Proposal to elect new release rc--2025-04-24_03-18

Hello there!

We are happy to announce that voting is now open for a new GuestOS release.
The NNS proposal is here: IC NNS Proposal 136366.

Here is a summary of the changes since the last GuestOS release:

Release Notes for release-2025-04-24_03-18-base (f8131bfbc2d339716a9cff06e04de49a68e5a80b)

This release is based on changes since release-2025-04-16_11-12-base (c9210f4d299546658760465d7fde93913989f70b).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

Bugfixes:

  • 1456723b1 Consensus,Interface(ic-backup): Only replay blocks until a CUP height during a backup (#4823)
  • 7621b8155 Execution,Interface: memory usage checks in management canister (#4749)

Chores:

  • f8131bfbc Consensus,Interface: ramp up the dark launch of the new socks proxy discovery to 100% (#4887)
  • 54dea04f3 Consensus,Interface: log transform function result size if max_response_size_bytes exceeded (#4873)
  • 1e2968784 Consensus,Interface(consensus): add note on exclusive IPv6 guarantee on NetworkUnreachable (#4626)
  • b897181bd Execution,Interface: log canister http transform taking more than 10M instructions (#4872)
  • 8c1f8b0d3 Execution,Interface: upgrade wasmtime to v.31 (#4673)
  • ee8aa2f9e Interface: refactor QuerySource (#4824)
  • 9318e468d Interface,Node(node): unify downloading logic (#4847)
  • d2007f19e Owners: upgrade wasm tools to v.228.0 (#4884)
  • 531ae2469 Node: Update Base Image Refs [2025-04-17-0807] (#4850)
  • 0b7178e66 Node: Grant backup user read access to artifact pools (#4817)

Refactoring:

  • e966556bd Interface(crypto): rename ChainKeySigningSubnetList to ChainKeyEnabledSubnetList (#4819)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS GuestOS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c f8131bfbc2d339716a9cff06e04de49a68e5a80b --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

Hello there!

We are happy to announce that voting is now open for a new HostOS release.
The NNS proposal is here: IC NNS Proposal 136367.

Here is a summary of the changes since the last HostOS release:

Release Notes for release-2025-04-24_03-18-base (f8131bfbc2d339716a9cff06e04de49a68e5a80b)

This release is based on changes since release-2025-04-16_11-12-base (c9210f4d299546658760465d7fde93913989f70b).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the HostOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

Bugfixes:

  • 1456723b1 Consensus,Interface(ic-backup): Only replay blocks until a CUP height during a backup (#4823)
  • 7621b8155 Execution,Interface: memory usage checks in management canister (#4749)
  • e200f99b4 Node: update parsing of power measurements via IPMI tool (#4833)

Chores:

  • f8131bfbc Consensus,Interface: ramp up the dark launch of the new socks proxy discovery to 100% (#4887)
  • 54dea04f3 Consensus,Interface: log transform function result size if max_response_size_bytes exceeded (#4873)
  • 1e2968784 Consensus,Interface(consensus): add note on exclusive IPv6 guarantee on NetworkUnreachable (#4626)
  • b897181bd Execution,Interface: log canister http transform taking more than 10M instructions (#4872)
  • 8c1f8b0d3 Execution,Interface: upgrade wasmtime to v.31 (#4673)
  • ee8aa2f9e Interface: refactor QuerySource (#4824)
  • 9318e468d Interface,Node(node): unify downloading logic (#4847)
  • d2007f19e Owners: upgrade wasm tools to v.228.0 (#4884)
  • 42750a409 Node: fix iDRAC console ‘no signal’ regression (#4882)
  • 531ae2469 Node: Update Base Image Refs [2025-04-17-0807] (#4850)
  • 0b7178e66 Node: Grant backup user read access to artifact pools (#4817)

Refactoring:

  • e966556bd Interface(crypto): rename ChainKeySigningSubnetList to ChainKeyEnabledSubnetList (#4819)

Full list of changes (including the ones that are not relevant to HostOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS HostOS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c f8131bfbc2d339716a9cff06e04de49a68e5a80b --hostos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new HostOS version here, you have the option to verify the build reproducibility of the GuestOS by passing --guestos to the script above instead of --hostos, or the SetupOS by passing --setupos.

2 Likes

proposal - [136366, 136367] Cyberowl | CodeGov

Proposals:
136366
136367

Vote: ADOPT

Reason:

The build was successful, and all the commit descriptions matched the changes in the code.

Checks

Hash Match: MATCH, MATCH
2 Urls: MATCH, MATCH
Feedback: NONE
Proposer Check: MATCH, MATCH

Overall Summary:

Refactor canister memory and cycles management by introducing a ValidatedMemoryUsage struct, splitting validation and application steps. Consolidates the legacy config.ini and deployment.json into a single config.json accessed via a new config.sh.

Commits Summary

Features:
1354f31c9
Replaces the old config.ini/deployment.json workflow with a single config.json accessed through a new config.sh, tightening dependency checks and eliminating legacy helpers like fetch-property.sh. Hostname, network, and bootstrap logic are split into clear GuestOS and HostOS paths, with lighter GuestOS scripts, a consolidated HostOS script, updated Bazel/service files, and expanded bootstrap options for JSON-driven parameters.

Bugfixes:
1456723b1
Updates restore_from_backup to stop replaying blocks once a new CUP height is reached, ensuring immediate CUP verification instead of continuing execution beyond it. This matches the git description, which explains that the fix prevents missing state hash checks by halting at the CUP during backup replays.

7621b8155
Refactor canister memory and cycles management by introducing a ValidatedMemoryUsage struct, splitting validation and application steps, through methods like memory_usage_checks, memory_usage_updates, and can_reserve_cycles. Matches description.

Chores:
f8131bfbc
Matches description ramp up the dark launch of the new socks proxy discovery to 100% .

54dea04f3
ReplicaLogger to the HTTP outcalls client CanisterHttpAdapterClientImpl to log when the transform result size exceeds the maximum allowed response size.

1e2968784
Makes error message more descriptive for HTTP request.

b897181bd
Matches description of reduces the instruction threshold for logging canister http transform functions from 100M to 10M instructions

8c1f8b0d3
Matches upgrade wasmtime to v.31.

ee8aa2f9e
Rename QuerySource::Anonymous to QuerySource::System across the codebase to more accurately reflect that these queries are system-initiated.

9318e468d
Refactor the HostOS upgrade process in vsock_lib by replacing manual file download and hash verification with the ic-http-utils::FileDownloader and adopting asynchronous execution using tokio. Now always downloads the upgrade file, potentially increasing network usage.

d2007f19e
Matches description upgrade wasm tools to v.228.0 .

531ae2469
Update base image refs.

0b7178e66
Dedicated ic-consensus-pool group to control access to the consensus pool directory (/var/lib/ic/data/ic_consensus_pool), replacing the broader nonconfidential group. Updates to setup-permissions.sh and the Dockerfile ensure that key users (ic-replica, backup, readonly, admin) are added to the new group.

Refactoring:
e966556bd
Rename ChainKeySigningSubnetList to ChainKeyEnabledSubnetList across codebase, updating related functions, constants, protobufs, tests, and documentation to clarify that the registry tracks subnets where chain keys are enabled, not specifically signing.

Might be because they don’t want to break clients but some inconsistencies:

Update get_all_chain_key_signing_subnet_list_records to get_all_chain_key_enabled_subnet_list_records in common.rs.

Update chain_key_signing_subnet_list to chain_key_enabled_subnet_list in recover_subnet.rs.

Update get_master_public_key_id_from_signing_subnet_list_key to get_master_public_key_id_from_enabled_subnet_list_key in keys.rs.

1 Like

Proposal 136366 & 136367 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Features:

  • 1354f31c9 Node: Configuration revamp (HostOS integration) (#3390)
    Review: Looks fine + matches description
    Notes: Updates HostOS to use the new config tool which has been introduced over the past few weeks, rather than using the old implementation based on the config.ini file.

Bugfixes:

  • 1456723b1 Consensus,Interface(ic-backup): Only replay blocks until a CUP height during a backup (#4823)
    Review: Looks fine + matches description
    Notes: Updates restore_from_backup to only replay blocks up until the last CUP height, this will cause the code to always enter the CUPHeightWasFinalized arm of the subsequent match statement in which it will call assert_consistency_and_clean_up to verify the CUP.

  • 7621b8155 Execution,Interface: memory usage checks in management canister (#4749)
    Review: Looks fine + matches description
    Notes: Splits the logic which would perform mutations out of memory_usage_checks and into the new memory_usage_updates function. Similarly, splits the verification logic out of reserve_cycles and into the new can_reserve_cycles function. Then updates upload_chunk and take_canister_snapshot to use these functions rather than duplicating much of the logic.

  • e200f99b4 Node: update parsing of power measurements via IPMI tool (#4833)
    Review: Looks fine + matches description
    Notes: Updates the monitor-power.sh script to account for the fact that the IPMI tool only includes the AM/PM label when run manually.

Chores:

  • f8131bfbc Consensus,Interface: ramp up the dark launch of the new socks proxy discovery to 100% (#4887)
    Review: Looks fine + matches description
    Notes: Bumps the REGISTRY_SOCKS_PROXY_DARK_LAUNCH_PERCENTAGE setting from 10% to 100%, meaning all requests will be additionally sent via the new API boundary nodes, giving them a proper stress test before switching live traffic over to them.

  • 54dea04f3 Consensus,Interface: log transform function result size if max_response_size_bytes exceeded (#4873)
    Review: Looks fine + matches description
    Notes: Writes a log entry whenever the result of an HTTP response transform function exceeds the configured max_response_size_bytes value.

  • 1e2968784 Consensus,Interface(consensus): add note on exclusive IPv6 guarantee on NetworkUnreachable (#4626)
    Review: Looks fine + matches description
    Notes: Extends the error message returned whenever an HTTP outcall fails to connect, to explain that the feature only works for IPv6 addresses.

  • b897181bd Execution,Interface: log canister http transform taking more than 10M instructions (#4872)
    Review: Looks fine + matches description
    Notes: Writes a log entry whenever the execution of an HTTP response transform function consumes more than 10_000_000 instructions (previously the cutoff was set to 100_000_000).

  • 8c1f8b0d3 Execution,Interface: upgrade wasmtime to v.31 (#4673)
    Review: Looks fine + matches description
    Notes: Bumps wasmtime from v30.0.2 to v31.0.0 (+also bumps a few other dependencies).

  • ee8aa2f9e Interface: refactor QuerySource (#4824)
    Review: Looks fine + matches description
    Notes: Renames QuerySource::Anonymous to QuerySource::System, then introduces QuerySource::user_id to reduce duplication, and also switches a few instances of if let QuerySource::Anonymous = query.source { ... } to use match statements so that the compiler will force devs to handle any subtypes which may be added to the QuerySource variant in the future.

  • 9318e468d Interface,Node(node): unify downloading logic (#4847)
    Review: Looks fine + matches description
    Notes: Simplifies the internals of upgrade_hostos by switching it to using the recently implemented FileDownloader which contains the logic to download and verify the file passed in or continue partially completed downloads.

  • d2007f19e Owners: upgrade wasm tools to v.228.0 (#4884)
    Review: Looks fine + matches description
    Notes: Bumps lots of wasm related crates (eg. wasm-encoder, wasmparser, etc.).

  • 42750a409 Node: fix iDRAC console ‘no signal’ regression (#4882)
    Review: Looks fine + matches description
    Notes: Adds video=1024x768 to the Linux kernel boot paramters to fix a bug where the iDRAC console would show “no signal”.

  • 531ae2469 Node: Update Base Image Refs [2025-04-17-0807] (#4850)
    Review: Looks fine + matches description
    Notes: Updates the base IC-OS image references.

  • 0b7178e66 Node: Grant backup user read access to artifact pools (#4817)
    Review: Looks fine + matches description
    Notes: Creates the new ic-consensus-pool user group and grants it readonly access to artifact pools, this will allow operators to create backups from certification artifacts if necessary during recovery.

Refactoring:

  • e966556bd Interface(crypto): rename ChainKeySigningSubnetList to ChainKeyEnabledSubnetList (#4819)
    Review: Looks fine + matches description
    Notes: Replaces usages of ChainKeySigningSubnetList to ChainKeyEnabledSubnetList and also updates functions, variables and comments to reflect this new naming convention.
About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal: 136366 & 136367 Manvick | ZenithCode

Summary:

  1. Build Hash: Build hash from the proposal, local build and CDN matches.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposal

Commits

Features:

  • 1354f31c9 Node: Configuration revamp (HostOS integration) (#3390)
    Review: Matches description + changes are appropriate
    Note: This commit moves the scattered .ini and deployment.json files into a combined file called config.json. This also means that config.json must be correctly present in all bootable nodes and that the hostOS tools must assume config.json else missing fields will pop up errors.

Bugfixes:

  • 1456723b1 Consensus,Interface(ic-backup): Only replay blocks until a CUP height during a backup (#4823)
    Review: Matches description + changes are appropriate
    Note: This commit makes sure that ic-replay verifies the CUP state hash during backups by stopping block replay at the CUP height. Previously, replay could go past the CUP without verification if the CUP was not finalized. Now, it is able to correctly stop and verify the CUP.

  • 7621b8155 Execution,Interface: memory usage checks in management canister (#4749)
    Review: Matches description + changes are appropriate
    Note: This commit updates the memory usage logic in the management canister. Previously, memory usage checks were scattered across different actions such as uploading, snapshotting etcetera which led to duplicated logic. Now, memory usage validation and memory updates are separated into two steps, ensuring safer, reusable, and more maintainable memory management across the canisters.

  • e200f99b4 Node: update parsing of power measurements via IPMI tool (#4833)
    Review: Matches description + changes are appropriate
    Note: This commit fixes the incorrect parsing of power sampling data from ipmitool. The script previously misread the sampling period due to the output differences in automated vs manual execution. The commit makes sure that the correct metrics are present across all environments.

Chores:

  • f8131bfbc Consensus,Interface: ramp up the dark launch of the new socks proxy discovery to 100% (#4887)
    Review: Matches description + changes are appropriate
    Note: This commit updates the config related to SOCKS proxy dark launch for HTTP outcalls. By rapming up SOCKS proxy dark launch to 100%, we are enabling full traffic testing, improving HTTP outcall without affecting user-visible behavior.

  • 54dea04f3 Consensus,Interface: log transform function result size if max_response_size_bytes exceeded (#4873)
    Review: Matches description + changes are appropriate
    Note: This commit logs the size of the transform function’s output in HTTP calls incase it exceeds max_response_size_bytes(default 2MiB) which is a boon in debugging oversized responses.

  • 1e2968784 Consensus,Interface(consensus): add note on exclusive IPv6 guarantee on NetworkUnreachable (#4626)
    Review: Matches description + changes are appropriate
    Note: Changes error log to explicitly inform devs that outcalls are IPv6-only.

  • b897181bd Execution,Interface: log canister http transform taking more than 10M instructions (#4872)
    Review: Matches description + changes are appropriate
    Note: This commit lowers the logging threshold for canisters HTTp functions from 100 million to 10 million instructions to avoid excessive logging.

  • 8c1f8b0d3 Execution,Interface: upgrade wasmtime to v.31 (#4673)
    Review: Matches description + changes are appropriate
    Note: Updates wasmtime dependency to v.31.0.0, updates related cranelift components. Update improves compatibility, and optimizes the system.

  • ee8aa2f9e Interface: refactor QuerySource (#4824)
    Review: Matches description + changes are appropriate
    Note: This commit renames Anonymous to System in QuerySourcem clarifying that system-initiated queries come from the management canister, not an anonymous principal.

  • 9318e468d Interface,Node(node): unify downloading logic (#4847)
    Review: Matches description + changes are appropriate
    Note: This commit unifies and simplifies the downloading logic for HostOS upgrades in teh vsock library. It replaces custom file download and SHA-256 verification code with a shared FileDownlaoder utility from ic-http-utils.

  • d2007f19e Owners: upgrade wasm tools to v.228.0 (#4884)
    Review: Matches description + changes are appropriate
    Note: upgrades wasm-tools such as wasm-encoder, wasm-parser, wasmprinter to version 228.0, and wat to 1.229.0, making sure of compatibility and latest bug fixes as well as optimizations.

  • 42750a409 Node: fix iDRAC console ‘no signal’ regression (#4882)
    Review: Matches description + changes are appropriate
    Note: This commit fixes the “no signal” issue seen on IDRAX consoles after upgrading to 6.11 by forcing the framebuffer resolution to 1024x768 at boot. By doing so we keep the framebuffer compatible.

  • 531ae2469 Node: Update Base Image Refs [2025-04-17-0807] (#4850)
    Review: Matches description + changes are appropriate
    Note: Automated update. Updates the base image reference for various IC OS components like boundary-guestos, guesos(dev) etcetera.

  • 0b7178e66 Node: Grant backup user read access to artifact pools (#4817)
    Review: Matches description + changes are appropriate
    Note: This commit grants backup and other important users read only access to ic_consensus_pool directory by introducing a new linux system group called ic-consensus-pool

Refactoring:

  • e966556bd Interface(crypto): rename ChainKeySigningSubnetList to ChainKeyEnabledSubnetList (#4819)
    Review: Matches description + changes are appropriate
    Note: rename reflects purpose of the list better.
1 Like

Proposal 136366 & 136367 - Ipsita | ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: All the hashes matches
  3. Reason to Adopt The release notes match the commits and the code changes.

Commits

Features:

  • 1354f31c9 Node: Configuration revamp (HostOS integration) (#3390)
    Notes: The commit revamps node configuration to integrate HostOS with a sanitized/config-tool while maintaining GuestOS backward compatibility. Introduces atomic hostname generation (manual/type-MAC-nodeID), bind-mount updates, and enhanced argument parsing for HostOS initialization.
    Review: Code changes look good and match release notes.

Bugfixes:

  • 1456723b1 Consensus,Interface(ic-backup): Only replay blocks until a CUP height during a backup (#4823)
    Notes: The commit handles ExitPoint::CUPHeightWasFinalized(cup_height) variant to compute a bounded replay_target_height in order to replay blocks only up to the finalized height of the CUP.
    Review: Code changes look good and match release notes.
  • 7621b8155 Execution,Interface: memory usage checks in management canister (#4749)
    Notes: Improves canister memory management by creating a ValidatedMemoryUsage struct for clearer memory validation and mutation separation. Divided memory handling into distinct checks (memory_usage_checks) and updates (memory_usage_updates) for modularity.
    Review: Code changes look good and match release notes.
  • e200f99b4 Node: update parsing of power measurements via IPMI tool (#4833)
    Notes: Fixes incorrect parsing of the sampling period from IPMI output by adjusting the awk field from 9 to 8 to correctly handle cases where AM/PM appears in the timestamp.
    Review: Code changes look good and match release notes.

Chores:

  • f8131bfbc Consensus,Interface: ramp up the dark launch of the new socks proxy discovery to 100% (#4887)
    Notes: Updates the REGISTRY_SOCKS_PROXY_DARK_LAUNCH_PERCENTAGE constant from 10% to 100% so that currently 100% of requests will be routed through the dark launch route, entirely redirecting traffic to the new socks proxy discovery system.
    Review: Code changes look good and match release notes.
  • 54dea04f3 Consensus,Interface: log transform function result size if max_response_size_bytes exceeded (#4873)
    Notes: The commit adds logging functionality in the CanisterHttpAdapterClientImpl struct to log the transform result size if it exceeds the max_response_size_bytes threshold by comparing the size of the transform result and logging it if it exceeds the threshold.
    Review: Code changes look good and match release notes.
  • 1e2968784 Consensus,Interface(consensus): add note on exclusive IPv6 guarantee on NetworkUnreachable (#4626)
    Notes: The commit improves the error message when connection failure occurs by informing that the “canister HTTPS outcalls feature” is IPv6-only and providing guidance to developers to refer to Internet Computer documentation for further details.
    Review: Code changes look good and match release notes.
  • b897181bd Execution,Interface: log canister http transform taking more than 10M instructions (#4872)
    Notes: Reduces canister HTTP transform function logging threshold from 100M to 10M instructions to enable earlier logging without being overwhelmed in logs because most non-replicated queries are between 5-10M instructions.
    Review: Code changes look good and match release notes.
  • 8c1f8b0d3 Execution,Interface: upgrade wasmtime to v.31 (#4673)
    Notes: The commit upgrades the “wasmtime” version from 30.0.2 to 31.0.0 and adjustments in dependency versions.
    Review: Code changes look good and match release notes.
  • ee8aa2f9e Interface: refactor QuerySource (#4824)
    Notes: Renames QuerySource::Anonymous to QuerySource::System because these queries originate from the system protocol, not an anonymous user and added a user_id() method to QuerySource to remove code duplication.
    Review: Code changes look good and match release notes.
  • 9318e468d Interface,Node(node): unify downloading logic (#4847)
    Notes: The commit updates upgrade_hostos to use the async FileDownloader from ic-http-utils by replacing manual download and SHA256 hash verification logic.
    Review: Code changes look good and match release notes.
  • d2007f19e Owners: upgrade wasm tools to v.228.0 (#4884)
    Notes: Updates Wasm tools to version 228.0 to align with the latest wasm-tools improvements.
    Review: Code changes look good and match release notes.
  • 42750a409 Node: fix iDRAC console ‘no signal’ regression (#4882)
    Notes: The commit adds video=1024x768 to kernel boot parameters to fix iDRAC console ‘no signal’ issues on headless servers.
    Review: Code changes look good and match release notes.
  • 531ae2469 Node: Update Base Image Refs [2025-04-17-0807] (#4850)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.
  • 0b7178e66 Node: Grant backup user read access to artifact pools (#4817)
    Node: Grant backup user read access to artifact pools (#4817)
    Notes: Grants read-only access to ic_consensus_pool by creating a new ic-consensus-pool group and assigning it to backup, readonly, admin, and ic-replica users.
    Review: Code changes look good and match release notes.

Refactoring:

  • e966556bd Interface(crypto): rename ChainKeySigningSubnetList to ChainKeyEnabledSubnetList (#4819)
    Notes: The commit renames ChainKeySigningSubnetList to ChainKeyEnabledSubnetList and reflects aligning with a new naming (“chain-key enabled subnet”) across various functions, methods, tests, variables, and documentation.
    Review: Code changes look good and match release notes.
1 Like

Proposal 136366 and 136367 | Yuvika - Zentih Code

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

Commits

Features:

  • 1354f31c9
    Summary: Configuration revamp (HostOS integration).
    Notes: Integrate new config tool into HostOS instead of using the old config.
    Review: The description matches the code changes.

Bugfixes:

  • 1456723b1
    Summary: Only replay blocks until a CUP height during a backup.
    Notes: During back-up, replay blocks until the CUP
    height is reached and do the full CUP verification.
    Review: The description matches the code changes.

  • 7621b8155
    Summary: memory usage checks in management canister.
    Notes: Refactor ValidatedMemoryUsage struct, and add new methods to simplify functionality memory_usage_checks, memory_usage_updates, and can_reserve_cycles.
    Review: The description matches the code changes.

  • e200f99b4
    Summary: update parsing of power measurements via IPMI tool.
    Notes: Account for AM/PM label when IPMI tool is run manually in monitor-power.sh script.
    Review: The description matches the code changes.

Chores:

  • f8131bfbc
    Summary: ramp up the dark launch of the new socks proxy discovery to 100%.
    Notes: Increase the probability of using api boundary node addresses for SOCKS proxy dark launch REGISTRY_SOCKS_PROXY_DARK_LAUNCH_PERCENTAGE from 10 to 100.
    Review: The description matches the code changes.

  • 54dea04f3
    Summary: log transform function result size if max_response_size_bytes exceeded.
    Notes: Log when the http transform function result size exceeds max_response_size_bytes.
    Review: The description matches the code changes.

  • 1e2968784
    Summary: add note on exclusive IPv6 guarantee on NetworkUnreachable.
    Notes: Improve error logging when facing issues due to lacking IPv4 access on an application, since the canister HTTPS outcalls feature is only supported on IPv6.
    Review: The description matches the code changes.

  • b897181bd
    Summary: log canister http transform taking more than 10M instructions.
    Notes: Decrease instruction threshold from 100M to 10M.
    Review: The description matches the code changes.

  • 8c1f8b0d3
    Summary: upgrade wasmtime to v.31.
    Notes: Upgrade wasmtime package from v.30 to v.31.
    Review: The description matches the code changes.

  • ee8aa2f9e
    Summary: refactor QuerySource.
    Notes: Refactor usages of QuerySource::Anonymous to QuerySource::System for clarity and add a new function QuerySource::user_id.
    Review: The description matches the code changes.

  • 9318e468d
    Summary: unify downloading logic.
    Notes: Fix for #4805. Update logic in upgrade_hostos to asynchronously verify and download the file.
    Review: The description matches the code changes.

  • d2007f19e
    Summary: upgrade wasm tools to v.228.0.
    Notes: Upgrade version of several wasm-based creates (wasmparser, wasm-encoder, walrus, etc.).
    Review: The description matches the code changes.

  • 42750a409
    Summary: fix iDRAC console ‘no signal’ regression.
    Notes: Fix the “no signal” bug on the iDRAC console in Linux 6.11 by updating the video=1024x768 kernel boot parameter.
    Review: The description matches the code changes.

  • 531ae2469
    Summary: Update Base Image Refs [2025-04-17-0807].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • 0b7178e66
    Summary: Grant backup user read access to artifact pools.
    Notes: Update setup-permissions.sh and grant read-only access to the user group ic-consensus-pool, giving access to /var/lib/ic/data/ic_consensus_pool directory.
    Review: The description matches the code changes.

Refactoring:

  • e966556bd
    Summary: rename ChainKeySigningSubnetList to ChainKeyEnabledSubnetList.
    Notes: Rename all instances of ChainKeySigningSubnetList to ChainKeyEnabledSubnetList within the code (functions, comments, tests, etc.).
    Review: The description matches the code changes.
1 Like

Proposals 136366 & 136367 | Tim - CodeGov

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. Unexpected circumstances have meant that I haven’t had time to write a full review, but I’ve perused the full set of commits as part of this briefer review. The GuestOS revision commits (proposal 136366) are a subset of the HostOS commits (proposal 136367). Significant changes include ramping up the SOCKS proxy dark launch for API boundary nodes in order to test its performance at full capacity, improvements in error messages and logging for https outcalls, version upgrades for several packages, renaming of some methods and other components, and addressing some issues affecting backups, recovery and IC-OS upgrades.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal #136366 for GuestOS — Zack | CodeGov

for release-2025-24_03-18-base.

Vote: Adopted
Reason: The build is reproducible and all three OS hashes match (GUESTOS, HOSTOS and SETUPOS) as well as the listed commits descriptions.

Proposal #136367 for HostOS — Zack | CodeGov

for release-2025-24_03-18-base.

Vote: Adopted
Reason: The build is reproducible and all three OS hashes match (GUESTOS, HOSTOS and SETUPOS) as well as the listed commits descriptions.

Commits Features: 1354f31c9 Node: Configuration revamp (HostOS integration) (#3390) Bugfixes: 1456723b1 Consensus,Interface(ic-backup): Only replay blocks until a CUP height during a backup (#4823) 7621b8155 Execution,Interface: memory usage checks in management canister (#4749) e200f99b4 Node: update parsing of power measurements via IPMI tool (#4833) Chores: f8131bfbc Consensus,Interface: ramp up the dark launch of the new socks proxy discovery to 100% (#4887) 54dea04f3 Consensus,Interface: log transform function result size if max_response_size_bytes exceeded (#4873) 1e2968784 Consensus,Interface(consensus): add note on exclusive IPv6 guarantee on NetworkUnreachable (#4626) b897181bd Execution,Interface: log canister http transform taking more than 10M instructions (#4872) 8c1f8b0d3 Execution,Interface: upgrade wasmtime to v.31 (#4673) ee8aa2f9e Interface: refactor QuerySource (#4824) 9318e468d Interface,Node(node): unify downloading logic (#4847) d2007f19e Owners: upgrade wasm tools to v.228.0 (#4884) 42750a409 Node: fix iDRAC console 'no signal' regression (#4882) 531ae2469 Node: Update Base Image Refs [2025-04-17-0807] (#4850) 0b7178e66 Node: Grant backup user read access to artifact pools (#4817) Refactoring: e966556bd Interface(crypto): rename ChainKeySigningSubnetList to ChainKeyEnabledSubnetList (#4819)
About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal 136366– Zane | CodeGov

Vote: ADOPT

Reason: Build completes successfully, both hashes and reviewed commits match their descriptions, so I’ve voted to adopt.

7621b8155 Unified logic used to perform memory usage checks and updating subnet memory usage across canister manager methods to load/take/upload canister snapshots. memory_usage_checks has been refactored so that it only returns the amount of memory that can be safely deducted from the subnet and cycles that can be reserved or a CanisterManagerError if any check fails. Logic to reserve the cycles and update subnet available memory has been moved to memory_usage_updates. Similarly reserve_cycles has been split into 2 methods to increase code reusability, with can_reserve_cycles performing the checks and reserve_cycles updating main/reserved cycle balance if they do pass. upload_chunk, take_canister_snapshot, load_canister_snapshot have been simplified as a result since repeated code has been removed in favor of the aforementioned methods.

Chores:

f8131bfbc Increased REGISTRY_SOCKS_PROXY_DARK_LAUNCH_PERCENTAGE to 100%. Matches description.

54dea04f3 Provide ReplicaLogger instance to CanisterHttpAdapterClientImpl and use it to log when canister http transform result size exceeds max_response_size. Matches description.

1e2968784 Modified error message shown whenever an HTTPS outcalls fails to connect so that it specifies the feature only works with IPv6 enabled endpoints.

b897181bd Reduced number of instructions required to log instructions used by a canister http transform function from 100M to 10M. Matches description.

8c1f8b0d3 Bumped wasmtime and wasmtime-environ version from 30.0.2 to 31.0.0. Matches description.

ee8aa2f9e Renamed Anonymous variant of QuerySource to System and implemented user_id method for the enum in order to avoid code duplication.

9318e468d Refactored create_hostos_upgrade_file method to use more robust FileDownloader utility that allows to download an upgrade file and verify its hash and also supports resuming downloads by fetching only the missing parts of the file.

d2007f19e Bumped versions for various wasm related dependencies. Matches description.

531ae2469 Updated ICOS image refs.

0b7178e66 Defined new ic-consensus-pool system group, assigned it read only access for /var/lib/ic/data/ic_consensus_pool directory and added it to ic-replica, backup, readonly and admin users.

Refactoring:

e966556bd Changed some methods/struts/variables to use “chain key enabled” nomenclature instead of “chain key signing”.

Proposal 136367– Zane | CodeGov

Vote: ADOPT
Reason: Build completes successful and hashes, commits are the same as 136366. I’ve voted to adopt.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.