Proposal to elect new release rc--2025-06-26_03-25

Hello there!

We are happy to announce that voting is now open for a new GuestOS release.
The NNS proposal is here: IC NNS Proposal 137152.

Here is a summary of the changes since the last GuestOS release:

Release Notes for release-2025-06-26_03-25-base (60fb469c46e44e6071193a3314cc442044fcf17a)

This release is based on changes since release-2025-06-19_03-24-base (035f978fb5cffaef57f73242e1bb2a56423e84c3).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image.
Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • 85eda9431 Consensus,Execution,Interface: [,] populate HTTP context args and proto with replication enum (#5657)
  • e3f0f679f Consensus,Interface(replay): Allow ic-replay to replay until a target height while also performing an operation (#5633)
  • 9ed0c77bc Execution,Interface: rename_canister endpoint (#5441)
  • 92381a066 Execution,Interface: Add hash of EnvironmentVariables and update CanisterChange with hash (#5628)
  • 016e8ed65 Execution,Interface: Update CanisterSettings for environment variables (#5617)
  • 2fe9ac7c8 Execution,Interface: Add System API env_var_name_exists (#5653)
  • 892a0d8e6 Execution,Interface: Introduce canister settings change and checkpoint update (#5605)
  • 83923a194 Interface(ICRC_Ledger): Add 1xfer to icrc3_supported_block_types (#5608)
  • 00713b982 Interface(ICRC_Ledger): Set index in existing SNS and ck ledgers (#5237)
  • 0383d5b09 Interface,Node: Support SEV config and direct boot in the VM runner (#5614)
  • b2873804e Node: add time synchronization metric to metrics proxy (#5613)
  • d1845117c Node: Wrap components as prep for container upgrade (#5604)

Bugfixes:

  • 9bdaa01ad Consensus,Interface: Revert bound on notarized-certified gap during catch up (#5697)
  • 32414320d Consensus,Interface(test): Increase DKG interval of large subnet recovery test (#5649)
  • cc066e995 Consensus,Interface(ic-backup): always wait until the most recent checkpoint has been created and verified, and manifest created (#5631)
  • 086c66357 Node: Don’t map ID when extracting (#5673)

Chores:

  • 93032e97e Crypto,Interface(crypto): Modify VetKD to be robust about duplicated node shares (#5459)
  • e5bcbd889 Execution,Interface: refactor hard-coded constants in DTS tests (#5637)
  • a31284422 Execution,Interface: Early parsing of SnapshotId (#5630)
  • acc5b0734 Interface: Bump tempfile version to latest (#5621)
  • f1efa7993 Interface,Message Routing: Document flush_tip_channel (#5638)
  • 75c8507f6 Interface,Node: Move guest_vm_runner to a separate crate (#5695)
  • 8b5beb958 Node: Update Base Image Refs [2025-06-19-0808] (#5619)

Refactoring:

  • cfde1a05b Consensus,Interface(orchestrator): Remove dependency to canister_client in orchestrator (#5686)
  • 9f45074f0 Execution,Interface: Use separate System API types for response handlers in a composite query (#5561)

Other changes:

  • 25ccd6ded Interface,Message Routing: [feat]: Rehash manifest after publishing it (#5500)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS GuestOS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 60fb469c46e44e6071193a3314cc442044fcf17a --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

Hello there!

We are happy to announce that voting is now open for a new HostOS release.
The NNS proposal is here: IC NNS Proposal 137153.

Here is a summary of the changes since the last HostOS release:

Release Notes for release-2025-06-26_03-25-base (60fb469c46e44e6071193a3314cc442044fcf17a)

This release is based on changes since release-2025-06-19_03-24-base (035f978fb5cffaef57f73242e1bb2a56423e84c3).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the HostOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • 0383d5b09 Interface,Node: Support SEV config and direct boot in the VM runner (#5614)
  • b2873804e Node: add time synchronization metric to metrics proxy (#5613)
  • d1845117c Node: Wrap components as prep for container upgrade (#5604)
  • 9734b186d Node: Upgrade components to SEV-SNP compatible versions (#5635)

Bugfixes:

  • fdd950772 Interface,Node: Remove readonly from guest_direct_boot mounts (#5699)
  • f26febf6a Interface,Node: Deploy dev version of hostos_tool in dev HostOS (#5639)
  • 6146d490f Interface,Node: Remove short argument name (-h) for hostos_config_object_path (#5636)
  • 086c66357 Node: Don’t map ID when extracting (#5673)

Chores:

Tests:

  • 60fb469c4 Interface,Node: Improve fake mounter with persistent mounts (#5709)

Full list of changes (including the ones that are not relevant to HostOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS HostOS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 60fb469c46e44e6071193a3314cc442044fcf17a --hostos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new HostOS version here, you have the option to verify the build reproducibility of the GuestOS by passing --guestos to the script above instead of --hostos, or the SetupOS by passing --setupos.

Proposal: 137152 & 137153 - Yuvika | ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

Commits

Features:

  • 85eda9431 Consensus,Execution,Interface: [,] populate HTTP context args and proto with replication enum (#5657)
    Review: Matches description + changes are appropriate
    Notes: This commit adds is_replicated boolean which when set to false, fails any request before making it to replicated states. Also adds Replication enum which is not used as of now since it is always set to FullyReplicated.

  • e3f0f679f Consensus,Interface(replay): Allow ic-replay to replay until a target height while also performing an operation (#5633)
    Review: Matches description + changes are appropriate
    Notes: Currently we can either replay till target height or perform an operation afterwards but not both, this PR removes this constraint and enable to do both.

  • 9ed0c77bc Execution,Interface: rename_canister endpoint (#5441)
    Review: Matches description + changes are appropriate
    Notes: This PR adds a rename canister endpoint to management canister which can be called via XNet from the NNS subnet and renames the canister on target subnet. This will help in upcoming canister migration feature.

  • 92381a066 Execution,Interface: Add hash of EnvironmentVariables and update CanisterChange with hash (#5628)
    Review: Matches description + changes are appropriate
    Notes: This PR adds hash function for environment variables, it also updates the canister history to track environment variables.

  • 016e8ed65 Execution,Interface: Update CanisterSettings for environment variables (#5617)
    Review: Matches description + changes are appropriate
    Notes: This PR adds environment variables to CanisterSettings behind a feature flag. When the feature flag is enabled environment variables can be set by calling create_canister and update_settings management methods.

  • 2fe9ac7c8 Execution,Interface: Add System API env_var_name_exists (#5653)
    Review: Matches description + changes are appropriate
    Notes: This PR adds system api for env variables env_var_name_exists

  • 892a0d8e6 Execution,Interface: Introduce canister settings change and checkpoint update (#5605)
    Review: Matches description + changes are appropriate
    Notes: This PR adds a new record to track changes in canister history and also update checkout to include env variable changes.

  • 83923a194 Interface(ICRC_Ledger): Add 1xfer to icrc3_supported_block_types (#5608)
    Review: Matches description + changes are appropriate
    Notes: This PR adds 1xfer to be returned from icrc3_supported_block_types

  • 00713b982 Interface(ICRC_Ledger): Set index in existing SNS and ck ledgers (#5237)
    Review: Matches description + changes are appropriate
    Notes: This PR adds index canister principal id in SNS and chain fusion ledgers.

  • 0383d5b09 Interface,Node: Support SEV config and direct boot in the VM runner (#5614)
    Review: Matches description + changes are appropriate
    Notes: This PR adds support for direct boot and also adds SEV config options to the VM XML config.

  • b2873804e Node: add time synchronization metric to metrics proxy (#5613)
    Review: Matches description + changes are appropriate
    Notes: This PR adds time sync metrics to metrics proxy.

  • d1845117c Node: Wrap components as prep for container upgrade (#5604)
    Review: Matches description + changes are appropriate
    Notes: This PR wraps components to prepare for container upgrades since we now depend on system strip binary. Also podman export started behaving differently after #5615. So we need additional layer of sanitization so that that build before and after the upgrades are consistent.

  • 9734b186d Node: Upgrade components to SEV-SNP compatible versions (#5635)
    Review: Matches description + changes are appropriate
    Notes: This PR upgrades components to SEV-SNP compatible versions, no functional effect just updates used when creating base images.

Bugfixes:

  • 9bdaa01ad Consensus,Interface: Revert bound on notarized-certified gap during catch up (#5697)
    Review: Matches description + changes are appropriate
    Notes: This PR reverts part of the change made by #5448 reverting bound on the gap between local height and incoming artifact height.

  • 32414320d Consensus,Interface(test): Increase DKG interval of large subnet recovery test (#5649)
    Review: Matches description + changes are appropriate
    Notes: This PR increases DKG_INTERVAL_LARGE height from 99 to 124 nodes. The NNS of the recovery subnet have 40 nodes. Recovery process needs to share transcripts for high/local, high/remote, low/remote. So the minimum dkg interval height should be 120 nodes we add +4 to make it more predictable.

  • cc066e995 Consensus,Interface(ic-backup): always wait until the most recent checkpoint has been created and verified, and manifest created (#5631)
    Review: Matches description + changes are appropriate
    Notes: This PR adds functionality to wait for the most recent checkpoint to be created and verified instead of waiting until the hash of the state at given height is computed.

    • 086c66357 Node: Don’t map ID when extracting (#5673)
      Review: Matches description + changes are appropriate
      Notes: Just a small change to not map id.
  • fdd950772 Interface,Node: Remove readonly from guest_direct_boot mounts (#5699)
    Review: Matches description + changes are appropriate
    Notes: This PR adds changes to no longer mount in read only mode since mounting in read only mode can fail if anything needs to be written on file systems which can happen for file system repair or when os needs to partition the file system. Before the guest vm is started all the mount is clean so we don’t need to mount in read only mode. Some more context for debug messages.

  • f26febf6a Interface,Node: Deploy dev version of hostos_tool in dev HostOS (#5639)
    Review: Matches description + changes are appropriate
    Notes: This PR is a temporary fix to deploy dev tools in dev host os until we have a better way to fetch the dev binaries in dev images.

  • f26febf6a Interface,Node: Deploy dev version of hostos_tool in dev HostOS (#5639)
    Review: Matches description + changes are appropriate
    Notes: This PR is a temporary fix to deploy dev tools in dev host os until we have a better way to fetch the dev binaries in dev images.

    • 6146d490f Interface,Node: Remove short argument name (-h) for hostos_config_object_path (#5636)
      Review: Matches description + changes are appropriate
      Notes: Just a small change to remove short argument name which is not used and overlaps with help.

Chores

  • 93032e97e Crypto,Interface(crypto): Modify VetKD to be robust about duplicated node shares (#5459)
    Review: Matches description + changes are appropriate
    Notes: This PR adds changes for VetKD but this condition should never occur, We just want to be resilient here in case vault implementation changes in future.

  • e5bcbd889 Execution,Interface: refactor hard-coded constants in DTS tests (#5637)
    Review: Matches description + changes are appropriate
    Notes: This PR refactors hard coded constants in DTS.

  • a31284422 Execution,Interface: Early parsing of SnapshotId (#5630)
    Review: Matches description + changes are appropriate
    Notes: This PR adds Serialize, Deserialize and Candid Type for SnapshotId so that SnapshotId can be directly used in management canister. Also some code refactoring is done.

  • acc5b0734 Interface: Bump tempfile version to latest (#5621)
    Review: Matches description + changes are appropriate
    Notes: This PR upgrades tempfile version from 3.12.0 to 3.20.0.

  • f1efa7993 Interface,Message Routing: Document flush_tip_channel (#5638)
    Review: Matches description + changes are appropriate
    Notes: Just adds a one liner comment in the code to avoid confusion.

  • 75c8507f6 Interface,Node: Move guest_vm_runner to a separate crate (#5695)
    Review: Matches description + changes are appropriate
    Notes: This PR creates a separate tool for guest vm functionality and moves it out of host os tool and config library.

  • 8b5beb958 Node: Update Base Image Refs [2025-06-19-0808] (#5619)
    Review: Matches description + changes are appropriate
    Notes: This PR updates base container image references.

Refactoring:

  • cfde1a05b Consensus,Interface(orchestrator): Remove dependency to canister_client in orchestrator (#5686)
    Review: Matches description + changes are appropriate
    Notes: This PR brings back the dependency to canister_client in orchestrator.

  • 9f45074f0 Execution,Interface: Use separate System API types for response handlers in a composite query (#5561)
    Review: Matches description + changes are appropriate
    Notes: This PR adds system api types for response handling so now we don’t need if/else block to return.

Other changes:

  • 25ccd6ded Interface,Message Routing: [feat]: Rehash manifest after publishing it (#5500)
    Review: Matches description + changes are appropriate
    Notes: This PR updates rehashing from after 10 checkpoints which is roughly 10% of the data before detecting divergency in case of system or hardware bug to after publishing the manifest which increasing the detection to 11 checkpoints.

Tests:

  • 60fb469c4 Interface,Node: Improve fake mounter with persistent mounts (#5709)
    Review: Matches description + changes are appropriate
    Notes: This PR makes ExtractingFilesystemMounter act persistently so when we mount the same partition multiple times it returns the same directory. This closely mirror the behaviour in reality since change in the file system should be visible even when it is re-mounted.
About Zenith Code

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

Proposal 137152 & 137153 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Features:

  • 85eda9431 Consensus,Execution,Interface: [,] populate HTTP context args and proto with replication enum (#5657)
    Review: Looks fine + matches description
    Notes: Adds the is_replicated field to CanisterHttpRequestArgs and also adds the replication field to CanisterHttpRequestContext. For now if is_replicated is set to false then a NonReplicatedNotSupported error is returned, but in the future this will be supported.

  • e3f0f679f Consensus,Interface(replay): Allow ic-replay to replay until a target height while also performing an operation (#5633)
    Review: Looks fine + matches description
    Notes: Updates the ic-replay tool to support replaying blocks until a certain height, and then performing an action. Previously there was a match statement that would panic if a subcommand and a target height were both specified.

  • 9ed0c77bc Execution,Interface: rename_canister endpoint (#5441)
    Review: Looks fine + matches description
    Notes: Adds and implements the new RenameCanister management canister function. This new function can only be called from the NNS subnet and simply updates a canister’s Id within the replicated state of the subnet to be the one specified in the request. This a step towards being able to migrate canisters to new subnets.

  • 92381a066 Execution,Interface: Add hash of EnvironmentVariables and update CanisterChange with hash (#5628)
    Review: Looks fine + matches description
    Notes: Implements EnvironmentVariables::hash so that a map of environment variables can be hashed into a single 32 byte value. In a subsequent change this hash will be stored within checkpoints to validate the state is the same between replicas.

  • 016e8ed65 Execution,Interface: Update CanisterSettings for environment variables (#5617)
    Review: Looks fine + matches description
    Notes: Add the environment_variables field to CanisterSettings and also introduces the environment_variables feature flag which for now is set to disabled. Once this flag is enabled, devs will be able to set environment variables for canisters when creating them or by using update_settings.

  • 2fe9ac7c8 Execution,Interface: Add System API env_var_name_exists (#5653)
    Review: Looks fine + matches description
    Notes: Adds the ic0_env_var_name_exists system function which returns a boolean indicating if an environment variable exists with the specified name for the specified canister.

  • 892a0d8e6 Execution,Interface: Introduce canister settings change and checkpoint update (#5605)
    Review: Looks fine + matches description
    Notes: Adds environment variables to each canister’s replicated state and loads them when loading a checkpoint. Also adds the environment variables hash to each CanisterSettingsChange entry in the canister history.

  • 83923a194 Interface(ICRC_Ledger): Add 1xfer to icrc3_supported_block_types (#5608)
    Review: Looks fine + matches description
    Notes: Updates the ICRC ledger to adds “1xfer” (meaning ICRC1 transfer) to the list of supported block types.

  • 00713b982 Interface(ICRC_Ledger): Set index in existing SNS and ck ledgers (#5237)
    Review: Looks fine + matches description
    Notes: Updates all existing ICRC ledgers to contain their corresponding Index canister Ids. It does this by hard coding the ledger + index canister Id pairs, then in post_upgrade each ledger will look for the index which matches its own canisterId.

  • 0383d5b09 Interface,Node: Support SEV config and direct boot in the VM runner (#5614)
    Review: Looks fine + matches description
    Notes: Adds enable_sev and direct_boot to the GuestOSTemplateProps and uses them to configure how the GuestOS VM should boot.

  • b2873804e Node: add time synchronization metric to metrics proxy (#5613)
    Review: Looks fine + matches description
    Notes: Exposes the node_timex_sync_status metric from each node which indicates if the clock is synchronized to a reliable server or not.

  • d1845117c Node: Wrap components as prep for container upgrade (#5604)
    Review: Looks fine + matches description
    Notes: Applies a patch to hermetic_cc_toolchain which adds a dependency on strip and supports passing extra_settings to declare_toolchains, then also modifies export_container_filesystem to sanitize the build output making the new build outputs consistent with older versions.

  • 9734b186d Node: Upgrade components to SEV-SNP compatible versions (#5635)
    Review: Looks fine + matches description
    Notes: Updates a few packages used by IC-OS to SEV-SNP compatible versions.

Bugfixes:

  • 9bdaa01ad Consensus,Interface: Revert bound on notarized-certified gap during catch up (#5697)
    Review: Looks fine + matches description
    Notes: This reverts the change introduced 2 weeks ago by commit 7dc75ea49 where a bound was introduced between the pending CUP height and the latest certified height. This bound was originally introduced to prevent a node’s validated artifact pool growing too large, but while a node is catching up, most artifacts are already finalized and any non-finalized artifacts will immediately be purged as soon as the next finalized height is validated, so this bound is not required.

  • 32414320d Consensus,Interface(test): Increase DKG interval of large subnet recovery test (#5649)
    Review: Looks fine + matches description
    Notes: Increases the DKG_INTERVAL_LARGE constant within subnet recovery tests since one of the tests requires at least 120 rounds to reshare the 3 transcripts involved. Then also removes a check for if there is a finalized height greater than the latest height after a recovery, this check is no longer applicable now that recovering to the latest certified height is supported.

  • cc066e995 Consensus,Interface(ic-backup): always wait until the most recent checkpoint has been created and verified, and manifest created (#5631)
    Review: Looks fine + matches description
    Notes: Modifies the ic-replay tool’s wait_for_state function to additionally call flush_tip_channel once the specified height has been executed, this will block until the most recent checkpoint has finished being processed, this is needed now that checkpointing happens asynchronously.

  • 086c66357 Node: Don’t map ID when extracting (#5673)
    Review: Looks fine + matches description
    Notes: Updates the build_container_filesystem_tar.py script to assign numeric owner Ids to maintain consistency regardless of where these containers are extracted.

  • fdd950772 Interface,Node: Remove readonly from guest_direct_boot mounts (#5699)
    Review: Looks fine + matches description
    Notes: Removes the readonly field from the guest_vm_runner::MountOptions and no longer mounts in readonly mode.

  • f26febf6a Interface,Node: Deploy dev version of hostos_tool in dev HostOS (#5639)
    Review: Looks fine + matches description
    Notes: Deploys a dev version of the host_os tool when deploying a dev version of HostOS. This is a temporary hack which can be removed once there is a way to download dev binaries into dev images.

  • 6146d490f Interface,Node: Remove short argument name (-h) for hostos_config_object_path (#5636)
    Review: Looks fine + matches description
    Notes: Removes the short option for the host_os tool hostos_config_object_path arg, so it can only be set using the full name.

Chores:

  • 93032e97e Crypto,Interface(crypto): Modify VetKD to be robust about duplicated node shares (#5459)
    Review: Looks fine + matches description
    Notes: Modifies the VetKey EncryptedKey::combine_unchecked function to take a map keyed by NodeIndex rather than a slice to protect against duplicate shares.

  • e5bcbd889 Execution,Interface: refactor hard-coded constants in DTS tests (#5637)
    Review: Looks fine + matches description
    Notes: This commit simply refactors a load of test code which covers deterministic time slicing. It also adds a new universal canister wasm version and uses that within DTS tests rather than creating a canister from the hardcoded DTS_INSTALL_WAT.

  • a31284422 Execution,Interface: Early parsing of SnapshotId (#5630)
    Review: Looks fine + matches description
    Notes: Implements serialization functions for SnapshotId and then updates the snapshot management canister functions to take SnapshotId rather than Vec<u8> in the args.

  • acc5b0734 Interface: Bump tempfile version to latest (#5621)
    Review: Looks fine + matches description
    Notes: Bumps tempfile from 3.12.0 to 3.20.0.

  • f1efa7993 Interface,Message Routing: Document flush_tip_channel (#5638)
    Review: Looks fine + matches description
    Notes: Adds a doc comment to StateManagerImpl::flush_tip_channel.

  • 75c8507f6 Interface,Node: Move guest_vm_runner to a separate crate (#5695)
    Review: Looks fine + matches description
    Notes: Moves the guest_vm_runner logic out of the config package and into its own package now that it has become fairly large.

  • 8b5beb958 Node: Update Base Image Refs [2025-06-19-0808] (#5619)
    Review: Looks fine + matches description
    Notes: Bumps the base IC-OS image references.

Refactoring:

  • cfde1a05b Consensus,Interface(orchestrator): Remove dependency to canister_client in orchestrator (#5686)
    Review: Looks fine + matches description
    Notes: Re-applies an older commit when removed the dependency on ic-canister-client from the orchestrator, and switches it to using ic-agent instead. This change was originally reverted due to a failing test, but that has subsequently been fixed.

  • 9f45074f0 Execution,Interface: Use separate System API types for response handlers in a composite query (#5561)
    Review: Looks fine + matches description
    Notes: Introduces the CompositeCleanup, CompositeReplyCallback, and CompositeRejectCallback variants to the system API for use within composite queries, by using more specific types many if statements which inspected the now removed execution_mode field of pre-existing types can be removed.

Tests:

  • 60fb469c4 Interface,Node: Improve fake mounter with persistent mounts (#5709)
    Review: Looks fine + matches description
    Notes: Modies the ExtractingFilesystemMounter struct used for testing to store a map of partitions so that extracting the same device/offset/len returns the same partition, so that changes to a mounted partition are visible when that same partition is mounted again.

Other changes:

  • 25ccd6ded Interface,Message Routing: [feat]: Rehash manifest after publishing it (#5500)
    Review: Looks fine + matches description
    Notes: Defers rehashing of the manifest until after it has been published, this allows it to be published earlier at the expense of any divergence being detected later (11 checkpoint intervals on average rather than 10).
About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

Proposal: 137152 & 137153 - Manvick | ZenithCode

Summary:

  1. Build Hash: The build hash matches
  2. Summary: The release notes match the code changes
  3. Vote: Adopt
Commits

Features:

  • 85eda9431 Consensus,Execution,Interface: [,] populate HTTP context args and proto with replication enum (#5657)
    Review: Matches description + changes are appropriate
    Notes: This commit introduces support for specifying replication behavior in canister HTTP requests. It adds an is_replicated flag to request arguments and a Replication enum to the request context. Non-replicated requests are currently rejected. These changes prepare the system for future support of selectively replicated HTTP calls.

  • e3f0f679f Consensus,Interface(replay): Allow ic-replay to replay until a target height while also performing an operation (#5633)
    Review: Matches description + changes are appropriate
    Notes: This commit enhances ic-replay to support replaying up to a target height while also performing an operation, such as NNS upgrades. It removes a legacy constraint, updates recovery steps and tests accordingly, and adds a --skip-prompts flag to enable non-interactive usage during automated recovery workflows.

  • 9ed0c77bc Execution,Interface: rename_canister endpoint (#5441)
    Review: Matches description + changes are appropriate
    Notes: This commit introduces a new rename_canister endpoint in the management canister, allowing canisters to be renamed via cross-subnet (XNet) calls from the NNS subnet. The feature enforces strict access control and is essential for upcoming canister migration functionality. Supporting logic, tests, and protobuf definitions were also added or updated.

  • 92381a066 Execution,Interface: Add hash of EnvironmentVariables and update CanisterChange with hash (#5628)
    Review: Matches description + changes are appropriate
    Notes: This commit implements hashing for environment variables using the IC’s hash-of-map specification. It updates canister history to include the hash during create_canister and provisional_create_canister operations. The hash ensures deterministic tracking of configuration changes. Tests verify correctness, determinism, and conditional behavior via a feature flag.

  • 016e8ed65 Execution,Interface: Update CanisterSettings for environment variables (#5617)
    Review: Matches description + changes are appropriate
    Notes: This commit adds support for environment variables in canister settings, gated by a feature flag. When enabled, environment variables can be set via create_canister and update_settings methods. The changes include extended settings structures, flag-controlled application, candid/interface updates, and comprehensive tests to ensure correct behavior.

  • 2fe9ac7c8 Execution,Interface: Add System API env_var_name_exists (#5653)
    Review: Matches description + changes are appropriate
    Notes: This commit introduces a new System API function, ic0.env_var_name_exists, which allows canisters to check if a given environment variable name exists. The function is gated by a feature flag, follows IC interface specifications, includes validation, integrates with the Wasm linker, and is fully tested with unit and integration coverage.

  • 892a0d8e6 Execution,Interface: Introduce canister settings change and checkpoint update (#5605)
    Review: Matches description + changes are appropriate
    Notes: This commit adds support for tracking environment variable changes in canister history and checkpoints. It introduces a new CanisterSettingsChange record type, updates the protobuf schema, adjusts serialization/deserialization logic, and ensures environment variables are persisted across checkpoints. Unit tests confirm correct encoding, decoding, and memory usage accounting for these changes.

  • 83923a194 Interface(ICRC_Ledger): Add 1xfer to icrc3_supported_block_types (#5608)
    Review: Matches description + changes are appropriate
    Notes: This commit adds support for the 1xfer block type in the icrc3_supported_block_types method of ICRC-1 ledgers. The update ensures that the ledger correctly advertises support for this block format. Tests are included to validate the presence of 1xfer in the supported block types returned by both the archive and main ledger canisters.

  • 00713b982 Interface(ICRC_Ledger): Set index in existing SNS and ck ledgers (#5237)
    Review: Matches description + changes are appropriate
    Notes: This commit ensures that the index canister principal is automatically set in existing SNS and Chain Fusion ICRC ledgers. It introduces hardcoded mappings for known ledger/index pairs, updates the upgrade logic to populate the index if unset, and adds extensive tests to verify correct principal association post-upgrade.

  • 0383d5b09 Interface,Node: Support SEV config and direct boot in the VM runner (#5614)
    Review: Matches description + changes are appropriate
    Notes: This commit updates existing ICRC-1 ledgers (SNS and Chain Fusion) to auto-assign their corresponding index canister principal during upgrade if not already set. It introduces a hardcoded mapping of known ledger/index pairs, integrates the logic into the upgrade path, and adds thorough testing to verify correctness across environments.

  • b2873804e Node: add time synchronization metric to metrics proxy (#5613)
    Review: Matches description + changes are appropriate
    Notes: This commit adds time synchronization metrics to the metrics proxy setup by exposing the node_timex_sync_status metric from the GuestOS node exporter. It updates both GuestOS and HostOS metrics-proxy.yaml configurations to include this metric alongside the GuestOS version, enabling better monitoring of clock sync status across nodes.

  • d1845117c Node: Wrap components as prep for container upgrade (#5604)
    Review: Matches description + changes are appropriate
    Notes: This commit enhances build determinism by explicitly depending on the system strip binary and normalizing podman export output using fakeroot. It ensures consistent container filesystem tarballs across environments, even after toolchain or system upgrades, and prepares the system for upcoming containerization changes.

9734b186d Node: Upgrade components to SEV-SNP compatible versions (#5635)
Review: Matches description + changes are appropriate
Notes: Upgraded system components (QEMU, OVMF, libvirt) to SEV-SNP compatible versions using packages from future Ubuntu releases. Removed manual QEMU build and related dependencies. Changes apply only to new base image creation; launch measurement support deferred to a future PR.

Bugfixes:

  • 9bdaa01ad Consensus,Interface: Revert bound on notarized-certified gap during catch up (#5697)
    Review: Matches description + changes are appropriate
    Notes: This commit removes a previously introduced bound on the gap between certified height and incoming artifact height during consensus catch-up. The reverted logic was unnecessary, as non-finalized artifacts are purged promptly. Removing it improves catch-up efficiency by allowing more finalized artifacts to be fetched in advance without artificial limits.

  • 32414320d Consensus,Interface(test): Increase DKG interval of large subnet recovery test (#5649)
    Review: Matches description + changes are appropriate
    Notes: This commit fixes the large subnet recovery test by increasing the DKG interval to 124, accommodating all required transcript dealings during recovery for a 40-node NNS. It also removes an unnecessary validation check that blocked replay if a node’s finalized height exceeded the replay target, simplifying replay logic.

  • cc066e995 Consensus,Interface(ic-backup): always wait until the most recent checkpoint has been created and verified, and manifest created (#5631)
    Review: Matches description + changes are appropriate
    Notes: This commit improves ic-replay reliability by ensuring it waits for the most recent checkpoint to be fully created and verified using flush_tip_channel(). This replaces the previous logic, which could prematurely proceed if the latest executed state wasn’t a checkpoint, improving correctness and determinism during state replay and backup.

  • 086c66357 Node: Don’t map ID when extracting (#5673)
    Review: Matches description + changes are appropriate
    Notes: This commit fixes a missing option in the container export process by adding --numeric-owner to the tar extraction command. This ensures that user and group IDs are preserved as numbers, preventing ID mapping issues and improving reproducibility in container filesystem archives.

  • fdd950772 Interface,Node: Remove readonly from guest_direct_boot mounts (#5699)
    Review: Matches description + changes are appropriate
    Notes: Removed read-only mount option for guest OS partitions to prevent boot failures due to write requirements. Improved error context messages for easier debugging. Cleaned up related mock and production code accordingly.

  • f26febf6a Interface,Node: Deploy dev version of hostos_tool in dev HostOS (#5639)
    Review: Matches description + changes are appropriate
    Notes: Temporarily deploys a development version of hostos_tool in dev HostOS images to fix test issues. Adds hostos_tool_dev binary and ensures it’s used in dev builds, enabling future automation of dev binary integration.

6146d490f Interface,Node: Remove short argument name (-h) for hostos_config_object_path (#5636)
Review: Matches description + changes are appropriate
Notes: Removed unused short option -h for --hostos_config_object_path to avoid conflict with the built-in help flag. This simplifies CLI usage and prevents accidental override of the standard help behavior.

Chores:

  • 93032e97e Crypto,Interface(crypto): Modify VetKD to be robust about duplicated node shares (#5459)
    Review: Matches description + changes are appropriate
    Notes: Modified VetKD key share combination to use BTreeMap, ensuring robustness against duplicate node indices and improving data integrity.

  • e5bcbd889 Execution,Interface: refactor hard-coded constants in DTS tests (#5637)
    Review: Matches description + changes are appropriate
    Notes: Refactored DTS tests by replacing hard-coded constants with named parameters and utility functions. Improves test clarity, modularity, and maintainability for instruction/cycle limit testing.

  • a31284422 Execution,Interface: Early parsing of SnapshotId (#5630)
    Review: Matches description + changes are appropriate
    Notes: This commit adds serialization support for SnapshotId, enabling its direct use in management canister interfaces. It replaces raw Vec usage with strongly typed SnapshotId, simplifies deserialization, reduces boilerplate, and improves type safety and clarity across snapshot-related APIs and tests.

  • acc5b0734 Interface: Bump tempfile version to latest (#5621)
    Review: Matches description + changes are appropriate
    Notes: Bumped tempfile crate to v3.20 across the codebase to resolve version conflicts and deprecation issues, replacing into_path() with keep() as needed.

  • f1efa7993 Interface,Message Routing: Document flush_tip_channel (#5638)
    Review: Matches description + changes are appropriate
    Notes: Added a clarifying doc comment to flush_tip_channel, explaining it finalizes all async checkpointing tasks, including verification and manifest computation.

  • 75c8507f6 Interface,Node: Move guest_vm_runner to a separate crate (#5695)
    Review: Matches description + changes are appropriate
    Notes: this commit moves the guest_vm_runner logic, previously split across hostos_tool and config, into its own crate. This improves modularity, anticipates future growth, and simplifies responsibility boundaries for GuestOS VM management. Related code, tests, and service files are reorganized accordingly.

  • 8b5beb958 Node: Update Base Image Refs [2025-06-19-0808] (#5619)
    Review: Matches description + changes are appropriate
    Notes: Automated patch. Updates the base image reference for various IC OS components like boundary-guestos, guesos(dev) etcetera

Refactoring:

  • cfde1a05b Consensus,Interface(orchestrator): Remove dependency to canister_client in orchestrator (#5686)
    Review: Matches description + changes are appropriate
    Notes: Replaced canister_client with ic-agent in the orchestrator. Added new signer types for HSM and node keys. Simplifies code and fixes TLS test issues.

  • 9f45074f0 Execution,Interface: Use separate System API types for response handlers in a composite query (#5561)
    Review: Matches description + changes are appropriate
    Notes:Refactored composite query response handling by introducing distinct System API types, eliminating execution mode checks and aligning implementation with specification.

Tests:

60fb469c4 Interface,Node: Improve fake mounter with persistent mounts (#5709)
Review: Matches description + changes are appropriate
Notes: Enhanced ExtractingFilesystemMounter in tests to persist mounts by reusing the same directory for repeated mounts of the same partition. This better mimics real filesystem behavior, ensuring test consistency when partitions are mounted multiple times.

Other changes:

  • 25ccd6ded Interface,Message Routing: [feat]: Rehash manifest after publishing it (#5500)
    Review: Matches description + changes are appropriate
    Notes: Moved manifest rehashing to post-publication for performance, delaying divergence detection slightly while improving consensus publish speed and test efficiency.
About Zenith Code

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

1 Like

Proposal: 137152 & 137153 - Ipsita | ZenithCode

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

Commits

Features:

  • 85eda9431 Consensus,Execution,Interface: [,] populate HTTP context args and proto with replication enum (#5657)
    Notes: This commit introduces the is_replicated flag to reject unsupported non-replicated HTTP requests early and adds a Replication enum to CanisterHttpRequestContext and its protobuf, defaulting to FullyReplicated.
    Review: Code changes look good and match release notes.

  • e3f0f679f Consensus,Interface(replay): Allow ic-replay to replay until a target height while also performing an operation (#5633)
    Notes: Enables ic-replay to accept both a subcommand and a target height by removing restrictive checks, adds a skip_prompts flag to avoid user interaction during testing, and changes recovery flows to replay through the final certified height.
    Review: Code changes look good and match release notes.

  • 9ed0c77bc Execution,Interface: rename_canister endpoint (#5441)
    Notes: Adds a rename_canister endpoint on the management canister to enable XNet-triggered renaming of canisters from the NNS subnet in accordance with the upcoming canister migration feature.
    Review: Code changes look good and match release notes.

  • 92381a066 Execution,Interface: Add hash of EnvironmentVariables and update CanisterChange with hash (#5628)
    Notes: Implements SHA-256–based hash function for EnvironmentVariables, updates CanisterChangeDetails::canister_creation to include this hash when the feature flag is enabled, and adds comprehensive tests to validate hash correctness and canister history tracking.
    Review: Code changes look good and match release notes.

  • 016e8ed65 Execution,Interface: Update CanisterSettings for environment variables (#5617)
    Notes: This commit introduces a feature flag to support environment variables in CanisterSettings, updates CanisterManager to set these variables during create_canister and update_settings, increases max payload size, modifies candid types and protobuf structures to include environment variables.
    Review: Code changes look good and match release notes.

  • 2fe9ac7c8 Execution,Interface: Add System API env_var_name_exists (#5653)
    Notes: Adds ic0.env_var_name_exists syscall with validation in system_api.rs, integrates in wasmtime_embedder linker and validation, updates system_api_complexity, interfaces, and tests for environment variable existence checking.
    Review: Code changes look good and match release notes.

  • 892a0d8e6 Execution,Interface: Introduce canister settings change and checkpoint update (#5605)
    Notes: This commit adds a new settings_change record to canister history for tracking environment variable changes and updated checkpoint code to include these changes in state persistence.
    Review: Code changes look good and match release notes.

  • 83923a194 Interface(ICRC_Ledger): Add 1xfer to icrc3_supported_block_types (#5608)
    Notes: In this commit “1xfer” is added to the supported block types list in icrc3_supported_block_types() functions and introduced a test to ensure “1xfer” is included among supported block types.
    Review: Code changes look good and match release notes.

  • 00713b982 Interface(ICRC_Ledger): Set index in existing SNS and ck ledgers (#5237)
    Notes: Updates SNS and chain fusion ledger initialization to set the index canister principal ID and modifies ledger state and tests to support the new index field.
    Review: Code changes look good and match release notes.

  • 0383d5b09 Interface,Node: Support SEV config and direct boot in the VM runner (#5614)
    Notes: This commit adds SEV config options to VM XML and enable QEMU direct boot by moving grub.cfg logic into prepare_direct_boot in guest_direct_boot.rs, implements mounting abstractions for GuestOS disk and fallback to GRUB boot for older releases without boot_args.
    Review: Code changes look good and match release notes.

  • b2873804e Node: add time synchronization metric to metrics proxy (#5613)
    Notes: Adds time synchronization metric node_timex_sync_status to GuestOS metrics proxy and updates HostOS metrics proxy to chainload GuestOS node exporter metrics including time sync status.
    Review: Code changes look good and match release notes.

  • d1845117c Node: Wrap components as prep for container upgrade (#5604)
    Notes: Adds system strip binary as a dependency to the hermetic_cc toolchain and introduces additional sanitizing during podman export by extracting and repackaging container filesystems with fakeroot to ensure build consistency before and after container upgrades.
    Review: Code changes look good and match release notes.

  • 9734b186d Node: Upgrade components to SEV-SNP compatible versions (#5635)
    Notes: Removes manual QEMU build and installs SEV-SNP compatible QEMU, OVMF, and libvirt packages from future Ubuntu releases..
    Review: Code changes look good and match release notes.

Bugfixes:

  • 9bdaa01ad Consensus,Interface: Revert bound on notarized-certified gap during catch up (#5697)
    Notes: This commit removes the certified_height bound from ConsensusBouncer and related functions, relying solely on the catch-up package gap to simplify artifact validation during catch up.
    Review: Code changes look good and match release notes.

  • 32414320d Consensus,Interface(test): Increase DKG interval of large subnet recovery test (#5649)
    Notes: Increases the DKG interval to 124 to support resharing 120 dealings across 40 nodes in the large subnet recovery test and removes a validation check in ValidateReplayStep that incorrectly errored when a node’s finalized height exceeded the replay height.
    Review: Code changes look good and match release notes.

  • cc066e995 Consensus,Interface(ic-backup): always wait until the most recent checkpoint has been created and verified, and manifest created (#5631)
    Notes: Updates wait_for_state in player.rs to replace a simple height check loop with a blocking call to StateManager.flush_tip_channel to ensure the latest checkpoint is created and verified before continuing.
    Review: Code changes look good and match release notes.

  • 086c66357 Node: Don’t map ID when extracting (#5673)
    Notes: This commit updates the container filesystem export script to include the --numeric-owner flag to ensure user and group IDs are preserved as numeric values without mapping which fixes the ID mapping issue during extraction.
    Review: Code changes look good and match release notes.

  • fdd950772 Interface,Node: Remove readonly from guest_direct_boot mounts (#5699)
    Notes: Removes readonly flags from MountOptions to avoid mount failure, replaces usage of TempDir::path() for mount directories and provides detailed error context with anyhow::Context in async code.
    Review: Code changes look good and match release notes.

  • f26febf6a Interface,Node: Deploy dev version of hostos_tool in dev HostOS (#5639)
    Notes: Introduces a hostos_tool_dev Rust binary with dev-specific dependencies, modifies Bazel build and deployment configs to replace the standard hostos_tool with this dev version in development HostOS images.
    Review: Code changes look good and match release notes.

  • 6146d490f Interface,Node: Remove short argument name (-h) for hostos_config_object_path (#5636)
    Notes: Removes the short argument attribute from the hostos_config_object_path CLI option, leaving only the long form.
    Review: Code changes look good and match release notes.

Chores:

  • 93032e97e Crypto,Interface(crypto): Modify VetKD to be robust about duplicated node shares (#5459)
    Notes: Modifies VetKD to use BTreeMap<NodeIndex, EncryptedKeyShare> instead of vectors for storing node shares to ensure unique node indexes during key combination and validation.
    Review: Code changes look good and match release notes.

  • e5bcbd889 Execution,Interface: refactor hard-coded constants in DTS tests (#5637)
    Notes: Refactors DTS tests by replacing hard-coded constants with well-documented variables to improve code maintainability and clarity in test configurations.
    Review: Code changes look good and match release notes.

  • a31284422 Execution,Interface: Early parsing of SnapshotId (#5630)
    Notes: Implements Serialize, Deserialize, and CandidType traits for SnapshotId to enable direct use in management canister types without raw Vec conversions, and moves try_from logic from trait to struct implementation to avoid trait overlap issues.
    Review: Code changes look good and match release notes.

  • acc5b0734 Interface: Bump tempfile version to latest (#5621)
    Notes: Aligns tempfile crate versions to the latest to resolve conflicts between deprecated TempDir::into_path and unavailable TempDir::keep to prevent compile errors and Clippy warnings.
    Review: Code changes look good and match release notes.

  • f1efa7993 Interface,Message Routing: Document flush_tip_channel (#5638)
    Notes: Adds detailed documentation comments to the flush_tip_channel function to explain its behavior.
    Review: Code changes look good and match release notes.

  • 75c8507f6 Interface,Node: Move guest_vm_runner to a separate crate (#5695)
    Notes: Moves guest_vm_runner logic from hostos_tool and config libraries into a dedicated standalone crate to centralize and streamline the growing GuestVM-related functionality.
    Review: Code changes look good and match release notes.

  • 8b5beb958 Node: Update Base Image Refs [2025-06-19-0808] (#5619)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.

Refactoring:

  • cfde1a05b Consensus,Interface(orchestrator): Remove dependency to canister_client in orchestrator (#5686)
    Notes: Drops the canister_client dependency from the orchestrator and fully switches to ic-agent, now that system tests use a proper HTTP gateway with a valid TLS cert which solves the earlier test breakage.
    Review: Code changes look good and match release notes.

  • 9f45074f0 Execution,Interface: Use separate System API types for response handlers in a composite query (#5561)
    Notes: Introduces separate System API types for composite query response handlers, removing execution mode checks (if-else) in callback contexts.
    Review: Code changes look good and match release notes.

Tests:

  • 60fb469c4 Interface,Node: Improve fake mounter with persistent mounts (#5709)
    Notes: Makes the ExtractingFilesystemMounter keep track of mounted partitions so mounting the same one again returns the same temp directory which makes tests behave more like real mounts.
    Review: Code changes look good and match release notes.

Other changes:

  • 25ccd6ded Interface,Message Routing: [feat]: Rehash manifest after publishing it (#5500)
    Notes: Moves the rehashing of 10% of manifest data to after publishing which slightly delays divergence detection from 10 to 11 checkpoint intervals but improves manifest publishing speed to consensus.
    Review: Code changes look good and match release notes.
About Zenith Code

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

proposals - [137152, 137153] Cyberowl | CodeGov

Proposals:

137152
137153

Vote: [ADOPT, ADOPT]

Reason & Feedback:

I successfully built and verified the hash for Guest and HostOS. All the commit descriptions match their code changes.

Checks:

Hash Match: [PASS, PASS]
2 Urls: [PASS, PASS]
Proposer Check: [PASS, PASS]

Overall Summary:

Adds full support for a new rename_canister management method. Adds explicit replication support for canister HTTP requests by introducing a new Replication enum as a replication field on CanisterHttpRequestContext. Adds environment_variables to CanisterSettingsArgs. Basically we now have support for environment_variables in Canister Settings.

Commits Summary

proposal / 137152

9ed0c77bc
20 Modified.

Adds full support for a new rename_canister management method: registering RenameCanisterArgs in system‐API routing and sandbox handlers. Implements rename_canister logic in CanisterManager and ExecutionEnvironment.

0383d5b09
18 Modified, 5 Added.

New is_replicated field in CanisterHttpRequestArgs.
Adds explicit replication support for canister HTTP requests by introducing a new Replication enum as a replication field on CanisterHttpRequestContext, along with updated protobuf conversions and imports to handle NodeId instead of just PrincipalId.

a31284422
12 Modified.

Switched every snapshot_id field and parameter from a raw Vec<u8> to the new SnapshotId type—adding serde_bytes to the dependencies and implementing Serialize, Deserialize, and CandidType for it. This centralizes validation.

016e8ed65
10 Modified.

Adds environment_variables to CanisterSettingsArgs. Basically we now have support for environment_variables in Canister Settings.

9f45074f0
9 Modified.

The main changes are in embedders/src/wasmtime_embedder/system_api.rs with regard to CompositeReplyCallback.
Removed ExecutionMode from ApiType. New function composite_reply_callback that returns CompositeReplyCallback. New function composite_reject_callback that returns CompositeRejectCallback.
Give composite its own cleanup function CompositeCleanup. Matches description of a dedicated System API types for composite‐query response handlers.

2fe9ac7c8
8 Modified.

Add ic0_env_var_name_exists to embedders/src/wasmtime_embedder/system_api.rs.
Validates the provided name slice for length and UTF-8 correctness, then returning 1 if that environment variable key exists.

00713b982
6 Modified.

Sets index_principal, this is backfilling some info that wasn’t there before within ledger_suite/icrc1/ledger/src/main.rs.

Each LedgerSuite entry in the arrays defines its own distinct ledger Principal and its own distinct index Principal. All the names appear correct upon review.

8b5beb958
6 Modified.

Update base images.

cfde1a05b
6 Modified.
Removes deps for ic-canister-client. Updates rs/orchestrator/src/signer.rs to add NodeSender and ExternalHsmSender both returning Signature. Moves to use a Agent::builder() builder pattern for agent creating in retry_register_node. Overall a good refactor.

25ccd6ded
6 Modified.

Adds RehashManifest to compute_manifest which determines the hash_plan for opt_manifest_delta. This will detect if there is a rehash_divergence. This all changes how handle_compute_manifest_request is implemented.
rehash_divergence flag conditionally disables incremental deltas, re-compute (rehash) the manifest after an incremental run, and compare it to detect any divergence.

9bdaa01ad
5 Modified.

Remove passing state_reader.clone() into ConsensusBouncer. So ConsensusBouncer no longer needs state_reader.clone(). So now new_bouncer does not need certified_height and that has been removed.

93032e97e
5 Modified.

Before clib_shares_for_combine_all was using a Vec now uses BTreeMap. Now nodes are passed as &BTreeMap to combine_all, combine_valid_shares, combine_unchecked within EncryptedKey for bls12_381.
Matches description to make more robust.

e5bcbd889
5 Modified.

Function to get_universal_canister_no_heartbeat_wasm.
Refactors the DTS tests by extracting common setup and installation logic into reusable helper functions, replacing inline WAT with precompiled universal‐canister WASM binaries, and centralizing constants.

92381a066
4 Modified, 1 Added.

environment_variables_hash is included canister_creation via environment_variables_flag.
Hashing env-vars ensures consensus safety via a canonical, order-independent digest of settings.

83923a194
4 Modified.

Add 1xfer to icrc3_supported_block_types.

b2873804e
2 Modified.

Add filter node_timex_sync_status for metrics for guestos_replica.

d1845117c
2 Modified.

The script automates the construction of a sysimage container, which encompasses all replica binaries, canisters. It subsequently exports the container’s flattened filesystem into a deterministic tarball, intended for use as the node’s system image.

This change is similar to 086c66357 and could be conflicting. I believe this was merged first and then update to 086c663571 was applied.

Switched to using fakeroot so that the final tarball can be created entirely as an unprivileged user while still embedding the correct numeric UID/GID ownership, file timestamps. additional layer of sanitizing

32414320d
2 Modified.

Subnet Recovery feature implements the ordered “recovery steps” as a Step to automate the end-to-end process of fetching state and certification data, merging pools, replaying the chain, validating results, and redeploying the recovered state.

Updates the exec function in ValidateReplayStep. This function ensures that after deducting any “extra” delivered batches, no node’s finalized block height surpasses the height replayed. If it does, an error is returned.

Updated DKG_INTERVAL to 124.

cc066e995
1 Modified.

IC-replay “Player” component, orchestrates loading past consensus and certification artifacts replaying them through the replica’s execution environment, verifying catch-up packages and state hashes.

Updates to the wait_for_state function involved polling the StateManager to ensure it has executed and recorded a checkpoint at the specified height. Once the checkpoint is available, its height and hash are logged. The function then verifies that the recorded state height precisely matches the requested height.

Fix flushes and verifies that the on‐disk checkpoint exists.

086c66357
1 Modified.

Script generates a reproducible sysimage by building replica into a Podman container and then exporting its flattened filesystem as a tarball for use as the node’s system image.

Updated change --numeric-owner flag tells tar to apply the UID/GID numbers from the archive directly.

f1efa7993
1 Modified.

Fix comment

proposal / 137153

9734b186d
Removes the custom QEMU download/build stages and related package dependencies, and instead adds “oracular” and “plucky” Ubuntu future-release apt sources.

fdd950772
Adds anyhow::Context error messages throughout the guest direct‐boot and VM startup routines, removes the readonly mount option.

f26febf6a
Adds a new “dev” variant of the hostos_tool by updating image_deps to swap out hostos_tool for hostos_tool_dev in dev mode.

6146d490f
Remove short arg from hostos_config_object_path.

60fb469c4
Refactors the testing setup to import and inject a new, cloneable ExtractingFilesystemMounter by (device, offset, len)) alongside GptPartitionProvider, moves the FilesystemType import, and updates the extraction logic in mount.rs to use this stateful mounter with contextual error handling.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

Proposals 137152 & 137153 | Tim - CodeGov

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. HostOS commits (proposal 137153) partly overlap with GuestOS commits (proposal 137152). I’ve reviewed commits for Consensus, Crypto and Interface as detailed below.

Review

Features:

[85eda9431]
Adds field is_replicated to type CanisterHttpRequestArgs. Adds field replication to type CanisterHttpRequestContext, containing a nested enum ReplicationType. Associated changes as per description.

[e3f0f679f]
Removes the limitation within fn replay in rs/replay/src/lib.rs that target height cannot be used in conjunction with any sub-command in subnet-recovery mode. Adds field skip_prompts to type ReplayToolArgs in order to aid tests.

[83923a194]
Adds “1xfer” to the vector of SupportedBlockTypes returned by the icrc3_supported_block_types query method.

[00713b982]
Adds new type LedgerSuite containing the ledger and index canister principal IDs for a token, sets constants for these for the existing tokens, and adds fn ensure_index_principal, utilised in fn post_upgrade_internal to ensure that the index principal is set for a given ledger principal if it has not previously been set.

[0383d5b09]
Adds logic to enable a direct boot of GuestOS so long as the GRUB environment and boot partition files are available (which they might not be for older GuestOS releases).

Bugfixes:

[9bdaa01ad]
Removes the distinction between ACCEPTABLE_NOTARIZATION_CUP_GAP and ACCEPTABLE_NOTARIZATION_CERTIFICATION_GAP that was introduced in commit 7dc75ea49.

[32414320d]
Changes to subnet recovery tests as per description.

[cc066e995]
Adapts Player::wait_for_state so that it now waits for the latest checkpoint to be created and verified, rather than just waiting for the latest state hash.

Chores:

[93032e97e]
Changes the representation of key shares in the VetKD code from a vector of (NodeIndex, EncryptedKeyShare) tuples into a BTreeMap of the same items in key/value pairs so that duplicated node shares can potentially be handled.

[acc5b0734]
Updates tempfile to version 3.20.0.

[f1efa7993]
Adds explanatory comment to StateManagerImpl::flush_tip_channel.

[75c8507f6]
Adds a new crate guest_vm_runner and moves the relevant code into it.

Refactoring:

[cfde1a05b]
Reverts the previous reversion to commit 1f4a5986f, which shifted orchestrator dependency from ic_canister_client::Agent to ic_agent::Agent, added NodeSender type to replace ic_canister_client::Sender and modified code accordingly.

Other changes:

[25ccd6ded]
Changes to manifest rehashing, matching description.

HostOS-only commits:

[fdd950772]
Removes field readonly (indicating whether to mount the GuestOS partition as read-only) from type MountOptions.

[f26febf6a]
Adds hostos_tool_dev Rust binary to deploy a dev version of hostos_tool in dev HostOS.

[6146d490f]
Removes the shortened argument -h for HostOSArgs::hostos_config_object_path.

[60fb469c4]
Changes to ExtractingFilesystemMounter tests as per description.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, API Boundary Node Management, Node Admin and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

Proposals 137152 & 137153 – LaCosta | CodeGov

Vote: ADOPT


Reason:
Build successful and hashes match, commits look great and match the description. Found no issues.

Features:

[85eda9431]: Adds a new field is_replicated to CanisterHttpRequestArgs that at the moment http requests with is_replicated=false will fail with CanisterHttpRequestContextError::NonReplicatedNotSupported.

[e3f0f679f]: Updates the ic-replay tool to allow calling the replay function with ReplayToolArgsand providing both replay_until_height and any subcmd.

[9ed0c77bc]: Implements a RenameCanister endpoint. It renames the canister from it’s old_id to the provided new_id after validating that the caller is a controller of the canister, if the new_id doesn’t belong to any canister and the caller is from the NNS subnet. This will be important for an upcoming canister migration feature.

[92381a066]: Implements the hash function for EnvironmentVariablesand since environment_variables are a map it follows the representation-independent hashing of structured data

[016e8ed65]: Adds environment_variables to CanisterSettings and a new feature flag defaulted to Disabled for allowing the use of environment_variables when creating a canister or updating it’s settings.

[2fe9ac7c8]: Adds the function ic0_env_var_name_exists to SystemApiImpl that checks if an environment variable with a given name exists, returning a 0 or 1 accordingly. The function checks if the name provided is bigger than MAX_ENV_VAR_NAME_SIZE and if it is a valid UTF-8 string

[892a0d8e6]: Includes environment_variables in new_from_checkpoint to when loading the canister’s state to also load it. Adds a new field CanisterSettingsChange in the CanisterChangeDetails which within it has environment_variables_hash

[83923a194]: Adds 1xfer to the return value of icrc3_supported_block_types

[00713b982]: Adds the function set_index_principal to the Ledger struct that is called by ensure_index_principal that checks if the index principal of the ledger is already set and if not looks through the list of ledgers and sets it.

[0383d5b09]: Adds SEV config options to guestos_vem_sev.xml and follows the requirements for this config as seen here. Updates struct GuestOSTemplateProps with fields enable_sev and optional direct_boot. The new struct DirectBoot has the parameters necessary for direct boot kernel, initrd and kernel_cmdline and the new function prepare_direct_boot is responible for creating the DirectBoot config and checking if the GuestOS version supports direct boot.

[b2873804e]: Adds time synchronization metric to metrics proxy

[d1845117c]: The build process depends on the system strip binary but updates to this introduced changes in the build outputs not tracked by the build graph. Adds a new “new_local_repository” rule named @strip//:strip_bin with path /usr/bin/strip and adds @strip//:strip_bin to the of tools.

[9734b186d]: Upgrade components to SEV-SNP compatible versions. Removes QEMU compilation stage and adds future Ubuntu release repos oracular and plucky. Updates packages.common with newer versions of QEMU, OVMF and libvirt.

Bugfixes:

[fdd950772]: Removes the mounting in readonly mode option from direct boot . Since the mount is cleaned beforehand there’s no need for this.

[f26febf6a]: As a temporary solution to fix some tests, the commit updates image_deps replacing the hostos_tool with hostos_tool_dev when in “dev” mode

[6146d490f]: Removes short arg from hostos_config_object_path

[9bdaa01ad]: Removes a bound on the gap between the local certified height and the height of incoming artifacts, during catch up.

[32414320d]: Updates DKG_INTERVAL_LARGE to 124. Removes a check that returned an error if there was a node with a finalized height greater than the replay height, as the only thing needed to verify is that it was replayed up to the latest certified height.

[cc066e995]: Updates wait_for_state to wait until the most recent checkpoint with an height that surpasses the given height is created and verified.

[086c66357]: Adds the --numeric-owner tar option to force extraction using the numeric ids from the archive, ignoring user/group names.

Chores:

[93032e97e]: Refactors code in order to be more robust against duplicate node shares. Nodes are represented as BTreeMaps

[e5bcbd889]: Refactors DTS tests by replacing common logic with helper functions and

[a31284422]: Implements Deserialize, Serialize and Candidtype for SnapshotId. Updates management_canister’s functions accordingly.

[acc5b0734]: Bumps tempfile from version 3.12.0 to 3.20.0

[f1efa7993]: Adds a comment to StateManagerImpl::flush_tip_channel

[75c8507f6]: The GuestVM functionality was split, and since it has grown quite big it was migrated into a new crate guest_vm_runner

[8b5beb958]: Updates base images

Refactoring:

[cfde1a05b]: Removes dependencies on ic-canister-client and refactors code accordingly

[9f45074f0]: Handling of composite query responses is done with new ApiTypes CompositeQuery, CompositeReplyCallback, CompositeRejectCallback and CompositeCleanup.

Tests:

[60fb469c4]: Makes ExtractingFilesystemMounter persistent (remember extracted partitions) by adding the mounts field of with type HashMap<(PathBuf, u64, u64), Arc<TempDir>>. The method mount_range re-creates the key and checks if it is present in mounts

Other Changes:

[25ccd6ded]: Refactors duplicate logic in tests.rs in an init function. Adds enum RehashManifest with YES and NO options. Only after the publishing of the manifest when compute_manifest is called with rehash set to RehashManifest::Yes does the function do rehashing.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.