Releases: urbit/urbit
411k-rc5
%base hash (check with +vat %base): 0v4.4r8a7.jt8e9.rhrjb.3pinr.oi4o9.06nbf.9fasn.tmf8s.0ur6v.uc2vk
Description
During pre-release testing of 411k-rc4 a regression was found in the -keen
thread where pressing backspace to cancel the thread would not actually cancel the %keen
request in ames. This release candidate contains #6931 to fix the bug.
What's Changed
- spider: track remote scry requests by @yosoyubik in #6931
Full Changelog: 411k-rc4...411k-rc5
411k-rc4
%base hash (check with +vat %base): 0v1a.n599d.je4qf.lj1mp.cu7h4.634aj.0mfoi.mg36j.fumm1.h9crn.pud1u
Description
During pre-release testing of 411k-rc3 we discovered a problem with |moon-breach
for moons with many subscribers. The root cause of this issue is somewhere in the sort
jet, but this release candidate includes #6921 that elides the sorting for remote subscriber ducts in jael.
What's Changed
Full Changelog: 411k-rc3...411k-rc4
411k-rc3
%base hash (check with +vat %base): 0v9.tkr3p.baong.darml.udvm7.occ6f.25t7b.k4qaf.atrvd.m29vk.0k1lp
Description
During pre-release testing of 411k-rc2 we discovered that some older gall and ames migrations were broken. This meant that upgrading to 411k would fail if you were upgrading from an older urbit-os version. This release candidate contains #6906 to fix the issue.
What's Changed
- ames, gall: fix old state migrations by @yosoyubik in #6906
Full Changelog: 411k-rc2...411k-rc3
411k-rc2
Description
During pre-release testing of 411k-rc1 a few bugs were discovered with ames and gall state migrations. This release candidate addresses the problems encountered in these migrations.
What's Changed
- ames: fix message-blob migration by @pkova in #6899
- gall: fix migration when sky contains empty mop by @pkova in #6901
- ames, hoon: add run:to, speed up ames migration by @midden-fabler in #6902
Full Changelog: 411k-rc1...411k-rc2
411k-rc1
411k-rc0
Description
The highlights of 411 will be the following:
- Encrypted remote scry, both two-party and multiparty versions.
- Informal pings, significantly lessening the load on galaxies. Most ships will still ping their galaxies every 25 seconds but now these pings don't go to disk. The pings previously prevented galaxies serving more than a few thousand ships without workarounds.
- Epoch system. Every subsequent vere version creates its own epoch of the event log, making jet mismatches less of a hassle. The
urbit chop
command also actually deletes the event log now instead of making a backup. - Persistent Nock Caching allows us to cache any computation. We are starting slow with this one to get a better idea of the memory usage, but this will allow us to eventually cache everything from initial boot to most of the Ford build system.
- MDNS local routing. Ships on the local network or the same machine can leverage Bonjour on macOS and Avahi on Linux to automatically find each other. This helps connectivity in scenarios where the router does not do NAT hairpinning and will probably be the preferred method of establishing connections for hosting providers in the future.
Encrypted remote scry guide
The ames %chum
task is the two-party encrypted remote scry task. The task has the exact same interface as the ames %keen
. Here is an example of fetching sys.kelvin
from ~zod
from inside a gall agent:
[%pass /your-wire %arvo %a %chum ~zod /c/x/1/kids/sys/kelvin]
The multiparty encrypted scry is slightly more complicated. First, the publisher creates a named security context with the %germ
:
[%pass /your-wire %germ /your/security/context]
Then the publisher publishes some data to the security context using %tend
:
[%pass /your-wire %tend /your/security/context /hello/this/is/path %noun 'hello this is data']
Finally the publishing agent has to implement a scry handler for the security context:
++ on-peek
|= =path
^- (unit (unit cage))
?. ?=([%c %your %security %context @ ~] path)
``[%noun !>(%.n)]
=/ =ship (slav %p i.t.t.t.t.path)
?: =(~dinleb-rambep ship) :: your whitelist logic here
``[%noun !>(%.y)]
``[%noun !>(%.n)]
Now the client can use the gall %keen
to request data from /your/security/context, as long as he has the permissions:
[%pass /your-wire %keen %.y ~sampel-palnet /g/x/1/your-agent//1/your/security/context/hello/this/is/path]
Migration guide
This is rc0, do not run this on important ships. Use fake ships or disposable moons.
First, grab the relevant binary for your platform:
https://bootstrap.urbit.org/vere/next/kelvin/411/v3.0-a250df7/vere-v3.0-a250df7-linux-aarch64
https://bootstrap.urbit.org/vere/next/kelvin/411/v3.0-a250df7/vere-v3.0-a250df7-linux-x86_64
https://bootstrap.urbit.org/vere/next/kelvin/411/v3.0-a250df7/vere-v3.0-a250df7-macos-aarch64
https://bootstrap.urbit.org/vere/next/kelvin/411/v3.0-a250df7/vere-v3.0-a250df7-macos-x86_64
Then grab the 411k-rc0.pill from https://urbit-foundation.s3.us-east-2.amazonaws.com/411k-rc0.pill
The pill contains %base and %landscape. Use the binary with the -B
command-line flag to boot up a fake ship or a moon to migrate your application. Read the breaking changes below for guidance.
Breaking changes
- The signature of the ames
%keen
task has changed from[%keen spar]
to[%keen sec=(unit [idx=@ key=@]) spar]
. Most applications will want to change to using the gall%keen
[%keen secret=? spar:ames]
, or alternatively the two-party encrypted%chum
.- Note that the keen function in
/lib/strandio
has been updated and your application requires no changes if you were using that.
- Note that the keen function in
- We discovered a bug breaking referential transparency in certain scenarios of remote scrying into gall. A fix has been deployed, but we also decided to version the namespace to mitigate these kinds of issues in the future. When upgrading to 411, all gall remote scry paths will be migrated to the new versioning scheme. See #6852 for details.
- The map function
rut:by
does not exist anymore, use the equivalenturn:by
.
What's Changed
- hoon: allow
%.
in spec mode by @wicrum-wicrun in #6460 - hoon: further explore ?#, fix bugs by @joemfb in #5983
- hoon: add pin and awl arms to test and trim subaxes by @eamsden in #6592
- hoon: fix gate currying by @Quodss in #6658
- hoon: add +zip to jar engine by @dr-frmr in #6423
- hoon: remove rut:by, duplicate of urn:by by @ashelkovnykov in #6640
- hoon: refactor unnecessary parameter to bif:by by @ashelkovnykov in #6639
- eyre: serve 503 if bound agent is not running by @Fang- in #6745
- lull, ames: add %dear task to receive lane from unix by @pkova in #6783
- eyre: more permissive channel creation by @Fang- in #6789
- eyre: add HTTP scrying by @lukechampine in #6741
- kiln: OTA merge approval (UIP 114) by @tinnus-napbus in #6793
- eyre: allow header-list to contain multiple cookies by @pkova in #6799
- clay: return all takos in /cs/bloc scry by @pkova in #6808
- clay: iterate over all aeons in +read-at-tako by @pkova in #6807
- runtime-version: parse current version properly by @pkova in #6809
- hoon: make ?# wuthax work correctly by @Fang- in #5884
- hoon: fix gol type enforcement for trivial %cnts by @joemfb in #6751
- kiln: Desk publisher switcher (UIP-0111) by @tinnus-napbus in #6780
- hoon: fix jet mismatch in +shas by @joemfb in #5861
- Revert "hoon: add pin and awl arms to test and trim subaxes" by @joemfb in #6819
- gall: send %cork only if hearing %ack for %leave by @yosoyubik in #6759
- dbug: add color for closing/corked flows by @yosoyubik in #6821
- eyre: prevent login redirect loops by @Fang- in #6814
- eyre: less permissive channel creation by @Fang- in #6816
- gall: add scry endpoint to expose agent state by @midden-fabler in #6785
- hoon: 138k by @belisarius222 in #6615
- ames: stateless dead flow consolidation by @pkova in #6823
- lull: add egg-any tagged union for gall scry by @pkova in #6825
- zuse: fix +de:base64:mimes:html by @pkova in #6826
- lull, ames: add %nail task to send lanes to unix by @pkova in #6828
- lull, ames: do not store jammed messages in unsent-messages by @pkova in #6835
- hoon: peg crash if b is 0 by @eamsden in #6833
- vats: handle insane desk names by @tinnus-napbus in #6824
- ames: persistently cache
++jim
and remove++dedup-message
by @matthew-levan in #6770 - arvo: persistently cache scry type checks by @matthew-levan in #6773
- eyre: simplify the login page ux a little bit by @Fang- in #6840
- hoon: fixes a serious bug in +fitz by @mikolajpp in #6647
- gall: add egg-any cast to %gv scry by @midden-fabler in #6855
- dojo: fix incorrect beak desk on non-base generator by @pkova in #6857
- gall: migrate sky to versioned path by @pkova in #6852
- eyre: append set-cookie header rather than clobbering by @ixv in #6850
- Allow multiple declarations on in de-xml:html by @will-hanlen in #6839
- ames: add STUN response handling by @yosoyubik in #6836
- ames: notify vere on %born and when sponsor list changes by @belisarius222 in #6781
- ping: remove print by @yosoyubik in #6868
- hoon: correct ?: miscompilation, loobean jet mismatches by @joemfb in #6859
- lib/dprint: fix crashes with recursive types and =, by @silnem2 in #6872
- all: enforce the gang when scrying by @pkova in #6876
- gall: security primitives for encrypted scry by @liam-fitzgerald in #6790
New Contributors
- @Quodss made their first contribution in #6658
- @will-hanlen made their first contribution in #6839
Full Changelog: 412k-3...411k-rc0
412k-3
%base hash (check with +vat %base): 0vi.049bd.s4tqn.sg193.ivivi.b85uj.qe1k6.tpe5u.c7t0a.eqq2b.fqinv
Today a bug with remote scry was discovered that breaks referential transparency in the following scenario:
A user %cull:s all revisions of a path. The next %grow on the path will overwrite the revision that used to be the latest. For example, if the latest revision of the path /foo was 5 containing the cord 'hello', doing a [%cull ud+5 /foo] followed by [%grow /foo atom+'OH NO'] would result in scrying for revision 5 to return the cord 'OH NO'.
Another off-by-one error was also discovered in the %cull task, causing %cull to remove one more revision of the data that was requested. For example, doing [%cull ud+4 /foo] in the example above would also cull revision 5 of the path.
Thanks to ~rivmud-fabwen for posting a detailed reproduction on ~dister-dozzod-lapdeg/battery-payload
.
This hotfix release fixes both of these bugs.
What's Changed
Full Changelog: 412k-2...412k-3
412k-2
%base hash (check with +vat %base): 0v1r.2i1cd.gcvve.4o41u.qjn4p.vkk0s.i5ahg.lmsh4.is8kq.6msg5.f0ph3
The week before assembly a bug was discovered which affects connectivity between ships belonging to the same sponsorship chain. More specifically, the conditions for triggering the connectivity issues were the following:
- Two ships belonging to the same sponsorship chain try to communicate. Most commonly this was seen with stars and planets or moons and planets. Note that direct communication between galaxies and their children were unaffected.
- One of the ships was behind a NAT.
- The parent was either a new ship or had breached/changed sponsors recently.
If these conditions were met these ships could not communicate. This hotfix release fixes the bug. Note that this issue may have been responsible for the mysterious "moon connectivity issues".
What's Changed
Full Changelog: 412k-1...412k-2
412k-1
%base hash (check with +vat %base): 0vo.pba41.2bp3a.6as26.52dvo.hsg8e.o25sv.geiia.3pkp0.s0tkm.c8d64
Description
412k-1 is a small bugfix release fixing long-standing issues that didn't quite make it to 412k. This release fixes the following:
- Some Urbit apps set cookies. This would sometimes confuse %eyre because it also uses cookies for storing login state, leading to users randomly getting logged out.
- Remote scrying for a desk that includes commits that are unreachable from the latest commit would fail and fall back to %ames. One such desk is the %base desk and every desk created from %base using |merge.
- It is possible to include the clay blob store in the pill when building a pill with +solid =prime %.y. This clay blob store was missing content from commits unreachable from the latest commit.
- The -runtime-version thread would sometimes incorrectly report the runtime as being out of date.
What's Changed
- eyre: allow header-list to contain multiple cookies by @pkova in #6799
- clay: return all takos in /cs/bloc scry by @pkova in #6808
- clay: iterate over all aeons in +read-at-tako by @pkova in #6807
- runtime-version: parse current version properly by @pkova in #6809
Full Changelog: 412k...412k-1
412k
%base hash (check with +vat %base): 0v13.tbu2r.fs2u6.scm7e.thi9h.j6shh.9tflb.2adq8.ojaps.r1rc5.ne2u7
%zuse 412
%lull 323
%arvo 237
%hoon 139
Description
The major features of the kelvin 412 release are the following:
- The %lick vane which allows gall agents to open a IPC communication port to earth. In pre-release testing this vane has been used to control IOT devices and building a snake game. The %lick vane is documented here: https://developers.urbit.org/reference/arvo/lick/lick.
- The open %eyre. Eyre grants temporary guest identities in the form of comets to all unauthenticated requests. This allows a significantly wider range of interaction for Urbit applications on the clearweb since anybody can %poke and %watch without tedious HTTP API implementation work.
- EAuth. Eyre now allows people to log in with their own identities on HTTP endpoints served by any ship. A common use case for this functionality would be a comments section on a blog served to the clearweb. For details, see the mirage proposal here: https://gist.github.com/Fang-/41ed84b2a6dd96ca67c6a5dbda1fd35d
Urbit ships will now ignore incoming remote %pokes to nonexistent, suspended or nuked agents. Ships were previously maintaining an unbounded queue of incoming %pokes to dead agents, presenting a potential DDOS vector. Local pokes will still be queued as usual.
The release also includes a preview of dead flow consolidation. Ships can turn it on from the dojo or webterm with the command:
|pass [%a %stir %dead]
It also includes local provenance, paving the way for future userspace permissioning work. This infrastructure allows us to say things like "only the local agent %foo
is allowed to poke me" in the future.
App migration guide
See the guide here: https://gist.github.com/pkova/6ddc65aa2ca192d0efa8667a36bac177
What's Changed
- eyre: refactor tests by @philipcmonk in #6563
- eyre: session identities for all by @Fang- in #6561
- merge
develop
intonext/kelvin/412
by @matthew-levan in #6618 - ames: make +abet pure by @yosoyubik in #6518
- gall: implement local provenance by @tinnus-napbus in #6605
- ames: remove num-live from pump-metrics by @yosoyubik in #6609
%lick
vane by @mopfel-winrux in #6519- arvo: fix scry permission check by @marcusmiguel in #6685
- eyre: eauth, cross-ship authentication by @Fang- in #6598
- arvo: print vane hashes as hashes, not
@p
s by @dr-frmr in #6665 - ames: remove space leak for outbound naxplanations by @yosoyubik in #6642
- spider: move spider tree by @midden-fabler in #6706
- Removed cruft and made pills actually buildable by @ilyakooo0 in #6708
- sss: rely on ames acks instead of timers by @wicrum-wicrun in #6683
- base: fix /ted/hi, /ted/code and /ted/read output formatting by @pkova in #6713
- zuse: fix to-wain jet mismatch by @pkova in #6707
- bin: remove spurious pill urbit-v0.10.8.pill by @pkova in #6715
- %base: delete /app/gaze and /ted/naive-csv by @pkova in #6695
- lull: add %'PATCH' to $method:http by @Fang- in #6719
- Fixed CI by @ilyakooo0 in #6725
- ci: hopefully fix CI by @pkova in #6726
- lull, gall, ames: drop pokes for non-running agents by @pkova in #6716
- Use released urbit binaries by @ilyakooo0 in #6730
- ci: fix ci on next/kelvin/412 branch by @pkova in #6731
- ci: don't use nixpkgs urbit binary by @pkova in #6732
- Add paces to
-runtime-version
by @matthew-levan in #6729 - Merge develop to next/kelvin/412 by @pkova in #6736
- kiln: have +poke-uninstall unsync desks with %dead zest by @silnem2 in #6721
- mar: better html-related conversions by @marcusmiguel in #6703
- dojo: fix bad gall scries with | on non-null =dir by @silnem2 in #6704
- json: remove deprecated JSON parser calls by @marcusmiguel in #6697
- kiln: avoid downloading updates for uninstalled desks by @marcusmiguel in #6724
- Add %noun-autodiff mark with automatic diffing algorithm by @ilyakooo0 in #6681
- dojo: better generator errors by @midden-fabler in #6686
- %sink by @ilyakooo0 in #6712
- ames: move +on-kroc logic to |close-flows by @yosoyubik in #6648
- Merge develop into next/kelvin/412 by @pkova in #6744
- clay: propagate [~ ~] properly from read-x by @pkova in #6743
- ames: consolidate dead flows to a single behn timer by @pkova in #6738
- zuse: remove deprecated arms by @marcusmiguel in #6733
- ames: Don't check for lane staleness by @philipcmonk in #6700
- lull, ames: add %tame task to delete a route for a ship by @pkova in #6740
- eyre: cosmetic updates to login form by @jamesacklin in #6737
- eyre: avoid +got'ing a channel that doesn't exist by @Fang- in #6749
- roller: fix state migration by @yosoyubik in #6758
- ames: reinitialize congestion control values (bis) by @yosoyubik in #6762
- ames: fix state migration in 412 after merging #6762 by @yosoyubik in #6763
- ames: reinitialize recork timer by @yosoyubik in #6764
- ames: fix bug in dead flow consolidation by @pkova in #6756
- eyre: handle old wires correctly in +on-gall-response by @pkova in #6767
- arvo: add provenance when casting forward move by @pkova in #6774
- zuse: kelvin 412 by @belisarius222 in #6551
- lick: initialize unix-duct before %born by @pkova in #6784
- roller-rpc: do not assert team:title for http-requests by @pkova in #6788
- ames: make dead flow consolidation toggleable, default off by @pkova in #6792
New Contributors
- @ilyakooo0 made their first contribution in #6708
Full Changelog: urbit-os-v2.142-hotfix2...412k