Releases: AlanRuno/mxd
Releases · AlanRuno/mxd
MXD v0.2.8
Added
letsgo-wsl.bat— one-click Windows launcher that auto-installs
WSL2 + Ubuntu-22.04 if missing (first run requires admin + reboot),
then clones the repo inside WSL and runs./letsgo testnet|mainnet.
On a machine that already has WSL2, total bring-up is ~30 seconds —
same as the native Linux path.- README "Running on Windows" section — documents the WSL2 and
MSYS2 paths side-by-side with a clear recommendation (WSL2 for
almost everyone, MSYS2 only if WSL is unavailable).
Fixed (CI)
-
integration-testjob finally green. Three compounding bugs
found and fixed via the v0.2.5 → v0.2.7 release smoke arc:- The job rebuilt the full Dockerfile from scratch on every run
(~5+ min) becausedocker-build'smxdlib:latestimage lived on
a different runner. Nowdocker-buildsaves the image as a
workflow artifact andintegration-testdownloads +docker loads
it (~30 s instead of ~5 min). - The container CMD didn't pass
--http-api 8080, so
http.require_auth=1+ emptyapi_tokencaused the HTTP API to
refuse to start. The compose now overrides the CMD to enable HTTP
API explicitly (same as whatletsgodoes on testnet). - Host curl to
localhost:8080/statusfailed with CURLE_RECV_ERROR
(exit 56) due to an IPv6/IPv4 bridge quirk on GitHub Actions
runners. The verify step now usesdocker execto query
/statusfrom inside each container — same path as the
healthcheck, no bridge involved.
- The job rebuilt the full Dockerfile from scratch on every run
-
New
docker-compose.ci.yml(mxdlib-private, not shipped via the
public manifest). Minimal 2-node compose usingimage: mxdlib:latest
with nobuild:directive, no monitoring stack, tight healthchecks
asserting/statusreturns JSON with a"height"field. Operator-
facingdocker-compose.test.ymlremains in the public repo for
local "spin up the full stack with monitoring" use cases.
Notes
- No functional changes to libmxd, chain consensus, or wire format.
Same binary as v0.2.7. - The Windows launcher works against this release tag and any
future tag —letsgo-wsl.batitself doesn't hard-code a version;
it delegates to the Linuxletsgoscript which resolves the
latest release dynamically.
MXD v0.2.7
The end-to-end smoke of v0.2.5 on a fresh Ubuntu 24.04 VM crashed on
the first block store with:
./db/c.cc:532: bool SaveError(char**, const rocksdb::Status&):
Assertion `errptr != nullptr' failed.
v0.2.6 fixed the symptom at the distribution layer (pin build to
22.04 + bundle librocksdb 6.11). v0.2.7 fixes the underlying chain-
code bug so letsgo --from-source paths on any rocksdb 7.x/8.x
distro also work cleanly.
Fixed
src/mxd_blockchain_db.c— 7 sites converted from
rocksdb_put/get(..., NULL)to the standard
char *err = NULL; rocksdb_put(..., &err); if (err) { log; free; }
pattern. All are best-effort housekeeping ops around the
current_heightandlatest_stored_heightkeys:store_block_unconditional—latest_stored_heightputstore_block_unconditional— gap-fill probe (get)store_block_unconditional— gap-fillcurrent_heightputreorg_to_candidate— post-rollbackcurrent_heightputmxd_block_exists_at_height— existence probe (get)mxd_advance_height_pointer— probe (get)mxd_advance_height_pointer—current_heightput
Behavior on success path is unchanged. Behavior on failure path
goes from "silent error swallow" (rocksdb 6.x) or "process abort"
(rocksdb 8.x) to "log WARN + continue".
Verified
- CI green on both gcc + clang (37/37 tests, sanitizers clean).
- Coordinated deploy on 6-node testnet, 8-minute soak: NRestarts=0,
consensus tick normal, zero rocksdb assertion lines in journals.
Notes
- Mainnet validators still run the v0.2.0 binary (no symptom there
— rocksdb 6.11 tolerates the NULL). Mainnet rollout of this fix
will happen at the next coordinated v0.3.x release with a
staggered/canary deploy pattern. - Other rocksdb-heavy files (
mxd_utxo.c,mxd_contracts_db.c,
mxd_transaction.c) already used the correct&errpattern;
no changes needed.
MXD v0.2.6
End-to-end smoke test of letsgo testnet on a clean Ubuntu 24.04 VM
exposed two distribution bugs:
letsgoapt prereq was hardcodedlibrocksdb6.11(the 22.04
package name). Ubuntu 24.04 shipslibrocksdb8.9, Debian 12 ships
librocksdb7.8, etc. Apt install failed withUnable to locate package librocksdb6.11.mxd_nodecrashed with a rocksdb assertion (SaveError: errptr != nullptr) on Ubuntu 24.04. libmxd's chain code passesNULLfor
the rocksdbchar** errptrparameter, which rocksdb 6.x tolerates
(mainnet runs 22.04/6.11) but rocksdb 8.x asserts-aborts.
v0.2.6 fixes the distribution surface so both problems go away without
touching the chain code. The libmxd-side NULL-errptr issue is real and
worth fixing eventually, but it doesn't affect operators using these
bundles.
Changed
- Build matrix pinned to
ubuntu-22.04(andubuntu-22.04-arm).
glibc 2.35 baseline — forward-compatible with 24.04, Debian 12,
Fedora 36+, Rocky 9+, Arch (rolling), Alpine 3.18+ (with gcompat).
Also matches the mainnet validators' OS so the shipped binary is
byte-compatible with production. - Bundle is now self-contained via recursive
lddtraversal in
theStage release bundlestep. Every dynamic dependency of
mxd_nodeandlibmxd.sois bundled intolib/— including
libssl,libcrypto,libsodium,librocksdb(6.11 matching
mainnet, no 8.x assert issue),libcurland its sub-deps
(libnghttp2,libidn2,librtmp,libssh,libpsl,
libgssapi_krb5,libldap,liblber),libminiupnpc,
libmicrohttpd,libgmp,libcjson,libzstd, on top of the
source-builtlibuv,libuvwasi,libm3,liboqs. Glibc
components (libc,libm,libpthread,libdl,librt,
ld-linux, vdso) are intentionally excluded — they're kernel-
coupled and must come from the host. - SONAME symlinks reconstructed in the bundle.
cp -Lflattens
the symlink chain, so the bundle step rebuilds
libfoo.so → libfoo.so.X → libfoo.so.X.Y.Zso loaders find each
lib by its SONAME at runtime. letsgono longer runsapt-get install. The bundle has every
.so it needs; the wrapper'sLD_LIBRARY_PATH=bundle/libwins over
the system's/usr/lib/.../. Removes the entire class of "apt
package name doesn't exist on this distro" bugs.- Bundle README simplified to a 2-step quick-start (no apt line).
Notes
- Tarball size grows from ~3 MB → estimated ~30–50 MB compressed
(~15 extra .so files). Trade-off accepted for distro portability. - Operators on Ubuntu 22.04 will see the bundled libs slightly
duplicated against system libs, but the bundle ones win — no
conflict, just a few MB of disk. - Mainnet validators continue to use the source-built path (via
install_dependencies.sh+letsgo --from-sourceor direct
cmake) and are unaffected by the bundle changes.
MXD v0.2.5
Fixed
docker-buildfailed on v0.2.4 at "Generate SBOM for source" with
received HTTP status=404 for url='https://get.anchore.io/syft/v0.103.1/install.sh'.
The pinnedanchore/sbom-action@v0.15.8is bundled with a syft
version that Anchore has since deleted/moved upstream. Bumped all
three usage sites (source SBOM indocker-build, image SBOM in
docker-build, image SBOM indocker-publish-sign) to
@v0(the moving major-tag pointer Anchore maintains as stable).- SBOM steps now non-blocking via
continue-on-error: true.
CycloneDX SBOMs are supply-chain-transparency metadata, not
gating on Docker image functionality — if the SBOM action breaks
again upstream, Docker push should still complete. The Upload
SBOM step is gated onhashFiles(...)so it skips cleanly when
the SBOM file wasn't produced.
Notes
- v0.2.4 binary tarballs landed correctly and are still the
recommendedletsgo testnettarget until v0.2.5 supersedes them. - Docker image was never produced for v0.2.2 / v0.2.3 / v0.2.4. v0.2.5
should be the first version withghcr.io/alanruno/mxd:vX.Y.Zlive.
MXD v0.2.4
v0.2.3's tag CI got further than v0.2.2's — build-binary-release
produced both x86_64 and arm64 tarballs as workflow artifacts — but
two issues then prevented the GitHub Release from being created:
Fixed
- GHCR push failed with "repository name must be lowercase" —
the workflow used${{ github.repository }}(=AlanRuno/mxd)
directly in the image tag, but OCI registries reject uppercase.
Added alcstep that lowercases the repo once and reuses the
output in the build-push + cosign + SBOM steps. publish-releasewas skipped because itneeds: [build-binary-release, docker-publish-sign]and Docker failed.
Decoupled: nowneeds: [build-binary-release]only. Docker
publishing is independent of the GitHub Release creation; if GHCR
has issues the tarballs still land soletsgoprebuilt path
works.integration-testfailed withdocker-compose.test.yml: no such file or directory— the file lives in mxdlib root but
wasn't in the public manifest. Now added.
Notes
- Image will publish as
ghcr.io/alanruno/mxd:vX.Y.Z(lowercase). - v0.2.3 tarballs do exist as workflow artifacts on
https://github.com/AlanRuno/mxd/actions but were never promoted
to a GitHub Release. v0.2.4 should be the first to land actual
Release assets thatletsgocan download.
v0.1.0 — Initial Public Release
First public release of the MXD post-quantum blockchain.
Highlights
- Hybrid signatures at every layer: Ed25519 (classical, fast) and Dilithium5 / FIPS 204 ML-DSA-87 (post-quantum). Pick per-output via
algo_id. - Live one-way bridge from BNB Smart Chain (
0xCae102064d8E9e13d5b48F38bAc53d1155B331B4) with K-of-N Dilithium5 oracle attestation verified by every node. - Defense-in-depth on bridge mints: oracle row-claim, dest_tx_hash exclusion, queue dedup, consensus replay guard, audit-trail in
/block/NJSON. - Full specifications (MXD-00..06, MXD-API-01, MXD-CONS-01/02, MXD-PQ-00) with JSON test vectors for cross-implementation conformance.
What's in this release
- Chain core C library (
libmxd) + validator binary (mxd_node) - Solidity contracts:
MXDBridgeV3,BNBMXD,TestBNBMXD,MXDBridge - 11 protocol specifications + matching JSON test vectors
- Operator utilities: standalone Dilithium5 CLI, test-vector regenerator, node-key generator
- C unit test suite with fuzz + sanitizer harnesses
- Docker build + cross-platform dependency installers
Documentation
- Architecture overview: README.md
- Specifications: docs/standards/
- Mainnet oracle set: docs/MAINNET_ORACLE_SET.md
- Security policy: SECURITY.md
- Contributing: CONTRIBUTING.md
License
AGPL-3.0-only. See LICENSE.