Hello there!

We are happy to announce that voting is now open for a new IC release and the retirement of old replica version 08719016.
The NNS proposal is here: IC NNS Proposal 126878 .

Here is a summary of the changes since the last release:

Features:

• [3ffc532] Consensus: Allow purging artifacts of the given type in the ArtifactPool.
• [ff9b14e] Consensus: Add oldest_registry_version_in_use field to CatchUpPackage
• [0bb840e] Consensus(ecdsa): Add key transcript ref to pre-signature ref
• [aea5eb9] Consensus: Modify EcdsaPayload to proto to support multiple ecdsa keys + implement serialization/deserialization
• [f3ffe98] Consensus: Quota-based ingress selector
• [aadd3dc] Consensus: Make block timestamps strictly monotonic
• [dfc0805] Crypto: Add metrics observations if cleanup of secret key store fails
• [f67dfff] Execution,Runtime: Add feature flag for canister snapshotting
• [21ad48f] Execution,Runtime: Add new management methods for snapshot
• [d9f3884] Message Routing: Merging strategy for LSMT
• [9700401] Networking(fuzzing): Fuzzer for ic_http_endpoints CallService
• [b2631dc] Node: Propagate config.ini ipv4 info
• [2eea4be] Node: Test ipv4 connectivity and export connectivity metric
• [e663e17] Node: Give ic-replica permission to call guestos_tool with sudo
• [b1b91b7] Node: Extend generate_network_config.rs to support ipv4
• [00e4b95] Node: Export IC OS HostOS power metrics to the public.

Bugfixes:

• [df0c6c9] Consensus(orchestrator): Fix unassigned node upgrade
• [c3fbfe9] Consensus,Node(orchestrator): Don’t throw away errors of failed host OS upgrades
• [30d0270] Message Routing: Do not modify LSMT base files on upgrade
• [af6d87e] Message Routing: Incremental manifest computation with LSMT
• [f9928ec] Networking: improve the error space and add the possibility of graceful shutdown
• [ecd486d] Networking(consensus_manager): Do not discard download time metric and add send on reconnection metric
• [01b2473] Networking(consensus-manager): Add exponential backoff for artifact timeout
• [7839db3] Networking(http_endpoints): reject message for violating sender delegation targets

Performance improvements:

• [b3b7990] Crypto: use less memory in BSGS
• [1575d78] Crypto: add benchmarks for IDKG with complaints
• [8d2878c] Crypto: Baby Step Giant Step improvements

Chores:

• [178dcc6] Boundary Nodes,Node: ensure the bootstrap config tarballs are reproducible
• [2c1fb55] Consensus(ic-recovery): convert some of the static methods of AdminHelper to regular methods
• [bc8c43a] Execution,Message Routing: Make CallContext::time required
• [8f91ed4] Execution,Message Routing: Unify CallContextManager’s callback() and peek_callback() methods
• [8cd4057] Message Routing: Remove remnant of old CoW feature
• [ff4198d] Networking(p2p): Use axum 0.7

Refactoring:

• [5818f46] Boundary Nodes,Crypto(crypto): remove duplicate x509-parser entry from external_crates.bzl
• [68b850a] Crypto: remove the StateSyncMessage domain separator since it is unused
• [66acb6f] Message Routing,Interface: move the state sync types inside the state manager
• [956b2ef] Networking: move the Chunkable trait next to the StateSyncClient trait
• [30949df] Networking: move the subnet topology inside the transport crate.
• [02105e1] Networking: make the P2P/statesync impl generic over the StateSyncMessage type
• [8031d9b] Networking: make the Chunkable trait generic
• [e934092] Networking,Crypto: remove malicious_code feature flag from places where it doesn’t make sense and it is not used
• [e3446fb] Networking,Message Routing: remove the ArtifactChunk type

Tests:

• [302abc4] Crypto: add a test that the verification of a corrupt complaint fails
• [3421ba6] Crypto: test that sign_share works after loading transcript w/ openings
• [507c1fb] Crypto: Add tests of ECDSA invalid public keys
• [c37ce0d] Execution,Message Routing: Improve test coverage
• [0fbc85c] Execution,Runtime: Simplify query cache tests
• [d3f0cc7] Message Routing: Checkpointing after wiping stable memory
• [3f6cd4a] Message Routing,Runtime: Load PageMap without any files
• [d575ed5] Message Routing,Runtime: More storage tests
• [0b0d67a] Networking(consensus_manager): remove memory transport and reduce test flakiness
• [3cb99bf] Networking(http-endpoint): fix test flakiness by removing verification of signatures

Other changes:

• [58613a1] Consensus: ic-boundary controlled by orchestrator
• [b835f6e] Consensus,Crypto,NNS,Financial Integrations: bump Rust version to 1.75
• [a77594c] Execution: clippy for the ic00 types
• [4a61f81] Execution,Runtime: Include chunk store in SubnetAvailableMemory
• [eb7b6a2] Execution,Runtime,Message Routing: Don’t wrap std::time::Instant but use directly the as_secs_f64 method
• [299a67d] Message Routing,Interface: Query stats: configurable epoch length
• [94fd312] Networking: remove the unmaintained and unused thread_profiler
• [17035c4] Networking: fix dependencies in p2p
• [d41cde9] Networking,Boundary Nodes,Crypto,IDX,T&V,Node: update crates from the tokio-rs org and use the workspace version
• [d056728] NNS,IDX,T&V,Node: fix multiple advisory warnings and 1 error found by cargo-deny
• [7ed06d5] Node: Updating container base images refs [2023-12-28-0812]
• [482af58] Node: Updating container base images refs [2023-12-21-0812]
• [f33e38f] Node: Updating container base images refs [2023-12-20-0915]
• [7594e14] Node: Bare metal deployment improvements
• [75f502e] Node: Updating container base images refs [2023-12-15-0738]
• [436a01b] Node: Update default config.ini ipv6 value
• [1e61486] Node: Updating container base images refs [2023-12-14-0815]
• [c1b3a83] Node: Enable caching of whole-page responses for metrics-proxy.

Link to the forum post: Voting for a new IC release - 2024-01-03_23-01

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/715a3f7807aa35fe51b58d635b4fc10185c6a0a2/gitlab-ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 715a3f7807aa35fe51b58d635b4fc10185c6a0a2

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

And there is another special build that enables p2p http outcalls, which is intended to be deployed on a subset of subnets only:

Reviewers for the CodeGov project have completed our review of these replica updates.

Proposal ID: 126878
Vote: ADOPT
Full report: CodeGov community RVM Reviews channel on OpenChat

Proposal ID: 126879
Vote: ADOPT
Full report: CodeGov community RVM Reviews channel on OpenChat

At the time of this comment on the forum there are still 2 days left in the voting period, which means there is still plenty of time for others to review the proposal and vote independently.

We had several very good reviews of the Release Notes on these proposals by @Zane, @cyberowl, @ZackDS, @massimoalbarello, and @ilbert. The IC-OS Verification was also performed by @jwiegley, @Gekctek, and @tiago89. I recommend folks talk a look and see the excellent work that was performed on these reviews by the entire CodeGov team. Feel free to comment here if you have any questions or suggestions.

The review descriptions provided here by @ZackDS and here by @massimoalbarello were quite detailed this week. It would be nice if the change owners were willing to read through these reviews and provide feedback on accuracy and any additional guidance that may come to mind. It is fine to reply to each of these reviews directly in OpenChat.

If this is your first time to use OpenChat, you need to click the button below the post to open the Thread. Our reviews can be found the thread. The default width of the Thread pane is relatively narrow, which makes it difficult to read long form posts, but you can make it wider by dragging the divider.

image1828×950 250 KB

I concur that there is significant value in learning from the reviews. As I previously mentioned in our open chat, I believe these insights can be effectively integrated into the knowledge base repository we’re developing. After thoroughly reading each review, I aim to contribute more comprehensive and detailed evaluations in the future. I like the style of review that goes into depth for certain topics. At the same time will try not to overlap with commits as well to cover more surface area.

Had a read through the OpenChat notes by the CodeGov review team members. Very nice work for the community.
It looks like the team are building up an understanding of the core IC code base independently of the Dfinity IC engineering teams, which is a Good Thing™