Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.
To see a full list of commits added since last release, compare the revisions on GitHub.
Bugfixes:
190c44caa Execution,Interface: Sanitize input to canister snapshot data download before charging cycles (#5344)
53c1713ec Execution,Interface: return deallocated bytes to subnet available memory (#5362)
6cd54499b Interface: error message for OutOfMemory (#5358)
ce1287d35 Interface,Node: Change behavior when the GuestOS VM config already exists to make it consistent with the previous behavior (#5331)
27e24aefc Interface,Node: Add consistent defaults for HostOSSettings (#5350)
The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.
While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.
Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the HostOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.
To see a full list of commits added since last release, compare the revisions on GitHub.
Bugfixes:
ce1287d35 Interface,Node: Change behavior when the GuestOS VM config already exists to make it consistent with the previous behavior (#5331)
27e24aefc Interface,Node: Add consistent defaults for HostOSSettings (#5350)
The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.
While not required for this NNS proposal, as we are only electing a new HostOS version here, you have the option to verify the build reproducibility of the GuestOS by passing --guestos to the script above instead of --hostos, or the SetupOS by passing --setupos.
190c44caa Execution,Interface: Sanitize input to canister snapshot data download before charging cycles (#5344)
Review: Looks fine + matches description
Notes: Modifies read_snapshot_data to first check that the response size will not exceed MAX_SLICE_SIZE_BYTES, and if it will, exits early by returning the new CanisterManagerError::SliceTooLarge error variant.
53c1713ec Execution,Interface: return deallocated bytes to subnet available memory (#5362)
Review: Looks fine + matches description
Notes: Modifies memory_usage_checks to return both allocated_bytes and deallocated_bytes (only one will ever be populated), then if the deallocated_bytes is non-zero, those bytes are added to the subnet available memory.
6cd54499b Interface: error message for OutOfMemory (#5358)
Review: Looks fine + matches description
Notes: Simply updates the text returned in the error message whenever a HypervisorError::OutOfMemory error occurs.
ce1287d35 Interface,Node: Change behavior when the GuestOS VM config already exists to make it consistent with the previous behavior (#5331)
Review: Looks fine + matches description
Notes: Updates generate_guest_vm_config to exit early with an Ok() response if the config already exists rather than returning an error.
27e24aefc Interface,Node: Add consistent defaults for HostOSSettings (#5350)
Review: Looks fine + matches description
Notes: Provides a manual implementation of Default for HostOSSettings which sets realistic values as opposed to simply deriving the implementation.
Chores:
8f1ef8ce7 Consensus,Interface: Distinguish transient VetKD errors where NiDkgTranscript wasn’t loaded yet (#5404)
Review: Looks fine + matches description
Notes: Records separate metrics for errors that occur when creating or verifying threshold signatures based on if the error occurred due to the NiDkg transcript not being loaded yet, since these errors are expected to occur in the few seconds following a summary block, so this split makes it easier to track if any unexpected errors occur.
029ebf5c4 Interface: Upgrade canbench to 0.15.0 (#5356)
Review: Looks fine + matches description
Notes: Bumps canbench from 0.1.9 to 0.1.15 and re-runs the ledger and governance canister benchmarks.
c45812358 Interface: downgrade to rust 1.85.1 (#5194)
Review: Looks fine + matches description
Notes: Reverts Rust back to version 1.85.1 (from version 1.86.0) because the later version was causing issues with PocketIC.
24e8ba331 Owners: bump ic-management-canister-types to 0.3.1 (#5408)
Review: Looks fine + matches description
Notes: Bumps ic-management-canister-types from 0.3.0 to 0.3.1 and updates a few comments.
b0f19d5dc Node: Remove local-vm tool from bazel (#5373)
Review: Looks fine + matches description
Notes: Removes the launch-local-vm from Bazel and the corresponding installable flag which was only used by this tool.
Refactoring:
c2f9448f4 Consensus,Interface(registration): unify and enhance node registration logs (#5376)
Review: Looks fine + matches description
Notes: Unifies the error messages displayed to node providers when attempting to register a node to match the messages that get sent to the logs.
About CodeGov
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.
Learn more about CodeGov and its mission at codegov.org.
190c44caa Execution,Interface: Sanitize input to canister snapshot data download before charging cycles (#5344)
Notes: This commit improves safety by validating snapshot data slice sizes before charging cycles, using a new get_response_size helper, and replaces the old InvalidSubslice error with more descriptive InvalidSlice and SliceTooLarge errors.
Review: Code changes look good and match release notes.
53c1713ec Execution,Interface: return deallocated bytes to subnet available memory (#5362)
Notes: Updates memory_usage_updates to properly monitor and return deallocated bytes to the available memory of a subnet by replacing memory_increase with allocated_bytes and deallocated_bytes to enable precise memory accounting in updating canister state.
Review: Code changes look good and match release notes.
6cd54499b Interface: error message for OutOfMemory (#5358)
Notes: This commit updates the OutOfMemory error message in HypervisorError to “Canister cannot grow its memory usage” and adjusts related test assertions to reflect this change.
Review: Code changes look good and match release notes.
ce1287d35 Interface,Node: Change behavior when the GuestOS VM config already exists to make it consistent with the previous behavior (#5331)
Notes: Modifies the behavior when a GuestOS VM config file already exists by replacing the hard error (bail!) with a println! message.
Review: Code changes look good and match release notes.
27e24aefc Interface,Node: Add consistent defaults for HostOSSettings (#5350)
Notes: Introduces a custom Default implementation for HostOSSettings to provide consistent default values, e.g., to set vm_nr_of_vcpus explicitly to 64.
Review: Code changes look good and match release notes.
Chores:
8f1ef8ce7 Consensus,Interface: Distinguish transient VetKD errors where NiDkgTranscript wasn’t loaded yet (#5404)
Notes: Adds specific checks to handle when VetKD signature errors are due to the NiDkgTranscript which was not loaded yet, and has more detail in metric labels so these temporarily expected errors will not be confused with real issues.
Review: Code changes look good and match release notes.
029ebf5c4 Interface: Upgrade canbench to 0.15.0 (#5356)
Notes: This commit upgrades canbench to version 0.15.0 from 0.1.9, which now uses pocket-ic client 9.0.0, and updates the pocket-ic-mainnet-gz reference to stay compatible with the new version.
Review: Code changes look good and match release notes.
c45812358 Interface: downgrade to rust 1.85.1 (#5194)
Notes: Downgrades Rust to version 1.85.1 to fix a PocketIC build issue on macOS x86_64 caused by unexpected HTTP version handling in the hyper client.
24e8ba331 Owners: bump ic-management-canister-types to 0.3.1 (#5408)
Notes: This commit updates the ic-management-canister-types crate from version 0.3.0 to 0.3.1, introducing new VetKD types.
Review: Code changes look good and match release notes.
b0f19d5dc Node: Remove local-vm tool from bazel (#5373)
Notes: This commit removes the installable option and all associated Bazel genrules for launching local VMs.
Review: Code changes look good and match release notes.
Refactoring:
c2f9448f4 Consensus,Interface(registration): unify and enhance node registration logs (#5376)
Notes: Refactors node registration logs to unify message formatting and include detailed info like node_id, errors, and the add_node_payload for better traceability.
Review: Code changes look good and match release notes.
About Zenith Code
Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.
Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.
Internal refactors, diagnostics improvements, and error-handling tweaks rather than net-new features. Added a get_response_size helper, overhauled memory-usage accounting to track deallocations, enriched error variants and metrics, and smoothed out early exits and default settings.
Commits Summary
proposal/136887
190c44caa
New get_response_size helper, matching on CanisterSnapshotDataKind and upfront validation against MAX_SLICE_SIZE_BYTES. It also renames the InvalidSubslice error variant to InvalidSlice.
53c1713ec
Memory-usage tracking to distinguish not just how many bytes are newly allocated but also how many are released: ValidatedMemoryUsage now carries both allocated_bytes and deallocated_bytes. The memory_usage_checks/memory_usage_updates logic has been rewritten to compute and debit allocated bytes while crediting deallocated bytes back to the subnet’s available memory.
ce1287d35
Treats an existing output file as a harmless early-exit (printing a notice and returning Ok(())) instead of writing metrics then bailing with an error.
8f1ef8ce7
Extended the CreateSigShareError and VerifySigShareError enums with methods to detect “NiDKG transcript not loaded” errors and updated the create_signature_share and validate_signature_share logic to record separate metrics.
029ebf5c4
canbench from 0.1.9 to 0.1.15
pocket-ic → 9.0.1, ic-transport-types → 0.39.3
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.
Learn more about CodeGov and its mission at codegov.org.
190c44caa
Summary: Sanitize input to canister snapshot data download before charging cycles.
Notes: Check the size of the response to ensure it is not more than MAX_SLICE_SIZE_BYTES, and return CanisterManagerError::SliceTooLarge otherwise.
Review: The description matches the code changes.
53c1713ec
Summary: return deallocated bytes to subnet available memory.
Notes: Update memory_usage_updates in the management
canister to return allocated and deallocated bytes, and add them back to subnet available memory.
Review: The description matches the code changes.
6cd54499b
Summary: error message for OutOfMemory.
Notes: Update the error message for OutOfMemory to “Canister cannot grow its memory usage,” since the error condition is not specific to “memory
allocation”.
Review: The description matches the code changes.
ce1287d35
Summary: Change behavior when the GuestOS VM config already exists to make it consistent with the previous behavior.
Notes: Refactor generate_guest_vm_config to return early if a config already exists, println!("GuestOS VM config file already exists: {}"), instead of returning an error, bail! (“GuestOS configuration file already exists: {}”)`.
Review: The description matches the code changes.
27e24aefc
Summary: Add consistent defaults for HostOSSettings.
Notes: Add a Default implementation for HostOSSettings to get consistent values instead of deriving them.
Review: The description matches the code changes.
Chores:
8f1ef8ce7
Summary: Distinguish transient VetKD errors where NiDkgTranscript wasn’t loaded yet.
Notes: Add a new metric for transient errors that occur in the initial 4 seconds
after a summary block when the NiDkgTranscript is not loaded, so new vetKD shares cannot be validated.
Review: The description matches the code changes.
029ebf5c4
Summary: Upgrade canbench to 0.15.0.
Notes: Upgrade canbench to 0.1.15 from 0.1.9, which uses the pocket-ic client 9.0.0 and also upgrades pocket-ic-mainnet-gz version.
Review: The description matches the code changes.
c45812358
Summary: downgrade to rust 1.85.1.
Notes: Revert commit d1dc4c2 which broke the x86_64-darwin build of PocketIC and downgrade to rust 1.85.1.
Review: The description matches the code changes.
24e8ba331
Summary: bump ic-management-canister-types to 0.3.1.
Notes: Upgrade ic-management-canister-types from 0.3.0 to 0.3.1, which
introduces new types for VetKD operations.
Review: The description matches the code changes.
b0f19d5dc
Summary: Remove local-vm tool from bazel.
Notes: Remove local-vm tool from Bazel and the associated installable flag.
Review: The description matches the code changes.
Refactoring:
c2f9448f4
Summary: unify and enhance node registration logs.
Notes: Unify and refactor node registration logs to improve formatting and add additional details such as node_id, errors, etc.
Review: The description matches the code changes.
About Zenith Code
Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.
Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.
Summary: The release notes matches the code changes
Vote: Adopt
Commits
Bugfixes:
190c44caa Execution,Interface: Sanitize input to canister snapshot data download before charging cycles (#5344)
Notes: This commit improves safety by validating snapshot data slice sizes before charging cycles, using a new get_response_size helper, and replaces the old InvalidSubslice error with more descriptive InvalidSlice and SliceTooLarge errors.
Review: Code changes look good and match release notes.
53c1713ec Execution,Interface: return deallocated bytes to subnet available memory (#5362)
Notes: Updates memory_usage_updates to properly monitor and return deallocated bytes to the available memory of a subnet by replacing memory_increase with allocated_bytes and deallocated_bytes to enable precise memory accounting in updating canister state.
Review: Code changes look good and match release notes.
6cd54499b Interface: error message for OutOfMemory (#5358)
Notes: This commit updates the OutOfMemory error message in HypervisorError to “Canister cannot grow its memory usage” and adjusts related test assertions to reflect this change.
Review: Code changes look good and match release notes.
ce1287d35 Interface,Node: Change behavior when the GuestOS VM config already exists to make it consistent with the previous behavior (#5331)
Notes: Modifies the behavior when a GuestOS VM config file already exists by replacing the hard error (bail!) with a println! message.
Review: Code changes look good and match release notes.
27e24aefc Interface,Node: Add consistent defaults for HostOSSettings (#5350)
Notes: Introduces a custom Default implementation for HostOSSettings to provide consistent default values, e.g., to set vm_nr_of_vcpus explicitly to 64.
Review: Code changes look good and match release notes.
Chores:
8f1ef8ce7 Consensus,Interface: Distinguish transient VetKD errors where NiDkgTranscript wasn’t loaded yet (#5404)
Notes: Adds specific checks to handle when VetKD signature errors are due to the NiDkgTranscript which was not loaded yet, and has more detail in metric labels so these temporarily expected errors will not be confused with real issues.
Review: Code changes look good and match release notes.
029ebf5c4 Interface: Upgrade canbench to 0.15.0 (#5356)
Notes: This commit upgrades canbench to version 0.15.0 from 0.1.9, which now uses pocket-ic client 9.0.0, and updates the pocket-ic-mainnet-gz reference to stay compatible with the new version.
Review: Code changes look good and match release notes.
c45812358 Interface: downgrade to rust 1.85.1 (#5194)
Notes: Downgrades Rust to version 1.85.1 to fix a PocketIC build issue on macOS x86_64 caused by unexpected HTTP version handling in the hyper client.
24e8ba331 Owners: bump ic-management-canister-types to 0.3.1 (#5408)
Notes: This commit updates the ic-management-canister-types crate from version 0.3.0 to 0.3.1, introducing new VetKD types.
Review: Code changes look good and match release notes.
b0f19d5dc Node: Remove local-vm tool from bazel (#5373)
Notes: This commit removes the installable option and all associated Bazel genrules for launching local VMs.
Review: Code changes look good and match release notes.
Refactoring:
c2f9448f4 Consensus,Interface(registration): unify and enhance node registration logs (#5376)
Notes: Refactors node registration logs to unify message formatting and include detailed info like node_id, errors, and the add_node_payload for better traceability.
Review: Code changes look good and match release notes.
About ZenithCode
Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.
Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.
Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. I’ve reviewed commits for Consensus and Interface as detailed below.
Review
Bugfixes:
[6cd54499b]
Changes the wording of the canister OutOfMemory error message.
[ce1287d35]
Modifies fn run, called during generation of the GuestOS VM configuration, so that it returns ok instead of returning an error if the GuestOS VM configuration file already exists, + corresponding test change.
[27e24aefc]
Adds a custom implementation of Default::default() for HostOSSettings to replace the use of #[derive(Default)].
Chores:
[8f1ef8ce7]
Adds labels verify_sig_share_nidkg_transcript_not_loaded and create_sig_share_nidkg_transcript_not_loaded as alternatives to existing metric labels, to be used in the event that NiDkgTranscript is not yet loaded and to accompany the transient error that is expected to occur in the first few seconds after a summary block is formed.
[029ebf5c4]
Version update for canbench and several related crates.
[c45812358]
Partially reverts commit d1dc4c2 (several minor refactoring changes are left alone) which upgraded the Rust version from 1.85.1 to 1.86.0, as this change broke one of the builds of PocketIC.
Refactoring:
[c2f9448f4]
Adds some detail to node registration warning/error logs and removes some duplication in the code for this.
About CodeGov
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, API Boundary Node Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.
Learn more about CodeGov and its mission at codegov.org.
While the reproducibility check script is pretty straight forward and easy to run (on Ubuntu 25.04 - no need for server) I have 2 questions regarding the payload @DRE-Team
If I understand it correctly from the Verify IC OS version election proposals Youtube tutorial, there should be 2 different links in the payload under “release_package_urls” but currently and the last few proposals at least they are both identical from download.dfinity.systems, any reason this is the case ?
Again referencing the same video it states that by wanting to have a short list of revisions there should be some listed as “replica_versions_to_unelect” but this hasn’t been the case for at least 7 weeks/releases now.
I will take a look at this issue this week. Thanks for the heads up.
EDIT: we have identified an issue and a fix will be shortly rolled out, which should take effect in the next release. Again, thank you for the heads up.
I am sorry I wasn’t more clear. Just wanted to make sure I got everything right.
In the NNS Explained | Verifying IC-OS Proposals video @ the 11 min 40 sec mark when looking at the payload Sasha is saying " in the payload of the proposal there are several download urls , these are different " as a precaution if one source is down 2nd will be used. I assumed the 0 and 1 urls should point to different locations/domains, but after checking other reviews looks like I was wrong and they should both be the same ?
Thank you for taking the time to answer.
Update: the release controller has had the fix merged in, and it’s in the process of rolling out. We will see a few releases unelected in this week’s upcoming release proposals.
