Skip to content

Mithril v2506.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 14 Feb 09:18
· 453 commits to main since this release
2506.0
This tag was signed with the committer’s verified signature.
dlachaume Damien Lachaume
GPG key ID: 306D861F917A3FBC
Verified
Learn about vigilant mode.
2627f17
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights:

  • ⚠️ Security:
    • This distribution embeds a fix for the Mithril certificate chain could be manipulated by an adversarial signer security advisory GHSA-724h-fpm5-4qvr
    • All users running a client library, client CLI or client WASM are strongly encouraged to update them to the latest version.
  • Stable support for Cardano node 10.1.4 in the signer and the aggregator
  • Dropped support for Thales era in the signer and the aggregator
  • Stable support for traffic compression in signer, aggregator and client
  • Bug fixes and performance improvements.

What's Changed

  • feat(ci): include explorer in packaged releases by @Alenar in #2167
  • Fix: recompute certificate chain hash by @jpraynaud in #2168
  • Refactor: rework snapshot_uploaders module to improve genericity by @dlachaume in #2165
  • Fix explorer packaging in releases by @Alenar in #2170
  • Docs: enhance recompute certificates hash runbook by @jpraynaud in #2171
  • Feat: retryable devnet bootstrap errors in e2e tests by @jpraynaud in #2179
  • Docs: rotate documentation for 2450 distribution by @jpraynaud in #2162
  • Docs: final CHANGELOG for '2450.0' distribution by @jpraynaud in #2182
  • Dev blog copy review main branch by @oduameh in #2169
  • Docs: add dev blog post for distribution 2450 by @jpraynaud in #2183
  • Build and publish an unstable explorer version by @Alenar in #2181
  • Feat: implement the Ancillary sub builder for Incremental Cardano DB by @dlachaume in #2180
  • Docs: add dev blog post for era switch to Pythagoras by @jpraynaud in #2184
  • ci: publish packaged explorer in latest release by @Alenar in #2185
  • ci: fix downloading of stable explorer when publishing to pages by @Alenar in #2186
  • Experimental: Cache in client certificate verification (lib and wasm) by @Alenar in #2166
  • Feat: implement CardanoDatabase artifact routes by @jpraynaud in #2187
  • feat: extend Snapshotter to archive only specific files and directories by @dlachaume in #2189
  • Fix: CardanoDatabase artifacts verification in e2e test by @jpraynaud in #2194
  • Feat: add workflows to Nightly Dispatcher by @jpraynaud in #2188
  • Chore: upgrade dependencies by @jpraynaud in #2195
  • Fix: CardanoDatabase artifact identifier collisions by @jpraynaud in #2198
  • Refactor: enhance inputs for nightly workflows by @jpraynaud in #2200
  • Feat: ancillary archive creation by @dlachaume in #2191
  • Fix: nightly dispatcher workflow by @jpraynaud in #2201
  • Chore: update SSH keys in infra by @jpraynaud in #2203
  • Threat model analysis and blog post review PR by @oduameh in #2202
  • Feat: immutable file digests route for CardanoDatabase artifacts aggregator by @jpraynaud in #2204
  • Fix: execute Wasm tests on node in CI by @dlachaume in #2205
  • Chore: clean TODOs in repository by @jpraynaud in #2206
  • Feat: Support Cardano node 10.1.4 by @jpraynaud in #2210
  • Docs: dev blog post for activation of the Cardano stake distribution certification by @jpraynaud in #2219
  • Chore: clean TODOs in repository (second round) by @jpraynaud in #2220
  • Align messages golden master tests by @Alenar in #2221
  • doc: add windows powershell commands in client cli documentation by @Alenar in #2228
  • Fix: missing DEBUG logs release builds by @jpraynaud in #2231
  • Feat: Create immutable builder for incremental Cardano DB by @sfauvel in #2223
  • Fix: Signer node properly handles /register-signatures responses when the message has expired by @dlachaume in #2232
  • Feat: GcpUploader implements synchronization for Cardano database artifacts by @jpraynaud in #2233
  • Fix: support trailing whitespace in protocol key files by @jpraynaud in #2236
  • Chore: upgrade release-preprod VM by @jpraynaud in #2224
  • Feat(tests): integration testing for CardanoDatabase certification by @jpraynaud in #2237
  • Incremental Cardano DB artifact production enhancements by @Alenar in #2239
  • aggregator: fix flakiness of tests that uses the snapshotter and simplify http server tests by @Alenar in #2243
  • Openapi examples check by @sfauvel in #2240
  • refactor(aggregator): better url sanitization process by using a value object by @Alenar in #2241
  • Feat: compress aggregator HTTP responses by @jpraynaud in #2226
  • split snapshotter by @Alenar in #2245
  • Feat: implement client for CardanoDatabase in client library (list and get) by @jpraynaud in #2255
  • Implement a retry mechanism for the FileUploader by @sfauvel in #2244
  • Permanent storage of immutables trio archives by @Alenar in #2256
  • Feat: implement CardanoDatabase in mithril-client WASM by @dlachaume in #2258
  • Use tls vendored from reqwest by @Alenar in #2260
  • Do not delete an already existing archive on error by @sfauvel in #2257
  • Refactor: improve variable and function names in fake aggregator by @dlachaume in #2261
  • chore(ci): upgrade workflows running on ubuntu 22.04 to 24.04 by @Alenar in #2259
  • CI: move notify-on-failure to a dedicated workflow by @dlachaume in #2262
  • Fix: add missing workflow_call trigger on Test Notify on Failure workflow by @dlachaume in #2267
  • docs: update Pythagoras era switch dev blog post by @jpraynaud in #2268
  • Monitoring for incremental cardano db by @sfauvel in #2265
  • Feat: Implement cardano-db-v2 command in client CLI (list and show) by @dlachaume in #2266
  • explorer: Add cardano db v2 support & rework tabs layout by @Alenar in #2270
  • Fix: use unstable Docker image ID in test-client workflow instead… by @dlachaume in #2272
  • Chore: add Mithril client CLI version in debug logs by @dlachaume in #2273
  • Remove mithril common circular dependencies and random feature by @sfauvel in #2269
  • Add warning for linux requirements upgrade by @Alenar in #2275
  • Add an era subcommand to create keypair by @sfauvel in #2274
  • Feat: certify protocol parameters and epoch in certificate chain by @jpraynaud in #2276
  • Restore release option for build in Makefile for aggregator … by @sfauvel in #2278
  • Chore: upgrade dependencies by @Alenar in #2279
  • Fix: prevent aggregator test conflicts by using unique temporary directories by @dlachaume in #2280
  • Docs: bump minor versions of crates for 2506.0 distribution by @jpraynaud in #2285
  • Feat: support compression in HTTP clients by @dlachaume in #2282
  • docs: update era switch dev blog post by @jpraynaud in #2290
  • Fix aggregator stress test by @dlachaume in #2287
  • Docs: update CHANGELOG for 2506.0 distribution release by @jpraynaud in #2284

New Contributors

Full Changelog: 2450.0...2506.0

Crates Versions

Crate Version
mithril-aggregator 0.7.1
mithril-client 0.11.1
mithril-client-cli 0.11.0
mithril-client-wasm 0.8.1
mithril-common 0.5.0
mithril-signer 0.2.228
mithril-stm 0.3.37

Networks Compatibility ⚠️

Network Compatible
release-mainnet
release-preprod
pre-release-preview
testing-preview
testing-sanchonet

Distributions Compatibility ⚠️

Compatibility mithril-signer mithril-client
2450.0 ✔️ ✔️
2445.0 ✔️
2442.0 ✔️

Linux Requirements

The Linux binaries target glibc: to run them or install the .deb packages you must have glibc version 2.31+ installed.
Compatible systems include, but are not limited to, Ubuntu 20.04+ or Debian 11+ (Bullseye)).

Warning

From March 2025 onwards, released Linux binaries will have their minimum required glibc version raised to 2.35.
Compatible systems include, but are not limited to, Ubuntu 22.04+ or Debian 12+ (Bookworm)).

If you are using a system with an older version of glibc, you will need to compile the binaries from source.

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link public-key.gpg and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./public-key.gpg

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 73FC 4C3D FD55 DBDC 428A D2B5 BE04 3B79 FDA4 C2EE
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Contributors

Alenar, sfauvel, and 3 other contributors
Assets 14
Loading