diff --git a/.changelog/5205.internal.md b/.changelog/5205.internal.md deleted file mode 100644 index 5e1d612a3bb..00000000000 --- a/.changelog/5205.internal.md +++ /dev/null @@ -1 +0,0 @@ -keymanager/src/runtime: Remove legacy version of init request diff --git a/.changelog/5270.internal.md b/.changelog/5270.internal.md deleted file mode 100644 index 2907ae4894b..00000000000 --- a/.changelog/5270.internal.md +++ /dev/null @@ -1 +0,0 @@ -makefile: Exit with an error if go mod tidy fails diff --git a/.changelog/5305.trivial.md b/.changelog/5305.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5394.bugfix.2.md b/.changelog/5394.bugfix.2.md deleted file mode 100644 index 4cd7b88f040..00000000000 --- a/.changelog/5394.bugfix.2.md +++ /dev/null @@ -1 +0,0 @@ -go/oasis-net-runner: Fix SkipPolicy flag in default fixture diff --git a/.changelog/5394.bugfix.md b/.changelog/5394.bugfix.md deleted file mode 100644 index 4e25f2971ab..00000000000 --- a/.changelog/5394.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/storage: Disable storage worker when no runtimes configured diff --git a/.changelog/5398.bugfix.1.md b/.changelog/5398.bugfix.1.md deleted file mode 100644 index f5cd2b04dd5..00000000000 --- a/.changelog/5398.bugfix.1.md +++ /dev/null @@ -1 +0,0 @@ -keymanager: Fix public key decoding for legacy key manager clients diff --git a/.changelog/5398.bugfix.2.md b/.changelog/5398.bugfix.2.md deleted file mode 100644 index 8a62f36770b..00000000000 --- a/.changelog/5398.bugfix.2.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/keymanager: Fix race condition when accessing runtime status diff --git a/.changelog/5398.feature.md b/.changelog/5398.feature.md deleted file mode 100644 index 1dd194683da..00000000000 --- a/.changelog/5398.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/oasis-test-runner: Add encrypt/decrypt txs to test client scenarios diff --git a/.changelog/5399.feature.md b/.changelog/5399.feature.md deleted file mode 100644 index 1b45f5eec29..00000000000 --- a/.changelog/5399.feature.md +++ /dev/null @@ -1 +0,0 @@ -tests/upgrade: Test encryption/decryption in upgrade test diff --git a/.changelog/5400.bugfix.md b/.changelog/5400.bugfix.md deleted file mode 100644 index 9c9240295c4..00000000000 --- a/.changelog/5400.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/common: Refresh current epoch for suspended runtimes diff --git a/.changelog/5402.trivial.md b/.changelog/5402.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5403.bugfix.md b/.changelog/5403.bugfix.md deleted file mode 100644 index cfe6cc5340a..00000000000 --- a/.changelog/5403.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/client: Fix nil dereference on early Query diff --git a/.changelog/5403.internal.md b/.changelog/5403.internal.md deleted file mode 100644 index af8177de5e2..00000000000 --- a/.changelog/5403.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump golang.org/x/net to v0.17.0 diff --git a/.changelog/5404.bugfix.1.md b/.changelog/5404.bugfix.1.md deleted file mode 100644 index 2f985105441..00000000000 --- a/.changelog/5404.bugfix.1.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute/executor: Use local time for batch scheduling diff --git a/.changelog/5404.bugfix.2.md b/.changelog/5404.bugfix.2.md deleted file mode 100644 index 12672546e7e..00000000000 --- a/.changelog/5404.bugfix.2.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute/executor: Start processing once all txs are fetched diff --git a/.changelog/5404.bugfix.3.md b/.changelog/5404.bugfix.3.md deleted file mode 100644 index 71835d1cc26..00000000000 --- a/.changelog/5404.bugfix.3.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute/executor: Schedule only if higher ranks didn't propose diff --git a/.changelog/5404.bugfix.4.md b/.changelog/5404.bugfix.4.md deleted file mode 100644 index b65187533b7..00000000000 --- a/.changelog/5404.bugfix.4.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute/executor: Estimate pool rank from observed commitments diff --git a/.changelog/5407.bugfix.md b/.changelog/5407.bugfix.md deleted file mode 100644 index 655ad300a42..00000000000 --- a/.changelog/5407.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -Fix stuck `control status` on runtime nodes before initialization diff --git a/.changelog/5408.bugfix.md b/.changelog/5408.bugfix.md deleted file mode 100644 index 27161f2144f..00000000000 --- a/.changelog/5408.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -Fix showing empty peer IDs in the Consensus light client status output diff --git a/.changelog/5410.bugfix.md b/.changelog/5410.bugfix.md deleted file mode 100644 index 9f75de96fe5..00000000000 --- a/.changelog/5410.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -config/migrate: Automatically configure external P2P addresses for validators diff --git a/.changelog/5421.internal.md b/.changelog/5421.internal.md deleted file mode 100644 index af5cf401a26..00000000000 --- a/.changelog/5421.internal.md +++ /dev/null @@ -1 +0,0 @@ -Install setuptools to make Towncrier fork work with Python 3.12 diff --git a/.changelog/5422.trivial.md b/.changelog/5422.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5423.bugfix.md b/.changelog/5423.bugfix.md deleted file mode 100644 index 9313cfc25cb..00000000000 --- a/.changelog/5423.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -go/consensus: Do not crash on nil result from Commit - -The Commit function can return both a nil error and a nil result in case -the given block is not available yet. diff --git a/.changelog/5426.bugfix.md b/.changelog/5426.bugfix.md deleted file mode 100644 index 5169c6d5843..00000000000 --- a/.changelog/5426.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute/executor: Clear channels when not in the committee diff --git a/.changelog/5427.feature.md b/.changelog/5427.feature.md deleted file mode 100644 index 924f004cae5..00000000000 --- a/.changelog/5427.feature.md +++ /dev/null @@ -1,7 +0,0 @@ -config: add option to override internal unix socket path - -Previously the UNIX socket path could only be overriden via a debug option -which also required the general "don't blame Oasis" to be set. Since this -option can be generally useful in production environments it is now supported -in the config file. The socket path can be set under -`common.internal_socket_path`, and is not considered a debug option anymore. diff --git a/.changelog/5430.trivial.md b/.changelog/5430.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5433.bugfix.md b/.changelog/5433.bugfix.md deleted file mode 100644 index e0c551d0160..00000000000 --- a/.changelog/5433.bugfix.md +++ /dev/null @@ -1,10 +0,0 @@ -go/runtime/host/multi: Propagate special requests to next version - -Previously periodic consensus sync requests were not propagated to the -next (e.g. upcoming) runtime version. This could result in the runtime's -consensus view going stale which would make the attestations too old so -they would be rejected during scheduling. - -Additionally, key manager update requests should also be propagated to -ensure the runtime is ready immediately when activated, avoiding any -potential race conditions. diff --git a/.changelog/5436.feature.md b/.changelog/5436.feature.md deleted file mode 100644 index 2cfcf5f5898..00000000000 --- a/.changelog/5436.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -go/consensus/roothash: Filter executor commitments by runtime ID - -Compute executor committee workers no longer have to verify the signatures -of observed commitments simply to identify them as invalid. diff --git a/.changelog/5438.bugfix.2.md b/.changelog/5438.bugfix.2.md deleted file mode 100644 index 97da869af33..00000000000 --- a/.changelog/5438.bugfix.2.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute: Bound batch execution time diff --git a/.changelog/5438.bugfix.md b/.changelog/5438.bugfix.md deleted file mode 100644 index 72a6b617761..00000000000 --- a/.changelog/5438.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/runtime/host/sandbox: Release lock before calling into runtime - -Similar to how this is handled in the multi runtime host, we need to -release the lock before calling into the runtime as otherwise this could -lead to a deadlock in certain situations. diff --git a/.changelog/5442.bugfix.md b/.changelog/5442.bugfix.md deleted file mode 100644 index fcdcc7b9a40..00000000000 --- a/.changelog/5442.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime/host/protocol/connection: Cancel call if connection is closed diff --git a/.changelog/5446.bugfix.2.md b/.changelog/5446.bugfix.2.md deleted file mode 100644 index 2f8e1158fac..00000000000 --- a/.changelog/5446.bugfix.2.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute: Also abort in case deadline exceeded diff --git a/.changelog/5446.bugfix.md b/.changelog/5446.bugfix.md deleted file mode 100644 index d5f4171028c..00000000000 --- a/.changelog/5446.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute: Use correct context when aborting runtime diff --git a/.changelog/5447.bugfix.2.md b/.changelog/5447.bugfix.2.md deleted file mode 100644 index d2edf03d9df..00000000000 --- a/.changelog/5447.bugfix.2.md +++ /dev/null @@ -1,6 +0,0 @@ -go/runtime: Fix zombie channel pipe leak on runtime restarts - -Pipes created by a call to channels.Unwrap spawned new goroutines -that were not terminated during runtime restarts. These zombie -pipes also intercepted one value from the newly created pipes, -causing them to block indefinitely. diff --git a/.changelog/5447.bugfix.md b/.changelog/5447.bugfix.md deleted file mode 100644 index 7d1bfab06a1..00000000000 --- a/.changelog/5447.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute/executor: Propose promptly upon detecting discrepancy diff --git a/.changelog/5448.bugfix.md b/.changelog/5448.bugfix.md deleted file mode 100644 index 3766034621e..00000000000 --- a/.changelog/5448.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime/host/multi: Release lock early to avoid blocking diff --git a/.changelog/5449.feature.2.md b/.changelog/5449.feature.2.md deleted file mode 100644 index 1df5cf034a1..00000000000 --- a/.changelog/5449.feature.2.md +++ /dev/null @@ -1,4 +0,0 @@ -go/oasis-test-runner: Verify enclave initialization after km upgrade - -Verify whether enclave initialization still functions after the key -manager upgrade. diff --git a/.changelog/5449.feature.md b/.changelog/5449.feature.md deleted file mode 100644 index 87c04647eca..00000000000 --- a/.changelog/5449.feature.md +++ /dev/null @@ -1,7 +0,0 @@ -go/oasis-node/cmd/genesis: Make attestation age/interval configurable - -A new flag `registry.tee_features.sgx.default_max_attestation_age` was added -to the genesis command to specify the default maximum attestation age when -SGX RAK-signed attestations are enabled. Additionally, within the runtime -registry configuration, one can now set the attestation interval for periodic -runtime re-attestation. diff --git a/.changelog/5450.bugfix.md b/.changelog/5450.bugfix.md deleted file mode 100644 index 7a339d22d09..00000000000 --- a/.changelog/5450.bugfix.md +++ /dev/null @@ -1,10 +0,0 @@ -runtime: Create controller in RpcClient constructor - -Previously if no RPC calls were initiated by the runtime, the client -controller task was never spawned which caused quote policy update -requests to pile up in the command queue, eventually blocking the entire -runtime from processing requests. - -Since the async runtime is now available early on during initialization, -we can spawn the controller in the RpcClient constructor, avoiding these -problems. diff --git a/.changelog/5451.trivial.md b/.changelog/5451.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5452.trivial.md b/.changelog/5452.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5453.bugfix.md b/.changelog/5453.bugfix.md deleted file mode 100644 index 923ca4abb3d..00000000000 --- a/.changelog/5453.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute: Abort runtimes only on timeouts diff --git a/.changelog/5455.trivial.md b/.changelog/5455.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5456.bugfix.2.md b/.changelog/5456.bugfix.2.md deleted file mode 100644 index 4d399266565..00000000000 --- a/.changelog/5456.bugfix.2.md +++ /dev/null @@ -1 +0,0 @@ -go/p2p: Increase incoming connection limit for seed nodes diff --git a/.changelog/5456.bugfix.md b/.changelog/5456.bugfix.md deleted file mode 100644 index a4cb5793942..00000000000 --- a/.changelog/5456.bugfix.md +++ /dev/null @@ -1,7 +0,0 @@ -go/p2p: Close connection to seed node after every request - -Bootstrap client, which is responsible for peer discovery and advertisement, -now terminates connection to the seed node after every request. This action -should free up recourses (e.g. inbound/outbound connections) on both sides -without affecting performance since discovered peers are cached (see retention -period) and advertisement is done infrequently (see TTL). diff --git a/.changelog/5457.feature.md b/.changelog/5457.feature.md deleted file mode 100644 index e3b4b1fdf7d..00000000000 --- a/.changelog/5457.feature.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Add roothash round roots state wrappers in rust diff --git a/.changelog/5458.bugfix.md b/.changelog/5458.bugfix.md deleted file mode 100644 index c1fe19c3636..00000000000 --- a/.changelog/5458.bugfix.md +++ /dev/null @@ -1,6 +0,0 @@ -runtime: Improve error reporting if DeoxysII unsealing fails - -Previously, if the CPU changed between runs of the Oasis node, the error -reported was a cryptic "ciphertext is corrupted" (because the sealed SGX -secrets were invalidated). -Now we add a bit more context to make it easier for the end-user. diff --git a/.changelog/5460.trivial.md b/.changelog/5460.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5462.bugfix.md b/.changelog/5462.bugfix.md deleted file mode 100644 index bd42cbe5e11..00000000000 --- a/.changelog/5462.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus/cometbft/light: Don't crash when signed header unavailable diff --git a/.changelog/5465.internal.md b/.changelog/5465.internal.md deleted file mode 100644 index 0a60c12c156..00000000000 --- a/.changelog/5465.internal.md +++ /dev/null @@ -1 +0,0 @@ -go/common/sgx: implement `GetPCKCertificateChain` PCS API client diff --git a/.changelog/5466.bugfix.md b/.changelog/5466.bugfix.md deleted file mode 100644 index 79fafe46406..00000000000 --- a/.changelog/5466.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus/cometbft/light: Try multiple sources when fetching blocks diff --git a/.changelog/5466.cfg.md b/.changelog/5466.cfg.md deleted file mode 100644 index 0d15c870df8..00000000000 --- a/.changelog/5466.cfg.md +++ /dev/null @@ -1,4 +0,0 @@ -Add `num_light_blocks_kept` configuration option - -Located under `consensus.prune`, it allows configuring the number of light -blocks that are kept in the local trusted store (defaulting to 10000). diff --git a/.changelog/5467.feature.md b/.changelog/5467.feature.md deleted file mode 100644 index 6a56587be30..00000000000 --- a/.changelog/5467.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/roothash: expose RoundRoots in the roothash client diff --git a/.changelog/5469.bugfix.md b/.changelog/5469.bugfix.md deleted file mode 100644 index 28fcdce1bbf..00000000000 --- a/.changelog/5469.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/p2p/peermgmt/backup: Prevent overwriting TTL when restoring peers - -If the peer address of a seed node was added to the libp2p address book -before peer manager restored backup peer addresses, its permanent TTL -was replaced with the TTL for recently connected peers. diff --git a/.changelog/5472.bugfix.md b/.changelog/5472.bugfix.md deleted file mode 100644 index 670ce0deb87..00000000000 --- a/.changelog/5472.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -governance: Fix pretty priting of `ChangeParametersProposal` diff --git a/.changelog/5473.bugfix.md b/.changelog/5473.bugfix.md deleted file mode 100644 index 16f943214c2..00000000000 --- a/.changelog/5473.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/oasis-node: Remove obsolete db section during config migration diff --git a/.changelog/5476.bugfix.md b/.changelog/5476.bugfix.md deleted file mode 100644 index 4e6aea1eb94..00000000000 --- a/.changelog/5476.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/p2p/discovery: Close only idle connections to seed node diff --git a/.changelog/5479.bugfix.md b/.changelog/5479.bugfix.md deleted file mode 100644 index 3ef5ec311e1..00000000000 --- a/.changelog/5479.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -governance: fix delegator-validator vote match check diff --git a/.changelog/5480.bugfix.md b/.changelog/5480.bugfix.md deleted file mode 100644 index 1a4294c7ae6..00000000000 --- a/.changelog/5480.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/p2p/peermgmt: Find peers and connect only when needed - -If we are already connected to a sufficient number of peers -for a given topic or protocol, there's no need to retrieve -additional peers from the registry or the seed node. diff --git a/.changelog/5481.bugfix.md b/.changelog/5481.bugfix.md deleted file mode 100644 index 91f0be46b7f..00000000000 --- a/.changelog/5481.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/consensus/cometbft/light: Only fetch from light store for now - -In practice the previously introduced fetch from light client caused -the light client to fall back to slow backwards verification due to -target blocks being in the past, below the pruning window. diff --git a/.changelog/5484.trivial.md b/.changelog/5484.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5488.bugfix.md b/.changelog/5488.bugfix.md deleted file mode 100644 index 51873aee162..00000000000 --- a/.changelog/5488.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -rhp: don't prepend 'failed to read response' to runtime module errors diff --git a/.changelog/5492.bugfix.md b/.changelog/5492.bugfix.md deleted file mode 100644 index f53914c392f..00000000000 --- a/.changelog/5492.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -storage/checkpoints: Ignore i/o root in genesis checkpoint diff --git a/.changelog/5495.bugfix.md b/.changelog/5495.bugfix.md deleted file mode 100644 index 8bfe3c52011..00000000000 --- a/.changelog/5495.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/genesis: Suppress misleading genesis sanity check logs diff --git a/.changelog/5496.feature.md b/.changelog/5496.feature.md deleted file mode 100644 index ccfde26dc92..00000000000 --- a/.changelog/5496.feature.md +++ /dev/null @@ -1 +0,0 @@ -Build EPID and DCAP versions of the AESMD docker image diff --git a/.changelog/5497.trivial.md b/.changelog/5497.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5503.feature.md b/.changelog/5503.feature.md deleted file mode 100644 index 2cfc5a5eb95..00000000000 --- a/.changelog/5503.feature.md +++ /dev/null @@ -1 +0,0 @@ -runtime/sgx/pcs: Make useful attestation verification methods public diff --git a/.changelog/5509.doc.md b/.changelog/5509.doc.md deleted file mode 100644 index fd54d104151..00000000000 --- a/.changelog/5509.doc.md +++ /dev/null @@ -1 +0,0 @@ -License the documentation under CC BY 4.0 diff --git a/.changelog/5510.bugfix.md b/.changelog/5510.bugfix.md deleted file mode 100644 index 86892e0a956..00000000000 --- a/.changelog/5510.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -metrics: fix labels for disk read and write metrics - -Fixes `oasis_node_disk_written_bytes` and `oasis_node_disk_read_bytes` which -were mistakenly reversed. diff --git a/.changelog/5512.feature.md b/.changelog/5512.feature.md deleted file mode 100644 index 0a5a1d03623..00000000000 --- a/.changelog/5512.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/storage: Add storage metrics for `GetDiff` method diff --git a/.changelog/5513.internal.md b/.changelog/5513.internal.md deleted file mode 100644 index d869776d7c6..00000000000 --- a/.changelog/5513.internal.md +++ /dev/null @@ -1 +0,0 @@ -Bump Rust toolchain to 2024-03-04 diff --git a/.changelog/5514.feature.md b/.changelog/5514.feature.md deleted file mode 100644 index 69fd132a408..00000000000 --- a/.changelog/5514.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -runtime: Implement MKVS storage proof builder - -Introduces `get_proof` method to retrieve MKVS proofs for specific tree -entries. diff --git a/.changelog/5515.doc.md b/.changelog/5515.doc.md deleted file mode 100644 index 60a7f2f0b2e..00000000000 --- a/.changelog/5515.doc.md +++ /dev/null @@ -1 +0,0 @@ -docs: Fix broken link anchors diff --git a/.changelog/5519.feature.md b/.changelog/5519.feature.md deleted file mode 100644 index 2adc1277553..00000000000 --- a/.changelog/5519.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime/host: Add separate metric for RHP call timeouts diff --git a/.changelog/5520.bugfix.md b/.changelog/5520.bugfix.md deleted file mode 100644 index 34e7ad196b9..00000000000 --- a/.changelog/5520.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/runtime/transaction: Use node database directly when possible - -Previously accessing the transaction artifacts tree would always use the -slower read syncer interface meant for communicating with untrusted db -instances. This is now short-circuited in case a local db is available. diff --git a/.changelog/5521.internal.md b/.changelog/5521.internal.md deleted file mode 100644 index dab4ee268d6..00000000000 --- a/.changelog/5521.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to 0.32.2 diff --git a/.changelog/5523.internal.md b/.changelog/5523.internal.md deleted file mode 100644 index c53bbeaff4c..00000000000 --- a/.changelog/5523.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Increase number of processing threads in SGX diff --git a/.changelog/5528.feature.md b/.changelog/5528.feature.md deleted file mode 100644 index 360f74eb4f4..00000000000 --- a/.changelog/5528.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime: Add load-balancer runtime provisioner diff --git a/.changelog/5529.bugfix.md b/.changelog/5529.bugfix.md deleted file mode 100644 index 8f1722b4ea0..00000000000 --- a/.changelog/5529.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/keymanager: Fix race conditions when accessing status fields diff --git a/.changelog/5530.cfg.md b/.changelog/5530.cfg.md deleted file mode 100644 index 6515771fd35..00000000000 --- a/.changelog/5530.cfg.md +++ /dev/null @@ -1,5 +0,0 @@ -Remove `may_generate` configuration option - -Key manager worker no longer needs this configuration option, previously -located under `worker.keymanager`, as master secrets can be generated -by all key manager committee nodes. diff --git a/.changelog/5531.feature.md b/.changelog/5531.feature.md deleted file mode 100644 index 728b9dedec8..00000000000 --- a/.changelog/5531.feature.md +++ /dev/null @@ -1,10 +0,0 @@ -Support for Proofs Without Implicit Internal Leaf Nodes - -Previously, internal MKVS nodes in proofs included full leaf nodes implicitly. -With this update, leaf nodes are explicitly added as regular child nodes -within the proof structure. This modification optimizes proof sizes by -avoiding inclusion of potentially large values associated with leaf nodes that -are not directly relevant to the proof's target node. - -This change maintains backward compatibility. Existing proofs are unmarshaled -as version 0, while version 1 proofs adopt the new scheme. diff --git a/.changelog/5532.trivial.md b/.changelog/5532.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5533.internal.md b/.changelog/5533.internal.md deleted file mode 100644 index bd87d59ed3d..00000000000 --- a/.changelog/5533.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -rust: bump shlex to v 1.3.0 - -[RUSTSEC-2024-0006]( -https://rustsec.org/advisories/RUSTSEC-2024-0006) diff --git a/.changelog/5534.feature.md b/.changelog/5534.feature.md deleted file mode 100644 index 638778b4657..00000000000 --- a/.changelog/5534.feature.md +++ /dev/null @@ -1,5 +0,0 @@ -go/oasis-net-runner: Add ability to set node log level and format - -Previously, every node started by the net runner had the default -log level of debug, while now it's possible to set it to other -levels. The log format can also be changed. diff --git a/.changelog/5535.feature.md b/.changelog/5535.feature.md deleted file mode 100644 index fa2a06c58ba..00000000000 --- a/.changelog/5535.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime/host: Add GetActiveVersion to Runtime interface diff --git a/.changelog/5536.feature.md b/.changelog/5536.feature.md deleted file mode 100644 index 3a7dbc33fc3..00000000000 --- a/.changelog/5536.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/common/sync: Add IsRunning function to sync.One diff --git a/.changelog/5537.bugfix.md b/.changelog/5537.bugfix.md deleted file mode 100644 index 7d1a5fbec25..00000000000 --- a/.changelog/5537.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -Include the mode of the node in control status output diff --git a/.changelog/5538.trivial.md b/.changelog/5538.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5539.feature.md b/.changelog/5539.feature.md deleted file mode 100644 index 1ddc9d72b7e..00000000000 --- a/.changelog/5539.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -go/worker/keymanager: Authorize noise session connect calls - -A peer is granted permission to connect if it is authorized -to invoke at least one secure enclave RPC method. diff --git a/.changelog/5542.bugfix.md b/.changelog/5542.bugfix.md deleted file mode 100644 index 4e022ee89d6..00000000000 --- a/.changelog/5542.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/runtime/txpool: Remove rechecked transactions from seen cache - -In case a transaction is rejected because it fails a re-check pass, it -should also be removed from the seen cache as it may be resubmitted -later when it could become valid. diff --git a/.changelog/5544.trivial.md b/.changelog/5544.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5545.bugfix.md b/.changelog/5545.bugfix.md deleted file mode 100644 index c43da6cc81b..00000000000 --- a/.changelog/5545.bugfix.md +++ /dev/null @@ -1,5 +0,0 @@ -go/worker/client: Fix observer node registration - -Previously a node configured as an observer node would forget to -register for all of its configured runtimes, causing the registration -to fail. diff --git a/.changelog/5546.feature.md b/.changelog/5546.feature.md deleted file mode 100644 index 92a98778e8b..00000000000 --- a/.changelog/5546.feature.md +++ /dev/null @@ -1,5 +0,0 @@ -go/worker/keymanager/p2p: Remove retries and sticky peers - -Since retry and peer selection is now handled in the runtimes having it -also done outside is detrimental to latency. The runtime knows better -when to actually retry and which peers to select. diff --git a/.changelog/5546.internal.1.md b/.changelog/5546.internal.1.md deleted file mode 100644 index 2f14360a02e..00000000000 --- a/.changelog/5546.internal.1.md +++ /dev/null @@ -1 +0,0 @@ -go/p2p/rpc: Remove support for sticky peers diff --git a/.changelog/5546.internal.2.md b/.changelog/5546.internal.2.md deleted file mode 100644 index eccc9b68346..00000000000 --- a/.changelog/5546.internal.2.md +++ /dev/null @@ -1 +0,0 @@ -runtime/enclave_rpc: Support caller to provide peer feedback diff --git a/.changelog/5548.feature.md b/.changelog/5548.feature.md deleted file mode 100644 index 1eb77233ff2..00000000000 --- a/.changelog/5548.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/common/keyformat: Ensure prefixes are unique per namespace diff --git a/.changelog/5550.doc.md b/.changelog/5550.doc.md deleted file mode 100644 index 4d1286a8e74..00000000000 --- a/.changelog/5550.doc.md +++ /dev/null @@ -1 +0,0 @@ -docs: Fix broken link to CometBFT metrics page diff --git a/.changelog/5551.feature.md b/.changelog/5551.feature.md deleted file mode 100644 index 83c6735da98..00000000000 --- a/.changelog/5551.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/keymanager/churp: Allow key managers to create/update scheme diff --git a/.changelog/5553.internal.md b/.changelog/5553.internal.md deleted file mode 100644 index 782c6fa2dc8..00000000000 --- a/.changelog/5553.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -go/worker/compute: Simplify I/O root commit - -This also avoids an intermediate committed IO root which complicates the -required database layout. diff --git a/.changelog/5554.internal.md b/.changelog/5554.internal.md deleted file mode 100644 index 4e365a486af..00000000000 --- a/.changelog/5554.internal.md +++ /dev/null @@ -1 +0,0 @@ -keymanager/runtime: Use insecure RPC requests for ephemeral public keys diff --git a/.changelog/5555.internal.md b/.changelog/5555.internal.md deleted file mode 100644 index 9115528da79..00000000000 --- a/.changelog/5555.internal.md +++ /dev/null @@ -1,6 +0,0 @@ -runtime/src/enclave_rpc: Simplify RPC context - -The RPC context now contains only essential data for secure RPC methods. -Identity, consensus verifier, and storage have been removed and are now -available to methods responsible for master and ephemeral secrets after -initialization. diff --git a/.changelog/5556.feature.md b/.changelog/5556.feature.md deleted file mode 100644 index 25298074d8d..00000000000 --- a/.changelog/5556.feature.md +++ /dev/null @@ -1,7 +0,0 @@ -go: Bump go to 1.22.0 - -Also updates go tooling: - -- golangci-lint to 1.56.1 -- gofumpt to 0.6.0 -- goimports to 0.18.0 diff --git a/.changelog/5558.internal.md b/.changelog/5558.internal.md deleted file mode 100644 index 44ff37b84e7..00000000000 --- a/.changelog/5558.internal.md +++ /dev/null @@ -1 +0,0 @@ -docker: Bump cargo-tarpaulin to 0.27.3 diff --git a/.changelog/5559.feature.md b/.changelog/5559.feature.md deleted file mode 100644 index c29eea32e26..00000000000 --- a/.changelog/5559.feature.md +++ /dev/null @@ -1,13 +0,0 @@ -go/storage/mkvs: Add PathBadger storage backend - -Instead of using trie node hashes as keys in the underlying Badger -store, this new backend instead uses a combination of version and index -within the batch of trie nodes as keys which leads to improved locality -when iterating over the trie while at the same time making the database -smaller and compactions faster. - -The new backend makes some (reasonable) assumptions, specifically that -only one root per type may be finalized in any version and that there -may be no child roots within the same version. - -The new backend is experimental. diff --git a/.changelog/5561.internal.md b/.changelog/5561.internal.md deleted file mode 100644 index c9f2c84c8dd..00000000000 --- a/.changelog/5561.internal.md +++ /dev/null @@ -1,3 +0,0 @@ -runtime/src/storage: Move untrusted in-memory key/value storage - -The untrusted in-memory key/value storage is now accessible to all tests. diff --git a/.changelog/5562.feature.md b/.changelog/5562.feature.md deleted file mode 100644 index fbe78cef1a6..00000000000 --- a/.changelog/5562.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/churp: Implement the dealer diff --git a/.changelog/5566.bugfix.md b/.changelog/5566.bugfix.md deleted file mode 100644 index 5fe465a1ebc..00000000000 --- a/.changelog/5566.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -governance/ChangeParametersProposal: Display only changed parameters - -Omit the unchanged parameter values when pretty-printing the -`ChangeParameterProposal`. diff --git a/.changelog/5567.bugfix.md b/.changelog/5567.bugfix.md deleted file mode 100644 index 3e4d777ce96..00000000000 --- a/.changelog/5567.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Verify freshness with RAK against latest state diff --git a/.changelog/5568.feature.md b/.changelog/5568.feature.md deleted file mode 100644 index 389370577e3..00000000000 --- a/.changelog/5568.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/keymanager/churp: Allow nodes to apply for a new committee diff --git a/.changelog/5569.feature.md b/.changelog/5569.feature.md deleted file mode 100644 index 6545c0c4be2..00000000000 --- a/.changelog/5569.feature.md +++ /dev/null @@ -1 +0,0 @@ -keymanager/src/churp: Handle init RPC requests diff --git a/.changelog/5570.feature.md b/.changelog/5570.feature.md deleted file mode 100644 index c7718e7c0d5..00000000000 --- a/.changelog/5570.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/keymanager/churp: Add a flag which enables the extension diff --git a/.changelog/5571.feature.md b/.changelog/5571.feature.md deleted file mode 100644 index 68a61aefb5f..00000000000 --- a/.changelog/5571.feature.md +++ /dev/null @@ -1,3 +0,0 @@ -go/upgrade/migrations: Prepare handler for version 24.0.0 - -The handler enables the key manager CHURP extension. diff --git a/.changelog/5572.feature.md b/.changelog/5572.feature.md deleted file mode 100644 index 8b745215417..00000000000 --- a/.changelog/5572.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/keymanager: Add churp worker diff --git a/.changelog/5575.feature.md b/.changelog/5575.feature.md deleted file mode 100644 index 493b18c91ff..00000000000 --- a/.changelog/5575.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/churp: Support dealing shares diff --git a/.changelog/5577.bugfix.md b/.changelog/5577.bugfix.md deleted file mode 100644 index 0cd70a4fc60..00000000000 --- a/.changelog/5577.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/runtime/host: Wait for readiness instead of failing immediately diff --git a/.changelog/5578.feature.md b/.changelog/5578.feature.md deleted file mode 100644 index 222c307155c..00000000000 --- a/.changelog/5578.feature.md +++ /dev/null @@ -1 +0,0 @@ -sgx: Support early updates for ECDSA TCB infos diff --git a/.changelog/5583.internal.md b/.changelog/5583.internal.md deleted file mode 100644 index d869776d7c6..00000000000 --- a/.changelog/5583.internal.md +++ /dev/null @@ -1 +0,0 @@ -Bump Rust toolchain to 2024-03-04 diff --git a/.changelog/5586.feature.md b/.changelog/5586.feature.md deleted file mode 100644 index a8d1ef8bb61..00000000000 --- a/.changelog/5586.feature.md +++ /dev/null @@ -1 +0,0 @@ -go: Update go to 1.22.1 diff --git a/.changelog/5588.feature.md b/.changelog/5588.feature.md deleted file mode 100644 index 766cc637205..00000000000 --- a/.changelog/5588.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -go/upgrade: Adjust MaxTxSize and MaxBlockSize in consensus240 handler - -This is needed as DCAP quotes are larger and nodes running multiple -confidential runtimes may otherwise exceed the max transaction size. diff --git a/.changelog/5589.feature.md b/.changelog/5589.feature.md deleted file mode 100644 index 9373b5e8374..00000000000 --- a/.changelog/5589.feature.md +++ /dev/null @@ -1,5 +0,0 @@ -go/runtime/client: Add the GetUnconfirmedTransactions method - -Similarly to GetUnconfirmedTransactions in the consensus API, this -new method returns the currently pending runtime transactions from -the runtime transaction pool. diff --git a/.changelog/5590.feature.md b/.changelog/5590.feature.md deleted file mode 100644 index 6f3dde82779..00000000000 --- a/.changelog/5590.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/src/vss/polynomial: Support basic operations diff --git a/.changelog/5592.feature.md b/.changelog/5592.feature.md deleted file mode 100644 index 1121355ec69..00000000000 --- a/.changelog/5592.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/src/vss: Add Lagrange interpolation diff --git a/.changelog/5593.trivial.md b/.changelog/5593.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5595.feature.md b/.changelog/5595.feature.md deleted file mode 100644 index 02caa2e1845..00000000000 --- a/.changelog/5595.feature.md +++ /dev/null @@ -1,4 +0,0 @@ -go/worker/storage: Make fetch pool per-runtime - -This should speed up storage sync in case of nodes that have multiple -runtimes configured. diff --git a/.changelog/5602.feature.md b/.changelog/5602.feature.md deleted file mode 100644 index 477899a65de..00000000000 --- a/.changelog/5602.feature.md +++ /dev/null @@ -1,12 +0,0 @@ -Implement ROFL (Runtime OFf-chain Logic) - -This extends runtimes with support for arbitrary off-chain logic that uses -the existing decentralized execution, distribution and remote attestation -infrastructure provided by Oasis. See [ADR 24] for more details. - -Use cases include oracles, bridges, light clients, complex data workloads, -intent solvers, autonomous AI agents, etc. - - -[ADR 24]: https://github.com/oasisprotocol/adrs/blob/main/0024-off-chain-runtime-logic.md - diff --git a/.changelog/5603.trivial.md b/.changelog/5603.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5604.internal.md b/.changelog/5604.internal.md deleted file mode 100644 index c3e15002ccb..00000000000 --- a/.changelog/5604.internal.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Bump tendermint-rs to 0.35.0 diff --git a/.changelog/5605.bugfix.md b/.changelog/5605.bugfix.md deleted file mode 100644 index c77fee04048..00000000000 --- a/.changelog/5605.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus/cometbft/beacon: Fix GetEpochBlock implementation diff --git a/.changelog/5606.feature.md b/.changelog/5606.feature.md deleted file mode 100644 index 24187c5ce65..00000000000 --- a/.changelog/5606.feature.md +++ /dev/null @@ -1,5 +0,0 @@ -Add observer nodes automatically to the keymanager's access list - -Observer nodes for a given paratime had to be added manually. This -change brings observer nodes in line with compute nodes, which were -added automatically. diff --git a/.changelog/5610.internal.md b/.changelog/5610.internal.md deleted file mode 100644 index 26241f79be4..00000000000 --- a/.changelog/5610.internal.md +++ /dev/null @@ -1 +0,0 @@ -ci: Update SGX tests to run DCAP diff --git a/.changelog/5613.trivial.md b/.changelog/5613.trivial.md deleted file mode 100644 index 26f0a0a0d30..00000000000 --- a/.changelog/5613.trivial.md +++ /dev/null @@ -1,5 +0,0 @@ -go/worker/keymanager: Fix node ACL management - -Compute nodes from any previous committees should be removed from an ACL -even if there was an error retrieving metadata for the latest -committees. diff --git a/.changelog/5614.internal.md b/.changelog/5614.internal.md deleted file mode 100644 index 27139d783d7..00000000000 --- a/.changelog/5614.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Make sure packages compile on Windows diff --git a/.changelog/5615.internal.md b/.changelog/5615.internal.md deleted file mode 100644 index 98a5a360044..00000000000 --- a/.changelog/5615.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump CometBFT to 0.37.6-oasis1 diff --git a/.changelog/5616.feature.md b/.changelog/5616.feature.md deleted file mode 100644 index d81c82dc22f..00000000000 --- a/.changelog/5616.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/src/vss: Implement verification vector diff --git a/.changelog/5617.feature.md b/.changelog/5617.feature.md deleted file mode 100644 index c3dc9962f0d..00000000000 --- a/.changelog/5617.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/src/churp: Implement handoff diff --git a/.changelog/5622.bugfix.md b/.changelog/5622.bugfix.md deleted file mode 100644 index 4c07632b858..00000000000 --- a/.changelog/5622.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -go/archive: fix runtime queries on archive nodes - -Fixes storage worker initialization on archive nodes which was causing runtime -queries to fail. diff --git a/.changelog/5623.bugfix.md b/.changelog/5623.bugfix.md deleted file mode 100644 index 6623dc88c98..00000000000 --- a/.changelog/5623.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -runtime: Add missing support for per-role admission policy decoding diff --git a/.changelog/5625.feature.2.md b/.changelog/5625.feature.2.md deleted file mode 100644 index 8c52de9ae5a..00000000000 --- a/.changelog/5625.feature.2.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump go-libp2p to v0.33.2 diff --git a/.changelog/5625.feature.md b/.changelog/5625.feature.md deleted file mode 100644 index d9dbf5b3310..00000000000 --- a/.changelog/5625.feature.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump github.com/quic-go/quic-go to v0.42.0 diff --git a/.changelog/5626.feature.md b/.changelog/5626.feature.md deleted file mode 100644 index 05215793680..00000000000 --- a/.changelog/5626.feature.md +++ /dev/null @@ -1 +0,0 @@ -go: Update go to 1.22.2 diff --git a/.changelog/5627.trivial.md b/.changelog/5627.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5628.feature.md b/.changelog/5628.feature.md deleted file mode 100644 index 339c79f584c..00000000000 --- a/.changelog/5628.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/keymanager/churp: Allow nodes to confirm handoff completion diff --git a/.changelog/5629.trivial.md b/.changelog/5629.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5630.bugfix.md b/.changelog/5630.bugfix.md deleted file mode 100644 index b5e627ec611..00000000000 --- a/.changelog/5630.bugfix.md +++ /dev/null @@ -1,6 +0,0 @@ -go/runtime/txpool: Don't abort runtime if node is not synced yet - -If the node hasn't finished syncing, `checkTxBatch` previously -caused the runtime to be aborted, even though it wasn't the -runtime's fault. -Now the checks are retried after the node is finished syncing. diff --git a/.changelog/5631.trivial.md b/.changelog/5631.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5632.trivial.md b/.changelog/5632.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5633.trivial.md b/.changelog/5633.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5635.trivial.md b/.changelog/5635.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5636.trivial.md b/.changelog/5636.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5637.trivial.md b/.changelog/5637.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5640.feature.md b/.changelog/5640.feature.md deleted file mode 100644 index 26977251eec..00000000000 --- a/.changelog/5640.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/keymanager/churp: Orchestrate handoffs diff --git a/.changelog/5641.internal.md b/.changelog/5641.internal.md deleted file mode 100644 index 98d8df0e56e..00000000000 --- a/.changelog/5641.internal.md +++ /dev/null @@ -1,5 +0,0 @@ -Build runtime binaries in release mode - -Running SGX tests with binaries built in debug mode can be extremely -slow, so build everything in release mode. This should also speed up -E2E tests. diff --git a/.changelog/5642.internal.md b/.changelog/5642.internal.md deleted file mode 100644 index 2bb72c61f78..00000000000 --- a/.changelog/5642.internal.md +++ /dev/null @@ -1,4 +0,0 @@ -Add support for mock SGX builds - -This makes it easier to test various features even when SGX hardware is -not available. diff --git a/.changelog/5644.breaking.md b/.changelog/5644.breaking.md deleted file mode 100644 index d9363222c44..00000000000 --- a/.changelog/5644.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/governance: Support for allowing voting without an entity diff --git a/.changelog/5645.trivial.md b/.changelog/5645.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5648.feature.md b/.changelog/5648.feature.md deleted file mode 100644 index 3be0726c6a2..00000000000 --- a/.changelog/5648.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/staking: Read token information from state when available diff --git a/.changelog/5650.breaking.md b/.changelog/5650.breaking.md deleted file mode 100644 index ead1d772796..00000000000 --- a/.changelog/5650.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/governance: Add support for proposal metadata diff --git a/.changelog/5651.trivial.md b/.changelog/5651.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5653.feature.md b/.changelog/5653.feature.md deleted file mode 100644 index 756636605fd..00000000000 --- a/.changelog/5653.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/keymanager/churp: Require stake for every churp scheme diff --git a/.changelog/5654.internal.md b/.changelog/5654.internal.md deleted file mode 100644 index 0d46b9db224..00000000000 --- a/.changelog/5654.internal.md +++ /dev/null @@ -1 +0,0 @@ -.github/dependabot: group rust dependency updates diff --git a/.changelog/5655.trivial.md b/.changelog/5655.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5656.feature.md b/.changelog/5656.feature.md deleted file mode 100644 index 0762bc32c20..00000000000 --- a/.changelog/5656.feature.md +++ /dev/null @@ -1 +0,0 @@ -Bump rust dependencies diff --git a/.changelog/5657.breaking.md b/.changelog/5657.breaking.md deleted file mode 100644 index e84764e6fe5..00000000000 --- a/.changelog/5657.breaking.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus: Add global minimum gas price diff --git a/.changelog/5658.feature.md b/.changelog/5658.feature.md deleted file mode 100644 index b052ec0c7a7..00000000000 --- a/.changelog/5658.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/src/vss/lagrange: Implement Lagrange coefficients diff --git a/.changelog/5659.feature.md b/.changelog/5659.feature.md deleted file mode 100644 index 3bfadbacdfa..00000000000 --- a/.changelog/5659.feature.md +++ /dev/null @@ -1 +0,0 @@ -go/upgrade: Support upgrades without stopping the node diff --git a/.changelog/5660.bugfix.md b/.changelog/5660.bugfix.md deleted file mode 100644 index c3142ce3915..00000000000 --- a/.changelog/5660.bugfix.md +++ /dev/null @@ -1 +0,0 @@ -go/worker/compute/executor/committee: Retry scheduling on failure diff --git a/.changelog/5662.breaking.md b/.changelog/5662.breaking.md deleted file mode 100644 index 6ed0efb6236..00000000000 --- a/.changelog/5662.breaking.md +++ /dev/null @@ -1,5 +0,0 @@ -go/vault: Add simple consensus layer vault - -The vault service is a simple multi-sig where multiple parties vote to -perform actions on behalf of the vault account. This feature is disabled -by default and needs to be enabled via a governance vote. diff --git a/.changelog/5663.feature.md b/.changelog/5663.feature.md deleted file mode 100644 index f0d663db3ed..00000000000 --- a/.changelog/5663.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/src/churp: Encode shareholder ID to prime field diff --git a/.changelog/5665.cfg.md b/.changelog/5665.cfg.md deleted file mode 100644 index a1e73b445aa..00000000000 --- a/.changelog/5665.cfg.md +++ /dev/null @@ -1 +0,0 @@ -go/consensus: Change default sync trust period to 30 days diff --git a/.changelog/5668.trivial.md b/.changelog/5668.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5669.trivial.md b/.changelog/5669.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5671.trivial.md b/.changelog/5671.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5673.internal.md b/.changelog/5673.internal.md deleted file mode 100644 index 98a5a360044..00000000000 --- a/.changelog/5673.internal.md +++ /dev/null @@ -1 +0,0 @@ -go: Bump CometBFT to 0.37.6-oasis1 diff --git a/.changelog/5674.trivial.md b/.changelog/5674.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5676.trivial.md b/.changelog/5676.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5682.trivial.md b/.changelog/5682.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5684.feature.md b/.changelog/5684.feature.md deleted file mode 100644 index 5e63e3c5027..00000000000 --- a/.changelog/5684.feature.md +++ /dev/null @@ -1 +0,0 @@ -secret-sharing/src/kdc: Add key derivation center diff --git a/.changelog/5686.bugfix.md b/.changelog/5686.bugfix.md deleted file mode 100644 index 1684a3821b5..00000000000 --- a/.changelog/5686.bugfix.md +++ /dev/null @@ -1,4 +0,0 @@ -keymanager: Allow one epoch in the future during validation - -This avoids an issue where a key manager node that is slightly behind -would return an error during an epoch transition. diff --git a/.changelog/5688.trivial.md b/.changelog/5688.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5689.trivial.md b/.changelog/5689.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.changelog/5690.trivial.md b/.changelog/5690.trivial.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/.punch_version.py b/.punch_version.py index 88eb1fd8e38..522e8076ddf 100644 --- a/.punch_version.py +++ b/.punch_version.py @@ -1,3 +1,3 @@ -year = '23' +year = '24' minor = 0 micro = 0 diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ff9d3ead31..5e8e250dda8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,608 @@ The format is inspired by [Keep a Changelog]. +## 24.0 (2024-05-13) + +| Protocol | Version | +|:------------------|:---------:| +| Consensus | 7.0.0 | +| Runtime Host | 5.1.0 | +| Runtime Committee | 5.0.0 | + +### Configuration Changes + +- Add `num_light_blocks_kept` configuration option + ([#5466](https://github.com/oasisprotocol/oasis-core/issues/5466)) + + Located under `consensus.prune`, it allows configuring the number of light + blocks that are kept in the local trusted store (defaulting to 10000). + +- Remove `may_generate` configuration option + ([#5530](https://github.com/oasisprotocol/oasis-core/issues/5530)) + + Key manager worker no longer needs this configuration option, previously + located under `worker.keymanager`, as master secrets can be generated + by all key manager committee nodes. + +- go/consensus: Change default sync trust period to 30 days + ([#5665](https://github.com/oasisprotocol/oasis-core/issues/5665)) + +- config: Add option to override internal unix socket path + ([#5427](https://github.com/oasisprotocol/oasis-core/issues/5427)) + + Previously the UNIX socket path could only be overriden via a debug-only + option. Since this option can be generally useful in production environments + it is now supported in the config file. The socket path can be set under + `common.internal_socket_path`, and is not considered a debug option anymore. + +### Features + +- go/storage/mkvs: Add PathBadger storage backend + ([#5559](https://github.com/oasisprotocol/oasis-core/issues/5559)) + + Instead of using trie node hashes as keys in the underlying Badger + store, this new backend instead uses a combination of version and index + within the batch of trie nodes as keys which leads to improved locality + when iterating over the trie while at the same time making the database + smaller and compactions faster. + + The new backend makes some (reasonable) assumptions, specifically that + only one root per type may be finalized in any version and that there + may be no child roots within the same version. + + The new backend is experimental and can be enabled by setting the + configuration option `storage.backend` to `pathbadger`. Note that this will + start with an empty database so will require a complete resync. + +- Implement ROFL (Runtime OFf-chain Logic) + ([#5602](https://github.com/oasisprotocol/oasis-core/issues/5602)) + + This extends runtimes with support for arbitrary off-chain logic that uses + the existing decentralized execution, distribution and remote attestation + infrastructure provided by Oasis. See [ADR 24] for more details. + + Use cases include oracles, bridges, light clients, complex data workloads, + intent solvers, autonomous AI agents, etc. + + + [ADR 24]: https://github.com/oasisprotocol/adrs/blob/main/0024-off-chain-runtime-logic.md + + +- Implement proactive secret sharing in key manager (CHURP) + ([#5551](https://github.com/oasisprotocol/oasis-core/issues/5551), + [#5562](https://github.com/oasisprotocol/oasis-core/issues/5562), + [#5568](https://github.com/oasisprotocol/oasis-core/issues/5568), + [#5569](https://github.com/oasisprotocol/oasis-core/issues/5569), + [#5570](https://github.com/oasisprotocol/oasis-core/issues/5570), + [#5572](https://github.com/oasisprotocol/oasis-core/issues/5572), + [#5575](https://github.com/oasisprotocol/oasis-core/issues/5575), + [#5590](https://github.com/oasisprotocol/oasis-core/issues/5590), + [#5592](https://github.com/oasisprotocol/oasis-core/issues/5592), + [#5616](https://github.com/oasisprotocol/oasis-core/issues/5616), + [#5617](https://github.com/oasisprotocol/oasis-core/issues/5617), + [#5628](https://github.com/oasisprotocol/oasis-core/issues/5628), + [#5640](https://github.com/oasisprotocol/oasis-core/issues/5640), + [#5653](https://github.com/oasisprotocol/oasis-core/issues/5653), + [#5658](https://github.com/oasisprotocol/oasis-core/issues/5658), + [#5663](https://github.com/oasisprotocol/oasis-core/issues/5663), + [#5684](https://github.com/oasisprotocol/oasis-core/issues/5684)) + + This adds support for proactive secret sharing in the key manager runtimes, + which makes it possible for key manager nodes to only hold shares of keys in + encrypted memory. Even if the TEE is compromised on a given node, only a + single share can be recovered, opening the way for storing secrets with even + stronger security guarantees. + + Client-side support for share reconstruction will be part of an upcoming + release. + +- go/governance: Support for allowing voting without an entity + ([#5644](https://github.com/oasisprotocol/oasis-core/issues/5644)) + +- go/governance: Add support for proposal metadata + ([#5650](https://github.com/oasisprotocol/oasis-core/issues/5650)) + +- go/consensus: Add global minimum gas price + ([#5657](https://github.com/oasisprotocol/oasis-core/issues/5657)) + +- go/vault: Add simple consensus layer vault + ([#5662](https://github.com/oasisprotocol/oasis-core/issues/5662)) + + The vault service is a simple multi-sig where multiple parties vote to + perform actions on behalf of the vault account. This feature is disabled + by default and needs to be enabled via a governance vote. + +- go/consensus/roothash: Filter executor commitments by runtime ID + ([#5436](https://github.com/oasisprotocol/oasis-core/issues/5436)) + + Compute executor committee workers no longer have to verify the signatures + of observed commitments simply to identify them as invalid. + +- go/oasis-node/cmd/genesis: Make attestation age/interval configurable + ([#5449](https://github.com/oasisprotocol/oasis-core/issues/5449)) + + A new flag `registry.tee_features.sgx.default_max_attestation_age` was added + to the genesis command to specify the default maximum attestation age when + SGX RAK-signed attestations are enabled. Additionally, within the runtime + registry configuration, one can now set the attestation interval for periodic + runtime re-attestation. + +- runtime: Add roothash round roots state wrappers in rust + ([#5457](https://github.com/oasisprotocol/oasis-core/issues/5457)) + +- go/roothash: expose RoundRoots in the roothash client + ([#5467](https://github.com/oasisprotocol/oasis-core/issues/5467)) + +- Build EPID and DCAP versions of the AESMD docker image + ([#5496](https://github.com/oasisprotocol/oasis-core/issues/5496)) + +- runtime/sgx/pcs: Make useful attestation verification methods public + ([#5503](https://github.com/oasisprotocol/oasis-core/issues/5503)) + +- go/storage: Add storage metrics for `GetDiff` method + ([#5512](https://github.com/oasisprotocol/oasis-core/issues/5512)) + +- runtime: Implement MKVS storage proof builder + ([#5514](https://github.com/oasisprotocol/oasis-core/issues/5514)) + + Introduces `get_proof` method to retrieve MKVS proofs for specific tree + entries. + +- go/runtime/host: Add separate metric for RHP call timeouts + ([#5519](https://github.com/oasisprotocol/oasis-core/issues/5519)) + +- go/runtime: Add load-balancer runtime provisioner + ([#5528](https://github.com/oasisprotocol/oasis-core/issues/5528)) + +- Support for Proofs Without Implicit Internal Leaf Nodes + ([#5531](https://github.com/oasisprotocol/oasis-core/issues/5531)) + + Previously, internal MKVS nodes in proofs included full leaf nodes implicitly. + With this update, leaf nodes are explicitly added as regular child nodes + within the proof structure. This modification optimizes proof sizes by + avoiding inclusion of potentially large values associated with leaf nodes that + are not directly relevant to the proof's target node. + + This change maintains backward compatibility. Existing proofs are unmarshaled + as version 0, while version 1 proofs adopt the new scheme. + +- go/oasis-net-runner: Add ability to set node log level and format + ([#5534](https://github.com/oasisprotocol/oasis-core/issues/5534)) + + Previously, every node started by the net runner had the default + log level of debug, while now it's possible to set it to other + levels. The log format can also be changed. + +- go/runtime/host: Add GetActiveVersion to Runtime interface + ([#5535](https://github.com/oasisprotocol/oasis-core/issues/5535)) + +- go/worker/keymanager: Authorize noise session connect calls + ([#5539](https://github.com/oasisprotocol/oasis-core/issues/5539)) + + A peer is granted permission to connect if it is authorized + to invoke at least one secure enclave RPC method. + +- go/worker/keymanager/p2p: Remove retries and sticky peers + ([#5546](https://github.com/oasisprotocol/oasis-core/issues/5546)) + + Since retry and peer selection is now handled in the runtimes having it + also done outside is detrimental to latency. The runtime knows better + when to actually retry and which peers to select. + +- go/common/keyformat: Ensure prefixes are unique per namespace + ([#5548](https://github.com/oasisprotocol/oasis-core/issues/5548)) + +- sgx: Support early updates for ECDSA TCB infos + ([#5578](https://github.com/oasisprotocol/oasis-core/issues/5578)) + +- go/upgrade: Adjust MaxTxSize and MaxBlockSize in consensus240 handler + ([#5588](https://github.com/oasisprotocol/oasis-core/issues/5588)) + + This is needed as DCAP quotes are larger and nodes running multiple + confidential runtimes may otherwise exceed the max transaction size. + +- go/runtime/client: Add the GetUnconfirmedTransactions method + ([#5589](https://github.com/oasisprotocol/oasis-core/issues/5589)) + + Similarly to GetUnconfirmedTransactions in the consensus API, this + new method returns the currently pending runtime transactions from + the runtime transaction pool. + +- go/worker/storage: Make fetch pool per-runtime + ([#5595](https://github.com/oasisprotocol/oasis-core/issues/5595)) + + This should speed up storage sync in case of nodes that have multiple + runtimes configured. + +- Add observer nodes automatically to the keymanager's access list + ([#5606](https://github.com/oasisprotocol/oasis-core/issues/5606)) + + Observer nodes for a given paratime had to be added manually. This + change brings observer nodes in line with compute nodes, which were + added automatically. + +- go/staking: Read token information from state when available + ([#5648](https://github.com/oasisprotocol/oasis-core/issues/5648)) + +- go/upgrade: Support upgrades without stopping the node + ([#5659](https://github.com/oasisprotocol/oasis-core/issues/5659)) + +### Bug Fixes + +- go/oasis-net-runner: Fix SkipPolicy flag in default fixture + ([#5394](https://github.com/oasisprotocol/oasis-core/issues/5394)) + +- go/worker/storage: Disable storage worker when no runtimes configured + ([#5394](https://github.com/oasisprotocol/oasis-core/issues/5394)) + +- go/worker/keymanager: Fix race condition when accessing runtime status + ([#5398](https://github.com/oasisprotocol/oasis-core/issues/5398)) + +- keymanager: Fix public key decoding for legacy key manager clients + ([#5398](https://github.com/oasisprotocol/oasis-core/issues/5398)) + +- go/worker/common: Refresh current epoch for suspended runtimes + ([#5400](https://github.com/oasisprotocol/oasis-core/issues/5400)) + +- go/worker/client: Fix nil dereference on early Query + ([#5403](https://github.com/oasisprotocol/oasis-core/issues/5403)) + +- go/worker/compute/executor: Use local time for batch scheduling + ([#5404](https://github.com/oasisprotocol/oasis-core/issues/5404)) + +- go/worker/compute/executor: Estimate pool rank from observed commitments + ([#5404](https://github.com/oasisprotocol/oasis-core/issues/5404)) + +- go/worker/compute/executor: Start processing once all txs are fetched + ([#5404](https://github.com/oasisprotocol/oasis-core/issues/5404)) + +- go/worker/compute/executor: Schedule only if higher ranks didn't propose + ([#5404](https://github.com/oasisprotocol/oasis-core/issues/5404)) + +- Fix stuck `control status` on runtime nodes before initialization + ([#5407](https://github.com/oasisprotocol/oasis-core/issues/5407)) + +- Fix showing empty peer IDs in the Consensus light client status output + ([#5408](https://github.com/oasisprotocol/oasis-core/issues/5408)) + +- config/migrate: Automatically configure external P2P addresses for validators + ([#5410](https://github.com/oasisprotocol/oasis-core/issues/5410)) + +- go/consensus: Do not crash on nil result from Commit + ([#5423](https://github.com/oasisprotocol/oasis-core/issues/5423)) + + The Commit function can return both a nil error and a nil result in case + the given block is not available yet. + +- go/worker/compute/executor: Clear channels when not in the committee + ([#5426](https://github.com/oasisprotocol/oasis-core/issues/5426)) + +- go/runtime/host/multi: Propagate special requests to next version + ([#5433](https://github.com/oasisprotocol/oasis-core/issues/5433)) + + Previously periodic consensus sync requests were not propagated to the + next (e.g. upcoming) runtime version. This could result in the runtime's + consensus view going stale which would make the attestations too old so + they would be rejected during scheduling. + + Additionally, key manager update requests should also be propagated to + ensure the runtime is ready immediately when activated, avoiding any + potential race conditions. + +- go/runtime/host/sandbox: Release lock before calling into runtime + ([#5438](https://github.com/oasisprotocol/oasis-core/issues/5438)) + + Similar to how this is handled in the multi runtime host, we need to + release the lock before calling into the runtime as otherwise this could + lead to a deadlock in certain situations. + +- go/worker/compute: Bound batch execution time + ([#5438](https://github.com/oasisprotocol/oasis-core/issues/5438)) + +- go/runtime/host/protocol/connection: Cancel call if connection is closed + ([#5442](https://github.com/oasisprotocol/oasis-core/issues/5442)) + +- go/worker/compute: Use correct context when aborting runtime + ([#5446](https://github.com/oasisprotocol/oasis-core/issues/5446)) + +- go/worker/compute: Also abort in case deadline exceeded + ([#5446](https://github.com/oasisprotocol/oasis-core/issues/5446)) + +- go/worker/compute/executor: Propose promptly upon detecting discrepancy + ([#5447](https://github.com/oasisprotocol/oasis-core/issues/5447)) + +- go/runtime: Fix zombie channel pipe leak on runtime restarts + ([#5447](https://github.com/oasisprotocol/oasis-core/issues/5447)) + + Pipes created by a call to channels.Unwrap spawned new goroutines + that were not terminated during runtime restarts. These zombie + pipes also intercepted one value from the newly created pipes, + causing them to block indefinitely. + +- go/runtime/host/multi: Release lock early to avoid blocking + ([#5448](https://github.com/oasisprotocol/oasis-core/issues/5448)) + +- runtime: Create controller in RpcClient constructor + ([#5450](https://github.com/oasisprotocol/oasis-core/issues/5450)) + + Previously if no RPC calls were initiated by the runtime, the client + controller task was never spawned which caused quote policy update + requests to pile up in the command queue, eventually blocking the entire + runtime from processing requests. + + Since the async runtime is now available early on during initialization, + we can spawn the controller in the RpcClient constructor, avoiding these + problems. + +- go/worker/compute: Abort runtimes only on timeouts + ([#5453](https://github.com/oasisprotocol/oasis-core/issues/5453)) + +- go/p2p: Increase incoming connection limit for seed nodes + ([#5456](https://github.com/oasisprotocol/oasis-core/issues/5456)) + +- go/p2p: Close connection to seed node after every request + ([#5456](https://github.com/oasisprotocol/oasis-core/issues/5456)) + + Bootstrap client, which is responsible for peer discovery and advertisement, + now terminates connection to the seed node after every request. This action + should free up recourses (e.g. inbound/outbound connections) on both sides + without affecting performance since discovered peers are cached (see retention + period) and advertisement is done infrequently (see TTL). + +- runtime: Improve error reporting if DeoxysII unsealing fails + ([#5458](https://github.com/oasisprotocol/oasis-core/issues/5458)) + + Previously, if the CPU changed between runs of the Oasis node, the error + reported was a cryptic "ciphertext is corrupted" (because the sealed SGX + secrets were invalidated). + Now we add a bit more context to make it easier for the end-user. + +- go/consensus/cometbft/light: Don't crash when signed header unavailable + ([#5462](https://github.com/oasisprotocol/oasis-core/issues/5462)) + +- go/consensus/cometbft/light: Try multiple sources when fetching blocks + ([#5466](https://github.com/oasisprotocol/oasis-core/issues/5466)) + +- go/p2p/peermgmt/backup: Prevent overwriting TTL when restoring peers + ([#5469](https://github.com/oasisprotocol/oasis-core/issues/5469)) + + If the peer address of a seed node was added to the libp2p address book + before peer manager restored backup peer addresses, its permanent TTL + was replaced with the TTL for recently connected peers. + +- governance: Fix pretty priting of `ChangeParametersProposal` + ([#5472](https://github.com/oasisprotocol/oasis-core/issues/5472)) + +- go/oasis-node: Remove obsolete db section during config migration + ([#5473](https://github.com/oasisprotocol/oasis-core/issues/5473)) + +- go/p2p/discovery: Close only idle connections to seed node + ([#5476](https://github.com/oasisprotocol/oasis-core/issues/5476)) + +- governance: fix delegator-validator vote match check + ([#5479](https://github.com/oasisprotocol/oasis-core/issues/5479)) + +- go/p2p/peermgmt: Find peers and connect only when needed + ([#5480](https://github.com/oasisprotocol/oasis-core/issues/5480)) + + If we are already connected to a sufficient number of peers + for a given topic or protocol, there's no need to retrieve + additional peers from the registry or the seed node. + +- go/consensus/cometbft/light: Only fetch from light store for now + ([#5481](https://github.com/oasisprotocol/oasis-core/issues/5481)) + + In practice the previously introduced fetch from light client caused + the light client to fall back to slow backwards verification due to + target blocks being in the past, below the pruning window. + +- rhp: don't prepend 'failed to read response' to runtime module errors + ([#5488](https://github.com/oasisprotocol/oasis-core/issues/5488)) + +- storage/checkpoints: Ignore i/o root in genesis checkpoint + ([#5492](https://github.com/oasisprotocol/oasis-core/issues/5492)) + +- go/genesis: Suppress misleading genesis sanity check logs + ([#5495](https://github.com/oasisprotocol/oasis-core/issues/5495)) + +- metrics: fix labels for disk read and write metrics + ([#5510](https://github.com/oasisprotocol/oasis-core/issues/5510)) + + Fixes `oasis_node_disk_written_bytes` and `oasis_node_disk_read_bytes` which + were mistakenly reversed. + +- go/runtime/transaction: Use node database directly when possible + ([#5520](https://github.com/oasisprotocol/oasis-core/issues/5520)) + + Previously accessing the transaction artifacts tree would always use the + slower read syncer interface meant for communicating with untrusted db + instances. This is now short-circuited in case a local db is available. + +- go/worker/keymanager: Fix race conditions when accessing status fields + ([#5529](https://github.com/oasisprotocol/oasis-core/issues/5529)) + +- Include the mode of the node in control status output + ([#5537](https://github.com/oasisprotocol/oasis-core/issues/5537)) + +- go/runtime/txpool: Remove rechecked transactions from seen cache + ([#5542](https://github.com/oasisprotocol/oasis-core/issues/5542)) + + In case a transaction is rejected because it fails a re-check pass, it + should also be removed from the seen cache as it may be resubmitted + later when it could become valid. + +- go/worker/client: Fix observer node registration + ([#5545](https://github.com/oasisprotocol/oasis-core/issues/5545)) + + Previously a node configured as an observer node would forget to + register for all of its configured runtimes, causing the registration + to fail. + +- governance/ChangeParametersProposal: Display only changed parameters + ([#5566](https://github.com/oasisprotocol/oasis-core/issues/5566)) + + Omit the unchanged parameter values when pretty-printing the + `ChangeParameterProposal`. + +- runtime: Verify freshness with RAK against latest state + ([#5567](https://github.com/oasisprotocol/oasis-core/issues/5567)) + +- go/runtime/host: Wait for readiness instead of failing immediately + ([#5577](https://github.com/oasisprotocol/oasis-core/issues/5577)) + +- go/consensus/cometbft/beacon: Fix GetEpochBlock implementation + ([#5605](https://github.com/oasisprotocol/oasis-core/issues/5605)) + +- go/archive: fix runtime queries on archive nodes + ([#5622](https://github.com/oasisprotocol/oasis-core/issues/5622)) + + Fixes storage worker initialization on archive nodes which was causing runtime + queries to fail. + +- runtime: Add missing support for per-role admission policy decoding + ([#5623](https://github.com/oasisprotocol/oasis-core/issues/5623)) + +- go/runtime/txpool: Don't abort runtime if node is not synced yet + ([#5630](https://github.com/oasisprotocol/oasis-core/issues/5630)) + + If the node hasn't finished syncing, `checkTxBatch` previously + caused the runtime to be aborted, even though it wasn't the + runtime's fault. + Now the checks are retried after the node is finished syncing. + +- go/worker/compute/executor/committee: Retry scheduling on failure + ([#5660](https://github.com/oasisprotocol/oasis-core/issues/5660)) + +- keymanager: Allow one epoch in the future during validation + ([#5686](https://github.com/oasisprotocol/oasis-core/issues/5686)) + + This avoids an issue where a key manager node that is slightly behind + would return an error during an epoch transition. + +### Documentation Improvements + +- License the documentation under CC BY 4.0 + ([#5509](https://github.com/oasisprotocol/oasis-core/issues/5509)) + +- docs: Fix broken link anchors + ([#5515](https://github.com/oasisprotocol/oasis-core/issues/5515)) + +- docs: Fix broken link to CometBFT metrics page + ([#5550](https://github.com/oasisprotocol/oasis-core/issues/5550)) + +### Internal Changes + +- go: Bump go to 1.22.2 + ([#5556](https://github.com/oasisprotocol/oasis-core/issues/5556), + [#5586](https://github.com/oasisprotocol/oasis-core/issues/5586), + [#5626](https://github.com/oasisprotocol/oasis-core/issues/5626)) + + Also updates go tooling: + + - golangci-lint to 1.56.1 + - gofumpt to 0.6.0 + - goimports to 0.18.0 + +- go: Bump github.com/quic-go/quic-go to v0.42.0 + ([#5625](https://github.com/oasisprotocol/oasis-core/issues/5625)) + +- go: Bump go-libp2p to v0.33.2 + ([#5625](https://github.com/oasisprotocol/oasis-core/issues/5625)) + +- go/common/sync: Add IsRunning function to sync.One + ([#5536](https://github.com/oasisprotocol/oasis-core/issues/5536)) + +- keymanager/src/runtime: Remove legacy version of init request + ([#5205](https://github.com/oasisprotocol/oasis-core/issues/5205)) + +- makefile: Exit with an error if go mod tidy fails + ([#5270](https://github.com/oasisprotocol/oasis-core/issues/5270)) + +- go: Bump golang.org/x/net to v0.17.0 + ([#5403](https://github.com/oasisprotocol/oasis-core/issues/5403)) + +- Install setuptools to make Towncrier fork work with Python 3.12 + ([#5421](https://github.com/oasisprotocol/oasis-core/issues/5421)) + +- go/common/sgx: implement `GetPCKCertificateChain` PCS API client + ([#5465](https://github.com/oasisprotocol/oasis-core/issues/5465)) + +- Bump Rust toolchain to 2024-03-04 + ([#5513](https://github.com/oasisprotocol/oasis-core/issues/5513), + [#5583](https://github.com/oasisprotocol/oasis-core/issues/5583)) + +- go: Bump go-libp2p to 0.32.2 + ([#5521](https://github.com/oasisprotocol/oasis-core/issues/5521)) + +- runtime: Increase number of processing threads in SGX + ([#5523](https://github.com/oasisprotocol/oasis-core/issues/5523)) + +- rust: bump shlex to v 1.3.0 + ([#5533](https://github.com/oasisprotocol/oasis-core/issues/5533)) + + [RUSTSEC-2024-0006]( + https://rustsec.org/advisories/RUSTSEC-2024-0006) + +- go/p2p/rpc: Remove support for sticky peers + ([#5546](https://github.com/oasisprotocol/oasis-core/issues/5546)) + +- runtime/enclave_rpc: Support caller to provide peer feedback + ([#5546](https://github.com/oasisprotocol/oasis-core/issues/5546)) + +- go/worker/compute: Simplify I/O root commit + ([#5553](https://github.com/oasisprotocol/oasis-core/issues/5553)) + + This also avoids an intermediate committed IO root which complicates the + required database layout. + +- keymanager/runtime: Use insecure RPC requests for ephemeral public keys + ([#5554](https://github.com/oasisprotocol/oasis-core/issues/5554)) + +- runtime/src/enclave_rpc: Simplify RPC context + ([#5555](https://github.com/oasisprotocol/oasis-core/issues/5555)) + + The RPC context now contains only essential data for secure RPC methods. + Identity, consensus verifier, and storage have been removed and are now + available to methods responsible for master and ephemeral secrets after + initialization. + +- docker: Bump cargo-tarpaulin to 0.27.3 + ([#5558](https://github.com/oasisprotocol/oasis-core/issues/5558)) + +- runtime/src/storage: Move untrusted in-memory key/value storage + ([#5561](https://github.com/oasisprotocol/oasis-core/issues/5561)) + + The untrusted in-memory key/value storage is now accessible to all tests. + +- runtime: Bump tendermint-rs to 0.35.0 + ([#5604](https://github.com/oasisprotocol/oasis-core/issues/5604)) + +- ci: Update SGX tests to run DCAP + ([#5610](https://github.com/oasisprotocol/oasis-core/issues/5610)) + +- go: Make sure packages compile on Windows + ([#5614](https://github.com/oasisprotocol/oasis-core/issues/5614)) + +- go: Bump CometBFT to 0.37.6-oasis1 + ([#5615](https://github.com/oasisprotocol/oasis-core/issues/5615), + [#5673](https://github.com/oasisprotocol/oasis-core/issues/5673)) + +- Build runtime binaries in release mode + ([#5641](https://github.com/oasisprotocol/oasis-core/issues/5641)) + + Running SGX tests with binaries built in debug mode can be extremely + slow, so build everything in release mode. This should also speed up + E2E tests. + +- Add support for mock SGX builds + ([#5642](https://github.com/oasisprotocol/oasis-core/issues/5642)) + + This makes it easier to test various features even when SGX hardware is + not available. + +- .github/dependabot: group rust dependency updates + ([#5654](https://github.com/oasisprotocol/oasis-core/issues/5654)) + ## 23.0 (2023-10-10) | Protocol | Version |