7.0.0-dev6

Added

• Support for Turin attestations (#7499)
• verify_attestation script to fetch endorsements from AMD and check the provided attestation against them (#7499)
• PreVote optimistaion enabled. This requires that a follower checks that it could be elected before becoming a candidate. This optimisation improves the availablilty of Raft when there are omission faults like partial network partitions. (#7462)
• ProposeRequestVote on SIGTERM. When a primary, with ignore_first_sigterm receives the first SIGTERM, it nominates a successor, allowing the successor to skip waiting for the election timeout and call an election right away. (#7514)

Changed

• Start nodes now confirm that read-only ledger directories are empty on startup (#7355).
• In the C++ API, the method get_txid() on ccf::kv::ReadOnlyStore has been renamed to current_txid(). This may affect historical query code which works directly with the returned StorePtr (#7477).
• The C++ API for installing endpoints with local commit handlers has changed. These handlers should now be added to an Endpoint with .set_locally_committed_function(handler), and the make_[read_only_]endpoint_with_local_commit_handler methods on EndpointRegistry have been removed (#7487).
• The format of CCF's stdout logging has changed. Each line previously tried to align host logs with enclave logs containing a timestamp offset. Since enclave logs no longer exist, this timestamp is never present, so the padding whitespace has been removed (#7491).
• Introduced ccf::historical::verify_self_issued_receipt to verify COSE CCF receipts against current service identity (#7494).

6.0.17

Added

• Support for PreVote optimisation. Nodes understand and are able to respond to PreVote messages, but will not become pre-vote candidates themselves. (#7419, #7445)

Fixed

• CheckQuorum now requires a quorum in every configuration (#7375).
• read_ledger.py validates the offsets table in committed ledger files, reporting an error if this is truncated (#7501).
• Allow carriage returns in PEM certificatees (#7507).
• Fixed a bug in calculation of historical query cache size, which could have resulted in evicted unnecessarily (#7511).

Changed

• When the fetch_recent_snapshot behaviour is enabled by the node config, the Joiner will now prefer the peer's snapshot over any local snapshot, regardless of version (#7314).
• The snapshot-serving endpoints required for fetch_recent_snapshot behaviour are now disabled-by-default to avoid public DoS requests. They should be enabled on a per-interface basis by adding "enabled_operator_features": ["SnapshotRead"] to the interface's configuration, on an interface with local visibility used for node-to-node join requests (#7440).

7.0.0-dev5

Added

• Support for PreVote optimisation. Nodes understand and are able to respond to PreVote messages, but will not become pre-vote candidates themselves. (#7419, #7445)

Changed

• When the fetch_recent_snapshot behaviour is enabled by the node config, the Joiner will now prefer the peer's snapshot over any local snapshot, regardless of version (#7314).
• Crypto interface for RSA and EC keys (#7425)
• ccf::crypto::PublicKey becomes ccf::crypto::ECPublicKey
• ccf::crypto::KeyPair becomes ccf::crypto::ECKeyPair
• Error-prone inheritance between RSA and EC key classes has been removed.
• RSA keys now don't re-use CSR functionality from EC key interface.

Removed

• Removed the unused experimental ccf.host.triggerSubprocess() JS API
• Removed ACME client and support for ACME-endorsed interfaces (#7414).
• Removed fallback JWT authentication (#7442)
• It is recommended to clean up the old tables for services started before 6.x - check out cleanup_legacy_jwt_records proposal in the default sample constitution.

Fixed

• CheckQuorum now requires a quorum in every configuration (#7375)

Changed

• The snapshot-serving endpoints required for fetch_recent_snapshot behaviour are now disabled-by-default to avoid public DoS requests. They should be enabled on a per-interface basis by adding "enabled_operator_features": ["SnapshotRead"] to the interface's configuration, on an interface with local visibility used for node-to-node join requests.

6.0.16

Fixed

• Stop passing nullptr to curl_multi_socket_action (#7371)

Changed

• When GET /node/snapshot/{snapshot_name} requests a Range that extends beyond the snapshot's end, the node will now respond with the available sub-range rather than a Bad Request error.

6.0.15

Added

• Improved logging of snapshot digests (#7300)
• Node will now retry when fetching snapshots. This is controlled with command.join.fetch_snapshot_max_attempts and command.join.fetch_snapshot_retry_interval. (#7317)
• Remove pyopenssl (#7297)
• Fix missing -devel package dependencies (#7345)

Changed

• The submit_recovery_share.sh script will no longer try to create a virtual environment and install the CCF Python package on every call. Instead it will return an error if the package is not installed (specifically if the ccf_cose_sign1 tool it relies on cannot be found) (#7306)
• Snapshot fetching attempts to re-use the TLS sessions whenever possible (#7321)

7.0.0-dev4

Added

• Added verify_uvm_attestation_and_endorsements binary. This tests that the authentication of the startup files during start and join would succeed. Usage on C-ACI: verify_uvm_attestation_and_endorsements /security-context-xxxx/host-amd-cert-base64 /security-context-xxxx/reference-info-base64 /security-context-xxxx/security-policy-base64

6.0.14

Added

• Improved handling of socket errors in curlm callbacks (#7308)
• Accept UVM endorsements with SVNs encoded as integers, and use integer comparison for UVM (#7316)

7.0.0-dev3

Added

• Added ccf.gov.validateConstitution function to JS API, which can be used to confirm some basic properties of a proposed constitution (it is a string, parseable by our JS interpreter, exporting functions named validate, resolve and apply with the correct number of arguments). This is called in the default sample constitution's set_constitution.validate.
• Added logging of the initial node attestation value ("Initial node attestation...") (#7256).
• Improved handling of socket errors in curlm callbacks (#7308)
• Accept UVM endorsements with SVNs encoded as integers (#7316)

Fixed

• Correctly validate the full AMD ASK endorsement chain (#7233)
• Validate endorsement metadata (tcb version and chip id) against attestation (#7240)

Changed

• The submit_recovery_share.sh script will no longer try to create a virtual environment and install the CCF Python package on every call. Instead it will return an error if the package is not installed (specifically if the ccf_cose_sign1 tool it relies on cannot be found) (#7306)

Removed

• Removed ccf::crypt::openssl_sha256_init() and ccf::crypt::openssl_sha256_shutdown() interface, as it's now implicitly called by the crypto implementation (#7251).
• Removed support for v2 attestations as the corresponding firmware is know to be insecure (#7282)

6.0.13

Added

• Better logging of invalid snapshots (#7302)
• Improved handling of socket errors in curlm callbacks (#7308)

5.0.23

Added

• Better logging of invalid snapshots (#7302)
• Logging of snapshot digests