Hello there!

We are happy to announce that voting is now open for a new IC release and the retirement of old replica versions 7418a4cd7e25359887468fab1be374aa77df70a1, 1a12201749b946dddb43a17b7f67f1c7b7ac8844 and e0c5ad62a151d1bd0b2f59822c127f4ae7a4ce28.
The NNS proposal is here: IC NNS Proposal 123302.

Here is a summary of the changes since the last release:

• [cce0628e2] Consensus: chore(ic-recovery): Verify that the hashes of the states after split match the expected hashes computed in one of the previous steps
• [543e75c55] Consensus: chore(ic-recovery): moved all registry related code out of src/lib.rs to a new file src/registry_helper.rs
• [6a00d6ec7] Consensus: feat: ECDSA public key monitoring
• [1afbb9f75] Consensus: feat: Persist ECDSA key monitoring metric across upgrades
• [27a80c36c] Consensus: feat(ic-recovery): Add a “ComputeExpectedManifests” step to the subnet splitting tool
• [c1d8e8f41] Consensus: feat(ic-recovery): Print the content of the most recent registry after some steps
• [40e0cfa0a] Consensus: feat(ic-recovery): print urls to dashboards after some steps
• [76a235715] Crypto: chore: Change error type of tECDSA clib serialization functions
• [45e1101fc] Crypto: doc: Add error documentation for IDKM functions for tECDSA
• [54907b0ac] Crypto: feat: Add initial implementation of VetKD
• [65cdba976] Execution: chore: Update http outcalls price cost
• [cfabc9a61] Execution: chore: Update external bitcoin_canister & ic-btc-interface crates
• [64fbab204] Execution: fix: Add ProposeToSetBitcoinConfig to ic-admin
• [a7803b4ca] Message Routing: feat: Replica backtrace endpoint
• [5317b1a60] Networking: chore: instantiate the artifact pools only during the consensus and P2P construction
• [1771349db] Networking: feat: Memory transport
• [9248ba4fa] Networking: feat: Quic transport
• [ebd286674] Networking: fix: Add should_cancel method to StateSyncClient API
• [6d3401e26] Networking: fix: Improve https outcalls connect error message
• [e66548e52] Networking: fix: move the check_protocol_version inside consensus
• [50e3d4020] Networking: state sync manager
• [a4f74e5c3] Runtime: Enable composite queries
• Various tech-debt management: code refactoring, docs, bug fixes, test updates

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#building-the-code
# This process requires an x86-64 based machine, Ubuntu 20.04 or a newer version of the OS, Git, and Podman.
git clone https://github.com/dfinity/ic
cd ic
git fetch origin
git checkout 8bfda3f63e4209f9b957abd717159d0cccf450a0
if ./gitlab-ci/container/build-ic.sh -i ; then
    curl -LO https://download.dfinity.systems/ic/8bfda3f63e4209f9b957abd717159d0cccf450a0/guest-os/update-img/update-img.tar.gz
    shasum -a 256 artifacts/icos/guestos/update-img.tar.gz update-img.tar.gz
else
    echo "IC-OS build failed. Verification unsuccessful." >&2
fi

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

Hey @dmanu thanks for starting the forum post before submitting the NNS proposal so you could link the forum post in your proposal. That’s a nice touch that makes finding the forum post and doing research a bit easier.

I think you meant to tag @dmanu, and I agree it’s a nice touch!

Oops. My apologies. You are correct @Manu. I have edited the first comment to tag @dmanu.

Thanks @dmanu!

Myself and at least @Zane and @Icdev2dev have had failed to reproduce the builds due to errors
This is what I get:

image1854×341 26.1 KB

Reviewers for the CodeGov project have completed our review of this replica update and our findings from the reviews can be viewed in this post for proposal 123302 in the CodeGov portal on DSCVR. The CodeGov neuron 2649066124191664356 has voted to REJECT proposal 123302. We arrived at this decision because none of the reviewers were able to build the replica. All attempts to build it failed almost immediately.

At the time of this comment on the forum, there are still 3 days left in the voting period. We encourage NNS voters to review the replica update proposal and vote manually. Of course, you always have the choice to follow another person or another organization who is voting independently. At this time, I am aware of CodeGov.org (neuron ID 2649066124191664356) and Taggr Network (neuron ID 16737374299031693047)who are performing this work, both of which are registered known neurons. You can learn more about the CodeGov project at CodeGov.org and you can learn more about Taggr Network in the NNS-GOV realm on taggr.top

NOTE: The CodeGov project would like to find additional reviewers to help with this work. Since there is a 0.5 - 2 hour time commitment on the weekend for each proposal and our reviews require technical skills, we offer a bounty for every review that you perform that is competitive with typical developer contract work. You are not required to review every proposal, but we encourage as much participation as your time allows. Anyone who has the technical skill to perform the IC-OS verification and who is willing to perform a sanity check on the Release Notes is welcome to be a reviewer. If you are interested, then please Apply at codegov.org. The current bounty for this work can always be found in this post in the CodeGov portal.

Thanks so much for flagging this. I had a discussion with the IDX team, and got the following response:

Regression was introduced by Consolidate and update vscode/dev-container config · dfinity/ic@5834d41 · GitHub and fixed by fix(container-run.sh): /var/lib/containers & uid · dfinity/ic@488e598 · GitHub

So the current build is good, but the scripts for verifying the build are not. There are two options to proceed:

1. take a newer RC that has the fix of the verification script, or
2. ask the community to manually take the verification script from the latest master and retry the verification with it.

Option 1 will likely introduce a delay in the rollout, since we’ll have to wait additional 3 days for the new version to be voted in.

We (Codegov) have already voted on current RC with a Reject because no one from the group could reproduce the build. I am not sure , in a decentralized world, how anyone would trust the build if no one else can reproduce the build.

I don’t think that Option 2 is an option really.

Ack, agreed. We are on the same page.
We’ll submit a new proposal soon.

The new proposal is out:

There are some additional changes compared to the previous one, since we picked a newer git revision, but at least it should be reproducible. This time I verified the build myself (on my personal Linux machine) before submitting the proposal.

The CodeGov neuron has voted to adopt. DFINITY had already voted to adopt. They triggered Absolute Majority, so the proposal was already executed when the CodeGov neuron vote was cast.

The CodeGov reviews can be found here…DSCVR