to have two steps (#4057)
  Review: Looks fine + matches description
  Notes: Modifies how derived keys are generated for VetKd by ignoring the domain if it is empty (rather than including the domain length 0 in the hash calculation), this allows the base public key to be retrieved and from that derived keys can be generated offline.

• b8bca6a63 Execution,Interface: Enable on-disk compilation cache (#3554)
  Review: Looks fine + matches description
  Notes: Switches to using an on-disk compilation cache implementation which simply maps the cached files rather than having to copy them, then increases the max cache size to 100GB (up from 1GB).

• 6215de943 Execution,Interface: Increase max snapshots allowed per canister (#4169)
  Review: Looks fine + matches description
  Notes: Adds max_number_of_snapshots_per_canister to the execution environment config and defaults it to 10, then uses that limit the number of snapshots rather than using the previously hard coded value of 1.

• 92749f5d0 Execution,Interface: Implement VetKdDeriveEncryptedKey on execution side (#4129)
  Review: Looks fine + matches description
  Notes: Implements the new Ic00Method::VetKdDeriveEncryptedKey system function to generate VetKeys, then also performs a bit of a refactor/clean up by introducing the new ChainKeyData struct containing 3 fields which previously were each individually passed around throughout the execution environment.

• ac9a806ff Execution,Interface: Publish ic-error-types (#4120)
  Review: Looks fine + matches description
  Notes: Moves the ic-error-types package to packages/ic-error-types so that it can be published and also implements Protobuf serialization/deserialization for the error types.

• dc7cbfa68 Interface: make ic-gateway a monorepo dependency (#4216)
  Review: Looks fine + matches description
  Notes: Adds ic-gateway as a dependency to the monorepo and uses it within a PocketIC server test, in follow on commits it will be used to replace code within the PocketIC package.

• f0ed1f226 Interface(ICRC_Ledger): Add to list of supported standards of ICRC ledger (#4175)
  Review: Looks fine + matches description
  Notes: Adds ICRC-10 to the list of supported standard returned by the ICRC ledger.

• 90a8aa927 Interface(governance): Move Rewards Distribution into timer (#3969)
  Review: Looks fine + matches description
  Notes: Introduces a framework for testing canister timers outside of canisters, and also moves reward distribution within the NNS governance canister out of heartbeat and into a timer job.

• 0d96610b8 Interface(ICRC-Ledger): migrate ledger blocks to stable structures (#3695)
  Review: Looks fine + matches description
  Notes: Introduces the BlockData trait for reading and writing ledger blocks, then provides 2 implementations of it, StableBlockData and HeapBlockData. For now the ICP ledger remains using heap memory but for the ICRC ledger the stable implementation is used and the blocks are migrated to stable memory using a timer. Once the blocks are migrated the blocks on the heap are cleared.

Bugfixes:

• bbc4c5646 Execution,Interface: Sanitize transport public key input bytes in execution (#4231)
  Review: Looks fine + matches description
  Notes: Validate VetKd encryption keys before attempting to generate derived keys.

• a61450863 Node: Fix size and console for new kernels (#4140)
  Review: Looks fine + matches description
  Notes: Increases the SetupOS partition size from 1750MB to 2250MB and also sets the nomodeset arg when booting Linux allowing terminals to run at their full resolutions.

Chores:

• 86f751e85 Execution,Interface(crypto): Validate Schnorr aux field in management canister interface (#4234)
  Review: Looks fine + matches description
  Notes: Validates that Schnorr aux inputs are either empty or exactly 32 bytes before attempting to generate a threshold signature.

• ddcdb2e92 Interface: Remove last management canister types from PocketIC and its users (#4178)
  Review: Looks fine + matches description
  Notes: Removes the management_canister module from PocketIC and instead grabs the types from ic-management-canister-types.

• e0d36caf9 Interface,Message Routing: streamline BUILD.bazel file for State Manager (#4212)
  Review: Looks fine + matches description
  Notes: Cleans up the state manager Bazel build file by extracting the dependencies for the various build flavours into constants which are then reused to avoid duplication.

• 33a340638 Interface,Message Routing: refactor to use test_strategy in State Layout proptests (#4204)
  Review: Looks fine + matches description
  Notes: Modifies the state layout tests to use test_strategy::proptest rather than the proptest! macro.

• 751e615af Interface,Message Routing: refactor to use test_strategy in Tree Deserializer proptests (#4210)
  Review: Looks fine + matches description
  Notes: Modifies the tree deserializer tests to use test_strategy::proptest rather than the proptest! macro.

• 3eb4c22af Interface,Message Routing: refactor to use test_strategy in State Manager proptests (#4195)
  Review: Looks fine + matches description
  Notes: Modifies the state manager tests to use test_strategy::proptest rather than the proptest! macro.

• 41d5409c0 Owners(IDX): Don’t upload artifacts on non-release (#4108)
  Review: Looks fine + matches description
  Notes: Introduces the new release Bazel build config which is used for release builds and will include the step to upload the artifacts, then modifies the existing stamped config to skip the upload step.

• a79ae06a5 Node: Update Base Image Refs [2025-03-04-0147] (#4215)
  Review: Looks fine + matches description
  Notes: Updates the base IC-OC image references

• 08c2865d1 Node: Update Base Image Refs [2025-02-27-1657] (#4158)
  Review: Looks fine + matches description
  Notes: Updates the base IC-OC image references

Refactoring:

• a03bf1af3 Execution,Interface: Renaming for ReshareChainKeys (#4131)
  Review: Looks fine + matches description
  Notes: Renames various IDKG types to use the ReshareChain terminology (eg. IDkgDealingsContext → ReshareChainKeyContext), then also introduces the IDkgDealingContext wrapper which is used to filter ReshareChainKeyContext instance to only those which are IDKG keys.

• 4bec7b884 Execution,Interface: Add types to memory tracker (#4139)
  Review: Looks fine + matches description
  Notes: Modifies the memory tracker to use NumBytes and NumOsPages types rather than simply using usize so that it is always clear which unit each value is in.

Tests:

• 735e9df96 Consensus,Interface: add integration tests for the socks proxy path in the outcalls adapter (#4168)
  Review: Looks fine + matches description
  Notes: Adds tests to cover the SOCKS proxy path within the HTTP outcalls adapter, also modifies the HTTP outcalls adapter to return the result from the SOCKS proxy if it returned successfully but the main request returned an error.

• 973f571ec Interface(registry/node_provider_rewards): Add unit tests for calculate_rewards_v0 (#4118)
  Review: Looks fine + matches description
  Notes: Adds some tests covering node provider rewards.

Proposal 135697

Vote: Adopt
Reason: I have successfully run the build script and there is only a single additional commit which disables the new bounded-wait calls feature. This is done as a precaution in case there is an issue with the feature and it needs to quickly be disabled.

Screenshot 2025-03-08 at 10.02.502002×886 286 KB

proposal - 135696 – Cyberowl | CodeGov

Screenshot 2025-03-09 at 1.59.22 AM2008×546 108 KB

Vote: ADOPT

Reason:

The build was successful, and all the commit descriptions matched the changes in the code.

Hash Match: MATCH

2 Urls: MATCH

Feedback:

Proposer Check: MATCH

Overall Summary:

Public key encryption utility crate ic_hpke. Increases the maximum number of snapshots allowed per canister from a fixed limit of 1 to a configurable default of 10. Refactors NNS governance reward distribution to use a dedicated timer-based task.

proposal - 135697 – Cyberowl | CodeGov

Screenshot 2025-03-09 at 3.10.11 AM1962×500 105 KB

Vote: ADOPT

Reason:

One commit to revert “Roll out best-effort calls to the first few subnets”. Commit matches description and no errors were found. The verification build hash also matches release_package_sha256_hex.

Hash Match: MATCH

2 Urls: MATCH

Feedback: NONE

Proposer Check: MATCH

If you like the review please follow:

Proposal 135696 – ilbert | CodeGov

Vote: REJECTED.
Reason: All reviewed commits match their description, but hashes do not match.

build-2025-03-09 at 12.18.252584×554 123 KB

Review:
For the Execution and Runtime layers, the main changes introduced in this proposal are:

• Enables the usage of disk to store the compilation cache of the Wasm binaries
• Increases the maximum number of snapshots that a canister can have from 1 to 10
• Implements the vetkd_derive_encrypted_key management canister method (still disabled on all subnets though)

I’ve reviewed all the commits listed in the proposal, for the Execution and Runtime layers:

b8bca6a63:
Changes the new method of the CompilationCache struct to create a cache saved on disk by default instead of in-memory, accepting the tmp directory path used for compilation files.
Added a comment on GitHub.

6215de943:
Changes the MAX_NUMBER_OF_SNAPSHOTS_PER_CANISTER constant from 1 to 10.
Adds the max_number_of_snapshots_per_canister field to the Config struct of the Execution Environment, which is initialized to MAX_NUMBER_OF_SNAPSHOTS_PER_CANISTER by default.
Adds the max_number_of_snapshots_per_canister field to the CanisterMgrConfig struct, which is initialized to the value of the Execution Environment’s Config. Changes the take_canister_snapshot method of the CanisterMgrConfig struct to use the config field instead of the constant.

92749f5d0:
Introduces the ChainKeyData struct, which contains the BTreeMaps that map the master public key ids (for Ecdsa, Schnorr and VetKd) to their values, to the pre-signature ids and to the non-interactive DKG ids. Changes the execute_round method of the Scheduler trait to accept the new ChainKeyData struct instead of separate arguments for the different maps. Adapts the SchedulerImpl accordingly.
Changes the execute_subnet_message method of the ExecutionEnvironment struct to accept the ChainKeyData struct. In addition, it implements the VetKdDeriveEncryptedKey branch of the IC00 method matching. This branch calls the newly introduced vetkd_derive_encrypted_key method, which in turn calls the sign_with_threshold method after constructing the proper vetkd arguments.

ac9a806ff:
Matches description.

bbc4c5646:
Introduces the is_valid_transport_public_key function to check if the encryption_public_key field of the VetKdDeriveEncryptedKeyArgs struct is properly formatted. The check is done by trying to deserialize the public key using the TransportPublicKey struct.

86f751e85:
Changes the sign_with_threshold method of the ExecutionEnvironment struct to validate the aux field of the input Schnorr argument.

a03bf1af3:
Changes the SubnetCallContext enum to rename the IDkgDealings into ReshareChainKey, together with the renamed inner ReshareChainKeyContext struct from IDkgDealingsContext. Renames the idkg_dealings_contexts method of the SubnetCallContextManager struct into reshare_chain_key_contexts, which is now a BTreeMap of ReshareChainKeyContexts.
Changes the compute_initial_idkg_dealings method of the ExecutionEnvironment struct to use the SubnetCallContext::ReshareChainKey variant, with the inner ReshareChainKeyContext struct, as argument for the push_context method of the call context manager.

4bec7b884:
Matches description.

Proposal 135697 – ilbert | CodeGov

Vote: REJECTED.
Reason: All reviewed commits match their description, but hashes do not match.

build-2025-03-09 at 12.19.202584×554 123 KB

Review:
This release is the same as the one in 135696 with the addition of the 976922887 commit, which matches its description.

Proposal 135696 - Ipsita | ZenithCode

Summary

1. Vote: Adopt
2. Hash: All the hashes match
3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

1356962170×816 123 KB

Proposal 135697 - Ipsita | ZenithCode

1356972018×818 121 KB

Summary

1. Vote: Adopt
2. Hash: All the hashes match
3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

Proposal: 135696 - Manvick | ZenithCode

Summary:

1. Build Hash: Build has from the proposal, local build and CDN matches and is “c09ab9e8f14649d90cd2b7528fa2ab1d6d89d037d7362bc55c3f1561b66edc16”.
2. Summary: The release notes matches the code changes
3. Vote: I vote to adopt the proposals

1356962042×956 147 KB

Proposal: 135697 - Manvick | ZenithCode

Summary:

1. Build Hash: Build has from the proposal, local build and CDN matches and is “bd16aeff51e506e5364e435c5079718d57f54bff5af4007e828ef8af3c5d9ff0”.
2. Summary: The release notes matches the code changes
3. Vote: I vote to adopt the proposals

1356972088×956 149 KB

Proposal 135696 | Tim - CodeGov

image1291×361 18.5 KB

Vote: Reject

Reason: Commits match descriptions and the reasoning behind the changes is sound. I’ve reviewed commits for Consensus, Crypto and Interface as detailed below. Hashes matched when I ran the verification on a cloud server (as I usually do) but amongst our team members we’ve found that hashes do not match when the verification is run locally. @sat @DRE-Team

Review

Features:

[33fd3f2cd]
Adds ic-consensus-vetkd as a package. Adds Self::VetKd(builder) => to pattern matching in build_payload_impl and validate_payload methods of BatchPayloadSectionBuilder. Utilises ic_consensus_vetkd::VetKdPayloadBuilderImpl throughout consensus code and tests.

[ea73f6e20]
Expands IDkgMessageId::VetKdKeyShare pattern match within compute_bouncer method to accept VetKD shares.

[572970938]
Adds crate hpke, which provides methods for encrypting messages using a recipient public key. In-code documentation is detailed and clear, which is terrific to see. @JackLloyd

[226346ead]
As per description, splits the creation of a derivation domain for a VetKD public key into two steps.

[dc7cbfa68]
Adds ic-gateway as a dependency, sourced from its own repo. Version updates to various other packages.

[f0ed1f226]
As per descriptions, adds ICRC-10 to supported_standards query function in ledger_suite/icrc1/ledger/.

[90a8aa927]
Changes reward distribution process to use a timer rather than heartbeats. More specifically, removes reliance on should_distribute_rewards from run_periodic_tasks‎ method, adds related logic within rs/nns/governance/src/timer_tasks/reward_distribution.rs, and other related code changes.

[0d96610b8]
Adds trait BlockData, which is intended to improve block indexing, along with type HeapBlockData. Migrates ledger blocks to stable structures as explained in the description.

Chores:

[ddcdb2e92]
Updates ic-management-canister-types version. Uses ic_management_canister_types::CanisterId in place of pocket_ic::management_canister::CanisterId along with other analogous changes to remove dependence on pocket_ic::management_canister.

[e0d36caf9]
Reorganises dependencies in rs/state_manager/BUILD.bazel into DEPENDENCIES, DEV_DEPENDENCIES and BIN_DEPENDENCIES categories and removes some duplication.

[33a340638]
[751e615af]
[3eb4c22af]
These 3 commits add the test-strategy crate as a dependency and modify tests so as to use this crate for property testing in state_layout, tree_deserializer and state_manager respectively.

Tests:

[735e9df96]
Adds test_canister_http_api_bn_socks_server and test_canister_http_socks_server to test socks proxy behaviour in the event of failed requests, along with supporting functions as outlined in the commit notes.

[973f571ec]
Adds tests for node provider reward calculations for type1 and type3 nodes, specifically run_rewards_table_with_type1_rewards_test, which is then utilised for test_rewards_table and test_rewards_table_with_zero_type1_rewards.

Proposal 135697

image1293×363 18.4 KB

Vote: Reject

Reason: The same issue occurred as with the previous proposal, in that hashes do not match when the verification is run locally, although they do match if it is run on a cloud server (as I have done). The proposal consists of a single commit which reverts the roll out of best-effort calls to the first few subnets from commit df5828f, as reviewed previously.

Proposal 135696 - Yuvika | ZenithCode

Summary

1. Vote: Adopt
2. Hash: Hashes match
3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

build-135696720×388 108 KB

Proposal 135697 - Yuvika | ZenithCode

Summary

Vote: Adopt
Hash: Hashes match
Reasons to adopt: Builds fine + hashes match + release notes match the commits.

build-135697719×379 105 KB

Proposal #135696 — Zack | CodeGov

for release-22025-03-06_03-10-base.

Vote: Rejected.
Reason: The hash matches only for HOSTOS.

Screenshot 2025-03-10 0927011850×717 53.2 KB

Proposal #135696 — Zack | CodeGov

for release-2025-03-06_03-10-disable-best-effort-messaging.

Vote: Rejected.
Reason: The hash matches only for HOSTOS.

image1844×717 54.4 KB

@ilbert, @ZackDS, you are doing this on Ubuntu 24.04? Can you freshly clone IC repo and try again? Could you push IC image somewhere publicly so that I can inspect the diff with diffoscope?

Proposal 135696– Zane | CodeGov

Vote: REJECT
Reason: Commits match their description, but I haven’t been able to reproduce the correct hashes.

1356961794×410 95 KB

Features:

b8bca6a63 Switched CompilationCache constructor to use on disk cache for storage with 100GB disk capacity. Modified Hypervisor constructor to pass a temporary directory to use in the compilation cache and updated SELinux type enforcement file so that the canister sandbox has permission to execute the wasm binaries in the temporary directory.

6215de943 Increased MAX_NUMBER_OF_SNAPSHOTS_PER_CANISTER from 1 to 10. Extended ExecutionConfig and CanisterMgrConfig structs with max_number_of_snapshots_per_canister field to remove the dependency on the hardcoded constant. Updated test_canister_snapshots pocket ic test to ensure snapshot functionalities, creating/replacing/deleting and listing, work as expected with the increased limit.

92749f5d0 Added implementation for VetKdDeriveEncryptedKey IC00 function. To do so execute_subnet_message has been modified so when a request is received, the provided payload is checked first, if it’s empty then a reject response is returned, otherwise vetkd_derive_encrypted_key is called. The method performs additional checks to ensure the subnet holds the threshold key and NiDkgTranscript for said key, in which case sign_with_threshold is invoked. Other minor changes have been made to enable the feature: chain_key_subnet_public_keys argument of execute_round method has been renamed to chain_key_data and its type changed to ChainKeyData, a new struct which encapsulates three maps linking the master public key ids to their respective public key, pre signature Ids and NiDKG Ids corresponding to available transcripts. This was done both so the data can be conveniently propagated and cause the NiDKG Ids are required for the vetkey functionality.

ac9a806ff Moved error_types to a separate crate so it can be published indipendently and updated path for ic-error-types dependencies. Added protobuf conversion logic for ErrorCode and RejectCode.

Bugfixes:

bbc4c5646 Modified vetkd_derive_encrypted_key method so that it returns an error if transport public key deserialization fails.

Chores:

86f751e85 In sign_with_threshold added check to ensure when a Schnoor aux field is provided, the correct algorithm id is used and the aux is either empty or has a size of 32 bytes.

a79ae06a5, 08c2865d1 Updated ICOS image refs.

Refactoring:

a03bf1af3 Renamed IDkgDealings types to use ReshareChainKey nomenclature. key_id’s type of the ReshareChainKeyContext struct has been changed to MasterPublicKeyId instead of IDkgMasterPublicKeyId as the type now is used to generalize both interactive and non DkgKeys. IDkgDealingContext struct has been added to be used in places where only IDKG key contexts are allowed.

4bec7b884 Added ic_types dependency to memory tracker so NumBytes and NumOsPages can be used to provide better semantic meaning.

Proposal 135697– Zane | CodeGov

Vote: REJECT
Reason: Same reason as 135696.

1256971782×407 94.9 KB

Hi @Zane ! We can confirm the hash from CDN is correct. Could you please share your built image with @marko ?

Sure, here it is: link

The OS is Ubuntu 24.04, I’ve built it again a few hours ago after reading @marko’s post, but the hash for HostOS image is still different.

Hey everyone!

As always, thanks for all of the care and diligence that goes into reviewing and reproducing these images . I’ve looked into it, and it appears the difference is due to microcode being bundled into GuestOS (This also leads to the diff in SetupOS as it contains GuestOS). This will cause different hashes from Intel and AMD builders, and we’re working on a fix. I’ve left my notes on the diffs, below.

– Eero

The boot.img differs:

% sha256sum A/boot.img B/boot.img
7d72c10a5cac717b4ca3c406d8b511ffa324bfc252766f360e8b3bce95f8017c  A/boot.img
fd05d12d35eb68252eab86e9ada6a3e799ccdba81587118c1aa7ecbafd8247fe  B/boot.img

but only in initrd:

% diff -r A/boot B/boot
Binary files A/boot/initrd.img and B/boot/initrd.img differ
Binary files A/boot/initrd.img-6.11.0-17-generic and B/boot/initrd.img-6.11.0-17-generic differ
Binary files A/boot/initrd.img.old and B/boot/initrd.img.old differ

The microcode in the first component differs:

% diff -r A/kernel B/kernel
Only in A/kernel/x86/microcode: AuthenticAMD.bin
Only in B/kernel/x86/microcode: .enuineIntel.align.0123456789abc
Only in B/kernel/x86/microcode: GenuineIntel.bin

and the remaining initrd is consistent:

% sha256sum A/img B/img
a407113e27b945ed0c270d728f7e2532895fe5c1d097f381c20cbd2a15b3aa43  A/img
a407113e27b945ed0c270d728f7e2532895fe5c1d097f381c20cbd2a15b3aa43  B/img

@marko @alexu Amongst our team members we’ve found it seems to work on cloud servers but not locally.

I tried again on Ubuntu 24.04 LTS. Here are the results.

Proposal 135696

Build output:

##### GUESTOS SHA256SUMS #####
37784fd5c027f7ce3db62f3e31db14ecce8692e512a3f5f1cece487d2affc5d8 disk-img.tar.zst
5067563173f9b1f93c93cbe004a2ecd000c9a7d14ac9cda50a79eaace830a112 update-img-test.tar.zst
0281c2e0cc2c91af698f0a1833b1dd1ce8a95d80305187ebe729b415db5b5c28 update-img.tar.zst
##### HOSTOS SHA256SUMS #####
59aa52c93e33d8ce16e25a0c9a263a5a70ff1d133316a516cf0be81583395fbb disk-img.tar.zst
8fb9bfb4c888b85283fb5b1647a5f3696183716d996313ec62e0397f676ba41e update-img-test.tar.zst
b0d5eb0100a464f126a6026389bd0cf48f321ee830e269c5c2dc8a55d0b5b68d update-img.tar.zst
##### SETUPOS SHA256SUMS #####
6e6fecb6bd7fa2e90bcb5b2666e0b6d38949f158a5dc2a2e31cccea9c59424a8 disk-img.tar.zst
Build complete for revision de6e339b323f59fc07b18c23f37c3cd2aa8ceb55
2025/03/10 | 20:49:14 | 1741639754 [+] Built IC-OS successfully
2025/03/10 | 20:49:41 | 1741639781 [+] Check hash of locally built artifact matches the one fetched from the proposal/CDN
2025/03/10 | 20:49:41 | 1741639781 [-] Error! The sha256 sum from the proposal/CDN does not match the one we just built for GuestOS. 
        The sha256 sum we just built:           0281c2e0cc2c91af698f0a1833b1dd1ce8a95d80305187ebe729b415db5b5c28
        The sha256 sum from the CDN:            c09ab9e8f14649d90cd2b7528fa2ab1d6d89d037d7362bc55c3f1561b66edc16.
2025/03/10 | 20:49:41 | 1741639781 [+] Verification successful for HostOS!
2025/03/10 | 20:49:41 | 1741639781 [+] The shasum for HostOS from the artifact built locally and the one fetched from the proposal/CDN match:
                                                Local = b0d5eb0100a464f126a6026389bd0cf48f321ee830e269c5c2dc8a55d0b5b68d
                                                CDN   = b0d5eb0100a464f126a6026389bd0cf48f321ee830e269c5c2dc8a55d0b5b68d


2025/03/10 | 20:49:41 | 1741639781 [-] Error! The sha256 sum from the proposal/CDN does not match the one we just built for SetupOS. 
        The sha256 sum we just built:           6e6fecb6bd7fa2e90bcb5b2666e0b6d38949f158a5dc2a2e31cccea9c59424a8
        The sha256 sum from the CDN:            e22205d5959e6fb664a905d673fcfcf7cd134b3650e89041b527310d7bcc9e8f.
2025/03/10 | 20:49:41 | 1741639781 [+] Total time: 0h 59m 3s

Download Images

Proposal 135697

Build output:

##### GUESTOS SHA256SUMS #####
b38e400646811531bad59db38b993acd1166d1b6b85fdece0608482cfbda8fc2 disk-img.tar.zst
5030d2f397e4200acd3e0855938a17f605a8682299774ed4da4f4f85985d3112 update-img-test.tar.zst
65a34669836fe0854d15d2e954e8a218cd1b146a451be1b42c69f02ef0a15522 update-img.tar.zst
##### HOSTOS SHA256SUMS #####
07c41d198f0ac77538fa8cf5934c3f242f31d30b21c3d553b916fa1ac411cbad disk-img.tar.zst
b1a7ff0db907a5433d10055e685493ec8c9a7310f5a7306dcfb974275631be94 update-img-test.tar.zst
4a0fa5e538420fc512046a8032135e271ba28c1701069f27f1f854f0f00170f5 update-img.tar.zst
##### SETUPOS SHA256SUMS #####
b9cdcbd72e46c0aaa03e4a6269d3fac3ac90ec914000f25f969a4ea8b82e0b78 disk-img.tar.zst
Build complete for revision 9769228872b351a7443d7e867d67afd65d96212b
2025/03/10 | 20:42:14 | 1741639334 [+] Built IC-OS successfully
2025/03/10 | 20:42:38 | 1741639358 [+] Check hash of locally built artifact matches the one fetched from the proposal/CDN
2025/03/10 | 20:42:38 | 1741639358 [-] Error! The sha256 sum from the proposal/CDN does not match the one we just built for GuestOS.
        The sha256 sum we just built:           65a34669836fe0854d15d2e954e8a218cd1b146a451be1b42c69f02ef0a15522
        The sha256 sum from the CDN:            bd16aeff51e506e5364e435c5079718d57f54bff5af4007e828ef8af3c5d9ff0.
2025/03/10 | 20:42:38 | 1741639358 [+] Verification successful for HostOS!
2025/03/10 | 20:42:38 | 1741639358 [+] The shasum for HostOS from the artifact built locally and the one fetched from the proposal/CDN match:
                                                Local = 4a0fa5e538420fc512046a8032135e271ba28c1701069f27f1f854f0f00170f5
                                                CDN   = 4a0fa5e538420fc512046a8032135e271ba28c1701069f27f1f854f0f00170f5


2025/03/10 | 20:42:38 | 1741639358 [-] Error! The sha256 sum from the proposal/CDN does not match the one we just built for SetupOS.
        The sha256 sum we just built:           b9cdcbd72e46c0aaa03e4a6269d3fac3ac90ec914000f25f969a4ea8b82e0b78
        The sha256 sum from the CDN:            3c82978cff81abc0fd92efbd4b3591a02f466b0cb165529e51ca93dc8fa654d9.
2025/03/10 | 20:42:38 | 1741639358 [+] Total time: 0h 50m 17s

Download images

Since the issue has been confirmed to affect only the CPU architecture in the Ubuntu kernel building process, we propose proceeding with this deployment without delaying the release for another week unless CodeGov raises further objections.