The Wallet team merged 6 PRs this month:
Supersedes #2084
Built on top of #2118
Diff vs #2084: https://github.com/oasisprotocol/wallet/compare/ca34c34d91e928ad545445648bd8152bc459c5b9..76eb7677053b22541c332b21f38237882d2cbaeb
CHANGELOG:
Migrate extension wallet to Manifest V3 architecture
New limitations: extension users must create a profile while importing a wallet. And only one popup/tab can be opened at the same time.
Part of #2114
CHANGELOG:
Harden code against wrong imported account type
Fixes #2113
CHANGELOG:
Fix paratime transaction status in the first few seconds
CHANGELOG:
Remove comments about background page (removed after mv3)
Matevž noticed missing validators
CHANGELOG:
Display all validators, not just first 100
CI on all pullrequests was failing because transak introduced at least 3 new errors
CHANGELOG:
Temporarily ignore transak console errors in E2E tests
To install beta version as a separate extension:
To copy saved wallets from old extension:
if (location.href !== 'chrome-extension://ppdadbejkmjnefldpcdjhnkpbjkikoip/manifest.json') throw 'Is this the new extension instead of old one?';
copy(`
if (location.href !== 'chrome-extension://jeooipjboldjebnajiegnfpklodgimmf/manifest.json') throw 'Is this old extension instead of new one?';
const chromeStorageLocal = ${JSON.stringify(localStorage['oasis_wallet_persist_v1'])};
localStorage['oasis_wallet_persist_v1'] = chromeStorageLocal;
window.close();
`)
console.log('Go to chrome-extension://jeooipjboldjebnajiegnfpklodgimmf/manifest.json and open the console and paste');The Cli team merged 12 PRs this month:
Full Changelog: v0.10.4...v0.11.0
Full Changelog: v0.11.0...v0.11.1
Full Changelog: v0.11.1...v0.11.2
Full Changelog: v0.11.2...v0.11.3
The number of daily transactions on Sapphire Mainnet fluctuated between 14,623 and 133,399. The monthly average in February was 36,283 transactions per day and was 2% higher compared to the last month (35,510 transactions). The daily maximum was 133,399 transactions on 7 February (compared to 93,609 the last month on 17 January).
| date | all |
|---|---|
| 2025-02-01 | 20,529 |
| 2025-02-02 | 19,603 |
| 2025-02-03 | 17,937 |
| 2025-02-04 | 17,558 |
| 2025-02-05 | 20,559 |
| 2025-02-06 | 62,353 |
| 2025-02-07 | 133,399 |
| 2025-02-08 | 37,163 |
| 2025-02-09 | 20,108 |
| 2025-02-10 | 17,260 |
| 2025-02-11 | 18,674 |
| 2025-02-12 | 14,623 |
| 2025-02-13 | 83,975 |
| 2025-02-14 | 53,965 |
| 2025-02-15 | 57,135 |
| 2025-02-16 | 21,255 |
| 2025-02-17 | 20,121 |
| 2025-02-18 | 21,044 |
| 2025-02-19 | 15,082 |
| 2025-02-20 | 16,947 |
| 2025-02-21 | 98,745 |
| 2025-02-22 | 22,314 |
| 2025-02-23 | 21,323 |
| 2025-02-24 | 22,384 |
| 2025-02-25 | 18,068 |
| 2025-02-26 | 18,429 |
| 2025-02-27 | 92,242 |
| 2025-02-28 | 33,127 |
| 2025-03-01 | 663 |
The number of daily transactions on Emerald Mainnet fluctuated between 3,348 and 5,763. The monthly average in February was 3,872 transactions per day and was 13% higher compared to the last month (3,413 transactions). The daily maximum was 5,763 transactions on 3 February (compared to 5,567 the last month on 29 January).
| date | all |
|---|---|
| 2025-02-01 | 3,348 |
| 2025-02-02 | 4,141 |
| 2025-02-03 | 5,763 |
| 2025-02-04 | 4,626 |
| 2025-02-05 | 3,725 |
| 2025-02-06 | 3,564 |
| 2025-02-07 | 3,968 |
| 2025-02-08 | 3,696 |
| 2025-02-09 | 3,787 |
| 2025-02-10 | 3,849 |
| 2025-02-11 | 3,724 |
| 2025-02-12 | 4,063 |
| 2025-02-13 | 3,620 |
| 2025-02-14 | 3,814 |
| 2025-02-15 | 3,531 |
| 2025-02-16 | 3,638 |
| 2025-02-17 | 3,922 |
| 2025-02-18 | 3,700 |
| 2025-02-19 | 3,601 |
| 2025-02-20 | 3,972 |
| 2025-02-21 | 3,977 |
| 2025-02-22 | 3,518 |
| 2025-02-23 | 3,372 |
| 2025-02-24 | 3,601 |
| 2025-02-25 | 4,407 |
| 2025-02-26 | 3,940 |
| 2025-02-27 | 3,563 |
| 2025-02-28 | 3,995 |
| 2025-03-01 | 140 |
{{NODE_STATS mainnet}}
No major outages were reported for Oasis foundation-provided services in February. A few-minutes downtimes were encountered by the ... You can check out the details on the Mainnet status page.
The number of daily transactions on Sapphire Testnet fluctuated between 8,308 and 14,129. The monthly average in February was 10,502 transactions per day and was 27% higher compared to the last month (8,241 transactions). The daily maximum was 14,129 transactions on 17 February (compared to 9,157 the last month on 22 January).
| date | all |
|---|---|
| 2025-02-01 | 8,308 |
| 2025-02-02 | 8,801 |
| 2025-02-03 | 9,003 |
| 2025-02-04 | 8,883 |
| 2025-02-05 | 8,898 |
| 2025-02-06 | 9,109 |
| 2025-02-07 | 9,198 |
| 2025-02-08 | 8,887 |
| 2025-02-09 | 9,111 |
| 2025-02-10 | 9,812 |
| 2025-02-11 | 10,084 |
| 2025-02-12 | 9,643 |
| 2025-02-13 | 10,405 |
| 2025-02-14 | 13,844 |
| 2025-02-15 | 12,885 |
| 2025-02-16 | 12,907 |
| 2025-02-17 | 14,129 |
| 2025-02-18 | 12,486 |
| 2025-02-19 | 11,622 |
| 2025-02-20 | 11,764 |
| 2025-02-21 | 11,591 |
| 2025-02-22 | 10,896 |
| 2025-02-23 | 10,550 |
| 2025-02-24 | 10,975 |
| 2025-02-25 | 10,575 |
| 2025-02-26 | 9,443 |
| 2025-02-27 | 10,212 |
| 2025-02-28 | 10,025 |
| 2025-03-01 | 422 |
The number of daily transactions on Emerald Testnet fluctuated between 3,173 and 3,843. The monthly average in February was 3,548 transactions per day and was 12% higher compared to the last month (3,173 transactions). The daily maximum was 3,843 transactions on 15 February (compared to 3,511 the last month on 10 January).
| date | all |
|---|---|
| 2025-02-01 | 3,173 |
| 2025-02-02 | 3,480 |
| 2025-02-03 | 3,548 |
| 2025-02-04 | 3,393 |
| 2025-02-05 | 3,357 |
| 2025-02-06 | 3,326 |
| 2025-02-07 | 3,395 |
| 2025-02-08 | 3,654 |
| 2025-02-09 | 3,333 |
| 2025-02-10 | 3,340 |
| 2025-02-11 | 3,333 |
| 2025-02-12 | 3,339 |
| 2025-02-13 | 3,361 |
| 2025-02-14 | 3,804 |
| 2025-02-15 | 3,843 |
| 2025-02-16 | 3,820 |
| 2025-02-17 | 3,779 |
| 2025-02-18 | 3,529 |
| 2025-02-19 | 3,774 |
| 2025-02-20 | 3,563 |
| 2025-02-21 | 3,716 |
| 2025-02-22 | 3,643 |
| 2025-02-23 | 3,573 |
| 2025-02-24 | 3,607 |
| 2025-02-25 | 3,664 |
| 2025-02-26 | 3,694 |
| 2025-02-27 | 3,597 |
| 2025-02-28 | 3,705 |
| 2025-03-01 | 160 |
{{NODE_STATS testnet}}
No major outages were reported for Oasis foundation-provided services in February. A few-minutes downtimes were encountered by the ... You can check out the details on the Testnet status page.
The Nexus team merged 12 PRs this month:
Souricfy API requests have been timing out a lot in production. Also manually running the requests it appears that the API is quite unresponsive at times.
Sourcify V2 API seems to be much more responsive compared to the v1:
CHANGELOG:
evmverifier: Update Sourcify client to V2 API
Fixes: #896
Note: The migrations will likely take multiple hours Before this is released and deployed, it would be good to have "Nexus Blue " ready so that we can switch Nexus backend explorer uses during the update.
This splits runtime_events.related_accounts into a separate table, because otherwise we are unable to support efficient queries for event related accounts ordered by round. Some more context in #804
Additionally, we need to introduce an event index (solves #786) because otherwise the new table cannot reference the existing runtime_events table, which currently has no primary key, so rows cannot be referenced uniquely.
Fixes: #878
CHANGELOG:
Add endpoints for total and circulating supplies of consensus token
Added `/consensus/total_supply_raw` and `/consensus/circulating_supply_raw` API endpoints which return the total and circulating supply in plain text format.
Fixes: #900
CHANGELOG:
runtime/evm_tokens: Support (partially) curated ordering
Fixes: #912
CHANGELOG:
api: harden file server security
- Metrics Middleware: Now validates metric names for valid UTF-8 to prevent Prometheus panics.
- Safe File Serving: Introduced a safeFileSystem wrapper that only serves regular files, rejecting symlinks and directories, and added some additional path validation.
- Added tests covering various edge cases, including invalid UTF-8, null byte injection, and attempts to access restricted paths.
Added in: oasisprotocol/oasis-sdk#2159
CHANGELOG:
rutnime/rofl: Handle Instance Registered event
Fixes: #908
CHANGELOG:
api/runtime/evm_tokens: Support token-type filters
Fixes: #877
CHANGELOG:
api: Support filtering transaction by multiple method types
Fixes: #905
CHANGELOG:
consensus/validator_history: Optimize validator history query
For a list of changes in this release, see the Change Log.
NOTE: If you are upgrading from an earlier release, please carefully review
the Change Log for Removals and Breaking changes.
For a list of changes in this release, see the Change Log.
NOTE: If you are upgrading from an earlier release, please carefully review
the Change Log for Removals and Breaking changes.
The Explorer team merged 18 PRs this month:
CHANGELOG:
Display token name in TXs to/from smart contracts
I went through #1740 views and it seems like containers ids exports were messing with HMR.
CHANGELOG:
Fix HMR in React components
Created by https://github.com/oasisprotocol/explorer/blob/master/.github/workflows/generate-openapi.yml
If CI actions and checks don't run in this PR: close it and reopen.
https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
CHANGELOG:
Update API bindings
CHANGELOG:
Emphasize end user focused articles in Learning materials
Fixes #1702
CHANGELOG:
Remove duplicate titles inside labeled tabs
Created by https://github.com/oasisprotocol/explorer/blob/master/.github/workflows/generate-openapi.yml
If CI actions and checks don't run in this PR: close it and reopen.
https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
CHANGELOG:
Update API bindings
Part of #1702
cc @donouwens check if this changes the size of the correct headers
CHANGELOG:
Update some card header sizes
Fix regression introduced in #1773
All known Nexus instances have been updated to run the new version of the API, so this compatibility wrapper is no longer necessary.
CHANGELOG:
Remove old Nexus API transition workaround
Design at #1588 (comment)
| Before | After |
|---|---|
CHANGELOG:
Remove bold style from table headers in account staked/debonding card
From Slack thread
go to dashboard and trigger search with any addr in Consensus
master
https://explorer.dev.oasis.io/mainnet/consensus
vs
https://pr-1727.oasis-explorer.pages.dev/mainnet/consensus
sample search input -> oasis1qq3xrq0urs8qcffhvmhfhz4p0mu7ewc8rscnlwxe
note: custom server state was stored under the same key as default query and it could be overwritten at any time
CHANGELOG:
Use custom query key for validators map
- Avoid throwing t.normalize is not a function error
Fixes #1701
CHANGELOG:
Add copy button for block number in transaction details
useGetConsensusValidatorsAddressNameMap returns a map of address and name.
'address': 'name'
'address': undefined // missing validator metadata, but still we need to render validator link
if name if undefined we render AccountLink instead of ValidatorLink.
CHANGELOG:
Rely on validator address presence not name in ConsensusAccountLink
Add support for filtering transactions by method type (#1679)
Add support for displaying multiple signers of runtime transactions (#1705)
Set API limit when fetching data for named validators (#1673)
Fix regression on global search 404 page (#1678)
Add optional floating copy to clipboard button to JSON code preview (#1683)
Fix case sensitivity in Pontus-X account name resolution (#1685)
Correctly display encryption data for oasis-style encrypted transactions (#1695)
Update some broken links (#1704)
Fix display of consensus transaction fee (#1716)
Use custom query key for validators map (#1727)
The Oasis Sdk team merged 7 PRs this month:
Fixes #2141
Closes #2149
Fixes #2146
Fixes #2143
The watchdog task ensures that the app is successfully re-registering and terminates it if this is not the case.
The Sapphire Paratime team merged 21 PRs this month:
Relates to #524 but only adds the examples/hardhat.
fixes #389
This provides the decryption keys to snap.
Warning
If an RPC server pretends to implement the MetaMask snap protocol it could trick users into revealing the transaction encryption key.
For this reason, we have to explicitly enable Snap support in the dApp, by passing the enableSapphireSnap option.
Usage:
wrapEthereumProvider(window.ethereum, {enableSapphireSnap:true})wrapEthersProvider(ethProvider, { enableSapphireSnap: true })This must only be done if the dApp is sure that the provider it's connecting to is MetaMask.
Next PRs handled by Sapphire team:
wallet_invokeSnapClose #328 by using https://github.com/oasisprotocol/demo-starter-go as a submodule for end-to-end testing. The drawback is that approach is less consistent with current behavior inside examples/ but introduces less code.
wrapEthereumProvider has params which are not accessible for Wagmi and Viem integrations. To allow Snap connections we need to pass wrap config.
This PR adds (issue):
TODO: We have to add the SOLDEER_ACCESS_TOKEN to github secrets.
Followup to #338
SiweAuth and A13e errors weren't prefixed, but should be too.
This should have been removed a year ago actually when Sapphire 0.6.x branch wasn't running on Mainnet anymore.
Release JS client.
clients/js/v2.1.0 similar to clients/js/v2.0.1Close #242 by documenting crux of release process.
Close #505.
Note. We are including this set of changes: #449, #411, #431 due to the non-branching publish process. Alternatively, we would cut at this point, and separately but also slightly more confusingly bump package.json that way.
integrations/hardhat/v2.22.2Setuptools was updated in actions/setup-python@v5, which means dot (.) and dash (-) symbols in lib name are automatically changed to underscore ( _ ). This PR fixes it in the ci-test py workflow.
Fixes broken link in Sapphire README to Develop on Sapphire README
A small fix for linking the sapphire-paratime npm package properly.
update flow digrams to Oasis color schema
needed for: oasisprotocol/docs#1138
The Oasis Web3 Gateway team merged 11 PRs this month:
1 new releases of oasis-web3-gateway were made this month:Full Changelog: v5.2.0-rc1...v5.2.0-rc2
The Docs team merged 14 PRs this month:
These seem to be left out in #1058.
Depends on:
needed for oasisprotocol/sapphire-paratime#503
The Playground team merged 2 PRs this month:
From FE Sync
Fixes #96
Looks like we get selected project here https://github.com/oasisprotocol/playground/blob/main/src/components/ProjectList.tsx#L27, but in a next render cycle when useEffect triggers, hash is removed here https://github.com/oasisprotocol/playground/blob/main/src/components/ProjectList.tsx#L69
@kaja-osojnik can you test the fix please? I am not familiar with playground.
The Demo Starter team merged 5 PRs this month:
This PR:
Merge after oasisprotocol/sapphire-paratime#332 and oasisprotocol/sapphire-paratime#303
TODO: Wait for sapphire-contracts to be deployed on npmjs (oasisprotocol/sapphire-paratime#490). Then update the lock file.
The Demo Starter Go team merged 1 PRs this month:
We need to fix the EVM version to Paris because Sapphire does not support push0 yet.
The Demo Starter Py team merged 1 PRs this month:
In total, 1 pull requests were merged in February.The Demo Rofl Chatbot team merged 2 PRs this month:
In total, 2 pull requests were merged in February.The Dapp Blockvote team merged 1 PRs this month:
In total, 1 pull requests were merged in February.The Dapp Votee team merged 1 PRs this month:
In total, 1 pull requests were merged in February.The Oasis Core team merged 26 PRs this month:
Fixes: #5978
Manual backport of: #4571
It doesn't ensure runtime archive works as well, since we do not need runtime archive support for that network.
Testing:
Closes #6069
During history reindex, we now batch 1000 writes at the same time.
As from the benchmarks, this already gives 2-3x performance gain for the single threaded program.
Given its simplicity and the fact, that it will be required by all possible solutions, this is a natural start.
Refactored committee node:
RuntimeHostHandlerFactory as it is more cleaner to pass parameters to the constructor instead of passing a factory.Related to:
CHANGELOG:
go/runtime/bundle/manager: Cleanup key manager bundles on startup
Replaying the latest block with a hook was not ideal because if the broker still had blocks in the queue while adding a new subscription, it could result in an unexpected block order and potentially cause the last block to be replayed twice.
Solution with monotonically increasing order solved this problem, but there is a simpler one where we use broker's option to publish the last block on subscription.
Closes #6019.
CHANGELOG:
go/worker/client: Fix observer role registration
Fixes: #6039
CHANGELOG:
go/consensus/cometbft: Fail ImmutableState creation if version is missing
Previously, when an `ImmutableState` was requested for a block version that didn't exist, the function would silently default to the latest available block. This could lead to inconsistencies since clients might receive state for a different block than expected. With this change, calls to create an `ImmutableState` for a missing version now explicitly fail with a "version not found" error, ensuring that such cases are handled properly.
Fixes:
Fixes #6076
CHANGELOG:
go/runtime/host/tdx: Resize overlay image if needed
Fixes #6036
CHANGELOG:
go/runtime/host/sgx: Retry re-attestation faster on failure
Backport of #6032
Ensures validator nodes without configured runtimes and with the default runtime provisioner set to sandbox do not fail to start if bubblewrap is not installed.
CHANGELOG:
go/runtime/host/sandbox: Verify sandbox binary when needed
Ensures validator nodes without configured runtimes and with the default runtime provisioner set to sandbox do not fail to start if bubblewrap is not installed.
CHANGELOG:
Bump CometBFT to 0.37.15-oasis1
When upgrading from earlier versions the exploded bundle directory may contain non-bundle subdirectories which should not cause the loader to fail.
The latest round and the invalid round now have unique values, allowing us to distinguish between the two.
Fixing Box::<NoopDispatcher>::default().is_supported() which returned true for ROFL apps.
CHANGELOG:
runtime/src/transaction: Fix is_supported call to wrapped dispatcher
CHANGELOG:
go/runtime/host/multi: Fix host removal when stopping a version
Fixes #6065
CHANGELOG:
go/runtime/host: Ensure processes get cleaned up on node termination
pkg:golang/golang.org/x/crypto@v0.32.0
1 known vulnerabilities affecting installed version
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ [CVE-2025-22869] CWE-770: Allocation of Resources Without Limits or Throttling ┃
┣━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Description ┃ SSH servers which implement file transfer protocols are vulnerable to a ┃
┃ ┃ denial of service attack from clients which complete the key exchange ┃
┃ ┃ slowly, or not at all, causing pending content to be read into memory, but ┃
┃ ┃ never transmitted. ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ OSS Index ID ┃ CVE-2025-22869 ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Score ┃ 6.9/10 (Medium) ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Vector ┃ CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Link for more info ┃ https://ossindex.sonatype.org/vulnerability/CVE-2025-22869?component-type=golang&component-name=golang.org%2Fx%2Fcrypto&utm_source=nancy-client&utm_medium=integration&utm_content=1.0.33 ┃
┗━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
CHANGELOG:
go: Bump golang.org/x/crypto to v0.35.0
For a list of changes in this release, see the Change Log.
NOTE: If you are upgrading from an earlier release, please carefully review
the Change Log for Removals and Breaking changes.
For a list of changes in this release, see the Change Log.
NOTE: If you are upgrading from an earlier release, please carefully review
the Change Log for Removals and Breaking changes.
The Oasis Boot team merged 2 PRs this month:
2 new releases of oasis-boot were made this month:The following artifacts are included in this release:
ovmf.tdx.fd contains the virtual firmware that performs early boot of a TD.stage1.bin contains the TDX-enabled Stage 1 Linux kernel and initramfs that boot into the first Stage 2 volume which should be a dm-verity device containing a specific layout and a squashfs filesystem with configuration parameters passed via cmdline.stage2-basic.tar.bz2 contains a basic Stage 2 rootfs template that can be used to run a simple Oasis runtime.stage2-podman.tar.bz2 contains a Stage 2 rootfs template that can be used to run Podman containers.All published images are built deterministically, so building locally you should obtain binaries with the following SHA256 hashes:
db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f ovmf.tdx.fd
06e12cba9b2423b4dd5916f4d84bf9c043f30041ab03aa74006f46ef9c129d22 stage1.bin
72c84d2566959799fdd98fae08c143a8572a5a09ee426be376f9a8bbd1675f2b stage2-basic.tar.bz2
827531546f3db6b0945ece7ddab4e10d648eaa3ba1c146b7889d7cb9cbf0b507 stage2-podman.tar.bz2
Full Changelog: v0.3.3...v0.4.0
The following artifacts are included in this release:
ovmf.tdx.fd contains the virtual firmware that performs early boot of a TD.stage1.bin contains the TDX-enabled Stage 1 Linux kernel and initramfs that boot into the first Stage 2 volume which should be a dm-verity device containing a specific layout and a squashfs filesystem with configuration parameters passed via cmdline.stage2-basic.tar.bz2 contains a basic Stage 2 rootfs template that can be used to run a simple Oasis runtime.stage2-podman.tar.bz2 contains a Stage 2 rootfs template that can be used to run Podman containers.All published images are built deterministically, so building locally you should obtain binaries with the following SHA256 hashes:
db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f ovmf.tdx.fd
06e12cba9b2423b4dd5916f4d84bf9c043f30041ab03aa74006f46ef9c129d22 stage1.bin
72c84d2566959799fdd98fae08c143a8572a5a09ee426be376f9a8bbd1675f2b stage2-basic.tar.bz2
6f2487aa064460384309a58c858ffea9316e739331b5c36789bb2f61117869d6 stage2-podman.tar.bz2
Full Changelog: v0.4.0...v0.4.1