From b4a4966ca18bf45ba7f581ad5ad1895d904e4222 Mon Sep 17 00:00:00 2001 From: Jernej Kos Date: Tue, 10 Oct 2023 13:53:43 +0200 Subject: [PATCH 1/2] changelog: Assemble changes for 23.0 release --- .changelog/4394.breaking.md | 5 - .changelog/4667.breaking.md | 1 - .changelog/4668.breaking.md | 5 - .changelog/4755.breaking.md | 9 - .changelog/4798.breaking.md | 4 - .changelog/4964.cfg.md | 35 - .changelog/4981.feature.md | 9 - .changelog/4995.feature.md | 9 - .changelog/4996.cfg.md | 37 - .changelog/4998.trivial.md | 0 .changelog/5000.feature.md | 1 - .changelog/5001.trivial.md | 0 .changelog/5002.internal.md | 7 - .changelog/5003.bugfix.md | 4 - .changelog/5005.bugfix.1.md | 5 - .changelog/5005.bugfix.2.md | 7 - .changelog/5005.bugfix.3.md | 1 - .changelog/5005.bugfix.4.md | 1 - .changelog/5007.bugfix.1.md | 4 - .changelog/5007.bugfix.2.md | 4 - .changelog/5007.internal.md | 4 - .changelog/5008.bugfix.md | 5 - .changelog/5011.feature.md | 1 - .changelog/5012.breaking.md | 1 - .changelog/5015.trivial.md | 0 .changelog/5016.breaking.md | 4 - .changelog/5016.feature.md | 5 - .changelog/5018.trivial.md | 0 .changelog/5021.breaking.md | 4 - .changelog/5022.feature.md | 1 - .changelog/5023.breaking.md | 4 - .changelog/5024.internal.md | 1 - .changelog/5025.breaking.md | 6 - .changelog/5026.internal.md | 1 - .changelog/5029.internal.md | 1 - .changelog/5030.internal.md | 1 - .changelog/5031.internal.md | 1 - .changelog/5032.trivial.md | 1 - .changelog/5033.internal.md | 1 - .changelog/5034.breaking.md | 9 - .changelog/5035.internal.md | 1 - .changelog/5037.internal.md | 1 - .changelog/5038.breaking.md | 10 - .changelog/5049.feature.md | 1 - .changelog/5050.breaking.1.md | 4 - .changelog/5050.breaking.2.md | 1 - .changelog/5053.bugfix.md | 1 - .changelog/5055.breaking.md | 4 - .changelog/5056.breaking.md | 4 - .changelog/5057.trivial.md | 0 .changelog/5066.breaking.md | 1 - .changelog/5068.bugfix.md | 11 - .changelog/5070.cfg.md | 99 --- .changelog/5074.bugfix.md | 4 - .changelog/5075.internal.md | 13 - .changelog/5078.trivial.md | 0 .changelog/5079.feature.md | 1 - .changelog/5080.feature.md | 1 - .changelog/5083.internal.md | 4 - .changelog/5085.breaking.1.md | 1 - .changelog/5085.breaking.2.md | 3 - .changelog/5085.cfg.md | 4 - .changelog/5087.internal.md | 1 - .changelog/5088.breaking.1.md | 1 - .changelog/5088.breaking.2.md | 4 - .changelog/5088.feature.md | 3 - .changelog/5092.bugfix.md | 5 - .changelog/5092.feature.md | 1 - .changelog/5094.internal.md | 6 - .changelog/5095.internal.md | 1 - .changelog/5098.trivial.md | 1 - .changelog/5099.trivial.md | 0 .changelog/5100.breaking.1.md | 4 - .changelog/5100.breaking.2.md | 5 - .changelog/5100.internal.md | 4 - .changelog/5101.feature.md | 1 - .changelog/5102.breaking.1.md | 4 - .changelog/5102.breaking.2.md | 4 - .changelog/5102.feature.md | 4 - .changelog/5104.feature.md | 4 - .changelog/5106.internal.md | 1 - .changelog/5107.bugfix.md | 7 - .changelog/5108.feature.md | 1 - .changelog/5111.bugfix.md | 6 - .changelog/5112.breaking.md | 1 - .changelog/5113.breaking.md | 1 - .changelog/5114.breaking.md | 1 - .changelog/5117.bugfix.md | 4 - .changelog/5120.internal.md | 1 - .changelog/5121.internal.md | 1 - .changelog/5123.bugfix.md | 6 - .changelog/5125.feature.md | 4 - .changelog/5127.breaking.md | 5 - .changelog/5128.internal.md | 1 - .changelog/5131.internal.md | 4 - .changelog/5134.bugfix.md | 1 - .changelog/5135.internal.md | 6 - .changelog/5140.trivial.md | 0 .changelog/5141.internal.md | 1 - .changelog/5146.internal.md | 1 - .changelog/5148.bugfix.md | 1 - .changelog/5149.internal.md | 1 - .changelog/5150.internal.md | 1 - .changelog/5155.trivial.md | 1 - .changelog/5156.feature.md | 7 - .changelog/5158.feature.md | 6 - .changelog/5159.bugfix.md | 6 - .changelog/5160.bugfix.md | 4 - .changelog/5161.bugfix.md | 7 - .changelog/5163.trivial.md | 0 .changelog/5166.breaking.md | 4 - .changelog/5168.internal.md | 1 - .changelog/5169.trivial.md | 0 .changelog/5170.trivial.md | 0 .changelog/5171.trivial.md | 0 .changelog/5173.trivial.md | 0 .changelog/5176.trivial.md | 0 .changelog/5177.bugfix.md | 4 - .changelog/5180.internal.md | 1 - .changelog/5182.trivial.md | 0 .changelog/5187.bugfix.md | 1 - .changelog/5188.feature.md | 1 - .changelog/5190.internal.md | 1 - .changelog/5191.internal.md | 1 - .changelog/5192.trivial.md | 0 .changelog/5194.trivial.md | 0 .changelog/5195.internal.md | 1 - .changelog/5196.feature.md | 58 -- .changelog/5197.trivial.md | 0 .changelog/5198.internal.md | 4 - .changelog/5199.internal.md | 1 - .changelog/5200.feature.md | 1 - .changelog/5201.internal.md | 3 - .changelog/5204.feature.md | 6 - .changelog/5212.trivial.md | 0 .changelog/5213.internal.md | 1 - .changelog/5214.internal.md | 1 - .changelog/5215.internal.md | 1 - .changelog/5218.internal.md | 10 - .changelog/5220.internal.md | 1 - .changelog/5223.trivial.md | 0 .changelog/5224.internal.md | 1 - .changelog/5228.internal.md | 1 - .changelog/5233.trivial.md | 0 .changelog/5234.internal.md | 1 - .changelog/5237.cfg.md | 21 - .changelog/5237.internal.md | 12 - .changelog/5239.bugfix.md | 5 - .changelog/5244.trivial.md | 0 .changelog/5245.feature.md | 7 - .changelog/5246.trivial.md | 0 .changelog/5247.trivial.md | 0 .changelog/5248.bugfix.md | 1 - .changelog/5251.trivial.md | 0 .changelog/5252.trivial.md | 0 .changelog/5254.feature.md | 1 - .changelog/5255.trivial.md | 0 .changelog/5256.feature.md | 13 - .changelog/5258.trivial.md | 0 .changelog/5259.trivial.md | 0 .changelog/5260.bugfix.md | 5 - .changelog/5261.breaking.md | 1 - .changelog/5262.feature.md | 6 - .changelog/5264.feature.md | 4 - .changelog/5265.trivial.md | 0 .changelog/5267.feature.md | 1 - .changelog/5268.internal.md | 1 - .changelog/5271.trivial.md | 0 .changelog/5272.internal.md | 4 - .changelog/5273.internal.md | 4 - .changelog/5274.breaking.md | 12 - .changelog/5279.trivial.md | 1 - .changelog/5280.internal.md | 1 - .changelog/5282.breaking.md | 3 - .changelog/5282.internal.md | 4 - .changelog/5283.trivial.md | 0 .changelog/5285.internal.md | 6 - .changelog/5286.internal.md | 3 - .changelog/5287.breaking.md | 1 - .changelog/5287.trivial.md | 1 - .changelog/5289.bugfix.md | 1 - .changelog/5291.internal.md | 1 - .changelog/5292.breaking.md | 1 - .changelog/5294.breaking.md | 1 - .changelog/5296.trivial.md | 0 .changelog/5297.internal.md | 1 - .changelog/5299.internal.md | 8 - .changelog/5300.feature.md | 5 - .changelog/5301.feature.md | 1 - .changelog/5302.trivial.md | 0 .changelog/5303.trivial.md | 0 .changelog/5304.feature.md | 9 - .changelog/5306.internal.md | 1 - .changelog/5307.internal.md | 4 - .changelog/5311.trivial.md | 0 .changelog/5313.trivial.md | 0 .changelog/5316.trivial.md | 0 .changelog/5318.internal.md | 4 - .changelog/5319.bugfix.md | 1 - .changelog/5320.feature.md | 5 - .changelog/5321.bugfix.md | 1 - .changelog/5323.trivial.md | 0 .changelog/5324.trivial.md | 0 .changelog/5325.internal.md | 4 - .changelog/5326.bugfix.md | 1 - .changelog/5327.feature.md | 13 - .changelog/5330.internal.md | 1 - .changelog/5331.trivial.md | 0 .changelog/5332.trivial.md | 1 - .changelog/5334.breaking.md | 10 - .changelog/5335.bugfix.md | 1 - .changelog/5337.internal.md | 1 - .changelog/5338.internal.md | 1 - .changelog/5339.internal.md | 1 - .changelog/5348.trivial.md | 0 .changelog/5351.internal.1.md | 1 - .changelog/5351.internal.2.md | 1 - .changelog/5351.internal.3.md | 1 - .changelog/5352.breaking.md | 4 - .changelog/5354.breaking.md | 7 - .changelog/5355.internal.md | 1 - .changelog/5356.internal.md | 1 - .changelog/5357.breaking.md | 1 - .changelog/5359.breaking.md | 6 - .changelog/5360.breaking.md | 1 - .changelog/5361.bugfix.md | 1 - .changelog/5365.breaking.md | 7 - .changelog/5366.trivial.md | 0 .changelog/5368.trivial.md | 0 .changelog/5369.trivial.md | 0 .changelog/5370.trivial.md | 0 .changelog/5372.feature.md | 1 - .changelog/5375.bugfix.md | 1 - .changelog/5376.feature.md | 17 - .changelog/5378.trivial.md | 0 .changelog/5379.trivial.md | 0 .changelog/5381.trivial.md | 0 .changelog/5383.trivial.md | 0 .changelog/5384.doc.md | 1 - .changelog/5385.trivial.md | 0 .changelog/5386.trivial.md | 0 .changelog/5387.trivial.md | 0 .changelog/5389.bugfix.md | 1 - .changelog/5390.bugfix.md | 9 - .changelog/5393.trivial.md | 0 .punch_version.py | 4 +- CHANGELOG.md | 1239 +++++++++++++++++++++++++++++++++ 247 files changed, 1241 insertions(+), 873 deletions(-) delete mode 100644 .changelog/4394.breaking.md delete mode 100644 .changelog/4667.breaking.md delete mode 100644 .changelog/4668.breaking.md delete mode 100644 .changelog/4755.breaking.md delete mode 100644 .changelog/4798.breaking.md delete mode 100644 .changelog/4964.cfg.md delete mode 100644 .changelog/4981.feature.md delete mode 100644 .changelog/4995.feature.md delete mode 100644 .changelog/4996.cfg.md delete mode 100644 .changelog/4998.trivial.md delete mode 100644 .changelog/5000.feature.md delete mode 100644 .changelog/5001.trivial.md delete mode 100644 .changelog/5002.internal.md delete mode 100644 .changelog/5003.bugfix.md delete mode 100644 .changelog/5005.bugfix.1.md delete mode 100644 .changelog/5005.bugfix.2.md delete mode 100644 .changelog/5005.bugfix.3.md delete mode 100644 .changelog/5005.bugfix.4.md delete mode 100644 .changelog/5007.bugfix.1.md delete mode 100644 .changelog/5007.bugfix.2.md delete mode 100644 .changelog/5007.internal.md delete mode 100644 .changelog/5008.bugfix.md delete mode 100644 .changelog/5011.feature.md delete mode 100644 .changelog/5012.breaking.md delete mode 100644 .changelog/5015.trivial.md delete mode 100644 .changelog/5016.breaking.md delete mode 100644 .changelog/5016.feature.md delete mode 100644 .changelog/5018.trivial.md delete mode 100644 .changelog/5021.breaking.md delete mode 100644 .changelog/5022.feature.md delete mode 100644 .changelog/5023.breaking.md delete mode 100644 .changelog/5024.internal.md delete mode 100644 .changelog/5025.breaking.md delete mode 100644 .changelog/5026.internal.md delete mode 100644 .changelog/5029.internal.md delete mode 100644 .changelog/5030.internal.md delete mode 100644 .changelog/5031.internal.md delete mode 100644 .changelog/5032.trivial.md delete mode 100644 .changelog/5033.internal.md delete mode 100644 .changelog/5034.breaking.md delete mode 100644 .changelog/5035.internal.md delete mode 100644 .changelog/5037.internal.md delete mode 100644 .changelog/5038.breaking.md delete mode 100644 .changelog/5049.feature.md delete mode 100644 .changelog/5050.breaking.1.md delete mode 100644 .changelog/5050.breaking.2.md delete mode 100644 .changelog/5053.bugfix.md delete mode 100644 .changelog/5055.breaking.md delete mode 100644 .changelog/5056.breaking.md delete mode 100644 .changelog/5057.trivial.md delete mode 100644 .changelog/5066.breaking.md delete mode 100644 .changelog/5068.bugfix.md delete mode 100644 .changelog/5070.cfg.md delete mode 100644 .changelog/5074.bugfix.md delete mode 100644 .changelog/5075.internal.md delete mode 100644 .changelog/5078.trivial.md delete mode 100644 .changelog/5079.feature.md delete mode 100644 .changelog/5080.feature.md delete mode 100644 .changelog/5083.internal.md delete mode 100644 .changelog/5085.breaking.1.md delete mode 100644 .changelog/5085.breaking.2.md delete mode 100644 .changelog/5085.cfg.md delete mode 100644 .changelog/5087.internal.md delete mode 100644 .changelog/5088.breaking.1.md delete mode 100644 .changelog/5088.breaking.2.md delete mode 100644 .changelog/5088.feature.md delete mode 100644 .changelog/5092.bugfix.md delete mode 100644 .changelog/5092.feature.md delete mode 100644 .changelog/5094.internal.md delete mode 100644 .changelog/5095.internal.md delete mode 100644 .changelog/5098.trivial.md delete mode 100644 .changelog/5099.trivial.md delete mode 100644 .changelog/5100.breaking.1.md delete mode 100644 .changelog/5100.breaking.2.md delete mode 100644 .changelog/5100.internal.md delete mode 100644 .changelog/5101.feature.md delete mode 100644 .changelog/5102.breaking.1.md delete mode 100644 .changelog/5102.breaking.2.md delete mode 100644 .changelog/5102.feature.md delete mode 100644 .changelog/5104.feature.md delete mode 100644 .changelog/5106.internal.md delete mode 100644 .changelog/5107.bugfix.md delete mode 100644 .changelog/5108.feature.md delete mode 100644 .changelog/5111.bugfix.md delete mode 100644 .changelog/5112.breaking.md delete mode 100644 .changelog/5113.breaking.md delete mode 100644 .changelog/5114.breaking.md delete mode 100644 .changelog/5117.bugfix.md delete mode 100644 .changelog/5120.internal.md delete mode 100644 .changelog/5121.internal.md delete mode 100644 .changelog/5123.bugfix.md delete mode 100644 .changelog/5125.feature.md delete mode 100644 .changelog/5127.breaking.md delete mode 100644 .changelog/5128.internal.md delete mode 100644 .changelog/5131.internal.md delete mode 100644 .changelog/5134.bugfix.md delete mode 100644 .changelog/5135.internal.md delete mode 100644 .changelog/5140.trivial.md delete mode 100644 .changelog/5141.internal.md delete mode 100644 .changelog/5146.internal.md delete mode 100644 .changelog/5148.bugfix.md delete mode 100644 .changelog/5149.internal.md delete mode 100644 .changelog/5150.internal.md delete mode 100644 .changelog/5155.trivial.md delete mode 100644 .changelog/5156.feature.md delete mode 100644 .changelog/5158.feature.md delete mode 100644 .changelog/5159.bugfix.md delete mode 100644 .changelog/5160.bugfix.md delete mode 100644 .changelog/5161.bugfix.md delete mode 100644 .changelog/5163.trivial.md delete mode 100644 .changelog/5166.breaking.md delete mode 100644 .changelog/5168.internal.md delete mode 100644 .changelog/5169.trivial.md delete mode 100644 .changelog/5170.trivial.md delete mode 100644 .changelog/5171.trivial.md delete mode 100644 .changelog/5173.trivial.md delete mode 100644 .changelog/5176.trivial.md delete mode 100644 .changelog/5177.bugfix.md delete mode 100644 .changelog/5180.internal.md delete mode 100644 .changelog/5182.trivial.md delete mode 100644 .changelog/5187.bugfix.md delete mode 100644 .changelog/5188.feature.md delete mode 100644 .changelog/5190.internal.md delete mode 100644 .changelog/5191.internal.md delete mode 100644 .changelog/5192.trivial.md delete mode 100644 .changelog/5194.trivial.md delete mode 100644 .changelog/5195.internal.md delete mode 100644 .changelog/5196.feature.md delete mode 100644 .changelog/5197.trivial.md delete mode 100644 .changelog/5198.internal.md delete mode 100644 .changelog/5199.internal.md delete mode 100644 .changelog/5200.feature.md delete mode 100644 .changelog/5201.internal.md delete mode 100644 .changelog/5204.feature.md delete mode 100644 .changelog/5212.trivial.md delete mode 100644 .changelog/5213.internal.md delete mode 100644 .changelog/5214.internal.md delete mode 100644 .changelog/5215.internal.md delete mode 100644 .changelog/5218.internal.md delete mode 100644 .changelog/5220.internal.md delete mode 100644 .changelog/5223.trivial.md delete mode 100644 .changelog/5224.internal.md delete mode 100644 .changelog/5228.internal.md delete mode 100644 .changelog/5233.trivial.md delete mode 100644 .changelog/5234.internal.md delete mode 100644 .changelog/5237.cfg.md delete mode 100644 .changelog/5237.internal.md delete mode 100644 .changelog/5239.bugfix.md delete mode 100644 .changelog/5244.trivial.md delete mode 100644 .changelog/5245.feature.md delete mode 100644 .changelog/5246.trivial.md delete mode 100644 .changelog/5247.trivial.md delete mode 100644 .changelog/5248.bugfix.md delete mode 100644 .changelog/5251.trivial.md delete mode 100644 .changelog/5252.trivial.md delete mode 100644 .changelog/5254.feature.md delete mode 100644 .changelog/5255.trivial.md delete mode 100644 .changelog/5256.feature.md delete mode 100644 .changelog/5258.trivial.md delete mode 100644 .changelog/5259.trivial.md delete mode 100644 .changelog/5260.bugfix.md delete mode 100644 .changelog/5261.breaking.md delete mode 100644 .changelog/5262.feature.md delete mode 100644 .changelog/5264.feature.md delete mode 100644 .changelog/5265.trivial.md delete mode 100644 .changelog/5267.feature.md delete mode 100644 .changelog/5268.internal.md delete mode 100644 .changelog/5271.trivial.md delete mode 100644 .changelog/5272.internal.md delete mode 100644 .changelog/5273.internal.md delete mode 100644 .changelog/5274.breaking.md delete mode 100644 .changelog/5279.trivial.md delete mode 100644 .changelog/5280.internal.md delete mode 100644 .changelog/5282.breaking.md delete mode 100644 .changelog/5282.internal.md delete mode 100644 .changelog/5283.trivial.md delete mode 100644 .changelog/5285.internal.md delete mode 100644 .changelog/5286.internal.md delete mode 100644 .changelog/5287.breaking.md delete mode 100644 .changelog/5287.trivial.md delete mode 100644 .changelog/5289.bugfix.md delete mode 100644 .changelog/5291.internal.md delete mode 100644 .changelog/5292.breaking.md delete mode 100644 .changelog/5294.breaking.md delete mode 100644 .changelog/5296.trivial.md delete mode 100644 .changelog/5297.internal.md delete mode 100644 .changelog/5299.internal.md delete mode 100644 .changelog/5300.feature.md delete mode 100644 .changelog/5301.feature.md delete mode 100644 .changelog/5302.trivial.md delete mode 100644 .changelog/5303.trivial.md delete mode 100644 .changelog/5304.feature.md delete mode 100644 .changelog/5306.internal.md delete mode 100644 .changelog/5307.internal.md delete mode 100644 .changelog/5311.trivial.md delete mode 100644 .changelog/5313.trivial.md delete mode 100644 .changelog/5316.trivial.md delete mode 100644 .changelog/5318.internal.md delete mode 100644 .changelog/5319.bugfix.md delete mode 100644 .changelog/5320.feature.md delete mode 100644 .changelog/5321.bugfix.md delete mode 100644 .changelog/5323.trivial.md delete mode 100644 .changelog/5324.trivial.md delete mode 100644 .changelog/5325.internal.md delete mode 100644 .changelog/5326.bugfix.md delete mode 100644 .changelog/5327.feature.md delete mode 100644 .changelog/5330.internal.md delete mode 100644 .changelog/5331.trivial.md delete mode 100644 .changelog/5332.trivial.md delete mode 100644 .changelog/5334.breaking.md delete mode 100644 .changelog/5335.bugfix.md delete mode 100644 .changelog/5337.internal.md delete mode 100644 .changelog/5338.internal.md delete mode 100644 .changelog/5339.internal.md delete mode 100644 .changelog/5348.trivial.md delete mode 100644 .changelog/5351.internal.1.md delete mode 100644 .changelog/5351.internal.2.md delete mode 100644 .changelog/5351.internal.3.md delete mode 100644 .changelog/5352.breaking.md delete mode 100644 .changelog/5354.breaking.md delete mode 100644 .changelog/5355.internal.md delete mode 100644 .changelog/5356.internal.md delete mode 100644 .changelog/5357.breaking.md delete mode 100644 .changelog/5359.breaking.md delete mode 100644 .changelog/5360.breaking.md delete mode 100644 .changelog/5361.bugfix.md delete mode 100644 .changelog/5365.breaking.md delete mode 100644 .changelog/5366.trivial.md delete mode 100644 .changelog/5368.trivial.md delete mode 100644 .changelog/5369.trivial.md delete mode 100644 .changelog/5370.trivial.md delete mode 100644 .changelog/5372.feature.md delete mode 100644 .changelog/5375.bugfix.md delete mode 100644 .changelog/5376.feature.md delete mode 100644 .changelog/5378.trivial.md delete mode 100644 .changelog/5379.trivial.md delete mode 100644 .changelog/5381.trivial.md delete mode 100644 .changelog/5383.trivial.md delete mode 100644 .changelog/5384.doc.md delete mode 100644 .changelog/5385.trivial.md delete mode 100644 .changelog/5386.trivial.md delete mode 100644 .changelog/5387.trivial.md delete mode 100644 .changelog/5389.bugfix.md delete mode 100644 .changelog/5390.bugfix.md delete mode 100644 .changelog/5393.trivial.md diff --git a/.changelog/4394.breaking.md b/.changelog/4394.breaking.md deleted file mode 100644 index 13ce152c9a1..00000000000 --- a/.changelog/4394.breaking.md +++ /dev/null @@ -1,5 +0,0 @@ -go/registry: Remove support for DeprecatedBeacon - -The PVSS backend is no longer present in 22.x and so the field is now -removed, and even genesis registrations without a VRF signing key will -be rejected. diff --git a/.changelog/4667.breaking.md b/.changelog/4667.breaking.md deleted file mode 100644 index 9b241fb7385..00000000000 --- a/.changelog/4667.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus/tendermint/apps/beacon: Do gas accounting earlier diff --git a/.changelog/4668.breaking.md b/.changelog/4668.breaking.md deleted file mode 100644 index d51a429f778..00000000000 --- a/.changelog/4668.breaking.md +++ /dev/null @@ -1,5 +0,0 @@ -go/common/crypto/signature: Use ECVRF v16 - -The IETF draft was updated, so use the newer method of calculating proofs. -This is incompatible with the v10 proof derivation/verification, however -beta values for a given input will be identical. diff --git a/.changelog/4755.breaking.md b/.changelog/4755.breaking.md deleted file mode 100644 index f4f3763cf41..00000000000 --- a/.changelog/4755.breaking.md +++ /dev/null @@ -1,9 +0,0 @@ -go/staking/api: Add BurnAddress - -Transfers to `oasis1qzq8u7xs328puu2jy524w3fygzs63rv3u5967970` will be -treated as an explicit token burn (transfer amount deducted from the -source's general balance and destroyed). - -The private key of the address is unknown, and the address is marked -as reserved so the address can not be used as the source address for -any transactions. diff --git a/.changelog/4798.breaking.md b/.changelog/4798.breaking.md deleted file mode 100644 index 550a69aca85..00000000000 --- a/.changelog/4798.breaking.md +++ /dev/null @@ -1,4 +0,0 @@ -go/consensus/tendermint: Fix liveness tracking for primary+backup - -In case a node is both primary and backup and doesn't submit a commit but -there was no discrepancy, the node should still be treated as failed. diff --git a/.changelog/4964.cfg.md b/.changelog/4964.cfg.md deleted file mode 100644 index c1fc2d23cbb..00000000000 --- a/.changelog/4964.cfg.md +++ /dev/null @@ -1,35 +0,0 @@ -go/consensus/tendermint: Refactor seed node and peer addresses - -Until now a seed node was a Tendermint backend-specific construct which -supported only one service. To provide support for other services we had -to refactor the seed node and generalize peer addresses. This led to the -following configuration changes. - -Seed nodes: - -- Tendermint seed mode setting `consensus.tendermint.mode:seed` was removed - and replaced with `mode:seed`. Full and archive modes remained intact and - can still be used in non-seed node configurations. - -Non-seed nodes: - -- Setting `consensus.tendermint.seed` was removed and replaced with - `p2p.seeds`. - -- Setting `consensus.tendermint.p2p.unconditional_peer_ids` was renamed to - `consensus.tendermint.p2p.unconditional_peer`. - -General: - -- Persistent peers and seed nodes' addresses were generalized to the form - `pubkey@IP:port` which affected settings `p2p.seeds`, - `consensus.tendermint.p2p.persistent_peer` and - `consensus.tendermint.sentry.upstream_address` (until now we used the - form `ID@IP:port`) - -- Similarly, peers are now identified through p2p public keys which affected - setting `consensus.tendermint.p2p.unconditional_peer` (until now we used - Tendermint IDs). - -Tendermint specific configuration of a seed node stayed the same. The node -can still be tuned through `consensus.tendermint.p2p.*` settings. diff --git a/.changelog/4981.feature.md b/.changelog/4981.feature.md deleted file mode 100644 index ad7d1118ce3..00000000000 --- a/.changelog/4981.feature.md +++ /dev/null @@ -1,9 +0,0 @@ -go/p2p: Bootstrap libp2p peers using seed nodes - -Seed nodes can now bootstrap libp2p peers. Bootstrapping can be enabled or -disabled using a new configuration setting named -`p2p.discovery.bootstrap.enable` -which can be used on seed nodes as well as non-seed nodes (e.g. clients, -key managers). The latter can also configure how frequently peers are fetched -from the seed nodes with -`p2p.discovery.bootstrap.retention_period`. diff --git a/.changelog/4995.feature.md b/.changelog/4995.feature.md deleted file mode 100644 index 94de303a6b0..00000000000 --- a/.changelog/4995.feature.md +++ /dev/null @@ -1,9 +0,0 @@ -go/oasis-node: Always start libp2p node - -Validator nodes are currently not part of our P2P network as it consists -only of nodes that have runtimes configured. Always starting the libp2p -node will make them available for consensus-related services. - -As validators now participate in the p2p network, the configuration of -publicly routable p2p addresses through `worker.p2p.addresses` flag is -mandatory in a production setting. diff --git a/.changelog/4996.cfg.md b/.changelog/4996.cfg.md deleted file mode 100644 index a483c29f9ce..00000000000 --- a/.changelog/4996.cfg.md +++ /dev/null @@ -1,37 +0,0 @@ -go/worker/common/p2p: Refactor P2P package - -We are planning to use our P2P network not only for runtime but also for -consensus-related services. Therefore, it makes sense to move the P2P package -up in the hierarchy and rename its configuration flags. - -The following configuration changes were made to the p2p config flags: - -- Prefix `worker.` was dropped. - -- Flags for the same feature were grouped under the same prefix. - -- Flag `worker.client.addresses` was removed. - -Below is the list of modified flags that can be used to configure p2p network: - -- `p2p.port` - -- `p2p.registration.addresses` - -- `p2p.gossipsub.peer_outbound_queue_size` - -- `p2p.gossipsub.validate_queue_size` - -- `p2p.gossipsub.validate_concurrency` - -- `p2p.gossipsub.validate_throttle` - -- `p2p.connection_manager.max_num_peers` - -- `p2p.connection_manager.peer_grace_period` - -- `p2p.connection_manager.persistent_peers` - -- `p2p.connection_gater.blocked_peers` - -- `p2p.peer_manager.connectedness_low_water` diff --git a/.changelog/4998.trivial.md b/.changelog/4998.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5000.feature.md b/.changelog/5000.feature.md deleted file mode 100644 index 2632519dbbf..00000000000 --- a/.changelog/5000.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/p2p/rpc: add support for consensus-wide libp2p protocols diff --git a/.changelog/5001.trivial.md b/.changelog/5001.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5002.internal.md b/.changelog/5002.internal.md deleted file mode 100644 index 0f10ec6f7d7..00000000000 --- a/.changelog/5002.internal.md +++ /dev/null @@ -1,7 +0,0 @@ -go/p2p: Improve peer manager's peer handling - -Peer manager currently connects to all nodes in the registry which has -multiple drawbacks (connections get pruned, no protocol selection, no peer -discovery). This should be changed so that peers are connected depending -on the supported protocols and the number of peers in a protocol/topic -should be regulated in a controlled fashion. diff --git a/.changelog/5003.bugfix.md b/.changelog/5003.bugfix.md deleted file mode 100644 index be8f94d8cdf..00000000000 --- a/.changelog/5003.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -go/runtime/txpool: republish sooner if republish limit is reached - -This fixes a case where some portion of a batch of transaction would take a -long time to be published if there are no new transactions incoming. diff --git a/.changelog/5005.bugfix.1.md b/.changelog/5005.bugfix.1.md deleted file mode 100644 index c3db957acbc..00000000000 --- a/.changelog/5005.bugfix.1.md +++ /dev/null @@ -1,5 +0,0 @@ -go/worker/common: Reorder state determination checks - -Otherwise the shown state would be misleading, e.g. showing that it is -waiting for runtime host being provisioned while it is actually blocked -in initialization like storage sync. diff --git a/.changelog/5005.bugfix.2.md b/.changelog/5005.bugfix.2.md deleted file mode 100644 index 552a10a62b9..00000000000 --- a/.changelog/5005.bugfix.2.md +++ /dev/null @@ -1,7 +0,0 @@ -go/worker/storage: Fix case when checkpoint sync disabled but forced - -If checkpoint sync is disabled but sync has been forced (e.g. because -the state at genesis is non-empty), we must request to sync the -checkpoint at genesis as otherwise we will jump to a later state which -may not be desired given that checkpoint sync has been explicitly -disabled via config. diff --git a/.changelog/5005.bugfix.3.md b/.changelog/5005.bugfix.3.md deleted file mode 100644 index f0c9924acf2..00000000000 --- a/.changelog/5005.bugfix.3.md +++ /dev/null @@ -1 +0,0 @@ -go/storage/mkvs/checkpoint: Exclude initial version when pruning diff --git a/.changelog/5005.bugfix.4.md b/.changelog/5005.bugfix.4.md deleted file mode 100644 index 4b95b23f27b..00000000000 --- a/.changelog/5005.bugfix.4.md +++ /dev/null @@ -1 +0,0 @@ -go/p2p/rpc: Fix multi call dispatch to different peers diff --git a/.changelog/5007.bugfix.1.md b/.changelog/5007.bugfix.1.md deleted file mode 100644 index 996b2c084f1..00000000000 --- a/.changelog/5007.bugfix.1.md +++ /dev/null @@ -1,4 +0,0 @@ -go/p2p/rpc: Fix peer grading when context is canceled - -When method `CallMulti` finishes early, the requests in progress are canceled -and unfairly recorded as failed. diff --git a/.changelog/5007.bugfix.2.md b/.changelog/5007.bugfix.2.md deleted file mode 100644 index 5adda41fb19..00000000000 --- a/.changelog/5007.bugfix.2.md +++ /dev/null @@ -1,4 +0,0 @@ -go/p2p/rpc: Fix memory leak when RPC multi call finishes early - -When method `CallMulti` finishes early, the result channel is never cleared. -Therefore, the channel never closes and leaves one go routine hanging. diff --git a/.changelog/5007.internal.md b/.changelog/5007.internal.md deleted file mode 100644 index d8120332eb1..00000000000 --- a/.changelog/5007.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -go/p2p/rpc: Refactor RPC calls - -Peer manager and RPC client are too tightly coupled. The client also doesn't -support simple RPC calls which call exactly one peer. diff --git a/.changelog/5008.bugfix.md b/.changelog/5008.bugfix.md deleted file mode 100644 index cbbbced8212..00000000000 --- a/.changelog/5008.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/common/workerpool: Fix memory leak when workerpool is stopped early - -When workerpool si stopped, the job channel might still contain jobs which -haven't been processed. Therefore, the channel never closes and leaves one -go routine hanging. diff --git a/.changelog/5011.feature.md b/.changelog/5011.feature.md deleted file mode 100644 index e182e815046..00000000000 --- a/.changelog/5011.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus/tendermint/apps/staking: Reduce DelegationsTo scanning diff --git a/.changelog/5012.breaking.md b/.changelog/5012.breaking.md deleted file mode 100644 index 000649abfb0..00000000000 --- a/.changelog/5012.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/registry: validate SoftwareVersion field in node descriptor diff --git a/.changelog/5015.trivial.md b/.changelog/5015.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5016.breaking.md b/.changelog/5016.breaking.md deleted file mode 100644 index 76f23f7840a..00000000000 --- a/.changelog/5016.breaking.md +++ /dev/null @@ -1,4 +0,0 @@ -staking: specify slashed debonding amount in TakeEscrowEvent - -The event contains a new field; clients that do not need it -can safely ignore it. diff --git a/.changelog/5016.feature.md b/.changelog/5016.feature.md deleted file mode 100644 index 689293a678d..00000000000 --- a/.changelog/5016.feature.md +++ /dev/null @@ -1,5 +0,0 @@ -staking: specify slashed debonding amount in TakeEscrowEvent - -The newly introduced field lets observers distinguish how much -was slashed from the active escrow pool and how much from the -debonding escrow pool. diff --git a/.changelog/5018.trivial.md b/.changelog/5018.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5021.breaking.md b/.changelog/5021.breaking.md deleted file mode 100644 index d0b04fc4faa..00000000000 --- a/.changelog/5021.breaking.md +++ /dev/null @@ -1,4 +0,0 @@ -roothash: Support governance actions via roothash messages - -This will allow runtimes to vote on and submit consensus governance -proposals. diff --git a/.changelog/5022.feature.md b/.changelog/5022.feature.md deleted file mode 100644 index fee22b1001f..00000000000 --- a/.changelog/5022.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/staking: reduce DebondingDelegationsFor scanning diff --git a/.changelog/5023.breaking.md b/.changelog/5023.breaking.md deleted file mode 100644 index b517764afb0..00000000000 --- a/.changelog/5023.breaking.md +++ /dev/null @@ -1,4 +0,0 @@ -go/staking: efficient `DelegationsFor` query - -A reverse delegation mapping is added to the staking state that makes -querying outgoing delegations efficient. diff --git a/.changelog/5024.internal.md b/.changelog/5024.internal.md deleted file mode 100644 index 9d668b0fba1..00000000000 --- a/.changelog/5024.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Ignore CVE-2022-44797 until tendermint uses newer btcd diff --git a/.changelog/5025.breaking.md b/.changelog/5025.breaking.md deleted file mode 100644 index eb5d4ea3c14..00000000000 --- a/.changelog/5025.breaking.md +++ /dev/null @@ -1,6 +0,0 @@ -go/p2p: Include chain context in p2p protocol names - -Chain context was included in p2p protocol and topic names as until now -it was impossible to distinguish mainnet and testnet names from each other. -Unique names will also ease peer discovery as now we can use one seed node -for multiple nets. diff --git a/.changelog/5026.internal.md b/.changelog/5026.internal.md deleted file mode 100644 index 799586463e5..00000000000 --- a/.changelog/5026.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to 0.25.1, go-libp2p-pubsub to 0.9.0 diff --git a/.changelog/5029.internal.md b/.changelog/5029.internal.md deleted file mode 100644 index 53556cfb374..00000000000 --- a/.changelog/5029.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: update dependencies diff --git a/.changelog/5030.internal.md b/.changelog/5030.internal.md deleted file mode 100644 index 74a2a9583c6..00000000000 --- a/.changelog/5030.internal.md +++ /dev/null @@ -1 +0,0 @@ -Bump Go to 1.19.3 diff --git a/.changelog/5031.internal.md b/.changelog/5031.internal.md deleted file mode 100644 index 27770a0cf9c..00000000000 --- a/.changelog/5031.internal.md +++ /dev/null @@ -1 +0,0 @@ -rust: update dependencies diff --git a/.changelog/5032.trivial.md b/.changelog/5032.trivial.md deleted file mode 100644 index bb245bba97d..00000000000 --- a/.changelog/5032.trivial.md +++ /dev/null @@ -1 +0,0 @@ -docs: Fix broken link to tendermint transaction format diff --git a/.changelog/5033.internal.md b/.changelog/5033.internal.md deleted file mode 100644 index 78e78581402..00000000000 --- a/.changelog/5033.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump Tendermint to v0.34.23 diff --git a/.changelog/5034.breaking.md b/.changelog/5034.breaking.md deleted file mode 100644 index 2fe6c877cdf..00000000000 --- a/.changelog/5034.breaking.md +++ /dev/null @@ -1,9 +0,0 @@ -governance: Support delegator votes - -Adds support for delegators to vote and override the validator votes as -described in [ADR 0020]. - - -[ADR 0020]: - https://github.com/oasisprotocol/adrs/blob/main/0020-governance-delegator-votes.md - diff --git a/.changelog/5035.internal.md b/.changelog/5035.internal.md deleted file mode 100644 index 2bf64e3dcc8..00000000000 --- a/.changelog/5035.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump oasis-cbor to 0.5.1 diff --git a/.changelog/5037.internal.md b/.changelog/5037.internal.md deleted file mode 100644 index dde43427b99..00000000000 --- a/.changelog/5037.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump tendermint-rs to 0.29.0 diff --git a/.changelog/5038.breaking.md b/.changelog/5038.breaking.md deleted file mode 100644 index e000eab3476..00000000000 --- a/.changelog/5038.breaking.md +++ /dev/null @@ -1,10 +0,0 @@ -go/common/sgx/pcs: Add support for blacklisting FMSPCs - -PCS quote policy now supports blacklisting of FMSPCs. Quotes with blacklisted -FMSPC description of the TCB of the platform a runtime enclave is running -on won't get verified and remote attestation will fail. This is specially -useful if we want to block CPUs or platforms which security vulnerability -has just been exposed. FMSPCs can be added or removed from the global -default quote policy by changing registry parameter `TEEFeatures` via change -parameters proposals. The blacklist can also be overridden per-runtime in SGX -constraints. diff --git a/.changelog/5049.feature.md b/.changelog/5049.feature.md deleted file mode 100644 index 46369d33318..00000000000 --- a/.changelog/5049.feature.md +++ /dev/null @@ -1 +0,0 @@ -registry: Add MaxRuntimeDeployments parameter diff --git a/.changelog/5050.breaking.1.md b/.changelog/5050.breaking.1.md deleted file mode 100644 index b0d0814ffcb..00000000000 --- a/.changelog/5050.breaking.1.md +++ /dev/null @@ -1,4 +0,0 @@ -go/scheduler: include entity IDs in consensus validators state - -Validator lists in scheduler consensus state now include entity and node -identifiers. diff --git a/.changelog/5050.breaking.2.md b/.changelog/5050.breaking.2.md deleted file mode 100644 index abedcbac453..00000000000 --- a/.changelog/5050.breaking.2.md +++ /dev/null @@ -1 +0,0 @@ -`EntityID` is added to items in scheduler `GetValidators` API response diff --git a/.changelog/5053.bugfix.md b/.changelog/5053.bugfix.md deleted file mode 100644 index 0345d820157..00000000000 --- a/.changelog/5053.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Properly handle state root verification on backup nodes diff --git a/.changelog/5055.breaking.md b/.changelog/5055.breaking.md deleted file mode 100644 index 7aed8bbe7c2..00000000000 --- a/.changelog/5055.breaking.md +++ /dev/null @@ -1,4 +0,0 @@ -go/consensus: Always return ErrInvalidArgument on tx deserialization failures - -Before, some modules were returning non-specific errors on tx deserialization -failures, which resulted in them being assigned to module "unknown", code 1. diff --git a/.changelog/5056.breaking.md b/.changelog/5056.breaking.md deleted file mode 100644 index 6734ec2936e..00000000000 --- a/.changelog/5056.breaking.md +++ /dev/null @@ -1,4 +0,0 @@ -go/staking: Limit maximum allowance amount based on total supply - -Request for updating allowance above total supply now fails with -`ErrAllowanceGreaterThanSupply`. diff --git a/.changelog/5057.trivial.md b/.changelog/5057.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5066.breaking.md b/.changelog/5066.breaking.md deleted file mode 100644 index 5499c1e361c..00000000000 --- a/.changelog/5066.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus/keymanager: Skip expired nodes diff --git a/.changelog/5068.bugfix.md b/.changelog/5068.bugfix.md deleted file mode 100644 index 23b223ae822..00000000000 --- a/.changelog/5068.bugfix.md +++ /dev/null @@ -1,11 +0,0 @@ -runtime/consensus/tendermint/verifier: Correctly compare headers - -Since the store may have an earlier (non-canonical, but valid) version -of the block available, we need to only compare the actual header and -not the commits/signatures. - -This is because it can happen that during the immediate sync the light -block does not yet contain all of the commits (but only just enough to -be valid, e.g. 2/3+) and this gets stored in the light block store. -Later on (e.g. during a query) the presented light block may have the -full set of commits. diff --git a/.changelog/5070.cfg.md b/.changelog/5070.cfg.md deleted file mode 100644 index 4e88bf4690f..00000000000 --- a/.changelog/5070.cfg.md +++ /dev/null @@ -1,99 +0,0 @@ -Configuration changes - -The node now supports a configuration file that holds all the settings -that were previously available via command-line options. -The command-line options themselves have been removed in favor of -the config file. - -The config file supports environment variable substitution using -the `envsubst` package -([usage information](https://github.com/a8m/envsubst#docs)). - -The following options have been removed: - -- `consensus.tendermint.mode` in favor of using the global node mode (`mode`). - -- `runtime.mode` in favor of using the global node mode (`mode`). - -- `worker.client.port` as it is no longer needed. - -- `worker.registration.force_register` as it is deprecated. - -The following options have been renamed: - -- `datadir` to `common.data_dir`. - -- `log.file` to `common.log.file`. - -- `log.format` to `common.log.format`. - -- `log.level` to `common.log.level`. The log level is now a map of module -to log level. Use the `default` module to map the default log level. - -- `debug.rlimit` to `common.debug.rlimit`. - -- `debug.allow_root` to `common.debug.allow_root`. - -- `pprof.bind` to `pprof.bind_address`. - -- `consensus.tendermint.*` to `consensus.*`. - -- `consensus.tendermint.core.listen_address` to `consensus.listen_address`. - -- `consensus.tendermint.core.external_address` to -`consensus.external_address`. - -- `consensus.tendermint.log.debug` to `consensus.log_debug`. - -- `consensus.tendermint.light_client.trust_period` to -`consensus.state_sync.trust_period`. - -- `consensus.tendermint.seed.debug.disable_addr_book_from_genesis` to -`consensus.debug.disable_addr_book_from_genesis`. - -- `consensus.tendermint.sentry.upstream_address` to -`consensus.sentry_upstream_addresses`. - -- `consensus.tendermint.upgrade.stop_delay` to -`consensus.upgrade_stop_delay`. - -- `consensus.tendermint.supplementarysanity.*` to -`consensus.supplementary_sanity.*`. - -- `consensus.tendermint.p2p.persistent_peer` to -`consensus.p2p.persistent_peers`. - -- `consensus.tendermint.p2p.unconditional_peer` to -`consensus.p2p.unconditional_peers`. - -- `ias.proxy.address` to `ias.proxy_addresses`. - -- `ias.debug.skip_verify` to `ias.debug_skip_verify`. - -- `runtime.sandbox.binary` to `runtime.sandbox_binary`. - -- `runtime.sgx.loader` to `runtime.sgx_loader`. - -- `runtime.history.pruner.*` to `runtime.history_pruner.*`. - -- `worker.sentry.addresses` to `runtime.sentry_addresses`. - -- `worker.tx_pool.*` to `runtime.tx_pool.*`. - -- `worker.keymanager.*` to `keymanager.*`. - -- `worker.keymanager.runtime.id` to `keymanager.runtime_id`. - -- `worker.registration.*` to `registration.*`. - -- `worker.sentry.*` to `sentry.*`. - -- `worker.sentry.control.authorized_pubkey` to -`sentry.control.authorized_pubkeys`. - -- `worker.storage.*` to `storage.*`. - -- `worker.storage.public_rpc.enabled` to `storage.public_rpc_enabled`. - -- `worker.storage.checkpoint_sync.disabled` to -`storage.checkpoint_sync_disabled`. diff --git a/.changelog/5074.bugfix.md b/.changelog/5074.bugfix.md deleted file mode 100644 index a42caa521af..00000000000 --- a/.changelog/5074.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -go/control/status: Take storage into account for last retained round - -When local storage is available (e.g. in stateful nodes), the report should -only include a round for which storage is available. diff --git a/.changelog/5075.internal.md b/.changelog/5075.internal.md deleted file mode 100644 index f06d40d9212..00000000000 --- a/.changelog/5075.internal.md +++ /dev/null @@ -1,13 +0,0 @@ -runtime/src/enclave_rpc: Add support for insecure key manager RPC requests - -The key manager uses encrypted sessions to authenticate clients and protect -sensitive data. The number of sessions is limited, thus susceptible to DoS -attacks. A malicious client can establish multiple sessions in parallel, -preventing other clients from making requests. Furthermore, since each -session is encrypted, the exchanged messages cannot be read or modified. -For public key requests this is not ideal as one would want to cache the -responses locally and serve them to other clients to unburden the manager. -Large quotes also cannot be removed from the exchanged messages if we are -sure that the recipient can obtain them through some other means. Supporting -insecure key manager RPC requests solves some of the before mentioned problems -and leaves space for further optimizations. diff --git a/.changelog/5078.trivial.md b/.changelog/5078.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5079.feature.md b/.changelog/5079.feature.md deleted file mode 100644 index 9d36b4a67f2..00000000000 --- a/.changelog/5079.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/keymanager: Show current key manager policy in the node status diff --git a/.changelog/5080.feature.md b/.changelog/5080.feature.md deleted file mode 100644 index c0b0af05c00..00000000000 --- a/.changelog/5080.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/keymanager: Show global key manager status in node status diff --git a/.changelog/5083.internal.md b/.changelog/5083.internal.md deleted file mode 100644 index 9414f38c2d2..00000000000 --- a/.changelog/5083.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -go/p2p/PeerManager: enable subscribing to peer updates - -Adds `WatchUpdates` method to the `PeerManager` which allows subscribing to -peer updates (peers being added or removed). diff --git a/.changelog/5085.breaking.1.md b/.changelog/5085.breaking.1.md deleted file mode 100644 index 9d99bde4bc2..00000000000 --- a/.changelog/5085.breaking.1.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus: Implement libp2p backed light client sync protocol diff --git a/.changelog/5085.breaking.2.md b/.changelog/5085.breaking.2.md deleted file mode 100644 index 464fca6a8bf..00000000000 --- a/.changelog/5085.breaking.2.md +++ /dev/null @@ -1,3 +0,0 @@ -go/consensus: Remove `consensus.LightClientBackend` - -All methods were merged into the `consensus.ClientBackend`. diff --git a/.changelog/5085.cfg.md b/.changelog/5085.cfg.md deleted file mode 100644 index fd7c2f4537b..00000000000 --- a/.changelog/5085.cfg.md +++ /dev/null @@ -1,4 +0,0 @@ -Use libp2p backed light client for Tendermint state sync - -The `"consensus.tendermint.state_sync.consensus_node"` flag is removed. P2P -peers for state sync are automatically selected. diff --git a/.changelog/5087.internal.md b/.changelog/5087.internal.md deleted file mode 100644 index 799586463e5..00000000000 --- a/.changelog/5087.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to 0.25.1, go-libp2p-pubsub to 0.9.0 diff --git a/.changelog/5088.breaking.1.md b/.changelog/5088.breaking.1.md deleted file mode 100644 index f1903ce5142..00000000000 --- a/.changelog/5088.breaking.1.md +++ /dev/null @@ -1 +0,0 @@ -go/registry: event `RuntimeEvent` is renamed to `RuntimeStartedEvent` diff --git a/.changelog/5088.breaking.2.md b/.changelog/5088.breaking.2.md deleted file mode 100644 index f5d4ef0e170..00000000000 --- a/.changelog/5088.breaking.2.md +++ /dev/null @@ -1,4 +0,0 @@ -go/registry: Added `RuntimeSuspendedEvent` - -The event is emitted whenever an active runtime is suspended. On resume, the -existing `RuntimeStartedEvent` is emitted. diff --git a/.changelog/5088.feature.md b/.changelog/5088.feature.md deleted file mode 100644 index ba87660851f..00000000000 --- a/.changelog/5088.feature.md +++ /dev/null @@ -1,3 +0,0 @@ -go/registry: Add WatchEvents method - -Method for following emitted registry event was added to the registry backend. diff --git a/.changelog/5092.bugfix.md b/.changelog/5092.bugfix.md deleted file mode 100644 index d5d05c8e37a..00000000000 --- a/.changelog/5092.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/runtime/registry: Fix watching policy updates - -When multiple key managers were running, the last known status of the -runtime's key manager was overwritten with each status update. On runtime -(re)starts, this resulted in the wrong policy being set. diff --git a/.changelog/5092.feature.md b/.changelog/5092.feature.md deleted file mode 100644 index 644c3e2d2c2..00000000000 --- a/.changelog/5092.feature.md +++ /dev/null @@ -1 +0,0 @@ -runtime/src/enclave_rpc: Verify RPC quotes with key manager quote policy diff --git a/.changelog/5094.internal.md b/.changelog/5094.internal.md deleted file mode 100644 index 8f5fb8cfbad..00000000000 --- a/.changelog/5094.internal.md +++ /dev/null @@ -1,6 +0,0 @@ -runtime/src/protocol: Deserialize unknown rhp messages as invalid - -Runtime-host protocol terminated the reader thread when failed to deserialize -a runtime message on the Rust side (e.g. when `Body` enum contained an unknown -field). Decoding is now more robust as these messages are deserialized as -invalid and latter discarded and logged as malformed by the handler. diff --git a/.changelog/5095.internal.md b/.changelog/5095.internal.md deleted file mode 100644 index 565a426645c..00000000000 --- a/.changelog/5095.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump golang.org/x/net to 0.13.0 diff --git a/.changelog/5098.trivial.md b/.changelog/5098.trivial.md deleted file mode 100644 index 27892318804..00000000000 --- a/.changelog/5098.trivial.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime/host/sgx: Fix SGX device search order diff --git a/.changelog/5099.trivial.md b/.changelog/5099.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5100.breaking.1.md b/.changelog/5100.breaking.1.md deleted file mode 100644 index 41cff4369a1..00000000000 --- a/.changelog/5100.breaking.1.md +++ /dev/null @@ -1,4 +0,0 @@ -go/registry: Remove Consensus RPC role from Node descriptors - -As of [#5085](https://github.com/oasisprotocol/oasis-core/pull/5085) the role -is unused. diff --git a/.changelog/5100.breaking.2.md b/.changelog/5100.breaking.2.md deleted file mode 100644 index a976074321d..00000000000 --- a/.changelog/5100.breaking.2.md +++ /dev/null @@ -1,5 +0,0 @@ -go/registry: Remove TLS Addresses from Node descriptors - -As of [#5085](https://github.com/oasisprotocol/oasis-core/pull/5085) the TLS -addresses are unused. Albeit also unused, the TLS public keys remain part -of node descriptors. diff --git a/.changelog/5100.internal.md b/.changelog/5100.internal.md deleted file mode 100644 index f89d758d996..00000000000 --- a/.changelog/5100.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -go/grpc: remove unused gRPC code - -Removes a lot of unneeded gRPC code since no runtime or consensus protocols -use it for communication anymore. diff --git a/.changelog/5101.feature.md b/.changelog/5101.feature.md deleted file mode 100644 index a93cbc8cfa6..00000000000 --- a/.changelog/5101.feature.md +++ /dev/null @@ -1 +0,0 @@ -keymanager/src/client: Fetch public keys using insecure RPC requests diff --git a/.changelog/5102.breaking.1.md b/.changelog/5102.breaking.1.md deleted file mode 100644 index 251ec427b6f..00000000000 --- a/.changelog/5102.breaking.1.md +++ /dev/null @@ -1,4 +0,0 @@ -go/staking: Add MinCommissionRate parameter - -Also included support for updating the parameter via -`ConsensusParameterChanges` governance proposal. diff --git a/.changelog/5102.breaking.2.md b/.changelog/5102.breaking.2.md deleted file mode 100644 index 3606f53c4f8..00000000000 --- a/.changelog/5102.breaking.2.md +++ /dev/null @@ -1,4 +0,0 @@ -go/staking: Add escrow requirement for updating commission schedule - -To prevent bloating the commission schedule state, the commission schedule can -only be updated for entities with enough stake to register a validator node. diff --git a/.changelog/5102.feature.md b/.changelog/5102.feature.md deleted file mode 100644 index 2260fc60c70..00000000000 --- a/.changelog/5102.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -go/staking: Add `CommissionScheduleAddresses` method - -The new method returns addresses of accounts with non-empty commission -schedule configured. diff --git a/.changelog/5104.feature.md b/.changelog/5104.feature.md deleted file mode 100644 index 51c83040568..00000000000 --- a/.changelog/5104.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -go/consensus: Add missing early exits when simulating transactions - -Some transactions were missing the early exit after gas accounting when -simulating transactions. diff --git a/.changelog/5106.internal.md b/.changelog/5106.internal.md deleted file mode 100644 index dde43427b99..00000000000 --- a/.changelog/5106.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump tendermint-rs to 0.29.0 diff --git a/.changelog/5107.bugfix.md b/.changelog/5107.bugfix.md deleted file mode 100644 index 09a9732a241..00000000000 --- a/.changelog/5107.bugfix.md +++ /dev/null @@ -1,7 +0,0 @@ -go/consensus: Ensure state has the correct chain context - -Previously one could accidentally copy state from one network but use a -genesis document from a different one, causing state corruption during -Tendermint block replay. - -There is now a check to ensure we abort early. diff --git a/.changelog/5108.feature.md b/.changelog/5108.feature.md deleted file mode 100644 index 0b9af5539e4..00000000000 --- a/.changelog/5108.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/common/sgx/pcs: Add support for PCS v4 and TCB info v3 diff --git a/.changelog/5111.bugfix.md b/.changelog/5111.bugfix.md deleted file mode 100644 index d995839f407..00000000000 --- a/.changelog/5111.bugfix.md +++ /dev/null @@ -1,6 +0,0 @@ -go/runtime/registry: Fix key manager (quote) policy updates - -When a key manager (quote) policy update fails, the host should retry the -update until the policy is updated. For example, when using Tendermint as -a backend service, the first update will always fail because the consensus -verifier sees new blocks with a one-block delay. diff --git a/.changelog/5112.breaking.md b/.changelog/5112.breaking.md deleted file mode 100644 index 0315f897ee5..00000000000 --- a/.changelog/5112.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/registry: Add optional bundle checksum to runtime deployments diff --git a/.changelog/5113.breaking.md b/.changelog/5113.breaking.md deleted file mode 100644 index 61c62975384..00000000000 --- a/.changelog/5113.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/sgx/ias: Add support for blacklisting GIDs diff --git a/.changelog/5114.breaking.md b/.changelog/5114.breaking.md deleted file mode 100644 index dfa29e5e545..00000000000 --- a/.changelog/5114.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/registry: Support changing a runtime's owner diff --git a/.changelog/5117.bugfix.md b/.changelog/5117.bugfix.md deleted file mode 100644 index ff3d47cfa7d..00000000000 --- a/.changelog/5117.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -go/tendermint: Change order of events returned from GetEvents() - -The new order reflects the order in which the events were -generated during block execution. diff --git a/.changelog/5120.internal.md b/.changelog/5120.internal.md deleted file mode 100644 index 36d41639650..00000000000 --- a/.changelog/5120.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump tokio to 1.29.1 diff --git a/.changelog/5121.internal.md b/.changelog/5121.internal.md deleted file mode 100644 index 7b0d1989853..00000000000 --- a/.changelog/5121.internal.md +++ /dev/null @@ -1 +0,0 @@ -crypto/x25519: Add type-safe X25519 private/public key types diff --git a/.changelog/5123.bugfix.md b/.changelog/5123.bugfix.md deleted file mode 100644 index 996e160af80..00000000000 --- a/.changelog/5123.bugfix.md +++ /dev/null @@ -1,6 +0,0 @@ -go/worker/client: Better handle latest round queries with verification - -When a query is requesting to be executed against the latest round and -the runtime reports a consensus verifier error, use an earlier round -instead as the latest round may not yet be verifiable by the light -client as it needs to wait for the validator signatures. diff --git a/.changelog/5125.feature.md b/.changelog/5125.feature.md deleted file mode 100644 index 827fc9bbc11..00000000000 --- a/.changelog/5125.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -go/common/node: Add runtime encryption key (REK) - -The new key allows enclaves to publish encrypted data on-chain to an enclave -instance. diff --git a/.changelog/5127.breaking.md b/.changelog/5127.breaking.md deleted file mode 100644 index 589dd42e550..00000000000 --- a/.changelog/5127.breaking.md +++ /dev/null @@ -1,5 +0,0 @@ -go/common/node: Cleanup VRF configuration as it is mandatory - -Simplify types by removing the ability for a node's VRF to be nil. Note -that in practice (e.g. in all existing deployments) it was already -mandatory as registering a node without it set would always fail. diff --git a/.changelog/5128.internal.md b/.changelog/5128.internal.md deleted file mode 100644 index 73b675a69e3..00000000000 --- a/.changelog/5128.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Refactor consensus verifier predicates diff --git a/.changelog/5131.internal.md b/.changelog/5131.internal.md deleted file mode 100644 index 69d95e1137b..00000000000 --- a/.changelog/5131.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -ci: Explicitly use Ubuntu 22.04 for release builds - -This avoids the situation when ubuntu-latest gets changed to something -else, possibly imposing a different set of dependencies. diff --git a/.changelog/5134.bugfix.md b/.changelog/5134.bugfix.md deleted file mode 100644 index 7e1c1dbd4ec..00000000000 --- a/.changelog/5134.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Fix verification of blocks between two trusted heights diff --git a/.changelog/5135.internal.md b/.changelog/5135.internal.md deleted file mode 100644 index e55605a93db..00000000000 --- a/.changelog/5135.internal.md +++ /dev/null @@ -1,6 +0,0 @@ -runtime/src/protocol: Remove consensus version compatibility check - -Consensus version check was a sanity check which didn't allow dump-restore -upgrades. The removal did no harm as the consensus version was never -authenticated and light clients use the verifier to check state compatibility -and authenticity. diff --git a/.changelog/5140.trivial.md b/.changelog/5140.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5141.internal.md b/.changelog/5141.internal.md deleted file mode 100644 index a32c3136a3d..00000000000 --- a/.changelog/5141.internal.md +++ /dev/null @@ -1 +0,0 @@ -docker: Bump base image to Ubuntu 22.04 diff --git a/.changelog/5146.internal.md b/.changelog/5146.internal.md deleted file mode 100644 index 9c0d3149923..00000000000 --- a/.changelog/5146.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Attempt to flush buffers before aborting diff --git a/.changelog/5148.bugfix.md b/.changelog/5148.bugfix.md deleted file mode 100644 index f2eff964b23..00000000000 --- a/.changelog/5148.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Clear verification trace after block verification diff --git a/.changelog/5149.internal.md b/.changelog/5149.internal.md deleted file mode 100644 index fb4c4818a03..00000000000 --- a/.changelog/5149.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Simplify the LRU-backed consensus verifier light store diff --git a/.changelog/5150.internal.md b/.changelog/5150.internal.md deleted file mode 100644 index 984a0ebcc25..00000000000 --- a/.changelog/5150.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Reduce the size of the light block LRU store diff --git a/.changelog/5155.trivial.md b/.changelog/5155.trivial.md deleted file mode 100644 index 6d5f7de37b4..00000000000 --- a/.changelog/5155.trivial.md +++ /dev/null @@ -1 +0,0 @@ -Fix build documentation typo diff --git a/.changelog/5156.feature.md b/.changelog/5156.feature.md deleted file mode 100644 index 21f6b63e719..00000000000 --- a/.changelog/5156.feature.md +++ /dev/null @@ -1,7 +0,0 @@ -runtime/src/enclave_rpc: Support calls to explicit key manager members - -Key manager enclaves can now request a host to talk not only to a randomly -chosen key manager instance, but also to a specific instance. The identity -of the remote node is verified only in Noise sessions. In these, the enclave -obtains the other instance's trusted RAK from the consensus layer and compares -it to the one used throughout the session. diff --git a/.changelog/5158.feature.md b/.changelog/5158.feature.md deleted file mode 100644 index 798df16876d..00000000000 --- a/.changelog/5158.feature.md +++ /dev/null @@ -1,6 +0,0 @@ -keymanager: Add forward-secrecy to ephemeral keys - -Deriving ephemeral keys from the key manager's master secret did not guarantee -forward secrecy. In order to fulfill this requirement, we needed ephemeral -secrets that are randomly generated on every epoch and distributed securely -amongst enclave executors. diff --git a/.changelog/5159.bugfix.md b/.changelog/5159.bugfix.md deleted file mode 100644 index 31722f98426..00000000000 --- a/.changelog/5159.bugfix.md +++ /dev/null @@ -1,6 +0,0 @@ -go/consensus/tendermint/apps/keymanager: Fix committee construction - -Previously, a node was added to the key manager committee if the node's first -registered key manager runtime passed validation and matched the key manager -status. From now on, all supported versions of the key manager runtime must -pass this check. diff --git a/.changelog/5160.bugfix.md b/.changelog/5160.bugfix.md deleted file mode 100644 index 4027f624186..00000000000 --- a/.changelog/5160.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -go/worker/client: Ensure block round is synced to storage - -Previously the transaction inclusion checks could attempt to inspect a -block that the node has not yet synced, triggering an error. diff --git a/.changelog/5161.bugfix.md b/.changelog/5161.bugfix.md deleted file mode 100644 index 0d8fd6c9bd6..00000000000 --- a/.changelog/5161.bugfix.md +++ /dev/null @@ -1,7 +0,0 @@ -go/worker/compute: Do not drop valid proposals - -Previously valid proposals could be dropped instead of being forwarded -via the P2P gossip when the local node's consensus view was slightly -behind even though the proposal was valid. With smaller committees and -certain topologies this could result in some nodes not getting the -proposals. diff --git a/.changelog/5163.trivial.md b/.changelog/5163.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5166.breaking.md b/.changelog/5166.breaking.md deleted file mode 100644 index 1515e45bc06..00000000000 --- a/.changelog/5166.breaking.md +++ /dev/null @@ -1,4 +0,0 @@ -go/keymanager/api: Move key manager gas costs - -Consensus parameters were added to the key manager state and key manager gas -costs were moved from the registry state to the key manager state. diff --git a/.changelog/5168.internal.md b/.changelog/5168.internal.md deleted file mode 100644 index aeac857c665..00000000000 --- a/.changelog/5168.internal.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus/supplementarysanity: Fix checks for legacy validators diff --git a/.changelog/5169.trivial.md b/.changelog/5169.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5170.trivial.md b/.changelog/5170.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5171.trivial.md b/.changelog/5171.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5173.trivial.md b/.changelog/5173.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5176.trivial.md b/.changelog/5176.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5177.bugfix.md b/.changelog/5177.bugfix.md deleted file mode 100644 index cb48e4e6429..00000000000 --- a/.changelog/5177.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -go/registry/api: Fix node registration when TEE not available - -Previously, registration skipped the TEE hardware verification if a node -registered without TEE capability. diff --git a/.changelog/5180.internal.md b/.changelog/5180.internal.md deleted file mode 100644 index 799586463e5..00000000000 --- a/.changelog/5180.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to 0.25.1, go-libp2p-pubsub to 0.9.0 diff --git a/.changelog/5182.trivial.md b/.changelog/5182.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5187.bugfix.md b/.changelog/5187.bugfix.md deleted file mode 100644 index 3266a25ee45..00000000000 --- a/.changelog/5187.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime: Also re-attest based on MaxAttestationAge diff --git a/.changelog/5188.feature.md b/.changelog/5188.feature.md deleted file mode 100644 index f7fb695b766..00000000000 --- a/.changelog/5188.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime: Reduce downtime for TEE runtime upgrades diff --git a/.changelog/5190.internal.md b/.changelog/5190.internal.md deleted file mode 100644 index dde43427b99..00000000000 --- a/.changelog/5190.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump tendermint-rs to 0.29.0 diff --git a/.changelog/5191.internal.md b/.changelog/5191.internal.md deleted file mode 100644 index 3abf301410e..00000000000 --- a/.changelog/5191.internal.md +++ /dev/null @@ -1 +0,0 @@ -docker: Bump cargo-tarpaulin to 0.25.0 diff --git a/.changelog/5192.trivial.md b/.changelog/5192.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5194.trivial.md b/.changelog/5194.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5195.internal.md b/.changelog/5195.internal.md deleted file mode 100644 index bca52ec9c36..00000000000 --- a/.changelog/5195.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p-pubsub to 0.9.1 diff --git a/.changelog/5196.feature.md b/.changelog/5196.feature.md deleted file mode 100644 index 0a580ac2359..00000000000 --- a/.changelog/5196.feature.md +++ /dev/null @@ -1,58 +0,0 @@ -keymanager/src/runtime: Support master secret rotations - -Key managers now have the ability to rotate the master secret -at predetermined intervals. Each rotation introduces a new generation, -or version, of the master secret that is sequentially numbered, starting -from zero. These rotations occur during key manager status updates, which -typically happen during epoch transitions. To perform a rotation, -one of the key manager enclaves must publish a proposal for the next -generation of the master secret, which must then be replicated by -the majority of enclaves. If the replication process is not completed -by the end of the epoch, the proposal can be replaced with a new one. - -The following metrics have been added: - -- `oasis_worker_keymanager_consensus_ephemeral_secret_epoch_number` - is the epoch number of the latest ephemeral secret. - -- `oasis_worker_keymanager_consensus_master_secret_generation_number` - is the generation number of the latest master secret. - -- `oasis_worker_keymanager_consensus_master_secret_rotation_epoch_number` - is the epoch number of the latest master secret rotation. - -- `oasis_worker_keymanager_consensus_master_secret_proposal_generation_number` - is the generation number of the latest master secret proposal. - -- `oasis_worker_keymanager_consensus_master_secret_proposal_epoch_number` - is the epoch number of the latest master secret proposal. - -- `oasis_worker_keymanager_enclave_ephemeral_secret_epoch_number` - is the epoch number of the latest ephemeral secret loaded into the enclave. - -- `oasis_worker_keymanager_enclave_master_secret_generation_number` - is the generation number of the latest master secret as seen by the enclave. - -- `oasis_worker_keymanager_enclave_master_secret_proposal_generation_number` - is the generation number of the latest master secret proposal loaded - into the enclave. - -- `oasis_worker_keymanager_enclave_master_secret_proposal_epoch_number` - is the epoch number of the latest master secret proposal loaded - into the enclave. - -- `oasis_worker_keymanager_enclave_generated_master_secret_generation_number` - is the generation number of the latest master secret generated - by the enclave. - -- `oasis_worker_keymanager_enclave_generated_master_secret_epoch_number` - is the epoch number of the latest master secret generated by the enclave. - -- `oasis_worker_keymanager_enclave_generated_ephemeral_secret_epoch_number` - is the epoch number of the latest ephemeral secret generated by the enclave. - -The following metrics have had runtime labels added: - -- `oasis_worker_keymanager_compute_runtime_count`, - -- `oasis_worker_keymanager_policy_update_count`. diff --git a/.changelog/5197.trivial.md b/.changelog/5197.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5198.internal.md b/.changelog/5198.internal.md deleted file mode 100644 index 82d7ed0e330..00000000000 --- a/.changelog/5198.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -keymanager: Add support for master secret generations - -Refactored key manager's init method to be able to support multiple -generations of the master secret. diff --git a/.changelog/5199.internal.md b/.changelog/5199.internal.md deleted file mode 100644 index 9727c36b480..00000000000 --- a/.changelog/5199.internal.md +++ /dev/null @@ -1 +0,0 @@ -go/keymanager/api: Add signed encrypted master secret diff --git a/.changelog/5200.feature.md b/.changelog/5200.feature.md deleted file mode 100644 index 86c21edf85b..00000000000 --- a/.changelog/5200.feature.md +++ /dev/null @@ -1 +0,0 @@ -Move halt epoch from genesis to node-local configuration diff --git a/.changelog/5201.internal.md b/.changelog/5201.internal.md deleted file mode 100644 index 3a4ac664089..00000000000 --- a/.changelog/5201.internal.md +++ /dev/null @@ -1,3 +0,0 @@ -runtime: Always use host node ID when verifying freshness with RAK - -This avoids an initial scan over all the nodes in the registry. diff --git a/.changelog/5204.feature.md b/.changelog/5204.feature.md deleted file mode 100644 index ef2aa26b961..00000000000 --- a/.changelog/5204.feature.md +++ /dev/null @@ -1,6 +0,0 @@ -keymanager/src/runtime: Verify and modify init request - -The init request was never verified against the consensus layer state and, -therefore, was not trustworthy. To make this request more informative and -easily verifiable against consensus, it was extended to include all key -manager status fields. diff --git a/.changelog/5212.trivial.md b/.changelog/5212.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5213.internal.md b/.changelog/5213.internal.md deleted file mode 100644 index 6500e59a2d1..00000000000 --- a/.changelog/5213.internal.md +++ /dev/null @@ -1 +0,0 @@ -rust: Bump tempfile to 3.4.0 diff --git a/.changelog/5214.internal.md b/.changelog/5214.internal.md deleted file mode 100644 index a87d50bb4c4..00000000000 --- a/.changelog/5214.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Use a limited multi-threaded Tokio runtime in SGX diff --git a/.changelog/5215.internal.md b/.changelog/5215.internal.md deleted file mode 100644 index ca0b0293c03..00000000000 --- a/.changelog/5215.internal.md +++ /dev/null @@ -1 +0,0 @@ -keymanager: Support policies in unsafe builds diff --git a/.changelog/5218.internal.md b/.changelog/5218.internal.md deleted file mode 100644 index b049bc55556..00000000000 --- a/.changelog/5218.internal.md +++ /dev/null @@ -1,10 +0,0 @@ -go/worker/keymanager: Optimize enclave initialization - -Enclave initialization was moved into its own goroutine to avoid blocking -the main loop of the key manager worker. Once initialization is completed, -the resulting state of the enclave is compared to the latest key manager -status. If the latter has changed, initialization is performed again. - -This will be useful when we deploy master secret rotation since new secrets -may be generated while old secrets are being replicated which can result -in an outdated state once initialization finishes. diff --git a/.changelog/5220.internal.md b/.changelog/5220.internal.md deleted file mode 100644 index 72ecebff5a3..00000000000 --- a/.changelog/5220.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Refactor Tokio runtime constructor diff --git a/.changelog/5223.trivial.md b/.changelog/5223.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5224.internal.md b/.changelog/5224.internal.md deleted file mode 100644 index 322d660c18f..00000000000 --- a/.changelog/5224.internal.md +++ /dev/null @@ -1 +0,0 @@ -docker: Switch to ghcr.io for container registry diff --git a/.changelog/5228.internal.md b/.changelog/5228.internal.md deleted file mode 100644 index 3f665568b3c..00000000000 --- a/.changelog/5228.internal.md +++ /dev/null @@ -1 +0,0 @@ -Bump Go to 1.20.2 diff --git a/.changelog/5233.trivial.md b/.changelog/5233.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5234.internal.md b/.changelog/5234.internal.md deleted file mode 100644 index f69e2f280c2..00000000000 --- a/.changelog/5234.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump tendermint-rs to 0.30.0 diff --git a/.changelog/5237.cfg.md b/.changelog/5237.cfg.md deleted file mode 100644 index b3396400f00..00000000000 --- a/.changelog/5237.cfg.md +++ /dev/null @@ -1,21 +0,0 @@ -Configuration file migration - -To migrate your node's YAML config file from the old format -to the new, you can use the node's `config migrate` subcommand. -Pass the path to the old config file with `--in` and specify -the new config file name with `--out`. - -For example: -`oasis-node config migrate --in old.yaml --out new.yaml`. - -The migration subcommand logs the various changes it makes and -warns you if a config option is no longer supported, etc. -At the end, any unknown sections of the input config file are -printed to the terminal to give you a chance to review them -and make manual changes if required. - -Note that the migration subcommand does not preserve comments -and order of sections from the input YAML config file. -You should always carefully read the output of this command, -as well as compare the generated config file with the -original before using it. diff --git a/.changelog/5237.internal.md b/.changelog/5237.internal.md deleted file mode 100644 index 180b7aa669d..00000000000 --- a/.changelog/5237.internal.md +++ /dev/null @@ -1,12 +0,0 @@ -go/oasis-node/cmd/config: Add the migrate subcommand - -A new `migrate` subcommand is added to the node's `config` -command. This subcommand can be used to automatically migrate -the old YAML config file into the new format introduced in -commit 2a132b3. - -The subcommand logs the various changes it makes and warns the -user if a config option is no longer supported, etc. -At the end, any unknown sections of the input config file are -printed to the terminal to give the user a chance to review -them and make manual changes if appropriate. diff --git a/.changelog/5239.bugfix.md b/.changelog/5239.bugfix.md deleted file mode 100644 index 81ae7275f5d..00000000000 --- a/.changelog/5239.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/runtime/host/sgx: Update QE target info during re-attestation - -This allows the node to continue working in case aesmd is upgraded while -the node is running. In this case the Quoting Enclave identity can -change and this requires the target info to be updated. diff --git a/.changelog/5244.trivial.md b/.changelog/5244.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5245.feature.md b/.changelog/5245.feature.md deleted file mode 100644 index 1393adafb7d..00000000000 --- a/.changelog/5245.feature.md +++ /dev/null @@ -1,7 +0,0 @@ -go: Cache TCB bundles and lower refreshing frequency - -Mainly this means the node will make significantly fewer requests for -fetching TCB bundles. Because these are now stored locally in the -persistent store, this mechanism also enables a degree of tolerance -against transient fetch failures in cases where a stored bundle is still -valid. diff --git a/.changelog/5246.trivial.md b/.changelog/5246.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5247.trivial.md b/.changelog/5247.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5248.bugfix.md b/.changelog/5248.bugfix.md deleted file mode 100644 index ab3b2a78d04..00000000000 --- a/.changelog/5248.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/client: Also treat literal latest round as latest diff --git a/.changelog/5251.trivial.md b/.changelog/5251.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5252.trivial.md b/.changelog/5252.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5254.feature.md b/.changelog/5254.feature.md deleted file mode 100644 index 17392b26d6f..00000000000 --- a/.changelog/5254.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime/host/sgx: Add metrics for attestations diff --git a/.changelog/5255.trivial.md b/.changelog/5255.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5256.feature.md b/.changelog/5256.feature.md deleted file mode 100644 index 53ff21b8147..00000000000 --- a/.changelog/5256.feature.md +++ /dev/null @@ -1,13 +0,0 @@ -go/control/api: Improve node registration status clarity - -Three new fields have been added to the node's control status output -under the registration status section: - -- `last_attempt_successful` - true if the last registration attempt -succeeded. -- `last_attempt_error_message` - error message if the last registration -attempt failed. -- `last_attempt` - time of the last registration attempt. - -Also, if the registration descriptor is expired, it is no longer -shown in the output. diff --git a/.changelog/5258.trivial.md b/.changelog/5258.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5259.trivial.md b/.changelog/5259.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5260.bugfix.md b/.changelog/5260.bugfix.md deleted file mode 100644 index 7a0c2249aa2..00000000000 --- a/.changelog/5260.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/worker/compute/executor: Do not propose batch on epoch transition - -Previously a compute node could propose a new batch just before the -epoch transition happened, resulting in computation that will be -discarded anyway. diff --git a/.changelog/5261.breaking.md b/.changelog/5261.breaking.md deleted file mode 100644 index 790c2bdac38..00000000000 --- a/.changelog/5261.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/roothash: Treat failure indications as stragglers diff --git a/.changelog/5262.feature.md b/.changelog/5262.feature.md deleted file mode 100644 index a08a9f7adfa..00000000000 --- a/.changelog/5262.feature.md +++ /dev/null @@ -1,6 +0,0 @@ -go/worker/storage: Add storage worker status message - -A status message that shows the current state of the storage worker -was added to the node's storage worker's status output. -This enables the node operator to quickly check if the storage worker -is still initializing, syncing checkpoints, or syncing rounds. diff --git a/.changelog/5264.feature.md b/.changelog/5264.feature.md deleted file mode 100644 index 8d2a0f5d13a..00000000000 --- a/.changelog/5264.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -go/worker/compute: Optimize backup worker commit submission - -Backup compute workers now observe any gossiped commitments and pre-empt -consensus when it is obvious that there will be a discrepancy declared. diff --git a/.changelog/5265.trivial.md b/.changelog/5265.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5267.feature.md b/.changelog/5267.feature.md deleted file mode 100644 index d4199078231..00000000000 --- a/.changelog/5267.feature.md +++ /dev/null @@ -1 +0,0 @@ -tests: Support cross-version upgrade tests diff --git a/.changelog/5268.internal.md b/.changelog/5268.internal.md deleted file mode 100644 index 7137cab1997..00000000000 --- a/.changelog/5268.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Switch to CometBFT v0.34.27 diff --git a/.changelog/5271.trivial.md b/.changelog/5271.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5272.internal.md b/.changelog/5272.internal.md deleted file mode 100644 index a32dd44c7c4..00000000000 --- a/.changelog/5272.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -go: Remove timecache replace directive in go.mod file - -The replace directive for github.com/whyrusleeping/timecache has been removed -since the go-libp2p-pubsub library version 0.9.3 no longer utilizes it. diff --git a/.changelog/5273.internal.md b/.changelog/5273.internal.md deleted file mode 100644 index 4405a145cb1..00000000000 --- a/.changelog/5273.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -go: Remove flatbuffers replace directive in go.mod file - -The replace directive for github.com/google/flatbuffers has been removed -since the badger library version 3.2103.4 uses the same version 1.12.1. diff --git a/.changelog/5274.breaking.md b/.changelog/5274.breaking.md deleted file mode 100644 index 04322a64cae..00000000000 --- a/.changelog/5274.breaking.md +++ /dev/null @@ -1,12 +0,0 @@ -go/roothash: Optimize and refactor commitment pool processing - -The commitment pool processing has been optimized and refactored to improve -code readability: - -- The discrepancy detection has been modified to immediately switch to - the resolution mode when two commits differ, eliminating the necessity - to wait for the proposer's commitment. - -- The discrepancy resolution process was redesigned to fail as soon - as it becomes evident that no group of votes can attain the majority, - such as when there are too many failures. diff --git a/.changelog/5279.trivial.md b/.changelog/5279.trivial.md deleted file mode 100644 index e137408c9fd..00000000000 --- a/.changelog/5279.trivial.md +++ /dev/null @@ -1 +0,0 @@ -docker/aesmd: Update Intel SGX package signing key diff --git a/.changelog/5280.internal.md b/.changelog/5280.internal.md deleted file mode 100644 index 00c8ffd2c15..00000000000 --- a/.changelog/5280.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump CometBFT to v0.37.1 diff --git a/.changelog/5282.breaking.md b/.changelog/5282.breaking.md deleted file mode 100644 index 29895fea7b1..00000000000 --- a/.changelog/5282.breaking.md +++ /dev/null @@ -1,3 +0,0 @@ -go/roothash/commitment: Refactor executor commitment header - -The embedded compute results header struct has been changed to a field. diff --git a/.changelog/5282.internal.md b/.changelog/5282.internal.md deleted file mode 100644 index 1258442a546..00000000000 --- a/.changelog/5282.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -runtime/consensus/roothash: Implement executor commitment structures - -Structures and functions related to executor commitments were added -in order to be used later for executor commitment verification. diff --git a/.changelog/5283.trivial.md b/.changelog/5283.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5285.internal.md b/.changelog/5285.internal.md deleted file mode 100644 index 08049ff9ed8..00000000000 --- a/.changelog/5285.internal.md +++ /dev/null @@ -1,6 +0,0 @@ -go/consensus/tendermint: Implement {Prepare,Process}Proposal - -This also makes the nodes execute the proposal in the prepare/process -phase such that advanced modification (e.g. including meta transactions -based on results) and validation (e.g. rejecting blocks with invalid -transactions) becomes possible. diff --git a/.changelog/5286.internal.md b/.changelog/5286.internal.md deleted file mode 100644 index 89c47d5cbbd..00000000000 --- a/.changelog/5286.internal.md +++ /dev/null @@ -1,3 +0,0 @@ -go: Update fixgenesis command - -Make the fixgenesis command update a few more consensus parameters. diff --git a/.changelog/5287.breaking.md b/.changelog/5287.breaking.md deleted file mode 100644 index 632bc4147ea..00000000000 --- a/.changelog/5287.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/upgrade: Check all pending upgrades if we reached the upgrade epoch diff --git a/.changelog/5287.trivial.md b/.changelog/5287.trivial.md deleted file mode 100644 index 4193903fe6a..00000000000 --- a/.changelog/5287.trivial.md +++ /dev/null @@ -1 +0,0 @@ -go/upgrade: Clear completed upgrades before deleting state diff --git a/.changelog/5289.bugfix.md b/.changelog/5289.bugfix.md deleted file mode 100644 index f8a700d625e..00000000000 --- a/.changelog/5289.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/oasis-node/cmd/ias: Regenerate TLS certificate on startup diff --git a/.changelog/5291.internal.md b/.changelog/5291.internal.md deleted file mode 100644 index fb6d26591e2..00000000000 --- a/.changelog/5291.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Rename Tendermint to CometBFT diff --git a/.changelog/5292.breaking.md b/.changelog/5292.breaking.md deleted file mode 100644 index dd434d325e3..00000000000 --- a/.changelog/5292.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus: Add block metadata to allow same-block state validation diff --git a/.changelog/5294.breaking.md b/.changelog/5294.breaking.md deleted file mode 100644 index 081ca184110..00000000000 --- a/.changelog/5294.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus: Add provable events diff --git a/.changelog/5296.trivial.md b/.changelog/5296.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5297.internal.md b/.changelog/5297.internal.md deleted file mode 100644 index da1f74d7621..00000000000 --- a/.changelog/5297.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to 0.28.1 diff --git a/.changelog/5299.internal.md b/.changelog/5299.internal.md deleted file mode 100644 index 04651347e4a..00000000000 --- a/.changelog/5299.internal.md +++ /dev/null @@ -1,8 +0,0 @@ -go/consensus/cometbft: Use generic data directory names - -The following subdirectories under the node's data directory have been -renamed: - -- `tendermint` to `consensus` -- `tendermint/abci-state` to `consensus/state` -- `tendermint-seed` to `seed` (on seed nodes only) diff --git a/.changelog/5300.feature.md b/.changelog/5300.feature.md deleted file mode 100644 index b9bce0507e7..00000000000 --- a/.changelog/5300.feature.md +++ /dev/null @@ -1,5 +0,0 @@ -runtime/consensus/tendermint/verifier: Support same-block validation - -The post-execution state of the latest consensus block is now verified -using the block metadata transaction, effectively eliminating any block -delay for state verification. diff --git a/.changelog/5301.feature.md b/.changelog/5301.feature.md deleted file mode 100644 index b4ff984fb13..00000000000 --- a/.changelog/5301.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/control: Add runtime provisioner type to host status output diff --git a/.changelog/5302.trivial.md b/.changelog/5302.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5303.trivial.md b/.changelog/5303.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5304.feature.md b/.changelog/5304.feature.md deleted file mode 100644 index 5193928688c..00000000000 --- a/.changelog/5304.feature.md +++ /dev/null @@ -1,9 +0,0 @@ -go/oasis-test-runner: Run the test runner and scenarios for limited time - -The test runner and scenarios can now be configured to run for a limited -duration using the following flags: - -- `timeout`: the maximum allowable total duration for all scenarios, - -- `scenario_timeout`: the maximum allowable duration for an individual - scenario. diff --git a/.changelog/5306.internal.md b/.changelog/5306.internal.md deleted file mode 100644 index 08baa1aeed1..00000000000 --- a/.changelog/5306.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump cometbft to v0.37.2-oasis1 diff --git a/.changelog/5307.internal.md b/.changelog/5307.internal.md deleted file mode 100644 index af357ebd9b3..00000000000 --- a/.changelog/5307.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -go/oasis-test-runner: Build key manager runtime with trust root - -The runtime trust-root scenarios now build not only the simple key/value -but also the key manager runtime with an embedded trust root. diff --git a/.changelog/5311.trivial.md b/.changelog/5311.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5313.trivial.md b/.changelog/5313.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5316.trivial.md b/.changelog/5316.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5318.internal.md b/.changelog/5318.internal.md deleted file mode 100644 index 05eb25aa557..00000000000 --- a/.changelog/5318.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -go: Remove TLS certificate rotation - -We use libp2p for all communication now, so TLS certificate rotation is -no longer needed. diff --git a/.changelog/5319.bugfix.md b/.changelog/5319.bugfix.md deleted file mode 100644 index 18b9b2d45d6..00000000000 --- a/.changelog/5319.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -staking: Fix reward distribution when common pool is exhausted diff --git a/.changelog/5320.feature.md b/.changelog/5320.feature.md deleted file mode 100644 index 7702a460397..00000000000 --- a/.changelog/5320.feature.md +++ /dev/null @@ -1,5 +0,0 @@ -go/worker/keymanager/status: Show active version of the km runtime - -The status of the key manager was updated to include a new attribute called -`active_version`, which stores the version number of the currently deployed -key manager runtime. If no deployment is active, the value is set to null. diff --git a/.changelog/5321.bugfix.md b/.changelog/5321.bugfix.md deleted file mode 100644 index 774e52df69d..00000000000 --- a/.changelog/5321.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/storage/mkvs: Fix commit of nil entries diff --git a/.changelog/5323.trivial.md b/.changelog/5323.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5324.trivial.md b/.changelog/5324.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5325.internal.md b/.changelog/5325.internal.md deleted file mode 100644 index fed54afa16d..00000000000 --- a/.changelog/5325.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -tests/upgrade: Test master secrets - -The upgrade scenario was enhanced to test runtime and key manager upgrades, -trust roots and master secret rotations. diff --git a/.changelog/5326.bugfix.md b/.changelog/5326.bugfix.md deleted file mode 100644 index 1c0d601efe8..00000000000 --- a/.changelog/5326.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -storage/sync: don't immediately trigger more round fetches on failures diff --git a/.changelog/5327.feature.md b/.changelog/5327.feature.md deleted file mode 100644 index 02f1a2710a0..00000000000 --- a/.changelog/5327.feature.md +++ /dev/null @@ -1,13 +0,0 @@ -go/p2p: implement various metrics collection - -The following Prometheus metrics were added: - -- `oasis_p2p_peers` -- `oasis_p2p_blocked_peers` -- `oasis_p2p_connections` -- `oasis_p2p_topics` -- `oasis_p2p_protocols` - -See [metrics documentation] for descriptions of metrics. - -[metrics documentation]: https://docs.oasis.io/core/oasis-node/metrics diff --git a/.changelog/5330.internal.md b/.changelog/5330.internal.md deleted file mode 100644 index 36d41639650..00000000000 --- a/.changelog/5330.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump tokio to 1.29.1 diff --git a/.changelog/5331.trivial.md b/.changelog/5331.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5332.trivial.md b/.changelog/5332.trivial.md deleted file mode 100644 index d163354fa01..00000000000 --- a/.changelog/5332.trivial.md +++ /dev/null @@ -1 +0,0 @@ -go/oasis-node/cmd/config/migrate: Add runtime P2P seed address too diff --git a/.changelog/5334.breaking.md b/.changelog/5334.breaking.md deleted file mode 100644 index 407c414ed18..00000000000 --- a/.changelog/5334.breaking.md +++ /dev/null @@ -1,10 +0,0 @@ -go/consensus/roothash: Track runtime proposer liveness - -The roothash application now monitors the runtime proposer liveness, which -runtimes can utilize to penalize proposers with insufficient commitments. -To activate penalties for such nodes, the executor committee parameters -need to be updated by configuring the following setting: - -- `MaxMissedProposalsPercent`: The maximum percentage of proposed rounds - in an epoch that can fail for a node to be considered live. Zero means - that all proposed rounds can fail. diff --git a/.changelog/5335.bugfix.md b/.changelog/5335.bugfix.md deleted file mode 100644 index 55f039e1beb..00000000000 --- a/.changelog/5335.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/common/cbor: Relax CBOR decoding for gRPC/RHP endpoints diff --git a/.changelog/5337.internal.md b/.changelog/5337.internal.md deleted file mode 100644 index 565a426645c..00000000000 --- a/.changelog/5337.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump golang.org/x/net to 0.13.0 diff --git a/.changelog/5338.internal.md b/.changelog/5338.internal.md deleted file mode 100644 index d5d18ddbdd6..00000000000 --- a/.changelog/5338.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to 0.29.2 diff --git a/.changelog/5339.internal.md b/.changelog/5339.internal.md deleted file mode 100644 index d5d18ddbdd6..00000000000 --- a/.changelog/5339.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to 0.29.2 diff --git a/.changelog/5348.trivial.md b/.changelog/5348.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5351.internal.1.md b/.changelog/5351.internal.1.md deleted file mode 100644 index 2a1848f4b75..00000000000 --- a/.changelog/5351.internal.1.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump ed25519-dalek to 2.0.0 diff --git a/.changelog/5351.internal.2.md b/.changelog/5351.internal.2.md deleted file mode 100644 index 665ef14358f..00000000000 --- a/.changelog/5351.internal.2.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump sha2 to 0.10.7, hmac to 0.12.1 diff --git a/.changelog/5351.internal.3.md b/.changelog/5351.internal.3.md deleted file mode 100644 index b99f5c535f1..00000000000 --- a/.changelog/5351.internal.3.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump rsa to 0.9.2 diff --git a/.changelog/5352.breaking.md b/.changelog/5352.breaking.md deleted file mode 100644 index 69f32e39ba9..00000000000 --- a/.changelog/5352.breaking.md +++ /dev/null @@ -1,4 +0,0 @@ -go/staking: Enable changing the reward schedule - -The ability to change the reward schedule in the staking consensus -parameters through a governance vote was added. diff --git a/.changelog/5354.breaking.md b/.changelog/5354.breaking.md deleted file mode 100644 index 774acc8e3b2..00000000000 --- a/.changelog/5354.breaking.md +++ /dev/null @@ -1,7 +0,0 @@ -go/worker/compute/executor/committee: Support backup proposers - -Starting now, all executor committee workers are permitted to schedule -transactions, each with distinct per-round priority. Priority dictates -the time after which a worker can propose a new batch. The consensus -layer tracks all published executor commitments and tries to build -a new runtime block on a proposal with the highest priority. diff --git a/.changelog/5355.internal.md b/.changelog/5355.internal.md deleted file mode 100644 index c39a4b0f47a..00000000000 --- a/.changelog/5355.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to 0.30.0 diff --git a/.changelog/5356.internal.md b/.changelog/5356.internal.md deleted file mode 100644 index 0a3b8a6c6c1..00000000000 --- a/.changelog/5356.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go to 1.21.0 diff --git a/.changelog/5357.breaking.md b/.changelog/5357.breaking.md deleted file mode 100644 index 98eea381abc..00000000000 --- a/.changelog/5357.breaking.md +++ /dev/null @@ -1 +0,0 @@ -Add observer node role diff --git a/.changelog/5359.breaking.md b/.changelog/5359.breaking.md deleted file mode 100644 index 4b24021f663..00000000000 --- a/.changelog/5359.breaking.md +++ /dev/null @@ -1,6 +0,0 @@ -roothash: Store past runtime state and I/O roots in consensus state - -A new roothash consensus parameter was added (`MaxPastRootsStored`), -which enables storing runtime state and I/O roots for the past -`MaxPastRootsStored` rounds in the consensus state. -This enables easier cross-runtime communication. diff --git a/.changelog/5360.breaking.md b/.changelog/5360.breaking.md deleted file mode 100644 index 378c62a09ff..00000000000 --- a/.changelog/5360.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/oasis-node: Move "debug fix-genesis" subcommand to "genesis migrate" diff --git a/.changelog/5361.bugfix.md b/.changelog/5361.bugfix.md deleted file mode 100644 index ee77bc86130..00000000000 --- a/.changelog/5361.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/common: Reset runtime provisioned status on failure diff --git a/.changelog/5365.breaking.md b/.changelog/5365.breaking.md deleted file mode 100644 index 9d89025488b..00000000000 --- a/.changelog/5365.breaking.md +++ /dev/null @@ -1,7 +0,0 @@ -scheduler: Add option to change voting power distribution - -The ability to change the voting power distribution via consensus -governance was added. -The two options currently available are linear (the original, where -voting power is linearly proportional to the stake) and sqrt (new, -where voting power is proportional to the square root of the stake). diff --git a/.changelog/5366.trivial.md b/.changelog/5366.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5368.trivial.md b/.changelog/5368.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5369.trivial.md b/.changelog/5369.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5370.trivial.md b/.changelog/5370.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5372.feature.md b/.changelog/5372.feature.md deleted file mode 100644 index 6be49d10e84..00000000000 --- a/.changelog/5372.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/sgx/ias: Add support for v5 AVR diff --git a/.changelog/5375.bugfix.md b/.changelog/5375.bugfix.md deleted file mode 100644 index f8a700d625e..00000000000 --- a/.changelog/5375.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/oasis-node/cmd/ias: Regenerate TLS certificate on startup diff --git a/.changelog/5376.feature.md b/.changelog/5376.feature.md deleted file mode 100644 index 985c5b5718d..00000000000 --- a/.changelog/5376.feature.md +++ /dev/null @@ -1,17 +0,0 @@ -go/oasis-node/cmd: Deprecate subcommands in favor of Oasis CLI - -The following `oasis-node` subcommands have been deprecated and should no -longer be used in favor of the [Oasis CLI]: - -- `consensus *` -- `control runtime-stats` -- `debug bundle *` -- `governance *` -- `keymanager *` -- `registry *` -- `signer *` -- `stake *` - -They will be removed in a future release. - -[Oasis CLI]: https://docs.oasis.io/general/manage-tokens/cli/ diff --git a/.changelog/5378.trivial.md b/.changelog/5378.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5379.trivial.md b/.changelog/5379.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5381.trivial.md b/.changelog/5381.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5383.trivial.md b/.changelog/5383.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5384.doc.md b/.changelog/5384.doc.md deleted file mode 100644 index 8df4d62b869..00000000000 --- a/.changelog/5384.doc.md +++ /dev/null @@ -1 +0,0 @@ -docs: Use "chapter" and "section" terms consistently diff --git a/.changelog/5385.trivial.md b/.changelog/5385.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5386.trivial.md b/.changelog/5386.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5387.trivial.md b/.changelog/5387.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5389.bugfix.md b/.changelog/5389.bugfix.md deleted file mode 100644 index 113c2c71681..00000000000 --- a/.changelog/5389.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/registry: Do not verify node TEE capabilities during genesis diff --git a/.changelog/5390.bugfix.md b/.changelog/5390.bugfix.md deleted file mode 100644 index efac82cc7f0..00000000000 --- a/.changelog/5390.bugfix.md +++ /dev/null @@ -1,9 +0,0 @@ -host/sgx/epid: ensure consistent IAS proxy usage for attestation - -Refactors the IAS proxy client to expose separate clients for each configured -IAS proxy, instead of load-balancing internally between endpoints on a -per-request basis. - -This is required because the attestation procedure requires three calls to -the IAS endpoint (`GetSPIDInfo`, `GetSigRL`, `VerifyEvidence`) which should -all interact with the same endpoint. diff --git a/.changelog/5393.trivial.md b/.changelog/5393.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.punch_version.py b/.punch_version.py index b2246e26790..88eb1fd8e38 100644 --- a/.punch_version.py +++ b/.punch_version.py @@ -1,3 +1,3 @@ -year = '22' -minor = 2 +year = '23' +minor = 0 micro = 0 diff --git a/CHANGELOG.md b/CHANGELOG.md index ef88868cc30..add8474c62e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,1245 @@ The format is inspired by [Keep a Changelog]. +## 23.0 (2023-10-10) + +| Protocol | Version | +|:------------------|:---------:| +| Consensus | 7.0.0 | +| Runtime Host | 5.1.0 | +| Runtime Committee | 5.0.0 | + +### Removals and Breaking Changes + +- go/registry: Remove support for DeprecatedBeacon + ([#4394](https://github.com/oasisprotocol/oasis-core/issues/4394)) + + The PVSS backend is no longer present in 22.x and so the field is now + removed, and even genesis registrations without a VRF signing key will + be rejected. + +- go/consensus/tendermint/apps/beacon: Do gas accounting earlier + ([#4667](https://github.com/oasisprotocol/oasis-core/issues/4667)) + +- go/common/crypto/signature: Use ECVRF v16 + ([#4668](https://github.com/oasisprotocol/oasis-core/issues/4668)) + + The IETF draft was updated, so use the newer method of calculating proofs. + This is incompatible with the v10 proof derivation/verification, however + beta values for a given input will be identical. + +- go/staking/api: Add BurnAddress + ([#4755](https://github.com/oasisprotocol/oasis-core/issues/4755)) + + Transfers to `oasis1qzq8u7xs328puu2jy524w3fygzs63rv3u5967970` will be + treated as an explicit token burn (transfer amount deducted from the + source's general balance and destroyed). + + The private key of the address is unknown, and the address is marked + as reserved so the address can not be used as the source address for + any transactions. + +- go/consensus/tendermint: Fix liveness tracking for primary+backup + ([#4798](https://github.com/oasisprotocol/oasis-core/issues/4798)) + + In case a node is both primary and backup and doesn't submit a commit but + there was no discrepancy, the node should still be treated as failed. + +- go/registry: validate SoftwareVersion field in node descriptor + ([#5012](https://github.com/oasisprotocol/oasis-core/issues/5012)) + +- staking: specify slashed debonding amount in TakeEscrowEvent + ([#5016](https://github.com/oasisprotocol/oasis-core/issues/5016)) + + The event contains a new field; clients that do not need it + can safely ignore it. + +- roothash: Support governance actions via roothash messages + ([#5021](https://github.com/oasisprotocol/oasis-core/issues/5021)) + + This will allow runtimes to vote on and submit consensus governance + proposals. + +- go/staking: efficient `DelegationsFor` query + ([#5023](https://github.com/oasisprotocol/oasis-core/issues/5023)) + + A reverse delegation mapping is added to the staking state that makes + querying outgoing delegations efficient. + +- go/p2p: Include chain context in p2p protocol names + ([#5025](https://github.com/oasisprotocol/oasis-core/issues/5025)) + + Chain context was included in p2p protocol and topic names as until now + it was impossible to distinguish mainnet and testnet names from each other. + Unique names will also ease peer discovery as now we can use one seed node + for multiple nets. + +- governance: Support delegator votes + ([#5034](https://github.com/oasisprotocol/oasis-core/issues/5034)) + + Adds support for delegators to vote and override the validator votes as + described in [ADR 0020]. + + + [ADR 0020]: + https://github.com/oasisprotocol/adrs/blob/main/0020-governance-delegator-votes.md + + +- go/common/sgx/pcs: Add support for blacklisting FMSPCs + ([#5038](https://github.com/oasisprotocol/oasis-core/issues/5038)) + + PCS quote policy now supports blacklisting of FMSPCs. Quotes with blacklisted + FMSPC description of the TCB of the platform a runtime enclave is running + on won't get verified and remote attestation will fail. This is specially + useful if we want to block CPUs or platforms which security vulnerability + has just been exposed. FMSPCs can be added or removed from the global + default quote policy by changing registry parameter `TEEFeatures` via change + parameters proposals. The blacklist can also be overridden per-runtime in SGX + constraints. + +- `EntityID` is added to items in scheduler `GetValidators` API response + ([#5050](https://github.com/oasisprotocol/oasis-core/issues/5050)) + +- go/scheduler: include entity IDs in consensus validators state + ([#5050](https://github.com/oasisprotocol/oasis-core/issues/5050)) + + Validator lists in scheduler consensus state now include entity and node + identifiers. + +- go/consensus: Always return ErrInvalidArgument on tx deserialization failures + ([#5055](https://github.com/oasisprotocol/oasis-core/issues/5055)) + + Before, some modules were returning non-specific errors on tx deserialization + failures, which resulted in them being assigned to module "unknown", code 1. + +- go/staking: Limit maximum allowance amount based on total supply + ([#5056](https://github.com/oasisprotocol/oasis-core/issues/5056)) + + Request for updating allowance above total supply now fails with + `ErrAllowanceGreaterThanSupply`. + +- go/consensus/keymanager: Skip expired nodes + ([#5066](https://github.com/oasisprotocol/oasis-core/issues/5066)) + +- go/consensus: Implement libp2p backed light client sync protocol + ([#5085](https://github.com/oasisprotocol/oasis-core/issues/5085)) + +- go/consensus: Remove `consensus.LightClientBackend` + ([#5085](https://github.com/oasisprotocol/oasis-core/issues/5085)) + + All methods were merged into the `consensus.ClientBackend`. + +- go/registry: event `RuntimeEvent` is renamed to `RuntimeStartedEvent` + ([#5088](https://github.com/oasisprotocol/oasis-core/issues/5088)) + +- go/registry: Added `RuntimeSuspendedEvent` + ([#5088](https://github.com/oasisprotocol/oasis-core/issues/5088)) + + The event is emitted whenever an active runtime is suspended. On resume, the + existing `RuntimeStartedEvent` is emitted. + +- go/registry: Remove TLS Addresses from Node descriptors + ([#5100](https://github.com/oasisprotocol/oasis-core/issues/5100)) + + As of [#5085](https://github.com/oasisprotocol/oasis-core/pull/5085) the TLS + addresses are unused. Albeit also unused, the TLS public keys remain part + of node descriptors. + +- go/registry: Remove Consensus RPC role from Node descriptors + ([#5100](https://github.com/oasisprotocol/oasis-core/issues/5100)) + + As of [#5085](https://github.com/oasisprotocol/oasis-core/pull/5085) the role + is unused. + +- go/staking: Add MinCommissionRate parameter + ([#5102](https://github.com/oasisprotocol/oasis-core/issues/5102)) + + Also included support for updating the parameter via + `ConsensusParameterChanges` governance proposal. + +- go/staking: Add escrow requirement for updating commission schedule + ([#5102](https://github.com/oasisprotocol/oasis-core/issues/5102)) + + To prevent bloating the commission schedule state, the commission schedule can + only be updated for entities with enough stake to register a validator node. + +- go/registry: Add optional bundle checksum to runtime deployments + ([#5112](https://github.com/oasisprotocol/oasis-core/issues/5112)) + +- go/sgx/ias: Add support for blacklisting GIDs + ([#5113](https://github.com/oasisprotocol/oasis-core/issues/5113)) + +- go/registry: Support changing a runtime's owner + ([#5114](https://github.com/oasisprotocol/oasis-core/issues/5114)) + +- go/common/node: Cleanup VRF configuration as it is mandatory + ([#5127](https://github.com/oasisprotocol/oasis-core/issues/5127)) + + Simplify types by removing the ability for a node's VRF to be nil. Note + that in practice (e.g. in all existing deployments) it was already + mandatory as registering a node without it set would always fail. + +- go/keymanager/api: Move key manager gas costs + ([#5166](https://github.com/oasisprotocol/oasis-core/issues/5166)) + + Consensus parameters were added to the key manager state and key manager gas + costs were moved from the registry state to the key manager state. + +- go/roothash: Treat failure indications as stragglers + ([#5261](https://github.com/oasisprotocol/oasis-core/issues/5261)) + +- go/roothash: Optimize and refactor commitment pool processing + ([#5274](https://github.com/oasisprotocol/oasis-core/issues/5274)) + + The commitment pool processing has been optimized and refactored to improve + code readability: + + - The discrepancy detection has been modified to immediately switch to + the resolution mode when two commits differ, eliminating the necessity + to wait for the proposer's commitment. + + - The discrepancy resolution process was redesigned to fail as soon + as it becomes evident that no group of votes can attain the majority, + such as when there are too many failures. + +- go/roothash/commitment: Refactor executor commitment header + ([#5282](https://github.com/oasisprotocol/oasis-core/issues/5282)) + + The embedded compute results header struct has been changed to a field. + +- go/upgrade: Check all pending upgrades if we reached the upgrade epoch + ([#5287](https://github.com/oasisprotocol/oasis-core/issues/5287)) + +- go/consensus: Add block metadata to allow same-block state validation + ([#5292](https://github.com/oasisprotocol/oasis-core/issues/5292)) + +- go/consensus: Add provable events + ([#5294](https://github.com/oasisprotocol/oasis-core/issues/5294)) + +- go/consensus/roothash: Track runtime proposer liveness + ([#5334](https://github.com/oasisprotocol/oasis-core/issues/5334)) + + The roothash application now monitors the runtime proposer liveness, which + runtimes can utilize to penalize proposers with insufficient commitments. + To activate penalties for such nodes, the executor committee parameters + need to be updated by configuring the following setting: + + - `MaxMissedProposalsPercent`: The maximum percentage of proposed rounds + in an epoch that can fail for a node to be considered live. Zero means + that all proposed rounds can fail. + +- go/staking: Enable changing the reward schedule + ([#5352](https://github.com/oasisprotocol/oasis-core/issues/5352)) + + The ability to change the reward schedule in the staking consensus + parameters through a governance vote was added. + +- go/worker/compute/executor/committee: Support backup proposers + ([#5354](https://github.com/oasisprotocol/oasis-core/issues/5354)) + + Starting now, all executor committee workers are permitted to schedule + transactions, each with distinct per-round priority. Priority dictates + the time after which a worker can propose a new batch. The consensus + layer tracks all published executor commitments and tries to build + a new runtime block on a proposal with the highest priority. + +- Add observer node role + ([#5357](https://github.com/oasisprotocol/oasis-core/issues/5357)) + +- roothash: Store past runtime state and I/O roots in consensus state + ([#5359](https://github.com/oasisprotocol/oasis-core/issues/5359)) + + A new roothash consensus parameter was added (`MaxPastRootsStored`), + which enables storing runtime state and I/O roots for the past + `MaxPastRootsStored` rounds in the consensus state. + This enables easier cross-runtime communication. + +- go/oasis-node: Move "debug fix-genesis" subcommand to "genesis migrate" + ([#5360](https://github.com/oasisprotocol/oasis-core/issues/5360)) + +- scheduler: Add option to change voting power distribution + ([#5365](https://github.com/oasisprotocol/oasis-core/issues/5365)) + + The ability to change the voting power distribution via consensus + governance was added. + The two options currently available are linear (the original, where + voting power is linearly proportional to the stake) and sqrt (new, + where voting power is proportional to the square root of the stake). + +### Configuration Changes + +- go/consensus/tendermint: Refactor seed node and peer addresses + ([#4964](https://github.com/oasisprotocol/oasis-core/issues/4964)) + + Until now a seed node was a Tendermint backend-specific construct which + supported only one service. To provide support for other services we had + to refactor the seed node and generalize peer addresses. This led to the + following configuration changes. + + Seed nodes: + + - Tendermint seed mode setting `consensus.tendermint.mode:seed` was removed + and replaced with `mode:seed`. Full and archive modes remained intact and + can still be used in non-seed node configurations. + + Non-seed nodes: + + - Setting `consensus.tendermint.seed` was removed and replaced with + `p2p.seeds`. + + - Setting `consensus.tendermint.p2p.unconditional_peer_ids` was renamed to + `consensus.tendermint.p2p.unconditional_peer`. + + General: + + - Persistent peers and seed nodes' addresses were generalized to the form + `pubkey@IP:port` which affected settings `p2p.seeds`, + `consensus.tendermint.p2p.persistent_peer` and + `consensus.tendermint.sentry.upstream_address` (until now we used the + form `ID@IP:port`) + + - Similarly, peers are now identified through p2p public keys which affected + setting `consensus.tendermint.p2p.unconditional_peer` (until now we used + Tendermint IDs). + + Tendermint specific configuration of a seed node stayed the same. The node + can still be tuned through `consensus.tendermint.p2p.*` settings. + +- go/worker/common/p2p: Refactor P2P package + ([#4996](https://github.com/oasisprotocol/oasis-core/issues/4996)) + + We are planning to use our P2P network not only for runtime but also for + consensus-related services. Therefore, it makes sense to move the P2P package + up in the hierarchy and rename its configuration flags. + + The following configuration changes were made to the p2p config flags: + + - Prefix `worker.` was dropped. + + - Flags for the same feature were grouped under the same prefix. + + - Flag `worker.client.addresses` was removed. + + Below is the list of modified flags that can be used to configure p2p network: + + - `p2p.port` + + - `p2p.registration.addresses` + + - `p2p.gossipsub.peer_outbound_queue_size` + + - `p2p.gossipsub.validate_queue_size` + + - `p2p.gossipsub.validate_concurrency` + + - `p2p.gossipsub.validate_throttle` + + - `p2p.connection_manager.max_num_peers` + + - `p2p.connection_manager.peer_grace_period` + + - `p2p.connection_manager.persistent_peers` + + - `p2p.connection_gater.blocked_peers` + + - `p2p.peer_manager.connectedness_low_water` + +- Configuration changes + ([#5070](https://github.com/oasisprotocol/oasis-core/issues/5070)) + + The node now supports a configuration file that holds all the settings + that were previously available via command-line options. + The command-line options themselves have been removed in favor of + the config file. + + The config file supports environment variable substitution using + the `envsubst` package + ([usage information](https://github.com/a8m/envsubst#docs)). + + The following options have been removed: + + - `consensus.tendermint.mode` in favor of using the global node mode (`mode`). + + - `runtime.mode` in favor of using the global node mode (`mode`). + + - `worker.client.port` as it is no longer needed. + + - `worker.registration.force_register` as it is deprecated. + + The following options have been renamed: + + - `datadir` to `common.data_dir`. + + - `log.file` to `common.log.file`. + + - `log.format` to `common.log.format`. + + - `log.level` to `common.log.level`. The log level is now a map of module + to log level. Use the `default` module to map the default log level. + + - `debug.rlimit` to `common.debug.rlimit`. + + - `debug.allow_root` to `common.debug.allow_root`. + + - `pprof.bind` to `pprof.bind_address`. + + - `consensus.tendermint.*` to `consensus.*`. + + - `consensus.tendermint.core.listen_address` to `consensus.listen_address`. + + - `consensus.tendermint.core.external_address` to + `consensus.external_address`. + + - `consensus.tendermint.log.debug` to `consensus.log_debug`. + + - `consensus.tendermint.light_client.trust_period` to + `consensus.state_sync.trust_period`. + + - `consensus.tendermint.seed.debug.disable_addr_book_from_genesis` to + `consensus.debug.disable_addr_book_from_genesis`. + + - `consensus.tendermint.sentry.upstream_address` to + `consensus.sentry_upstream_addresses`. + + - `consensus.tendermint.upgrade.stop_delay` to + `consensus.upgrade_stop_delay`. + + - `consensus.tendermint.supplementarysanity.*` to + `consensus.supplementary_sanity.*`. + + - `consensus.tendermint.p2p.persistent_peer` to + `consensus.p2p.persistent_peers`. + + - `consensus.tendermint.p2p.unconditional_peer` to + `consensus.p2p.unconditional_peers`. + + - `ias.proxy.address` to `ias.proxy_addresses`. + + - `ias.debug.skip_verify` to `ias.debug_skip_verify`. + + - `runtime.sandbox.binary` to `runtime.sandbox_binary`. + + - `runtime.sgx.loader` to `runtime.sgx_loader`. + + - `runtime.history.pruner.*` to `runtime.history_pruner.*`. + + - `worker.sentry.addresses` to `runtime.sentry_addresses`. + + - `worker.tx_pool.*` to `runtime.tx_pool.*`. + + - `worker.keymanager.*` to `keymanager.*`. + + - `worker.keymanager.runtime.id` to `keymanager.runtime_id`. + + - `worker.registration.*` to `registration.*`. + + - `worker.sentry.*` to `sentry.*`. + + - `worker.sentry.control.authorized_pubkey` to + `sentry.control.authorized_pubkeys`. + + - `worker.storage.*` to `storage.*`. + + - `worker.storage.public_rpc.enabled` to `storage.public_rpc_enabled`. + + - `worker.storage.checkpoint_sync.disabled` to + `storage.checkpoint_sync_disabled`. + +- Use libp2p backed light client for Tendermint state sync + ([#5085](https://github.com/oasisprotocol/oasis-core/issues/5085)) + + The `"consensus.tendermint.state_sync.consensus_node"` flag is removed. P2P + peers for state sync are automatically selected. + +- Configuration file migration + ([#5237](https://github.com/oasisprotocol/oasis-core/issues/5237)) + + To migrate your node's YAML config file from the old format + to the new, you can use the node's `config migrate` subcommand. + Pass the path to the old config file with `--in` and specify + the new config file name with `--out`. + + For example: + `oasis-node config migrate --in old.yaml --out new.yaml`. + + The migration subcommand logs the various changes it makes and + warns you if a config option is no longer supported, etc. + At the end, any unknown sections of the input config file are + printed to the terminal to give you a chance to review them + and make manual changes if required. + + Note that the migration subcommand does not preserve comments + and order of sections from the input YAML config file. + You should always carefully read the output of this command, + as well as compare the generated config file with the + original before using it. + +### Features + +- go/p2p: Bootstrap libp2p peers using seed nodes + ([#4981](https://github.com/oasisprotocol/oasis-core/issues/4981)) + + Seed nodes can now bootstrap libp2p peers. Bootstrapping can be enabled or + disabled using a new configuration setting named + `p2p.discovery.bootstrap.enable` + which can be used on seed nodes as well as non-seed nodes (e.g. clients, + key managers). The latter can also configure how frequently peers are fetched + from the seed nodes with + `p2p.discovery.bootstrap.retention_period`. + +- go/oasis-node: Always start libp2p node + ([#4995](https://github.com/oasisprotocol/oasis-core/issues/4995)) + + Validator nodes are currently not part of our P2P network as it consists + only of nodes that have runtimes configured. Always starting the libp2p + node will make them available for consensus-related services. + + As validators now participate in the p2p network, the configuration of + publicly routable p2p addresses through `worker.p2p.addresses` flag is + mandatory in a production setting. + +- go/p2p/rpc: add support for consensus-wide libp2p protocols + ([#5000](https://github.com/oasisprotocol/oasis-core/issues/5000)) + +- go/consensus/tendermint/apps/staking: Reduce DelegationsTo scanning + ([#5011](https://github.com/oasisprotocol/oasis-core/issues/5011)) + +- staking: specify slashed debonding amount in TakeEscrowEvent + ([#5016](https://github.com/oasisprotocol/oasis-core/issues/5016)) + + The newly introduced field lets observers distinguish how much + was slashed from the active escrow pool and how much from the + debonding escrow pool. + +- go/staking: reduce DebondingDelegationsFor scanning + ([#5022](https://github.com/oasisprotocol/oasis-core/issues/5022)) + +- registry: Add MaxRuntimeDeployments parameter + ([#5049](https://github.com/oasisprotocol/oasis-core/issues/5049)) + +- go/worker/keymanager: Show current key manager policy in the node status + ([#5079](https://github.com/oasisprotocol/oasis-core/issues/5079)) + +- go/worker/keymanager: Show global key manager status in node status + ([#5080](https://github.com/oasisprotocol/oasis-core/issues/5080)) + +- go/registry: Add WatchEvents method + ([#5088](https://github.com/oasisprotocol/oasis-core/issues/5088)) + + Method for following emitted registry event was added to the registry backend. + +- runtime/src/enclave_rpc: Verify RPC quotes with key manager quote policy + ([#5092](https://github.com/oasisprotocol/oasis-core/issues/5092)) + +- keymanager/src/client: Fetch public keys using insecure RPC requests + ([#5101](https://github.com/oasisprotocol/oasis-core/issues/5101)) + +- go/staking: Add `CommissionScheduleAddresses` method + ([#5102](https://github.com/oasisprotocol/oasis-core/issues/5102)) + + The new method returns addresses of accounts with non-empty commission + schedule configured. + +- go/consensus: Add missing early exits when simulating transactions + ([#5104](https://github.com/oasisprotocol/oasis-core/issues/5104)) + + Some transactions were missing the early exit after gas accounting when + simulating transactions. + +- go/common/sgx/pcs: Add support for PCS v4 and TCB info v3 + ([#5108](https://github.com/oasisprotocol/oasis-core/issues/5108)) + +- go/common/node: Add runtime encryption key (REK) + ([#5125](https://github.com/oasisprotocol/oasis-core/issues/5125)) + + The new key allows enclaves to publish encrypted data on-chain to an enclave + instance. + +- runtime/src/enclave_rpc: Support calls to explicit key manager members + ([#5156](https://github.com/oasisprotocol/oasis-core/issues/5156)) + + Key manager enclaves can now request a host to talk not only to a randomly + chosen key manager instance, but also to a specific instance. The identity + of the remote node is verified only in Noise sessions. In these, the enclave + obtains the other instance's trusted RAK from the consensus layer and compares + it to the one used throughout the session. + +- keymanager: Add forward-secrecy to ephemeral keys + ([#5158](https://github.com/oasisprotocol/oasis-core/issues/5158)) + + Deriving ephemeral keys from the key manager's master secret did not guarantee + forward secrecy. In order to fulfill this requirement, we needed ephemeral + secrets that are randomly generated on every epoch and distributed securely + amongst enclave executors. + +- go/runtime: Reduce downtime for TEE runtime upgrades + ([#5188](https://github.com/oasisprotocol/oasis-core/issues/5188)) + +- keymanager/src/runtime: Support master secret rotations + ([#5196](https://github.com/oasisprotocol/oasis-core/issues/5196)) + + Key managers now have the ability to rotate the master secret + at predetermined intervals. Each rotation introduces a new generation, + or version, of the master secret that is sequentially numbered, starting + from zero. These rotations occur during key manager status updates, which + typically happen during epoch transitions. To perform a rotation, + one of the key manager enclaves must publish a proposal for the next + generation of the master secret, which must then be replicated by + the majority of enclaves. If the replication process is not completed + by the end of the epoch, the proposal can be replaced with a new one. + + The following metrics have been added: + + - `oasis_worker_keymanager_consensus_ephemeral_secret_epoch_number` + is the epoch number of the latest ephemeral secret. + + - `oasis_worker_keymanager_consensus_master_secret_generation_number` + is the generation number of the latest master secret. + + - `oasis_worker_keymanager_consensus_master_secret_rotation_epoch_number` + is the epoch number of the latest master secret rotation. + + - `oasis_worker_keymanager_consensus_master_secret_proposal_generation_number` + is the generation number of the latest master secret proposal. + + - `oasis_worker_keymanager_consensus_master_secret_proposal_epoch_number` + is the epoch number of the latest master secret proposal. + + - `oasis_worker_keymanager_enclave_ephemeral_secret_epoch_number` + is the epoch number of the latest ephemeral secret loaded into the enclave. + + - `oasis_worker_keymanager_enclave_master_secret_generation_number` + is the generation number of the latest master secret as seen by the enclave. + + - `oasis_worker_keymanager_enclave_master_secret_proposal_generation_number` + is the generation number of the latest master secret proposal loaded + into the enclave. + + - `oasis_worker_keymanager_enclave_master_secret_proposal_epoch_number` + is the epoch number of the latest master secret proposal loaded + into the enclave. + + - `oasis_worker_keymanager_enclave_generated_master_secret_generation_number` + is the generation number of the latest master secret generated + by the enclave. + + - `oasis_worker_keymanager_enclave_generated_master_secret_epoch_number` + is the epoch number of the latest master secret generated by the enclave. + + - `oasis_worker_keymanager_enclave_generated_ephemeral_secret_epoch_number` + is the epoch number of the latest ephemeral secret generated by the enclave. + + The following metrics have had runtime labels added: + + - `oasis_worker_keymanager_compute_runtime_count`, + + - `oasis_worker_keymanager_policy_update_count`. + +- Move halt epoch from genesis to node-local configuration + ([#5200](https://github.com/oasisprotocol/oasis-core/issues/5200)) + +- keymanager/src/runtime: Verify and modify init request + ([#5204](https://github.com/oasisprotocol/oasis-core/issues/5204)) + + The init request was never verified against the consensus layer state and, + therefore, was not trustworthy. To make this request more informative and + easily verifiable against consensus, it was extended to include all key + manager status fields. + +- go: Cache TCB bundles and lower refreshing frequency + ([#5245](https://github.com/oasisprotocol/oasis-core/issues/5245)) + + Mainly this means the node will make significantly fewer requests for + fetching TCB bundles. Because these are now stored locally in the + persistent store, this mechanism also enables a degree of tolerance + against transient fetch failures in cases where a stored bundle is still + valid. + +- go/runtime/host/sgx: Add metrics for attestations + ([#5254](https://github.com/oasisprotocol/oasis-core/issues/5254)) + +- go/control/api: Improve node registration status clarity + ([#5256](https://github.com/oasisprotocol/oasis-core/issues/5256)) + + Three new fields have been added to the node's control status output + under the registration status section: + + - `last_attempt_successful` - true if the last registration attempt + succeeded. + - `last_attempt_error_message` - error message if the last registration + attempt failed. + - `last_attempt` - time of the last registration attempt. + + Also, if the registration descriptor is expired, it is no longer + shown in the output. + +- go/worker/storage: Add storage worker status message + ([#5262](https://github.com/oasisprotocol/oasis-core/issues/5262)) + + A status message that shows the current state of the storage worker + was added to the node's storage worker's status output. + This enables the node operator to quickly check if the storage worker + is still initializing, syncing checkpoints, or syncing rounds. + +- go/worker/compute: Optimize backup worker commit submission + ([#5264](https://github.com/oasisprotocol/oasis-core/issues/5264)) + + Backup compute workers now observe any gossiped commitments and pre-empt + consensus when it is obvious that there will be a discrepancy declared. + +- tests: Support cross-version upgrade tests + ([#5267](https://github.com/oasisprotocol/oasis-core/issues/5267)) + +- runtime/consensus/tendermint/verifier: Support same-block validation + ([#5300](https://github.com/oasisprotocol/oasis-core/issues/5300)) + + The post-execution state of the latest consensus block is now verified + using the block metadata transaction, effectively eliminating any block + delay for state verification. + +- go/control: Add runtime provisioner type to host status output + ([#5301](https://github.com/oasisprotocol/oasis-core/issues/5301)) + +- go/oasis-test-runner: Run the test runner and scenarios for limited time + ([#5304](https://github.com/oasisprotocol/oasis-core/issues/5304)) + + The test runner and scenarios can now be configured to run for a limited + duration using the following flags: + + - `timeout`: the maximum allowable total duration for all scenarios, + + - `scenario_timeout`: the maximum allowable duration for an individual + scenario. + +- go/worker/keymanager/status: Show active version of the km runtime + ([#5320](https://github.com/oasisprotocol/oasis-core/issues/5320)) + + The status of the key manager was updated to include a new attribute called + `active_version`, which stores the version number of the currently deployed + key manager runtime. If no deployment is active, the value is set to null. + +- go/p2p: implement various metrics collection + ([#5327](https://github.com/oasisprotocol/oasis-core/issues/5327)) + + The following Prometheus metrics were added: + + - `oasis_p2p_peers` + - `oasis_p2p_blocked_peers` + - `oasis_p2p_connections` + - `oasis_p2p_topics` + - `oasis_p2p_protocols` + + See [metrics documentation] for descriptions of metrics. + + [metrics documentation]: https://docs.oasis.io/core/oasis-node/metrics + +- go/sgx/ias: Add support for v5 AVR + ([#5372](https://github.com/oasisprotocol/oasis-core/issues/5372)) + +- go/oasis-node/cmd: Deprecate subcommands in favor of Oasis CLI + ([#5376](https://github.com/oasisprotocol/oasis-core/issues/5376)) + + The following `oasis-node` subcommands have been deprecated and should no + longer be used in favor of the [Oasis CLI]: + + - `consensus *` + - `control runtime-stats` + - `debug bundle *` + - `governance *` + - `keymanager *` + - `registry *` + - `signer *` + - `stake *` + + They will be removed in a future release. + + [Oasis CLI]: https://docs.oasis.io/general/manage-tokens/cli/ + +### Bug Fixes + +- go/runtime/txpool: republish sooner if republish limit is reached + ([#5003](https://github.com/oasisprotocol/oasis-core/issues/5003)) + + This fixes a case where some portion of a batch of transaction would take a + long time to be published if there are no new transactions incoming. + +- go/worker/common: Reorder state determination checks + ([#5005](https://github.com/oasisprotocol/oasis-core/issues/5005)) + + Otherwise the shown state would be misleading, e.g. showing that it is + waiting for runtime host being provisioned while it is actually blocked + in initialization like storage sync. + +- go/p2p/rpc: Fix multi call dispatch to different peers + ([#5005](https://github.com/oasisprotocol/oasis-core/issues/5005)) + +- go/storage/mkvs/checkpoint: Exclude initial version when pruning + ([#5005](https://github.com/oasisprotocol/oasis-core/issues/5005)) + +- go/worker/storage: Fix case when checkpoint sync disabled but forced + ([#5005](https://github.com/oasisprotocol/oasis-core/issues/5005)) + + If checkpoint sync is disabled but sync has been forced (e.g. because + the state at genesis is non-empty), we must request to sync the + checkpoint at genesis as otherwise we will jump to a later state which + may not be desired given that checkpoint sync has been explicitly + disabled via config. + +- go/p2p/rpc: Fix peer grading when context is canceled + ([#5007](https://github.com/oasisprotocol/oasis-core/issues/5007)) + + When method `CallMulti` finishes early, the requests in progress are canceled + and unfairly recorded as failed. + +- go/p2p/rpc: Fix memory leak when RPC multi call finishes early + ([#5007](https://github.com/oasisprotocol/oasis-core/issues/5007)) + + When method `CallMulti` finishes early, the result channel is never cleared. + Therefore, the channel never closes and leaves one go routine hanging. + +- go/common/workerpool: Fix memory leak when workerpool is stopped early + ([#5008](https://github.com/oasisprotocol/oasis-core/issues/5008)) + + When workerpool si stopped, the job channel might still contain jobs which + haven't been processed. Therefore, the channel never closes and leaves one + go routine hanging. + +- runtime: Properly handle state root verification on backup nodes + ([#5053](https://github.com/oasisprotocol/oasis-core/issues/5053)) + +- runtime/consensus/tendermint/verifier: Correctly compare headers + ([#5068](https://github.com/oasisprotocol/oasis-core/issues/5068)) + + Since the store may have an earlier (non-canonical, but valid) version + of the block available, we need to only compare the actual header and + not the commits/signatures. + + This is because it can happen that during the immediate sync the light + block does not yet contain all of the commits (but only just enough to + be valid, e.g. 2/3+) and this gets stored in the light block store. + Later on (e.g. during a query) the presented light block may have the + full set of commits. + +- go/control/status: Take storage into account for last retained round + ([#5074](https://github.com/oasisprotocol/oasis-core/issues/5074)) + + When local storage is available (e.g. in stateful nodes), the report should + only include a round for which storage is available. + +- go/runtime/registry: Fix watching policy updates + ([#5092](https://github.com/oasisprotocol/oasis-core/issues/5092)) + + When multiple key managers were running, the last known status of the + runtime's key manager was overwritten with each status update. On runtime + (re)starts, this resulted in the wrong policy being set. + +- go/consensus: Ensure state has the correct chain context + ([#5107](https://github.com/oasisprotocol/oasis-core/issues/5107)) + + Previously one could accidentally copy state from one network but use a + genesis document from a different one, causing state corruption during + Tendermint block replay. + + There is now a check to ensure we abort early. + +- go/runtime/registry: Fix key manager (quote) policy updates + ([#5111](https://github.com/oasisprotocol/oasis-core/issues/5111)) + + When a key manager (quote) policy update fails, the host should retry the + update until the policy is updated. For example, when using Tendermint as + a backend service, the first update will always fail because the consensus + verifier sees new blocks with a one-block delay. + +- go/tendermint: Change order of events returned from GetEvents() + ([#5117](https://github.com/oasisprotocol/oasis-core/issues/5117)) + + The new order reflects the order in which the events were + generated during block execution. + +- go/worker/client: Better handle latest round queries with verification + ([#5123](https://github.com/oasisprotocol/oasis-core/issues/5123)) + + When a query is requesting to be executed against the latest round and + the runtime reports a consensus verifier error, use an earlier round + instead as the latest round may not yet be verifiable by the light + client as it needs to wait for the validator signatures. + +- runtime: Fix verification of blocks between two trusted heights + ([#5134](https://github.com/oasisprotocol/oasis-core/issues/5134)) + +- runtime: Clear verification trace after block verification + ([#5148](https://github.com/oasisprotocol/oasis-core/issues/5148)) + +- go/consensus/tendermint/apps/keymanager: Fix committee construction + ([#5159](https://github.com/oasisprotocol/oasis-core/issues/5159)) + + Previously, a node was added to the key manager committee if the node's first + registered key manager runtime passed validation and matched the key manager + status. From now on, all supported versions of the key manager runtime must + pass this check. + +- go/worker/client: Ensure block round is synced to storage + ([#5160](https://github.com/oasisprotocol/oasis-core/issues/5160)) + + Previously the transaction inclusion checks could attempt to inspect a + block that the node has not yet synced, triggering an error. + +- go/worker/compute: Do not drop valid proposals + ([#5161](https://github.com/oasisprotocol/oasis-core/issues/5161)) + + Previously valid proposals could be dropped instead of being forwarded + via the P2P gossip when the local node's consensus view was slightly + behind even though the proposal was valid. With smaller committees and + certain topologies this could result in some nodes not getting the + proposals. + +- go/registry/api: Fix node registration when TEE not available + ([#5177](https://github.com/oasisprotocol/oasis-core/issues/5177)) + + Previously, registration skipped the TEE hardware verification if a node + registered without TEE capability. + +- go/runtime: Also re-attest based on MaxAttestationAge + ([#5187](https://github.com/oasisprotocol/oasis-core/issues/5187)) + +- go/runtime/host/sgx: Update QE target info during re-attestation + ([#5239](https://github.com/oasisprotocol/oasis-core/issues/5239)) + + This allows the node to continue working in case aesmd is upgraded while + the node is running. In this case the Quoting Enclave identity can + change and this requires the target info to be updated. + +- go/worker/client: Also treat literal latest round as latest + ([#5248](https://github.com/oasisprotocol/oasis-core/issues/5248)) + +- go/worker/compute/executor: Do not propose batch on epoch transition + ([#5260](https://github.com/oasisprotocol/oasis-core/issues/5260)) + + Previously a compute node could propose a new batch just before the + epoch transition happened, resulting in computation that will be + discarded anyway. + +- go/oasis-node/cmd/ias: Regenerate TLS certificate on startup + ([#5289](https://github.com/oasisprotocol/oasis-core/issues/5289), + [#5375](https://github.com/oasisprotocol/oasis-core/issues/5375)) + +- staking: Fix reward distribution when common pool is exhausted + ([#5319](https://github.com/oasisprotocol/oasis-core/issues/5319)) + +- go/storage/mkvs: Fix commit of nil entries + ([#5321](https://github.com/oasisprotocol/oasis-core/issues/5321)) + +- storage/sync: don't immediately trigger more round fetches on failures + ([#5326](https://github.com/oasisprotocol/oasis-core/issues/5326)) + +- go/common/cbor: Relax CBOR decoding for gRPC/RHP endpoints + ([#5335](https://github.com/oasisprotocol/oasis-core/issues/5335)) + +- go/worker/common: Reset runtime provisioned status on failure + ([#5361](https://github.com/oasisprotocol/oasis-core/issues/5361)) + +- go/registry: Do not verify node TEE capabilities during genesis + ([#5389](https://github.com/oasisprotocol/oasis-core/issues/5389)) + +- host/sgx/epid: ensure consistent IAS proxy usage for attestation + ([#5390](https://github.com/oasisprotocol/oasis-core/issues/5390)) + + Refactors the IAS proxy client to expose separate clients for each configured + IAS proxy, instead of load-balancing internally between endpoints on a + per-request basis. + + This is required because the attestation procedure requires three calls to + the IAS endpoint (`GetSPIDInfo`, `GetSigRL`, `VerifyEvidence`) which should + all interact with the same endpoint. + +### Documentation Improvements + +- docs: Use "chapter" and "section" terms consistently + ([#5384](https://github.com/oasisprotocol/oasis-core/issues/5384)) + +### Internal Changes + +- go/p2p: Improve peer manager's peer handling + ([#5002](https://github.com/oasisprotocol/oasis-core/issues/5002)) + + Peer manager currently connects to all nodes in the registry which has + multiple drawbacks (connections get pruned, no protocol selection, no peer + discovery). This should be changed so that peers are connected depending + on the supported protocols and the number of peers in a protocol/topic + should be regulated in a controlled fashion. + +- go/p2p/rpc: Refactor RPC calls + ([#5007](https://github.com/oasisprotocol/oasis-core/issues/5007)) + + Peer manager and RPC client are too tightly coupled. The client also doesn't + support simple RPC calls which call exactly one peer. + +- go: Ignore CVE-2022-44797 until tendermint uses newer btcd + ([#5024](https://github.com/oasisprotocol/oasis-core/issues/5024)) + +- go: Bump go-libp2p to 0.25.1, go-libp2p-pubsub to 0.9.0 + ([#5026](https://github.com/oasisprotocol/oasis-core/issues/5026), + [#5087](https://github.com/oasisprotocol/oasis-core/issues/5087), + [#5180](https://github.com/oasisprotocol/oasis-core/issues/5180)) + +- go: update dependencies + ([#5029](https://github.com/oasisprotocol/oasis-core/issues/5029)) + +- Bump Go to 1.19.3 + ([#5030](https://github.com/oasisprotocol/oasis-core/issues/5030)) + +- rust: update dependencies + ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) + +- go: Bump Tendermint to v0.34.23 + ([#5033](https://github.com/oasisprotocol/oasis-core/issues/5033)) + +- runtime: Bump oasis-cbor to 0.5.1 + ([#5035](https://github.com/oasisprotocol/oasis-core/issues/5035)) + +- runtime: Bump tendermint-rs to 0.29.0 + ([#5037](https://github.com/oasisprotocol/oasis-core/issues/5037), + [#5106](https://github.com/oasisprotocol/oasis-core/issues/5106), + [#5190](https://github.com/oasisprotocol/oasis-core/issues/5190)) + +- runtime/src/enclave_rpc: Add support for insecure key manager RPC requests + ([#5075](https://github.com/oasisprotocol/oasis-core/issues/5075)) + + The key manager uses encrypted sessions to authenticate clients and protect + sensitive data. The number of sessions is limited, thus susceptible to DoS + attacks. A malicious client can establish multiple sessions in parallel, + preventing other clients from making requests. Furthermore, since each + session is encrypted, the exchanged messages cannot be read or modified. + For public key requests this is not ideal as one would want to cache the + responses locally and serve them to other clients to unburden the manager. + Large quotes also cannot be removed from the exchanged messages if we are + sure that the recipient can obtain them through some other means. Supporting + insecure key manager RPC requests solves some of the before mentioned problems + and leaves space for further optimizations. + +- go/p2p/PeerManager: enable subscribing to peer updates + ([#5083](https://github.com/oasisprotocol/oasis-core/issues/5083)) + + Adds `WatchUpdates` method to the `PeerManager` which allows subscribing to + peer updates (peers being added or removed). + +- runtime/src/protocol: Deserialize unknown rhp messages as invalid + ([#5094](https://github.com/oasisprotocol/oasis-core/issues/5094)) + + Runtime-host protocol terminated the reader thread when failed to deserialize + a runtime message on the Rust side (e.g. when `Body` enum contained an unknown + field). Decoding is now more robust as these messages are deserialized as + invalid and latter discarded and logged as malformed by the handler. + +- go: Bump golang.org/x/net to 0.13.0 + ([#5095](https://github.com/oasisprotocol/oasis-core/issues/5095), + [#5337](https://github.com/oasisprotocol/oasis-core/issues/5337)) + +- go/grpc: remove unused gRPC code + ([#5100](https://github.com/oasisprotocol/oasis-core/issues/5100)) + + Removes a lot of unneeded gRPC code since no runtime or consensus protocols + use it for communication anymore. + +- runtime: Bump tokio to 1.29.1 + ([#5120](https://github.com/oasisprotocol/oasis-core/issues/5120), + [#5330](https://github.com/oasisprotocol/oasis-core/issues/5330)) + +- crypto/x25519: Add type-safe X25519 private/public key types + ([#5121](https://github.com/oasisprotocol/oasis-core/issues/5121)) + +- runtime: Refactor consensus verifier predicates + ([#5128](https://github.com/oasisprotocol/oasis-core/issues/5128)) + +- ci: Explicitly use Ubuntu 22.04 for release builds + ([#5131](https://github.com/oasisprotocol/oasis-core/issues/5131)) + + This avoids the situation when ubuntu-latest gets changed to something + else, possibly imposing a different set of dependencies. + +- runtime/src/protocol: Remove consensus version compatibility check + ([#5135](https://github.com/oasisprotocol/oasis-core/issues/5135)) + + Consensus version check was a sanity check which didn't allow dump-restore + upgrades. The removal did no harm as the consensus version was never + authenticated and light clients use the verifier to check state compatibility + and authenticity. + +- docker: Bump base image to Ubuntu 22.04 + ([#5141](https://github.com/oasisprotocol/oasis-core/issues/5141)) + +- runtime: Attempt to flush buffers before aborting + ([#5146](https://github.com/oasisprotocol/oasis-core/issues/5146)) + +- runtime: Simplify the LRU-backed consensus verifier light store + ([#5149](https://github.com/oasisprotocol/oasis-core/issues/5149)) + +- runtime: Reduce the size of the light block LRU store + ([#5150](https://github.com/oasisprotocol/oasis-core/issues/5150)) + +- go/consensus/supplementarysanity: Fix checks for legacy validators + ([#5168](https://github.com/oasisprotocol/oasis-core/issues/5168)) + +- docker: Bump cargo-tarpaulin to 0.25.0 + ([#5191](https://github.com/oasisprotocol/oasis-core/issues/5191)) + +- go: Bump go-libp2p-pubsub to 0.9.1 + ([#5195](https://github.com/oasisprotocol/oasis-core/issues/5195)) + +- keymanager: Add support for master secret generations + ([#5198](https://github.com/oasisprotocol/oasis-core/issues/5198)) + + Refactored key manager's init method to be able to support multiple + generations of the master secret. + +- go/keymanager/api: Add signed encrypted master secret + ([#5199](https://github.com/oasisprotocol/oasis-core/issues/5199)) + +- runtime: Always use host node ID when verifying freshness with RAK + ([#5201](https://github.com/oasisprotocol/oasis-core/issues/5201)) + + This avoids an initial scan over all the nodes in the registry. + +- rust: Bump tempfile to 3.4.0 + ([#5213](https://github.com/oasisprotocol/oasis-core/issues/5213)) + +- runtime: Use a limited multi-threaded Tokio runtime in SGX + ([#5214](https://github.com/oasisprotocol/oasis-core/issues/5214)) + +- keymanager: Support policies in unsafe builds + ([#5215](https://github.com/oasisprotocol/oasis-core/issues/5215)) + +- go/worker/keymanager: Optimize enclave initialization + ([#5218](https://github.com/oasisprotocol/oasis-core/issues/5218)) + + Enclave initialization was moved into its own goroutine to avoid blocking + the main loop of the key manager worker. Once initialization is completed, + the resulting state of the enclave is compared to the latest key manager + status. If the latter has changed, initialization is performed again. + + This will be useful when we deploy master secret rotation since new secrets + may be generated while old secrets are being replicated which can result + in an outdated state once initialization finishes. + +- runtime: Refactor Tokio runtime constructor + ([#5220](https://github.com/oasisprotocol/oasis-core/issues/5220)) + +- docker: Switch to ghcr.io for container registry + ([#5224](https://github.com/oasisprotocol/oasis-core/issues/5224)) + +- Bump Go to 1.20.2 + ([#5228](https://github.com/oasisprotocol/oasis-core/issues/5228)) + +- runtime: Bump tendermint-rs to 0.30.0 + ([#5234](https://github.com/oasisprotocol/oasis-core/issues/5234)) + +- go/oasis-node/cmd/config: Add the migrate subcommand + ([#5237](https://github.com/oasisprotocol/oasis-core/issues/5237)) + + A new `migrate` subcommand is added to the node's `config` + command. This subcommand can be used to automatically migrate + the old YAML config file into the new format introduced in + commit 2a132b3. + + The subcommand logs the various changes it makes and warns the + user if a config option is no longer supported, etc. + At the end, any unknown sections of the input config file are + printed to the terminal to give the user a chance to review + them and make manual changes if appropriate. + +- go: Switch to CometBFT v0.34.27 + ([#5268](https://github.com/oasisprotocol/oasis-core/issues/5268)) + +- go: Remove timecache replace directive in go.mod file + ([#5272](https://github.com/oasisprotocol/oasis-core/issues/5272)) + + The replace directive for github.com/whyrusleeping/timecache has been removed + since the go-libp2p-pubsub library version 0.9.3 no longer utilizes it. + +- go: Remove flatbuffers replace directive in go.mod file + ([#5273](https://github.com/oasisprotocol/oasis-core/issues/5273)) + + The replace directive for github.com/google/flatbuffers has been removed + since the badger library version 3.2103.4 uses the same version 1.12.1. + +- go: Bump CometBFT to v0.37.1 + ([#5280](https://github.com/oasisprotocol/oasis-core/issues/5280)) + +- runtime/consensus/roothash: Implement executor commitment structures + ([#5282](https://github.com/oasisprotocol/oasis-core/issues/5282)) + + Structures and functions related to executor commitments were added + in order to be used later for executor commitment verification. + +- go/consensus/tendermint: Implement {Prepare,Process}Proposal + ([#5285](https://github.com/oasisprotocol/oasis-core/issues/5285)) + + This also makes the nodes execute the proposal in the prepare/process + phase such that advanced modification (e.g. including meta transactions + based on results) and validation (e.g. rejecting blocks with invalid + transactions) becomes possible. + +- go: Update fixgenesis command + ([#5286](https://github.com/oasisprotocol/oasis-core/issues/5286)) + + Make the fixgenesis command update a few more consensus parameters. + +- go: Rename Tendermint to CometBFT + ([#5291](https://github.com/oasisprotocol/oasis-core/issues/5291)) + +- go: Bump go-libp2p to 0.28.1 + ([#5297](https://github.com/oasisprotocol/oasis-core/issues/5297)) + +- go/consensus/cometbft: Use generic data directory names + ([#5299](https://github.com/oasisprotocol/oasis-core/issues/5299)) + + The following subdirectories under the node's data directory have been + renamed: + + - `tendermint` to `consensus` + - `tendermint/abci-state` to `consensus/state` + - `tendermint-seed` to `seed` (on seed nodes only) + +- go: Bump cometbft to v0.37.2-oasis1 + ([#5306](https://github.com/oasisprotocol/oasis-core/issues/5306)) + +- go/oasis-test-runner: Build key manager runtime with trust root + ([#5307](https://github.com/oasisprotocol/oasis-core/issues/5307)) + + The runtime trust-root scenarios now build not only the simple key/value + but also the key manager runtime with an embedded trust root. + +- go: Remove TLS certificate rotation + ([#5318](https://github.com/oasisprotocol/oasis-core/issues/5318)) + + We use libp2p for all communication now, so TLS certificate rotation is + no longer needed. + +- tests/upgrade: Test master secrets + ([#5325](https://github.com/oasisprotocol/oasis-core/issues/5325)) + + The upgrade scenario was enhanced to test runtime and key manager upgrades, + trust roots and master secret rotations. + +- go: Bump go-libp2p to 0.29.2 + ([#5338](https://github.com/oasisprotocol/oasis-core/issues/5338), + [#5339](https://github.com/oasisprotocol/oasis-core/issues/5339)) + +- runtime: Bump ed25519-dalek to 2.0.0 + ([#5351](https://github.com/oasisprotocol/oasis-core/issues/5351)) + +- runtime: Bump rsa to 0.9.2 + ([#5351](https://github.com/oasisprotocol/oasis-core/issues/5351)) + +- runtime: Bump sha2 to 0.10.7, hmac to 0.12.1 + ([#5351](https://github.com/oasisprotocol/oasis-core/issues/5351)) + +- go: Bump go-libp2p to 0.30.0 + ([#5355](https://github.com/oasisprotocol/oasis-core/issues/5355)) + +- go: Bump go to 1.21.0 + ([#5356](https://github.com/oasisprotocol/oasis-core/issues/5356)) + ## 22.2 (2022-10-13) | Protocol | Version | From d60caaa6ddeaa13c051078c78f63a728be0f12c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tadej=20Jane=C5=BE?= Date: Tue, 10 Oct 2023 17:32:09 +0200 Subject: [PATCH 2/2] changelog: Refine and polish 23.0 release section --- CHANGELOG.md | 787 ++++++++++++++++++++++++++++----------------------- 1 file changed, 439 insertions(+), 348 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index add8474c62e..2ff9d3ead31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,9 +22,11 @@ The format is inspired by [Keep a Changelog]. ### Removals and Breaking Changes -- go/registry: Remove support for DeprecatedBeacon +- go/registry: Remove support for deprecated PVSS based random beacon ([#4394](https://github.com/oasisprotocol/oasis-core/issues/4394)) + Remove the backward compatibility placeholder `DeprecatedBeacon` field + from the node descriptor. The PVSS backend is no longer present in 22.x and so the field is now removed, and even genesis registrations without a VRF signing key will be rejected. @@ -32,6 +34,9 @@ The format is inspired by [Keep a Changelog]. - go/consensus/tendermint/apps/beacon: Do gas accounting earlier ([#4667](https://github.com/oasisprotocol/oasis-core/issues/4667)) + The VRF proof submission tx has gas use happen too late, and can in certain + circumstances underestimate the amount of gas the tx will cost. + - go/common/crypto/signature: Use ECVRF v16 ([#4668](https://github.com/oasisprotocol/oasis-core/issues/4668)) @@ -39,7 +44,7 @@ The format is inspired by [Keep a Changelog]. This is incompatible with the v10 proof derivation/verification, however beta values for a given input will be identical. -- go/staking/api: Add BurnAddress +- go/staking/api: Add burn address ([#4755](https://github.com/oasisprotocol/oasis-core/issues/4755)) Transfers to `oasis1qzq8u7xs328puu2jy524w3fygzs63rv3u5967970` will be @@ -53,25 +58,24 @@ The format is inspired by [Keep a Changelog]. - go/consensus/tendermint: Fix liveness tracking for primary+backup ([#4798](https://github.com/oasisprotocol/oasis-core/issues/4798)) - In case a node is both primary and backup and doesn't submit a commit but - there was no discrepancy, the node should still be treated as failed. + In case a node is both in primary and backup compute committee and doesn't + submit a commit but there was no discrepancy, the node should still be + treated as failed. -- go/registry: validate SoftwareVersion field in node descriptor +- go/registry: Validate `SoftwareVersion` field in node descriptor ([#5012](https://github.com/oasisprotocol/oasis-core/issues/5012)) -- staking: specify slashed debonding amount in TakeEscrowEvent +- go/staking/api: Specify slashed debonding amount in `TakeEscrowEvent` ([#5016](https://github.com/oasisprotocol/oasis-core/issues/5016)) - The event contains a new field; clients that do not need it - can safely ignore it. + The event now contains the `DebondingAmount` field. -- roothash: Support governance actions via roothash messages +- go/roothash/api: Support governance actions via roothash messages ([#5021](https://github.com/oasisprotocol/oasis-core/issues/5021)) - This will allow runtimes to vote on and submit consensus governance - proposals. + This allows runtimes to vote on and submit consensus governance proposals. -- go/staking: efficient `DelegationsFor` query +- go/staking: Make `DelegationsFor()` query efficient ([#5023](https://github.com/oasisprotocol/oasis-core/issues/5023)) A reverse delegation mapping is added to the staking state that makes @@ -81,9 +85,9 @@ The format is inspired by [Keep a Changelog]. ([#5025](https://github.com/oasisprotocol/oasis-core/issues/5025)) Chain context was included in p2p protocol and topic names as until now - it was impossible to distinguish mainnet and testnet names from each other. + it was impossible to distinguish Mainnet and Testnet names from each other. Unique names will also ease peer discovery as now we can use one seed node - for multiple nets. + for multiple networks. - governance: Support delegator votes ([#5034](https://github.com/oasisprotocol/oasis-core/issues/5034)) @@ -99,29 +103,31 @@ The format is inspired by [Keep a Changelog]. - go/common/sgx/pcs: Add support for blacklisting FMSPCs ([#5038](https://github.com/oasisprotocol/oasis-core/issues/5038)) - PCS quote policy now supports blacklisting of FMSPCs. Quotes with blacklisted - FMSPC description of the TCB of the platform a runtime enclave is running - on won't get verified and remote attestation will fail. This is specially - useful if we want to block CPUs or platforms which security vulnerability - has just been exposed. FMSPCs can be added or removed from the global - default quote policy by changing registry parameter `TEEFeatures` via change - parameters proposals. The blacklist can also be overridden per-runtime in SGX - constraints. + PCS quote policy now supports blacklisting of FMSPCs. -- `EntityID` is added to items in scheduler `GetValidators` API response - ([#5050](https://github.com/oasisprotocol/oasis-core/issues/5050)) + Quotes for systems with blacklisted FMSPC description of the TCB won't get + verified and remote attestation will fail. + + This is specially useful if we want to block CPUs or platforms for which a + new security vulnerability has just been disclosed from running a runtime + enclave. -- go/scheduler: include entity IDs in consensus validators state + FMSPCs can be added or removed from the global default quote policy by + changing registry parameter `TEEFeatures` via change parameters proposals. + The blacklist can also be overridden per-runtime in SGX constraints. + +- go/scheduler/api: Add `EntityID` to consensus validator's state ([#5050](https://github.com/oasisprotocol/oasis-core/issues/5050)) Validator lists in scheduler consensus state now include entity and node identifiers. -- go/consensus: Always return ErrInvalidArgument on tx deserialization failures +- go/consensus: Always return `ErrInvalidArgument` on tx deserialization fails ([#5055](https://github.com/oasisprotocol/oasis-core/issues/5055)) - Before, some modules were returning non-specific errors on tx deserialization - failures, which resulted in them being assigned to module "unknown", code 1. + Previously, some modules were returning non-specific errors on tx + deserialization failures, which resulted in them being assigned to module + "unknown", code 1. - go/staking: Limit maximum allowance amount based on total supply ([#5056](https://github.com/oasisprotocol/oasis-core/issues/5056)) @@ -140,50 +146,62 @@ The format is inspired by [Keep a Changelog]. All methods were merged into the `consensus.ClientBackend`. -- go/registry: event `RuntimeEvent` is renamed to `RuntimeStartedEvent` +- go/registry: Rename `RuntimeEvent` event to `RuntimeStartedEvent` ([#5088](https://github.com/oasisprotocol/oasis-core/issues/5088)) -- go/registry: Added `RuntimeSuspendedEvent` +- go/registry: Add `RuntimeSuspendedEvent` event ([#5088](https://github.com/oasisprotocol/oasis-core/issues/5088)) - The event is emitted whenever an active runtime is suspended. On resume, the - existing `RuntimeStartedEvent` is emitted. + The event is emitted whenever an active runtime is suspended. On resume, + the existing `RuntimeStartedEvent` is emitted. -- go/registry: Remove TLS Addresses from Node descriptors +- go/registry: Remove TLS addresses from node's descriptor ([#5100](https://github.com/oasisprotocol/oasis-core/issues/5100)) - As of [#5085](https://github.com/oasisprotocol/oasis-core/pull/5085) the TLS - addresses are unused. Albeit also unused, the TLS public keys remain part - of node descriptors. + As of [#5085](https://github.com/oasisprotocol/oasis-core/pull/5085), the + TLS addresses are unused. Albeit also unused, the TLS public keys remain + par of the node's descriptor. -- go/registry: Remove Consensus RPC role from Node descriptors +- go/registry: Remove Consensus RPC role from node's descriptor ([#5100](https://github.com/oasisprotocol/oasis-core/issues/5100)) - As of [#5085](https://github.com/oasisprotocol/oasis-core/pull/5085) the role - is unused. + As of [#5085](https://github.com/oasisprotocol/oasis-core/pull/5085), the + role is unused. -- go/staking: Add MinCommissionRate parameter +- go/staking: Add `MinCommissionRate` parameter ([#5102](https://github.com/oasisprotocol/oasis-core/issues/5102)) - Also included support for updating the parameter via + This parameter enforces the network-wide minimum commission rate an account + can configure. + + Also include support for updating the parameter via `ConsensusParameterChanges` governance proposal. - go/staking: Add escrow requirement for updating commission schedule ([#5102](https://github.com/oasisprotocol/oasis-core/issues/5102)) - To prevent bloating the commission schedule state, the commission schedule can - only be updated for entities with enough stake to register a validator node. + To prevent bloating the commission schedule state, the commission schedule + can only be updated for entities with enough stake to register a validator + node. - go/registry: Add optional bundle checksum to runtime deployments ([#5112](https://github.com/oasisprotocol/oasis-core/issues/5112)) + Currently, it is not used, but it could be used for verification of + automatically distributed runtime bundles in the future. + - go/sgx/ias: Add support for blacklisting GIDs ([#5113](https://github.com/oasisprotocol/oasis-core/issues/5113)) + GID black list is a list of blocked platform EPID group IDs. + - go/registry: Support changing a runtime's owner ([#5114](https://github.com/oasisprotocol/oasis-core/issues/5114)) -- go/common/node: Cleanup VRF configuration as it is mandatory + The current owner can sign and submit a `registry.RegisterRuntime` txn + which sets a new entity as the owner of the runtime. + +- go/common/node: Cleanup node's VRF configuration as it is mandatory ([#5127](https://github.com/oasisprotocol/oasis-core/issues/5127)) Simplify types by removing the ability for a node's VRF to be nil. Note @@ -199,6 +217,11 @@ The format is inspired by [Keep a Changelog]. - go/roothash: Treat failure indications as stragglers ([#5261](https://github.com/oasisprotocol/oasis-core/issues/5261)) + If it is already known that the number of valid commitments will not exceed + the required threshold, there is no need to wait for the discrepancy timer + to expire. Instead, proceed directly to the discrepancy resolution mode, + regardless of any additional commitments. + - go/roothash: Optimize and refactor commitment pool processing ([#5274](https://github.com/oasisprotocol/oasis-core/issues/5274)) @@ -227,6 +250,9 @@ The format is inspired by [Keep a Changelog]. - go/consensus: Add provable events ([#5294](https://github.com/oasisprotocol/oasis-core/issues/5294)) + Provable events are event types which can be proven and included in the + event proof tree. + - go/consensus/roothash: Track runtime proposer liveness ([#5334](https://github.com/oasisprotocol/oasis-core/issues/5334)) @@ -242,96 +268,118 @@ The format is inspired by [Keep a Changelog]. - go/staking: Enable changing the reward schedule ([#5352](https://github.com/oasisprotocol/oasis-core/issues/5352)) - The ability to change the reward schedule in the staking consensus - parameters through a governance vote was added. + Add ability to change the staking reward schedule through a governance vote. - go/worker/compute/executor/committee: Support backup proposers ([#5354](https://github.com/oasisprotocol/oasis-core/issues/5354)) - Starting now, all executor committee workers are permitted to schedule - transactions, each with distinct per-round priority. Priority dictates - the time after which a worker can propose a new batch. The consensus - layer tracks all published executor commitments and tries to build - a new runtime block on a proposal with the highest priority. + All executor committee workers are now permitted to schedule transactions, + each with distinct per-round priority. Priority dictates the time after + which a worker can propose a new batch. The consensus layer tracks all + published executor commitments and tries to build a new runtime block on a + proposal with the highest priority. -- Add observer node role +- go/common/node: Add observer node role ([#5357](https://github.com/oasisprotocol/oasis-core/issues/5357)) -- roothash: Store past runtime state and I/O roots in consensus state + The observer role is meant for so called client or read-only nodes that + follow the chain (consensus and/or runtimes) and can also access the + confidential state. + + Previously, such nodes didn't register and access to confidential state + was guarded by key managers white-listing specific client nodes. + + With the introduction of observer node role, confidential state access is + now transparently managed in-protocol, allowing confidential observer nodes + to register and be subject to the usual constraints. + +- go/roothash/api: Store past runtime state and I/O roots in consensus state ([#5359](https://github.com/oasisprotocol/oasis-core/issues/5359)) - A new roothash consensus parameter was added (`MaxPastRootsStored`), - which enables storing runtime state and I/O roots for the past - `MaxPastRootsStored` rounds in the consensus state. + Add `MaxPastRootsStored` roothash consensus parameter which specifies the + maximum number of past runtime state and I/O roots to store in the consensus + state. + This enables easier cross-runtime communication. -- go/oasis-node: Move "debug fix-genesis" subcommand to "genesis migrate" +- go/oasis-node/cmd: Move `debug fix-genesis` command to `genesis migrate` ([#5360](https://github.com/oasisprotocol/oasis-core/issues/5360)) -- scheduler: Add option to change voting power distribution +- go/scheduler/api: Add ability to change voting power distribution ([#5365](https://github.com/oasisprotocol/oasis-core/issues/5365)) - The ability to change the voting power distribution via consensus - governance was added. - The two options currently available are linear (the original, where - voting power is linearly proportional to the stake) and sqrt (new, - where voting power is proportional to the square root of the stake). + The voting power distribution can now be changed via consensus governance. -### Configuration Changes + The two options currently available are: + + - `VotingPowerDistributionLinear` (voting power is linearly proportional to + the stake, i.e. the existing distribution), + - `VotingPowerDistributionSqrt` (voting power is proportional to the square + root of the stake, a new option added now). + +### Configuration and Operational Changes - go/consensus/tendermint: Refactor seed node and peer addresses ([#4964](https://github.com/oasisprotocol/oasis-core/issues/4964)) - Until now a seed node was a Tendermint backend-specific construct which - supported only one service. To provide support for other services we had - to refactor the seed node and generalize peer addresses. This led to the - following configuration changes. + Previously, a seed node was a Tendermint backend-specific construct which + only supported a single service. + To provide support for other services, the seed node has been refactored and + peer addresses have been generalized. + + This brings the following configuration changes. Seed nodes: - - Tendermint seed mode setting `consensus.tendermint.mode:seed` was removed - and replaced with `mode:seed`. Full and archive modes remained intact and - can still be used in non-seed node configurations. + - The `consensus.tendermint.mode` setting was removed. + + To configure a node to be a seed node, set the new top-level `mode` + setting to `seed`. Non-seed nodes: - - Setting `consensus.tendermint.seed` was removed and replaced with - `p2p.seeds`. + - The `consensus.tendermint.seed` setting was removed and replaced with + `p2p.seeds` setting. - - Setting `consensus.tendermint.p2p.unconditional_peer_ids` was renamed to - `consensus.tendermint.p2p.unconditional_peer`. + - The `consensus.tendermint.p2p.unconditional_peer_ids` setting was renamed + to `consensus.p2p.unconditional_peers`. General: - - Persistent peers and seed nodes' addresses were generalized to the form - `pubkey@IP:port` which affected settings `p2p.seeds`, - `consensus.tendermint.p2p.persistent_peer` and - `consensus.tendermint.sentry.upstream_address` (until now we used the - form `ID@IP:port`) + - Persistent peers and seed nodes' addresses were generalized and now have + the following form: `pubkey@IP:port`, where `pubkey` represents a node's + p2p public key (the previous form was `ID@IP:port` where `ID` represents + a node's Tendermint ID which is a truncated sha256 hash of a node's p2p + public key). + + This affects the `p2p.seeds`, `consensus.p2p.persistent_peers` + and `consensus.sentry_upstream_addresses` settings. - - Similarly, peers are now identified through p2p public keys which affected - setting `consensus.tendermint.p2p.unconditional_peer` (until now we used - Tendermint IDs). + - Similarly, peers are now identified through p2p public keys which affects + the `consensus.p2p.unconditional_peers` setting (previously, + they used Tendermint IDs). - Tendermint specific configuration of a seed node stayed the same. The node - can still be tuned through `consensus.tendermint.p2p.*` settings. + Tendermint-specific configuration of a seed node stayed the same. The node + can still be tuned through `consensus.p2p.*` settings. - go/worker/common/p2p: Refactor P2P package ([#4996](https://github.com/oasisprotocol/oasis-core/issues/4996)) - We are planning to use our P2P network not only for runtime but also for - consensus-related services. Therefore, it makes sense to move the P2P package - up in the hierarchy and rename its configuration flags. + In preparation for extending the use of our P2P network to consensus-related + services (previously, it was only used for runtime services), move the P2P + package to the root of the hierarchy and rename its configuration settings. - The following configuration changes were made to the p2p config flags: + The following changes were made to the p2p configuration: - - Prefix `worker.` was dropped. + - The `worker.` prefix has been dropped. - - Flags for the same feature were grouped under the same prefix. + - Settings pertaining to the same feature were grouped under the same prefix. - - Flag `worker.client.addresses` was removed. + - The `worker.client.addresses` setting was removed (it is no longer + needed). - Below is the list of modified flags that can be used to configure p2p network: + Below is the list of modified settings that can be used to configure the + P2P network: - `p2p.port` @@ -355,11 +403,25 @@ The format is inspired by [Keep a Changelog]. - `p2p.peer_manager.connectedness_low_water` -- Configuration changes +- go/oasis-node: Always start libp2p node + ([#4995](https://github.com/oasisprotocol/oasis-core/issues/4995)) + + As validators now participate in the P2P network, the configuration of + publicly routable p2p addresses through `worker.p2p.addresses` setting is + now mandatory in a production setting. + +- go/consensus: Use libp2p-backed light client for Tendermint state sync + ([#5085](https://github.com/oasisprotocol/oasis-core/issues/5085)) + + Remove the `consensus.tendermint.state_sync.consensus_node` setting as it + has become obsolete. P2P peers for state sync are automatically selected. + +- Rework configuration handling and apply consistent setting naming ([#5070](https://github.com/oasisprotocol/oasis-core/issues/5070)) The node now supports a configuration file that holds all the settings that were previously available via command-line options. + The command-line options themselves have been removed in favor of the config file. @@ -367,7 +429,7 @@ The format is inspired by [Keep a Changelog]. the `envsubst` package ([usage information](https://github.com/a8m/envsubst#docs)). - The following options have been removed: + The following settings have been removed: - `consensus.tendermint.mode` in favor of using the global node mode (`mode`). @@ -375,9 +437,9 @@ The format is inspired by [Keep a Changelog]. - `worker.client.port` as it is no longer needed. - - `worker.registration.force_register` as it is deprecated. + - `worker.registration.force_register` as it has been deprecated. - The following options have been renamed: + The following settings have been renamed: - `datadir` to `common.data_dir`. @@ -385,8 +447,11 @@ The format is inspired by [Keep a Changelog]. - `log.format` to `common.log.format`. - - `log.level` to `common.log.level`. The log level is now a map of module - to log level. Use the `default` module to map the default log level. + - `log.level` to `common.log.level`. + + The log level is now a map of module to log level. + + Use the `default` module to map the default log level. - `debug.rlimit` to `common.debug.rlimit`. @@ -399,30 +464,30 @@ The format is inspired by [Keep a Changelog]. - `consensus.tendermint.core.listen_address` to `consensus.listen_address`. - `consensus.tendermint.core.external_address` to - `consensus.external_address`. + `consensus.external_address`. - `consensus.tendermint.log.debug` to `consensus.log_debug`. - `consensus.tendermint.light_client.trust_period` to - `consensus.state_sync.trust_period`. + `consensus.state_sync.trust_period`. - `consensus.tendermint.seed.debug.disable_addr_book_from_genesis` to - `consensus.debug.disable_addr_book_from_genesis`. + `consensus.debug.disable_addr_book_from_genesis`. - `consensus.tendermint.sentry.upstream_address` to - `consensus.sentry_upstream_addresses`. + `consensus.sentry_upstream_addresses`. - `consensus.tendermint.upgrade.stop_delay` to - `consensus.upgrade_stop_delay`. + `consensus.upgrade_stop_delay`. - `consensus.tendermint.supplementarysanity.*` to - `consensus.supplementary_sanity.*`. + `consensus.supplementary_sanity.*`. - `consensus.tendermint.p2p.persistent_peer` to - `consensus.p2p.persistent_peers`. + `consensus.p2p.persistent_peers`. - `consensus.tendermint.p2p.unconditional_peer` to - `consensus.p2p.unconditional_peers`. + `consensus.p2p.unconditional_peers`. - `ias.proxy.address` to `ias.proxy_addresses`. @@ -447,43 +512,99 @@ The format is inspired by [Keep a Changelog]. - `worker.sentry.*` to `sentry.*`. - `worker.sentry.control.authorized_pubkey` to - `sentry.control.authorized_pubkeys`. + `sentry.control.authorized_pubkeys`. - `worker.storage.*` to `storage.*`. - `worker.storage.public_rpc.enabled` to `storage.public_rpc_enabled`. - `worker.storage.checkpoint_sync.disabled` to - `storage.checkpoint_sync_disabled`. + `storage.checkpoint_sync_disabled`. -- Use libp2p backed light client for Tendermint state sync - ([#5085](https://github.com/oasisprotocol/oasis-core/issues/5085)) +- go/oasis-node/cmd/config: Support configuration file migration + ([#5237](https://github.com/oasisprotocol/oasis-core/issues/5237)) - The `"consensus.tendermint.state_sync.consensus_node"` flag is removed. P2P - peers for state sync are automatically selected. + To migrate a node's YAML config file from the old (i.e. Oasis Core 22.2.x) + to the new (i.e. Oasis Core 23.0) format, you can use the newly added + `oasis-node config migrate` command. -- Configuration file migration - ([#5237](https://github.com/oasisprotocol/oasis-core/issues/5237)) + Pass the path to the old configuration file with `--in` flag and specify the + desired path to the new configuration file with `--out` flag, for example: - To migrate your node's YAML config file from the old format - to the new, you can use the node's `config migrate` subcommand. - Pass the path to the old config file with `--in` and specify - the new config file name with `--out`. + ``` + oasis-node config migrate --in old.yaml --out new.yaml + ``` - For example: - `oasis-node config migrate --in old.yaml --out new.yaml`. + The `oasis-node config migrate` command logs the various changes it makes + and warns if a config option is no longer supported, etc. - The migration subcommand logs the various changes it makes and - warns you if a config option is no longer supported, etc. - At the end, any unknown sections of the input config file are - printed to the terminal to give you a chance to review them - and make manual changes if required. + At the end, any unknown sections of the input config file are printed to the + terminal so one has a chance to review them and make the manual changes (if + needed). + + Note that the `oasis-node config migrate` command does not preserve comments + and the order of sections in the inputted YAML file. One needs to copy/amend + the new configuration file manually. + + One should always carefully read the output of this command, as well as + compare the generated config file with the original before using it. + +- go/genesis: Move halt epoch from genesis to node-local configuration + ([#5200](https://github.com/oasisprotocol/oasis-core/issues/5200)) + + It can be configured through the new `consensus.halt_epoch` setting. + +- go/oasis-node/cmd/debug: Update `oasis-node debug fixgenesis`` command + ([#5286](https://github.com/oasisprotocol/oasis-core/issues/5286)) - Note that the migration subcommand does not preserve comments - and order of sections from the input YAML config file. - You should always carefully read the output of this command, - as well as compare the generated config file with the - original before using it. + Make the `oasis-node debug fixgenesis` command update a few more consensus + parameters. + +- go: Transition to [CometBFT], a fork of Tendermint + ([#5033](https://github.com/oasisprotocol/oasis-core/issues/5033), + [#5268](https://github.com/oasisprotocol/oasis-core/issues/5268), + [#5280](https://github.com/oasisprotocol/oasis-core/issues/5280), + [#5291](https://github.com/oasisprotocol/oasis-core/issues/5291), + [#5299](https://github.com/oasisprotocol/oasis-core/issues/5299), + [#5306](https://github.com/oasisprotocol/oasis-core/issues/5306)) + + Transition to a more maintained fork of the Tendermint BFT protocol. + Also update Tendermint / CometBFT version to 0.37.2. + + As part of the transition, use more generic data directory names. + The following subdirectories under the node's data directory have been + renamed: + + - `tendermint` to `consensus` + - `tendermint/abci-state` to `consensus/state` + - `tendermint-seed` to `seed` (on seed nodes only) + + [CometBFT]: https://cometbft.com/ + +- go: Remove TLS certificate rotation + ([#5318](https://github.com/oasisprotocol/oasis-core/issues/5318)) + + We use libp2p for all communication now, so TLS certificate rotation is + no longer needed. + +### Deprecations + +- go/oasis-node/cmd: Deprecate `oasis-node` subcommands in favor of Oasis CLI + ([#5376](https://github.com/oasisprotocol/oasis-core/issues/5376)) + + The following `oasis-node` subcommands have been deprecated in favor of the + new [Oasis CLI] and will be removed in a future Oasis Core release: + + - `consensus *` + - `control runtime-stats` + - `debug bundle *` + - `governance *` + - `keymanager *` + - `registry *` + - `signer *` + - `stake *` + + [Oasis CLI]: https://docs.oasis.io/general/manage-tokens/cli/ ### Features @@ -495,49 +616,56 @@ The format is inspired by [Keep a Changelog]. `p2p.discovery.bootstrap.enable` which can be used on seed nodes as well as non-seed nodes (e.g. clients, key managers). The latter can also configure how frequently peers are fetched - from the seed nodes with - `p2p.discovery.bootstrap.retention_period`. + from the seed nodes with the `p2p.discovery.bootstrap.retention_period` + setting. - go/oasis-node: Always start libp2p node ([#4995](https://github.com/oasisprotocol/oasis-core/issues/4995)) - Validator nodes are currently not part of our P2P network as it consists - only of nodes that have runtimes configured. Always starting the libp2p - node will make them available for consensus-related services. + Validator nodes were previously not part of our P2P network as it consisted + only of nodes that had runtimes configured. Always starting the libp2p node + makes them available for consensus-related services. - As validators now participate in the p2p network, the configuration of - publicly routable p2p addresses through `worker.p2p.addresses` flag is - mandatory in a production setting. + As validators now participate in the P2P network, the configuration of + publicly routable p2p addresses through `worker.p2p.addresses` setting is + now mandatory in a production setting. -- go/p2p/rpc: add support for consensus-wide libp2p protocols +- go/p2p/rpc: Add support for consensus-wide libp2p protocols ([#5000](https://github.com/oasisprotocol/oasis-core/issues/5000)) -- go/consensus/tendermint/apps/staking: Reduce DelegationsTo scanning +- go/staking: Reduce `DelegationsTo()` scanning ([#5011](https://github.com/oasisprotocol/oasis-core/issues/5011)) -- staking: specify slashed debonding amount in TakeEscrowEvent + The escrow address is the first part of the key so we can seek to it. + +- go/staking: Specify slashed debonding amount in `TakeEscrowEvent` ([#5016](https://github.com/oasisprotocol/oasis-core/issues/5016)) - The newly introduced field lets observers distinguish how much - was slashed from the active escrow pool and how much from the - debonding escrow pool. + The newly introduced `DebondingAmount` field lets observers distinguish how + much was slashed from the active escrow pool and how much from the debonding + escrow pool. -- go/staking: reduce DebondingDelegationsFor scanning +- go/staking: Reduce `DebondingDelegationsFor()` scanning ([#5022](https://github.com/oasisprotocol/oasis-core/issues/5022)) -- registry: Add MaxRuntimeDeployments parameter + `DebondingDelegationsFor` keys are ordered by `delegatorAddr`. Once past it, + it is unnecessary to scan further. + +- go/registry: Add `MaxRuntimeDeployments` parameter ([#5049](https://github.com/oasisprotocol/oasis-core/issues/5049)) -- go/worker/keymanager: Show current key manager policy in the node status + It specifies the maximum number of runtime deployments. + +- go/worker/keymanager: Show current key manager policy in the node's status ([#5079](https://github.com/oasisprotocol/oasis-core/issues/5079)) -- go/worker/keymanager: Show global key manager status in node status +- go/worker/keymanager: Show global key manager status in the node's status ([#5080](https://github.com/oasisprotocol/oasis-core/issues/5080)) -- go/registry: Add WatchEvents method +- go/registry: Add `WatchEvents()` method ([#5088](https://github.com/oasisprotocol/oasis-core/issues/5088)) - Method for following emitted registry event was added to the registry backend. + It can be used to follow the emitted registry events. - runtime/src/enclave_rpc: Verify RPC quotes with key manager quote policy ([#5092](https://github.com/oasisprotocol/oasis-core/issues/5092)) @@ -545,11 +673,11 @@ The format is inspired by [Keep a Changelog]. - keymanager/src/client: Fetch public keys using insecure RPC requests ([#5101](https://github.com/oasisprotocol/oasis-core/issues/5101)) -- go/staking: Add `CommissionScheduleAddresses` method +- go/staking: Add `CommissionScheduleAddresses()` method ([#5102](https://github.com/oasisprotocol/oasis-core/issues/5102)) - The new method returns addresses of accounts with non-empty commission - schedule configured. + It can be used to obtain the addresses of accounts with a non-empty + commission schedule. - go/consensus: Add missing early exits when simulating transactions ([#5104](https://github.com/oasisprotocol/oasis-core/issues/5104)) @@ -646,9 +774,6 @@ The format is inspired by [Keep a Changelog]. - `oasis_worker_keymanager_policy_update_count`. -- Move halt epoch from genesis to node-local configuration - ([#5200](https://github.com/oasisprotocol/oasis-core/issues/5200)) - - keymanager/src/runtime: Verify and modify init request ([#5204](https://github.com/oasisprotocol/oasis-core/issues/5204)) @@ -657,22 +782,35 @@ The format is inspired by [Keep a Changelog]. easily verifiable against consensus, it was extended to include all key manager status fields. -- go: Cache TCB bundles and lower refreshing frequency +- go/oasis-node/cmd/config: Add `oasis-node config migrate` command + ([#5237](https://github.com/oasisprotocol/oasis-core/issues/5237)) + + Add `oasis-node config migrate` command to help migrate a node's YAML config + file from the old (i.e. Oasis Core 22.2.x) to the new (i.e. Oasis Core 23.0) + format introduced in commit [2a132b3]. + + The command logs the various changes it makes and warns if a config option + is no longer supported, etc. + + At the end, any unknown sections of the input config file are printed to the + terminal so one has a chance to review them and make the manual changes (if + needed). + +- go/runtime/host/sgx: Cache TCB bundles and lower refreshing frequency ([#5245](https://github.com/oasisprotocol/oasis-core/issues/5245)) - Mainly this means the node will make significantly fewer requests for - fetching TCB bundles. Because these are now stored locally in the - persistent store, this mechanism also enables a degree of tolerance - against transient fetch failures in cases where a stored bundle is still - valid. + The node will now make significantly fewer requests for fetching TCB + bundles. Because these are now stored locally in the persistent store, this + mechanism also enables a degree of tolerance against transient fetch + failures in cases where a stored bundle is still valid. - go/runtime/host/sgx: Add metrics for attestations ([#5254](https://github.com/oasisprotocol/oasis-core/issues/5254)) -- go/control/api: Improve node registration status clarity +- go/control: Improve node registration status clarity ([#5256](https://github.com/oasisprotocol/oasis-core/issues/5256)) - Three new fields have been added to the node's control status output + Three new fields have been added to the `oasis-node control status`'s output under the registration status section: - `last_attempt_successful` - true if the last registration attempt @@ -681,21 +819,22 @@ The format is inspired by [Keep a Changelog]. attempt failed. - `last_attempt` - time of the last registration attempt. - Also, if the registration descriptor is expired, it is no longer + Also, if the registration descriptor has expired, it is no longer shown in the output. -- go/worker/storage: Add storage worker status message +- go/control: Add storage worker status message to control status ([#5262](https://github.com/oasisprotocol/oasis-core/issues/5262)) - A status message that shows the current state of the storage worker - was added to the node's storage worker's status output. + A status message that shows the current state of the storage worker has been + added to the `oasis-node control status`'s storage worker status report. + This enables the node operator to quickly check if the storage worker is still initializing, syncing checkpoints, or syncing rounds. - go/worker/compute: Optimize backup worker commit submission ([#5264](https://github.com/oasisprotocol/oasis-core/issues/5264)) - Backup compute workers now observe any gossiped commitments and pre-empt + Backup compute workers now observe any gossiped commitments and preempt consensus when it is obvious that there will be a discrepancy declared. - tests: Support cross-version upgrade tests @@ -708,9 +847,12 @@ The format is inspired by [Keep a Changelog]. using the block metadata transaction, effectively eliminating any block delay for state verification. -- go/control: Add runtime provisioner type to host status output +- go/control: Add runtime provisioner type to control status ([#5301](https://github.com/oasisprotocol/oasis-core/issues/5301)) + Add `provisioner` field to `oasis-node control status`'s output under + `runtimes.`. + - go/oasis-test-runner: Run the test runner and scenarios for limited time ([#5304](https://github.com/oasisprotocol/oasis-core/issues/5304)) @@ -722,12 +864,13 @@ The format is inspired by [Keep a Changelog]. - `scenario_timeout`: the maximum allowable duration for an individual scenario. -- go/worker/keymanager/status: Show active version of the km runtime +- go/worker/keymanager/status: Show active version of the key manager runtime ([#5320](https://github.com/oasisprotocol/oasis-core/issues/5320)) - The status of the key manager was updated to include a new attribute called - `active_version`, which stores the version number of the currently deployed - key manager runtime. If no deployment is active, the value is set to null. + Running `oasis-node control status` command for a key manager node now + includes the `active_version` field which stores the version number of the + currently deployed key manager runtime. + If no deployment is active, the value is set to null. - go/p2p: implement various metrics collection ([#5327](https://github.com/oasisprotocol/oasis-core/issues/5327)) @@ -747,28 +890,9 @@ The format is inspired by [Keep a Changelog]. - go/sgx/ias: Add support for v5 AVR ([#5372](https://github.com/oasisprotocol/oasis-core/issues/5372)) -- go/oasis-node/cmd: Deprecate subcommands in favor of Oasis CLI - ([#5376](https://github.com/oasisprotocol/oasis-core/issues/5376)) - - The following `oasis-node` subcommands have been deprecated and should no - longer be used in favor of the [Oasis CLI]: - - - `consensus *` - - `control runtime-stats` - - `debug bundle *` - - `governance *` - - `keymanager *` - - `registry *` - - `signer *` - - `stake *` - - They will be removed in a future release. - - [Oasis CLI]: https://docs.oasis.io/general/manage-tokens/cli/ - ### Bug Fixes -- go/runtime/txpool: republish sooner if republish limit is reached +- go/runtime/txpool: Republish sooner if republish limit is reached ([#5003](https://github.com/oasisprotocol/oasis-core/issues/5003)) This fixes a case where some portion of a batch of transaction would take a @@ -794,26 +918,27 @@ The format is inspired by [Keep a Changelog]. the state at genesis is non-empty), we must request to sync the checkpoint at genesis as otherwise we will jump to a later state which may not be desired given that checkpoint sync has been explicitly - disabled via config. + disabled via configuration. - go/p2p/rpc: Fix peer grading when context is canceled ([#5007](https://github.com/oasisprotocol/oasis-core/issues/5007)) - When method `CallMulti` finishes early, the requests in progress are canceled - and unfairly recorded as failed. + When method `CallMulti()` finishes early, the requests in progress are + canceled and unfairly recorded as failed. - go/p2p/rpc: Fix memory leak when RPC multi call finishes early ([#5007](https://github.com/oasisprotocol/oasis-core/issues/5007)) - When method `CallMulti` finishes early, the result channel is never cleared. - Therefore, the channel never closes and leaves one go routine hanging. + When method `CallMulti()` finishes early, the result channel is never + cleared. Therefore, the channel never closes and leaves one go routine + hanging. - go/common/workerpool: Fix memory leak when workerpool is stopped early ([#5008](https://github.com/oasisprotocol/oasis-core/issues/5008)) - When workerpool si stopped, the job channel might still contain jobs which + When workerpool is stopped, the job channel might still contain jobs which haven't been processed. Therefore, the channel never closes and leaves one - go routine hanging. + Go routine hanging. - runtime: Properly handle state root verification on backup nodes ([#5053](https://github.com/oasisprotocol/oasis-core/issues/5053)) @@ -834,8 +959,9 @@ The format is inspired by [Keep a Changelog]. - go/control/status: Take storage into account for last retained round ([#5074](https://github.com/oasisprotocol/oasis-core/issues/5074)) - When local storage is available (e.g. in stateful nodes), the report should - only include a round for which storage is available. + When local storage is available (e.g. in stateful nodes), the + `oasis-node control status`'s output should only include a round for which + storage is available. - go/runtime/registry: Fix watching policy updates ([#5092](https://github.com/oasisprotocol/oasis-core/issues/5092)) @@ -847,7 +973,7 @@ The format is inspired by [Keep a Changelog]. - go/consensus: Ensure state has the correct chain context ([#5107](https://github.com/oasisprotocol/oasis-core/issues/5107)) - Previously one could accidentally copy state from one network but use a + Previously, one could accidentally copy state from one network but use a genesis document from a different one, causing state corruption during Tendermint block replay. @@ -861,7 +987,7 @@ The format is inspired by [Keep a Changelog]. a backend service, the first update will always fail because the consensus verifier sees new blocks with a one-block delay. -- go/tendermint: Change order of events returned from GetEvents() +- go/tendermint: Change order of events returned from `GetEvents()` ([#5117](https://github.com/oasisprotocol/oasis-core/issues/5117)) The new order reflects the order in which the events were @@ -892,13 +1018,13 @@ The format is inspired by [Keep a Changelog]. - go/worker/client: Ensure block round is synced to storage ([#5160](https://github.com/oasisprotocol/oasis-core/issues/5160)) - Previously the transaction inclusion checks could attempt to inspect a + Previously, the transaction inclusion checks could attempt to inspect a block that the node has not yet synced, triggering an error. - go/worker/compute: Do not drop valid proposals ([#5161](https://github.com/oasisprotocol/oasis-core/issues/5161)) - Previously valid proposals could be dropped instead of being forwarded + Previously, valid proposals could be dropped instead of being forwarded via the P2P gossip when the local node's consensus view was slightly behind even though the proposal was valid. With smaller committees and certain topologies this could result in some nodes not getting the @@ -910,10 +1036,10 @@ The format is inspired by [Keep a Changelog]. Previously, registration skipped the TEE hardware verification if a node registered without TEE capability. -- go/runtime: Also re-attest based on MaxAttestationAge +- go/runtime: Also re-attest based on `MaxAttestationAge` ([#5187](https://github.com/oasisprotocol/oasis-core/issues/5187)) -- go/runtime/host/sgx: Update QE target info during re-attestation +- go/runtime/host/sgx: Update Quoting Enclave target info during re-attestation ([#5239](https://github.com/oasisprotocol/oasis-core/issues/5239)) This allows the node to continue working in case aesmd is upgraded while @@ -926,7 +1052,7 @@ The format is inspired by [Keep a Changelog]. - go/worker/compute/executor: Do not propose batch on epoch transition ([#5260](https://github.com/oasisprotocol/oasis-core/issues/5260)) - Previously a compute node could propose a new batch just before the + Previously, a compute node could propose a new batch just before the epoch transition happened, resulting in computation that will be discarded anyway. @@ -934,14 +1060,21 @@ The format is inspired by [Keep a Changelog]. ([#5289](https://github.com/oasisprotocol/oasis-core/issues/5289), [#5375](https://github.com/oasisprotocol/oasis-core/issues/5375)) -- staking: Fix reward distribution when common pool is exhausted +- go/staking: Fix reward distribution when common pool is exhausted ([#5319](https://github.com/oasisprotocol/oasis-core/issues/5319)) -- go/storage/mkvs: Fix commit of nil entries + Handle scenario where reward schedule hasn't completed yet, but the common + pool has already been exhausted. + +- go/storage/mkvs: Fix commit of `nil` entries ([#5321](https://github.com/oasisprotocol/oasis-core/issues/5321)) -- storage/sync: don't immediately trigger more round fetches on failures - ([#5326](https://github.com/oasisprotocol/oasis-core/issues/5326)) +- go/worker/storage/sync: Backoff when storage sync starts failing + ([#5341](https://github.com/oasisprotocol/oasis-core/issues/5341)) + + Fixes the case where if storage requests start failing (e.g. due to network + errors) the storage worker would crazily retry requests - using lots of CPU + and filling up the logs. - go/common/cbor: Relax CBOR decoding for gRPC/RHP endpoints ([#5335](https://github.com/oasisprotocol/oasis-core/issues/5335)) @@ -952,7 +1085,7 @@ The format is inspired by [Keep a Changelog]. - go/registry: Do not verify node TEE capabilities during genesis ([#5389](https://github.com/oasisprotocol/oasis-core/issues/5389)) -- host/sgx/epid: ensure consistent IAS proxy usage for attestation +- go/runtime/host/sgx/epid: Ensure consistent IAS proxy usage for attestation ([#5390](https://github.com/oasisprotocol/oasis-core/issues/5390)) Refactors the IAS proxy client to expose separate clients for each configured @@ -973,45 +1106,17 @@ The format is inspired by [Keep a Changelog]. - go/p2p: Improve peer manager's peer handling ([#5002](https://github.com/oasisprotocol/oasis-core/issues/5002)) - Peer manager currently connects to all nodes in the registry which has - multiple drawbacks (connections get pruned, no protocol selection, no peer - discovery). This should be changed so that peers are connected depending + Previously, peer manager connected to all nodes in the registry which had + multiple drawbacks (connections got pruned, no protocol selection, no peer + discovery). This was changed so that peers are connected depending on the supported protocols and the number of peers in a protocol/topic - should be regulated in a controlled fashion. + is regulated in a controlled fashion. - go/p2p/rpc: Refactor RPC calls ([#5007](https://github.com/oasisprotocol/oasis-core/issues/5007)) - Peer manager and RPC client are too tightly coupled. The client also doesn't - support simple RPC calls which call exactly one peer. - -- go: Ignore CVE-2022-44797 until tendermint uses newer btcd - ([#5024](https://github.com/oasisprotocol/oasis-core/issues/5024)) - -- go: Bump go-libp2p to 0.25.1, go-libp2p-pubsub to 0.9.0 - ([#5026](https://github.com/oasisprotocol/oasis-core/issues/5026), - [#5087](https://github.com/oasisprotocol/oasis-core/issues/5087), - [#5180](https://github.com/oasisprotocol/oasis-core/issues/5180)) - -- go: update dependencies - ([#5029](https://github.com/oasisprotocol/oasis-core/issues/5029)) - -- Bump Go to 1.19.3 - ([#5030](https://github.com/oasisprotocol/oasis-core/issues/5030)) - -- rust: update dependencies - ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) - -- go: Bump Tendermint to v0.34.23 - ([#5033](https://github.com/oasisprotocol/oasis-core/issues/5033)) - -- runtime: Bump oasis-cbor to 0.5.1 - ([#5035](https://github.com/oasisprotocol/oasis-core/issues/5035)) - -- runtime: Bump tendermint-rs to 0.29.0 - ([#5037](https://github.com/oasisprotocol/oasis-core/issues/5037), - [#5106](https://github.com/oasisprotocol/oasis-core/issues/5106), - [#5190](https://github.com/oasisprotocol/oasis-core/issues/5190)) + Previously, peer manager and RPC client were too tightly coupled. The + client also didn't support simple RPC calls which call exactly one peer. - runtime/src/enclave_rpc: Add support for insecure key manager RPC requests ([#5075](https://github.com/oasisprotocol/oasis-core/issues/5075)) @@ -1028,13 +1133,13 @@ The format is inspired by [Keep a Changelog]. insecure key manager RPC requests solves some of the before mentioned problems and leaves space for further optimizations. -- go/p2p/PeerManager: enable subscribing to peer updates +- go/p2p/rpc: Enable subscribing to peer updates ([#5083](https://github.com/oasisprotocol/oasis-core/issues/5083)) - Adds `WatchUpdates` method to the `PeerManager` which allows subscribing to + Adds `WatchUpdates()` method to the `PeerManager` which allows subscribing to peer updates (peers being added or removed). -- runtime/src/protocol: Deserialize unknown rhp messages as invalid +- runtime/src/protocol: Deserialize unknown RHP messages as invalid ([#5094](https://github.com/oasisprotocol/oasis-core/issues/5094)) Runtime-host protocol terminated the reader thread when failed to deserialize @@ -1042,20 +1147,12 @@ The format is inspired by [Keep a Changelog]. field). Decoding is now more robust as these messages are deserialized as invalid and latter discarded and logged as malformed by the handler. -- go: Bump golang.org/x/net to 0.13.0 - ([#5095](https://github.com/oasisprotocol/oasis-core/issues/5095), - [#5337](https://github.com/oasisprotocol/oasis-core/issues/5337)) - -- go/grpc: remove unused gRPC code +- go/grpc: Remove unused gRPC code ([#5100](https://github.com/oasisprotocol/oasis-core/issues/5100)) Removes a lot of unneeded gRPC code since no runtime or consensus protocols use it for communication anymore. -- runtime: Bump tokio to 1.29.1 - ([#5120](https://github.com/oasisprotocol/oasis-core/issues/5120), - [#5330](https://github.com/oasisprotocol/oasis-core/issues/5330)) - - crypto/x25519: Add type-safe X25519 private/public key types ([#5121](https://github.com/oasisprotocol/oasis-core/issues/5121)) @@ -1076,9 +1173,6 @@ The format is inspired by [Keep a Changelog]. authenticated and light clients use the verifier to check state compatibility and authenticity. -- docker: Bump base image to Ubuntu 22.04 - ([#5141](https://github.com/oasisprotocol/oasis-core/issues/5141)) - - runtime: Attempt to flush buffers before aborting ([#5146](https://github.com/oasisprotocol/oasis-core/issues/5146)) @@ -1091,12 +1185,6 @@ The format is inspired by [Keep a Changelog]. - go/consensus/supplementarysanity: Fix checks for legacy validators ([#5168](https://github.com/oasisprotocol/oasis-core/issues/5168)) -- docker: Bump cargo-tarpaulin to 0.25.0 - ([#5191](https://github.com/oasisprotocol/oasis-core/issues/5191)) - -- go: Bump go-libp2p-pubsub to 0.9.1 - ([#5195](https://github.com/oasisprotocol/oasis-core/issues/5195)) - - keymanager: Add support for master secret generations ([#5198](https://github.com/oasisprotocol/oasis-core/issues/5198)) @@ -1111,15 +1199,16 @@ The format is inspired by [Keep a Changelog]. This avoids an initial scan over all the nodes in the registry. -- rust: Bump tempfile to 3.4.0 - ([#5213](https://github.com/oasisprotocol/oasis-core/issues/5213)) - - runtime: Use a limited multi-threaded Tokio runtime in SGX ([#5214](https://github.com/oasisprotocol/oasis-core/issues/5214)) - keymanager: Support policies in unsafe builds ([#5215](https://github.com/oasisprotocol/oasis-core/issues/5215)) + The key manager settings configured in the policy can now be tested on non-SGX + builds as well. This simplifies tests, as default values can be configured in + the test fixtures (e.g. master secret rotation period). + - go/worker/keymanager: Optimize enclave initialization ([#5218](https://github.com/oasisprotocol/oasis-core/issues/5218)) @@ -1138,51 +1227,13 @@ The format is inspired by [Keep a Changelog]. - docker: Switch to ghcr.io for container registry ([#5224](https://github.com/oasisprotocol/oasis-core/issues/5224)) -- Bump Go to 1.20.2 - ([#5228](https://github.com/oasisprotocol/oasis-core/issues/5228)) - -- runtime: Bump tendermint-rs to 0.30.0 - ([#5234](https://github.com/oasisprotocol/oasis-core/issues/5234)) - -- go/oasis-node/cmd/config: Add the migrate subcommand - ([#5237](https://github.com/oasisprotocol/oasis-core/issues/5237)) - - A new `migrate` subcommand is added to the node's `config` - command. This subcommand can be used to automatically migrate - the old YAML config file into the new format introduced in - commit 2a132b3. - - The subcommand logs the various changes it makes and warns the - user if a config option is no longer supported, etc. - At the end, any unknown sections of the input config file are - printed to the terminal to give the user a chance to review - them and make manual changes if appropriate. - -- go: Switch to CometBFT v0.34.27 - ([#5268](https://github.com/oasisprotocol/oasis-core/issues/5268)) - -- go: Remove timecache replace directive in go.mod file - ([#5272](https://github.com/oasisprotocol/oasis-core/issues/5272)) - - The replace directive for github.com/whyrusleeping/timecache has been removed - since the go-libp2p-pubsub library version 0.9.3 no longer utilizes it. - -- go: Remove flatbuffers replace directive in go.mod file - ([#5273](https://github.com/oasisprotocol/oasis-core/issues/5273)) - - The replace directive for github.com/google/flatbuffers has been removed - since the badger library version 3.2103.4 uses the same version 1.12.1. - -- go: Bump CometBFT to v0.37.1 - ([#5280](https://github.com/oasisprotocol/oasis-core/issues/5280)) - - runtime/consensus/roothash: Implement executor commitment structures ([#5282](https://github.com/oasisprotocol/oasis-core/issues/5282)) Structures and functions related to executor commitments were added in order to be used later for executor commitment verification. -- go/consensus/tendermint: Implement {Prepare,Process}Proposal +- go/consensus/tendermint: Implement `{Prepare,Process}Proposal` ([#5285](https://github.com/oasisprotocol/oasis-core/issues/5285)) This also makes the nodes execute the proposal in the prepare/process @@ -1190,51 +1241,79 @@ The format is inspired by [Keep a Changelog]. based on results) and validation (e.g. rejecting blocks with invalid transactions) becomes possible. -- go: Update fixgenesis command - ([#5286](https://github.com/oasisprotocol/oasis-core/issues/5286)) +- go/oasis-test-runner: Build key manager runtime with trust root + ([#5307](https://github.com/oasisprotocol/oasis-core/issues/5307)) - Make the fixgenesis command update a few more consensus parameters. + The runtime trust-root scenarios now build not only the simple key/value + runtime but also the key manager runtime with an embedded trust root. -- go: Rename Tendermint to CometBFT - ([#5291](https://github.com/oasisprotocol/oasis-core/issues/5291)) +- tests/upgrade: Test master secrets + ([#5325](https://github.com/oasisprotocol/oasis-core/issues/5325)) -- go: Bump go-libp2p to 0.28.1 - ([#5297](https://github.com/oasisprotocol/oasis-core/issues/5297)) + The upgrade scenario was enhanced to test runtime and key manager upgrades, + trust roots and master secret rotations. -- go/consensus/cometbft: Use generic data directory names - ([#5299](https://github.com/oasisprotocol/oasis-core/issues/5299)) +- Bump Go to 1.21.0 + ([#5030](https://github.com/oasisprotocol/oasis-core/issues/5030), + [#5228](https://github.com/oasisprotocol/oasis-core/issues/5228), + [#5356](https://github.com/oasisprotocol/oasis-core/issues/5356)) - The following subdirectories under the node's data directory have been - renamed: +- go: Remove timecache replace directive in `go.mod` file + ([#5272](https://github.com/oasisprotocol/oasis-core/issues/5272)) - - `tendermint` to `consensus` - - `tendermint/abci-state` to `consensus/state` - - `tendermint-seed` to `seed` (on seed nodes only) + The replace directive for github.com/whyrusleeping/timecache has been removed + since the go-libp2p-pubsub library version 0.9.3 no longer utilizes it. -- go: Bump cometbft to v0.37.2-oasis1 - ([#5306](https://github.com/oasisprotocol/oasis-core/issues/5306)) +- go: Remove flatbuffers replace directive in `go.mod` file + ([#5273](https://github.com/oasisprotocol/oasis-core/issues/5273)) -- go/oasis-test-runner: Build key manager runtime with trust root - ([#5307](https://github.com/oasisprotocol/oasis-core/issues/5307)) + The replace directive for github.com/google/flatbuffers has been removed + since the badger library version 3.2103.4 uses the same version 1.12.1. - The runtime trust-root scenarios now build not only the simple key/value - but also the key manager runtime with an embedded trust root. +- go: Ignore CVE-2022-44797 until tendermint uses newer btcd + ([#5024](https://github.com/oasisprotocol/oasis-core/issues/5024)) -- go: Remove TLS certificate rotation - ([#5318](https://github.com/oasisprotocol/oasis-core/issues/5318)) +- go: Bump golang.org/x/net to 0.13.0 + ([#5095](https://github.com/oasisprotocol/oasis-core/issues/5095), + [#5337](https://github.com/oasisprotocol/oasis-core/issues/5337)) - We use libp2p for all communication now, so TLS certificate rotation is - no longer needed. +- go: Bump go-libp2p-pubsub to 0.9.1 + ([#5180](https://github.com/oasisprotocol/oasis-core/issues/5180), + [#5195](https://github.com/oasisprotocol/oasis-core/issues/5195)) -- tests/upgrade: Test master secrets - ([#5325](https://github.com/oasisprotocol/oasis-core/issues/5325)) +- go: Bump go-libp2p to 0.30.0 + ([#5026](https://github.com/oasisprotocol/oasis-core/issues/5026), + [#5087](https://github.com/oasisprotocol/oasis-core/issues/5087), + [#5180](https://github.com/oasisprotocol/oasis-core/issues/5180), + [#5297](https://github.com/oasisprotocol/oasis-core/issues/5297), + [#5338](https://github.com/oasisprotocol/oasis-core/issues/5338), + [#5339](https://github.com/oasisprotocol/oasis-core/issues/5339), + [#5355](https://github.com/oasisprotocol/oasis-core/issues/5355)) - The upgrade scenario was enhanced to test runtime and key manager upgrades, - trust roots and master secret rotations. +- runtime: Bump serde_json to 1.0.87 + ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) -- go: Bump go-libp2p to 0.29.2 - ([#5338](https://github.com/oasisprotocol/oasis-core/issues/5338), - [#5339](https://github.com/oasisprotocol/oasis-core/issues/5339)) +- runtime: Bump futures to 0.3.25 + ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) + +- runtime: Bump arbitrary to 1.2.0 + ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) + +- runtime: Bump oasis-cbor to 0.5.1 + ([#5035](https://github.com/oasisprotocol/oasis-core/issues/5035)) + +- runtime: Bump tendermint-rs to 0.30.0 + ([#5037](https://github.com/oasisprotocol/oasis-core/issues/5037), + [#5106](https://github.com/oasisprotocol/oasis-core/issues/5106), + [#5190](https://github.com/oasisprotocol/oasis-core/issues/5190), + [#5234](https://github.com/oasisprotocol/oasis-core/issues/5234)) + +- runtime: Bump tokio to 1.29.1 + ([#5120](https://github.com/oasisprotocol/oasis-core/issues/5120), + [#5330](https://github.com/oasisprotocol/oasis-core/issues/5330)) + +- runtime: Bump tempfile to 3.4.0 + ([#5213](https://github.com/oasisprotocol/oasis-core/issues/5213)) - runtime: Bump ed25519-dalek to 2.0.0 ([#5351](https://github.com/oasisprotocol/oasis-core/issues/5351)) @@ -1245,11 +1324,23 @@ The format is inspired by [Keep a Changelog]. - runtime: Bump sha2 to 0.10.7, hmac to 0.12.1 ([#5351](https://github.com/oasisprotocol/oasis-core/issues/5351)) -- go: Bump go-libp2p to 0.30.0 - ([#5355](https://github.com/oasisprotocol/oasis-core/issues/5355)) +- runtime-loader: Bump clap to 4.0.22 + ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) + +- runtime-loader: Bump futures to 0.3.25 + ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) + +- keymanager: Bump futures to 0.3.25 + ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) -- go: Bump go to 1.21.0 - ([#5356](https://github.com/oasisprotocol/oasis-core/issues/5356)) +- tools: Bump clap to 4.0.22 + ([#5031](https://github.com/oasisprotocol/oasis-core/issues/5031)) + +- docker: Bump base image to Ubuntu 22.04 + ([#5141](https://github.com/oasisprotocol/oasis-core/issues/5141)) + +- docker: Bump cargo-tarpaulin to 0.25.0 + ([#5191](https://github.com/oasisprotocol/oasis-core/issues/5191)) ## 22.2 (2022-10-13)