Releases: zigbee-alliance/distributed-compliance-ledger
Releases · zigbee-alliance/distributed-compliance-ledger
1.4.4
What's Changed (comparing to 1.2.2)
Updates in Data Models and API (new optional fields)
- All Data Models:
- optional field
schemaVersion
field (default - 0)
- optional field
- Account:
- optional field
productIDs
(see PROPOSE_ADD_ACCOUNT and acount.proto, as well as ADD_MODEL and ADD_MODEL_VERSION)
- optional field
- Model:
- optional fields
enhancedSetupFlowOptions
,enhancedSetupFlowTCUrl
,enhancedSetupFlowTCRevision
,enhancedSetupFlowTCDigest
,enhancedSetupFlowTCFileSize
,maintenanceUrl
,discoveryCapabilitiesBitmask
,commissioningFallbackUrl
(see ADD_MODEL and model.proto)
- optional fields
Updates in Data Models
- PKI
- enum field
certificateType
(see certificate.proto) pointing to the type of added certificate and having the following definition:
Default value:enum CertificateType { DeviceAttestationPKI = 0; OperationalPKI = 1; VIDSignerPKI = 2; }
0 (DeviceAttestationPKI)
- enum field
New API
- PKI
- APIs return ALL (DA and NOC) certificate types:
- APIs working with DA certificate types:
- APIs working with NOC certificate types:
- ADD_NOC_ROOT (RCAC)
- REVOKE_NOC_ROOT (RCAC)
- REMOVE_NOC_ROOT (RCAC)
- ADD_NOC_ICA (ICAC)
- REVOKE_NOC_ICA (ICAC)
- REMOVE_NOC_ICA (ICAC)
- GET_NOC_ROOT_BY_VID (RCACs)
- GET_NOC_CERT
- GET_NOC_BY_VID_AND_SKID (RCACs/ICACs)
- GET_ALL_NOC
- GET_ALL_NOC_ROOT (RCACs)
- GET_ALL_NOC_ICA (ICACs)
- GET_NOC_ICA_BY_VID (ICACs)
- GET_NOC_CERTS_BY_SUBJECT
- GET_ALL_REVOKED_NOC_ROOT (RCACs)
- GET_ALL_REVOKED_NOC_ICA (ICACs)
- GET_REVOKED_NOC_ROOT (RCAC)
- GET_REVOKED_NOC_ICA (ICAC)
Updates in Logic and API
- PKI
- Supported delegation of PAAs/PAIs
crlSignerDelegator
in Revocation Distribution Point: ADD_REVOCATION_DISTRIBUTION_POINT, UPDATE_REVOCATION_DISTRIBUTION_POINT - An option to revoke child certificates in the chain
revokeChild
(default - false): PROPOSE_REVOKE_PAA, REVOKE_PAI
- Supported delegation of PAAs/PAIs
- Auth/Model
- PID scoped Accounts: ADD_MODEL, PROPOSE_ADD_ACCOUNT
- Fixed static validation of URL fields (mostly in model.proto and model_version.proto)
Other
- Transaction broadcasting block mode has been removed from the updated cosmos-sdk. Starting from this version, dcl has only two modes:
sync
andasync
, with the default beingsync
. In this mode, to obtain the actual result of a transaction (txn), an additional query call with thetxHash
must be executed. For example:dcld query tx txHash
- where txHash represents the hash of the previously executed transaction. - Due to upgrading cosmovisor to v1.3.0 in Docker and shell files, the node starting command has changed from
cosmovisor start
tocosmovisor run start
Documentation Updates
- Changed structure of transactions.md.
- Ledger Nano Support (HSM for Account keys)
- Updates in Upgrade and troubleshooting guide Pool Upgrade How To
Full List of Issues
https://github.com/zigbee-alliance/distributed-compliance-ledger/milestone/6
Full Changelog
- #610, #611, #612 PKI API compatibility fixes bt @Artemkaaas in #613
- Added index for all certificates by subject key id by @Artemkaaas in #617
- Refactored PKI Keeper to reduce code duplication by @Artemkaaas in #616
- Split Transactions document into sub documents by @Artemkaaas in #614
- Added basic sample of rewriting CLI integration test in GO by @Artemkaaas in #615
- Latest release binary version in upgrade tests increment by @DenisRybas in #511
- #523 PID scoped Accounts by @Abdulbois in #530
- Add NOC root certificate transactions design doc by @akarabashov in #529
- Update the NOC root certificate design based on discussion feedback by @akarabashov in #534
- Compliance module unit tests refactoring by @DenisRybas in https://github.com/zigbee-alliance/dist...
1.4.4-5-dev
v1.4.4-5-dev Fixed broken unit tests
1.4.4-4-dev
v1.4.4-4-dev Updated binary version
1.4.4-2-dev
What's Changed (comparing to 1.2.2)
Updates in Data Models and API (new optional fields)
- All Data Models:
- optional field
schemaVersion
field (default - 0)
- optional field
- Account:
- optional field
productIDs
(see PROPOSE_ADD_ACCOUNT and acount.proto)
- optional field
- Model:
- optional fields
enhancedSetupFlowOptions
,enhancedSetupFlowTCUrl
,enhancedSetupFlowTCRevision
,enhancedSetupFlowTCDigest
,enhancedSetupFlowTCFileSize
,maintenanceUrl
,discoveryCapabilitiesBitmask
,commissioningFallbackUrl
(see ADD_MODEL and model.proto)
- optional fields
Updates in Data Models
- PKI
- enum field
certificateType
(see certificate.proto) pointing to the type of added certificate and having the following definition:
Default value:enum CertificateType { DeviceAttestationPKI = 0; OperationalPKI = 1; VIDSignerPKI = 2; }
0 (DeviceAttestationPKI)
- enum field
New API
- PKI
- APIs return ALL (DA and NOC) certificate types:
- APIs working with DA certificate types:
- APIs working with NOC certificate types:
- ADD_NOC_ROOT (RCAC)
- REVOKE_NOC_ROOT (RCAC)
- REMOVE_NOC_ROOT (RCAC)
- ADD_NOC_ICA (ICAC)
- REVOKE_NOC_ICA (ICAC)
- REMOVE_NOC_ICA (ICAC)
- GET_NOC_ROOT_BY_VID (RCACs)
- GET_NOC_CERT
- GET_NOC_BY_VID_AND_SKID (RCACs/ICACs)
- GET_ALL_NOC
- GET_ALL_NOC_ROOT (RCACs)
- GET_ALL_NOC_ICA (ICACs)
- GET_NOC_ICA_BY_VID (ICACs)
- GET_NOC_CERTS_BY_SUBJECT
- GET_ALL_REVOKED_NOC_ROOT (RCACs)
- GET_ALL_REVOKED_NOC_ICA (ICACs)
- GET_REVOKED_NOC_ROOT (RCAC)
- GET_REVOKED_NOC_ICA (ICAC)
Updates in Logic and API
- PKI
- Supported delegation of PAAs/PAIs
crlSignerDelegator
in Revocation Distribution Point: ADD_REVOCATION_DISTRIBUTION_POINT, UPDATE_REVOCATION_DISTRIBUTION_POINT - An option to revoke child certificates in the chain
revokeChild
(default - false): PROPOSE_REVOKE_PAA, REVOKE_PAI
- Supported delegation of PAAs/PAIs
- Auth/Model
- PID scoped Accounts: ADD_MODEL, PROPOSE_ADD_ACCOUNT
- Fixed static validation of URL fields (mostly in model.proto and model_version.proto)
Other
- Transaction broadcasting block mode has been removed from the updated cosmos-sdk. Starting from this version, dcl has only two modes:
sync
andasync
, with the default beingsync
. In this mode, to obtain the actual result of a transaction (txn), an additional query call with thetxHash
must be executed. For example:dcld query tx txHash
- where txHash represents the hash of the previously executed transaction. - Due to upgrading cosmovisor to v1.3.0 in Docker and shell files, the node starting command has changed from
cosmovisor start
tocosmovisor run start
Documentation Updates
- Changed structure of transactions.md.
- Ledger Nano Support (HSM for Account keys)
- Updates in Upgrade and troubleshooting guide Pool Upgrade How To
Full List of Issues
https://github.com/zigbee-alliance/distributed-compliance-ledger/milestone/6
Full Changelog
- #610, #611, #612 PKI API compatibility fixes @Artemkaaas in #613
- Split Transactions document into sub documents @Artemkaaas in #614
- Added basic sample of rewriting CLI integration test in GO @Artemkaaas in #615
- Latest release binary version in upgrade tests increment by @DenisRybas in #511
- #523 PID scoped Accounts by @Abdulbois in #530
- Add NOC root certificate transactions design doc by @akarabashov in #529
- Update the NOC root certificate design based on discussion feedback by @akarabashov in #534
- Compliance module unit tests refactoring by @DenisRybas in #514
- #519 Query Certificates with subjectKeyId by @Abdulbois in #532
- Update the NOC root certificate design in accordance with the latest feedback by @akarabashov in #539
- #535 Enable providing serial number while revoking x509 certs by @Abdulbois in #541
- #535 Add transaction command to remove non-root certificates by @Abdulbois in #542
- #524 Implement adding and requesting root NOC certificates by @akarabashov in https://github.co...
Release 1.4.3
What's Changed (comparing to 1.2.2)
Updates in Data Models and API (new optional fields)
- All Data Models:
- optional field
schemaVersion
field (default - 0)
- optional field
- Account:
- optional field
productIDs
(see PROPOSE_ADD_ACCOUNT and acount.proto)
- optional field
- Model:
- optional fields
enhancedSetupFlowOptions
,enhancedSetupFlowTCUrl
,enhancedSetupFlowTCRevision
,enhancedSetupFlowTCDigest
,enhancedSetupFlowTCFileSize
,maintenanceUrl
,discoveryCapabilitiesBitmask
,commissioningFallbackUrl
(see ADD_MODEL and model.proto)
- optional fields
- PKI
- optional field
crlSignerDelegator
(see ADD_REVOCATION_DISTRIBUTION_POINT, UPDATE_REVOCATION_DISTRIBUTION_POINT) - optional field
isNoc
(see certificate.proto and the new NOC-related commands below)
- optional field
New Data Models and API
- PKI
- REMOVE_PAI
- GET_CERTS_BY_SKID
- ADD_NOC_ROOT (RCAC)
- REVOKE_NOC_ROOT (RCAC)
- REMOVE_NOC_ROOT (RCAC)
- ADD_NOC_ICA (ICAC)
- REVOKE_NOC_ICA (ICAC)
- REMOVE_NOC_ICA (ICAC)
- GET_NOC_ROOT_BY_VID (RCACs)
- GET_NOC_BY_VID_AND_SKID (RCACs/ICACs)
- GET_NOC_ICA_BY_VID (ICACs)
- GET_REVOKED_NOC_ROOT (RCAC)
- GET_ALL_NOC_ROOT (RCACs)
- GET_ALL_NOC_ICA (ICACs)
- GET_ALL_REVOKED_NOC_ROOT (RCACs)
Updates in Query (Read) API
- The following query commands return both PAA/PAI and NOC (RCAC/ICAC): GET_CERT, GET_REVOKED_CERT, GET_ALL_CERTS, GET_ALL_REVOKED_CERTS, GET_CERTS_BY_SUBJECT, GET_CHILD_CERTS
- Either
isNoc
field should be analyzed to distinguish between the certificate type, or dedicated PAA-related commands should be used (see below)
- Either
- Please note, that the following query API calls still return only PAAs (they haven't been changed): GET_ALL_PAA, GET_ALL_REVOKED_PAA, GET_ALL_PROPOSED_PAA, GET_ALL_REJECTED_PAA, GET_ALL_PROPOSED_PAA_TO_REVOKE, GET_PROPOSED_PAA, GET_REJECTED_PAA, GET_PROPOSED_PAA_TO_REVOKE
Updates in Logic and API
- PKI
- Supported delegation of PAAs/PAIs
crlSignerDelegator
in Revocation Distribution Point: ADD_REVOCATION_DISTRIBUTION_POINT, UPDATE_REVOCATION_DISTRIBUTION_POINT - An option to revoke child certificates in the chain
revokeChild
(default - false): PROPOSE_REVOKE_PAA, REVOKE_PAI
- Supported delegation of PAAs/PAIs
- Auth/Model
- PID scoped Accounts: ADD_MODEL, PROPOSE_ADD_ACCOUNT
- Fixed static validation of URL fields (mostly in model.proto and model_version.proto)
Other
- Transaction broadcasting block mode has been removed from the updated cosmos-sdk. Starting from this version, dcl has only two modes:
sync
andasync
, with the default beingsync
. In this mode, to obtain the actual result of a transaction (txn), an additional query call with thetxHash
must be executed. For example:dcld query tx txHash
- where txHash represents the hash of the previously executed transaction. - Due to upgrading cosmovisor to v1.3.0 in Docker and shell files, the node starting command has changed from
cosmovisor start
tocosmovisor run start
Documentation Updates
- Ledger Nano Support (HSM for Account keys)
- Improved transactions.md
- Updates in Upgrade and troubleshooting guide Pool Upgrade How To
Full List of Issues
https://github.com/zigbee-alliance/distributed-compliance-ledger/milestone/6
Full Changelog
- Latest release binary version in upgrade tests increment by @DenisRybas in #511
- #523 PID scoped Accounts by @Abdulbois in #530
- Add NOC root certificate transactions design doc by @akarabashov in #529
- Update the NOC root certificate design based on discussion feedback by @akarabashov in #534
- Compliance module unit tests refactoring by @DenisRybas in #514
- #519 Query Certificates with subjectKeyId by @Abdulbois in https://github.com/zigbee...
Release 1.4.3-pre1
v1.4.3-pre1 Updated openapi (#605)
Release 1.4.2
What's Changed (comparing to 1.2.2)
Full Changelog:
v1.2.2...v1.4.2
- #303 Upgrade Cosmos SDK, tendermint, golang and project dependencies
- #523 PID scoped Accounts
- Add NOC root certificate transactions design doc
- Update the NOC root certificate design based on discussion feedback
- #519 Query Certificates with subjectKeyId
- Update the NOC root certificate design
- #535 Enable providing serial number while revoking x509 certs
- #535 Add transaction command to remove non-root certificates
- #524 Implement adding and requesting root NOC certificates
- Support for forward and backward compatibility in DCL schemes
- #535 Make the revocation of child certificates optional
- #535 Enable checking VID matchings while adding x509 certificate
- #535 Enable adding non-root NOC(ICA) certificates
- #535 Enhancements to Adding, Revoking, and Removing Non-Root Certificates
- #524 Enable revocation of NOC root certificates
- #524 Enable revocation of NOC non-root certificates
- #502 Add SchemaVersion field into PKI, Compliance, Model and VendorInfo schemas
- #538 Add commissioner remote UI flow url field into model schema
- Update transactions.md document
- #531 Publish pai certificates for crl signer certificate verification
- Refactor update tests for sequential version upgrades starting from initial version
- Set CommissioningModeInitialStepsHint to 1 by default for standard flow
- Query NOC Root certificates by VID and SKID by
- #560 Enable removing NOC ICA certificates
- #524 Enable removing NOC root certificates
- Add instructions on how to use the Ledger Nano with DCL
- Improve error message texts
- Add schemaVersion field into NOC/ICA and auxiliary models
- #575 Rename CommissionerRemoteUiFlowUrl to ManagedAclExtensionRequestFlowUrl
- #547 Add new fields into Model entity
- Query NOC Intermediate by VID+SKID by @DenisRybas in #584
- Removed managedAclExtensionRequestFlowUrl from model by @DenisRybas in #586
- vid for PAIs by @DenisRybas in #585
- Docs clarification for NOC certs by @DenisRybas in #587
- Improve clarity on how to fetch account number by @smides-nest in #579
- Model fields fixes by @DenisRybas in #588
- Upgrade test 1.4.1 by @DenisRybas in #590
- Correct transactions documentation
- Update docs troubleshooting by @ashcherbakov in #591
- Fix macos version/runner by @ashcherbakov in #592
- Add validation for making Schema Version zero value by @Toktar in #594
Upgrade procedure
- The release must be applied via cosmovisor and Upgrade Proposal transactions, see pool-upgrade-how-to.md.
- The upgrade name must be equal to
v1.4
. - The release must be applied to all nodes (Validators, Observers, Sentries, etc.)
- All upgraded nodes must be at 1.2.2 with cosmovisor enabled.
- It's recommended to enable the auto-download for cosmovisor on all nodes, see pool-upgrade-how-to.md.
- Adding new nodes to the running pool (Test Net in particular) must be done via one of the ways described in running-node-in-existing-network.md.
Release 1.4.2-pre1
v1.4.2-pre1 Register migration
Release 1.4.2-dev1
Merge pull request #592 from zigbee-alliance/fix/mac-release Fix macos version/runner
Release 1.4.1
What's Changed (comparing to 1.2.2)
Full Changelog:
v1.2.2...v1.4.0
v1.4.0...v1.4.1
- #303 Upgrade Cosmos SDK, tendermint, golang and project dependencies
- #523 PID scoped Accounts
- Add NOC root certificate transactions design doc
- Update the NOC root certificate design based on discussion feedback
- #519 Query Certificates with subjectKeyId
- Update the NOC root certificate design
- #535 Enable providing serial number while revoking x509 certs
- #535 Add transaction command to remove non-root certificates
- #524 Implement adding and requesting root NOC certificates
- Support for forward and backward compatibility in DCL schemes
- #535 Make the revocation of child certificates optional
- #535 Enable checking VID matchings while adding x509 certificate
- #535 Enable adding non-root NOC(ICA) certificates
- #535 Enhancements to Adding, Revoking, and Removing Non-Root Certificates
- #524 Enable revocation of NOC root certificates
- #524 Enable revocation of NOC non-root certificates
- #502 Add SchemaVersion field into PKI, Compliance, Model and VendorInfo schemas
- #538 Add commissioner remote UI flow url field into model schema
- Update transactions.md document
- #531 Publish pai certificates for crl signer certificate verification
- Refactor update tests for sequential version upgrades starting from initial version
- Set CommissioningModeInitialStepsHint to 1 by default for standard flow
- Query NOC Root certificates by VID and SKID by
- #560 Enable removing NOC ICA certificates
- #524 Enable removing NOC root certificates
- Add instructions on how to use the Ledger Nano with DCL
- Improve error message texts
- Add schemaVersion field into NOC/ICA and auxiliary models
- #575 Rename CommissionerRemoteUiFlowUrl to ManagedAclExtensionRequestFlowUrl
- #547 Add new fields into Model entity
- Query NOC Intermediate by VID+SKID by @DenisRybas in #584
- Removed managedAclExtensionRequestFlowUrl from model by @DenisRybas in #586
- vid for PAIs by @DenisRybas in #585
- Docs clarification for NOC certs by @DenisRybas in #587
- Improve clarity on how to fetch account number by @smides-nest in #579
- Model fields fixes by @DenisRybas in #588
- Upgrade test 1.4.1 by @DenisRybas in #590
- Correct transactions documentation
Upgrade procedure
- The release must be applied via cosmovisor and Upgrade Proposal transactions, see pool-upgrade-how-to.md.
- The upgrade name must be equal to
v1.4
. - The release must be applied to all nodes (Validators, Observers, Sentries, etc.)
- All upgraded nodes must be at 1.2.2 with cosmovisor enabled.
- It's recommended to enable the auto-download for cosmovisor on all nodes, see pool-upgrade-how-to.md.
- Adding new nodes to the running pool (Test Net in particular) must be done via one of the ways described in running-node-in-existing-network.md.