Hello there!

We are happy to announce that voting is now open for a new IC release .
The NNS proposal is here: IC NNS Proposal 125591 .

Here is a summary of the changes since the last release:

• [a20d616b7] Consensus: feat: Implement feature gate for QueryStats
• [557a39f2a] Consensus: chore: Remove a log message from consensus::dkg::make_registry_cup
• [fd5d4985c] Consensus: chore: remove ConsensusPoolImpl::new_from_cup_without_bytes
• [10c54bbe9] Consensus: fix: Don’t log the message when there is no ECDSA summary
• [1135be3b5] Crypto: chore: implement some improvement suggestions from CodeGov
• [358034594] Crypto: feat(crypto): Only acquire write lock for the canister secret key store when needed to modify it for retain
• [86597bd1d] Crypto: perf: Update IDKG/tECDSA benchmarks to include P-256
• [7f98742b1] Execution: chore: organise execution environment benchmarks
• [06e56899a] Execution: fix: broken invariant on canister
• [7fd58ada0] Message Routing: fix: Use correct LSMT flag for subnet splitting
• [deb81ed08] Message Routing: improvement: Only compute memory usage once in StreamHandler
• [cbf60617d] Message Routing: improvement: Optimize the accounting of response sizes in streams
• [42e1deb04] Networking: chore: add handler specific metrics to transport
• [7f2ed411f] Networking: chore: introduce a “RealClock” that currently is used only by the backup pool.
• [2f12680cd] Networking: docs: Extend the QUIC transport documentation
• [7e2c18b1a] Networking: feat(p2p-consensus): Add setup to enable new P2P protocol for consensus
• [39737979f] Networking: fix: multiple transmissions for the same advert bug
• [970422236] Networking: fix: transport rpc SendError should time out
• [65b860414] Node: Userspace tools for SetupOS images
• [db5c7426e] Node: feat: Extend repro-check.sh to check build reproducibility of hostOS and setupOS
• [5019bf4cd] Node: feat: SEV-SNP library cleanup
• [ffd512566] Runtime: Account for chunk store in heap deltas
• [41319eab8] Runtime: Separate wasm transform
• [3b76961a2] Runtime: Unify wasmtime validation and execution configs
• [65a03b404] Runtime: chore: Cleanup CPU complexity
• [d0951df7f] Runtime: chore: Update validation of global section
• [6b6b631be] Runtime: fix: Fix convert_instructions_to_cycles()
• Various tech-debt management: code refactoring, docs, bug fixes, test updates

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/ec140b74dc4fef2f4bee3fad936e315380fa5af3/gitlab-ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c ec140b74dc4fef2f4bee3fad936e315380fa5af3

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

There is another proposal that enables QUIC state sync:

And I also submitted another proposal for the new HostOS version:

Hey @sat could you please explain why the SHA256 for HostOS and SetupOS is not provided in the payload of the proposal now that the script displays results for them?

image1107×714 71 KB

Great job solving the non-reproducibility of the build for HostOS and SetupOS.

image1334×455 22.3 KB

Why is the payload of the proposal containing the sha256sum of the update-img.tar.zst file instead of the sha256sum of the update-img.tar.gz file?

Reviewers for the CodeGov project have completed our review of these replica updates.

Proposal ID: 125591
New IC Release
Vote: ADOPT
Full report: CodeGov portal on DSCVR

Proposal ID: 125592
Enables QUIC state sync
Vote: ADOPT
Full report: CodeGov portal on DSCVR

Proposal ID: 125593
Elect HostOS
Vote: ADOPT
Full report: CodeGov portal on DSCVR

Neuron: CodeGov
NeuronID: 2649066124191664356
Voting history: Dashboard
Website: codegov.org

At the time of this comment on the forum there are still 2 days left in the voting period, which means there is still plenty of time for others to review the proposal and vote independently.

We had several very good reviews of the Release Notes on these proposals by @Zane, @cyberowl, @ZackDS, @massimoalbarello, and @ilbert. The IC-OS Verification was also performed by @Gekctek and @tiago89. I recommend folks talk a look and see the excellent work that was performed on these reviews by the entire CodeGov team. Feel free to comment here if you have any questions or suggestions.

There were no major concerns identified with these proposals, but there were a few comments left on GitHub for the change owner of each respective commit as recommended last week by @christian (thank you for the suggestion)…
Suggestion by @Zane
Question by @ilbert
Question by @ilbert
Typo found by @ilbert

All 14 System Canister Management proposals were verified and reported here by @ZackDS this week. These proposals included upgrades to the NNS canister, internet identity, the NNS dApp, ICP Index canister, ckBTC minter canister, ckBTC KYT canister, ckBTC Ledger canister, ckBTC Archive canister, Governance canister, SNS-wasm canister, cycles-minting canister, and SNS swap canister as described elsewhere on the forum here and here.

@ilbert Upgrade process supports both .gz (gzip) and .zst (Zstandard - Real-time data compression algorithm). It was like this for a while but we never switched the guest (replica) upgrades to zst since we considered it to be a risk. However, most of our tests are now using .zst primarily and we also fully tested HostOS upgrades with .zst and not with .gz. So having an upgrade image with .zst was actually less risk (for a change). We’ll probably switch the guest (replica) upgrades to zst as well, in the near future, so that we have less difference between upgrades.

@wpb, it’s a bug in the dashboard, I’ll forward the question to the public dashboard team.
The sha256 sum is showing as expected on the NNS UI: Internet Computer Loading

EDIT: nope, scrap that. I rushed to mark it as a bug. The sha256 sum of the HostOS upgrade package is actually showing well in the proposal

release_package_sha256_hex:"b3321c50f04dcd8d302155df494339a22eff690dc3fc63803fd9efffa51b3891"

For the SetupOS, however, there is no proposal. So it’s only a wording issue in the verification script. The SetupOS image is downloaded by Node Providers when they want to onboard a new node. So there is no community approval process for this, every node provider decides for him/herself which version they want to install initially. Subsequent node upgrades go through the NNS proposals.

Thanks for the clarification. So I think that the repro-check.sh script needs to be updated accordingly to run checks on .zst files instead of .gz, at least for HostOS.

Agreed, I made a change to the script. Hope it works!