What's Changed (comparing to 1.2.2)
Updates in Data Models and API (new optional fields)
- All Data Models:
- optional field
schemaVersion
field (default - 0)
- optional field
- Account:
- optional field
productIDs
(see PROPOSE_ADD_ACCOUNT and acount.proto, as well as ADD_MODEL and ADD_MODEL_VERSION)
- optional field
- Model:
- optional fields
enhancedSetupFlowOptions
,enhancedSetupFlowTCUrl
,enhancedSetupFlowTCRevision
,enhancedSetupFlowTCDigest
,enhancedSetupFlowTCFileSize
,maintenanceUrl
,discoveryCapabilitiesBitmask
,commissioningFallbackUrl
(see ADD_MODEL and model.proto)
- optional fields
Updates in Data Models
- PKI
- enum field
certificateType
(see certificate.proto) pointing to the type of added certificate and having the following definition:
Default value:enum CertificateType { DeviceAttestationPKI = 0; OperationalPKI = 1; VIDSignerPKI = 2; }
0 (DeviceAttestationPKI)
- enum field
New API
- PKI
- APIs return ALL (DA and NOC) certificate types:
- APIs working with DA certificate types:
- APIs working with NOC certificate types:
- ADD_NOC_ROOT (RCAC)
- REVOKE_NOC_ROOT (RCAC)
- REMOVE_NOC_ROOT (RCAC)
- ADD_NOC_ICA (ICAC)
- REVOKE_NOC_ICA (ICAC)
- REMOVE_NOC_ICA (ICAC)
- GET_NOC_ROOT_BY_VID (RCACs)
- GET_NOC_CERT
- GET_NOC_BY_VID_AND_SKID (RCACs/ICACs)
- GET_ALL_NOC
- GET_ALL_NOC_ROOT (RCACs)
- GET_ALL_NOC_ICA (ICACs)
- GET_NOC_ICA_BY_VID (ICACs)
- GET_NOC_CERTS_BY_SUBJECT
- GET_ALL_REVOKED_NOC_ROOT (RCACs)
- GET_ALL_REVOKED_NOC_ICA (ICACs)
- GET_REVOKED_NOC_ROOT (RCAC)
- GET_REVOKED_NOC_ICA (ICAC)
Updates in Logic and API
- PKI
- Supported delegation of PAAs/PAIs
crlSignerDelegator
in Revocation Distribution Point: ADD_REVOCATION_DISTRIBUTION_POINT, UPDATE_REVOCATION_DISTRIBUTION_POINT - An option to revoke child certificates in the chain
revokeChild
(default - false): PROPOSE_REVOKE_PAA, REVOKE_PAI
- Supported delegation of PAAs/PAIs
- Auth/Model
- PID scoped Accounts: ADD_MODEL, PROPOSE_ADD_ACCOUNT
- Fixed static validation of URL fields (mostly in model.proto and model_version.proto)
Other
- Transaction broadcasting block mode has been removed from the updated cosmos-sdk. Starting from this version, dcl has only two modes:
sync
andasync
, with the default beingsync
. In this mode, to obtain the actual result of a transaction (txn), an additional query call with thetxHash
must be executed. For example:dcld query tx txHash
- where txHash represents the hash of the previously executed transaction. - Due to upgrading cosmovisor to v1.3.0 in Docker and shell files, the node starting command has changed from
cosmovisor start
tocosmovisor run start
Documentation Updates
- Changed structure of transactions.md.
- Ledger Nano Support (HSM for Account keys)
- Updates in Upgrade and troubleshooting guide Pool Upgrade How To
Full List of Issues
https://github.com/zigbee-alliance/distributed-compliance-ledger/milestone/6
Full Changelog
- #610, #611, #612 PKI API compatibility fixes bt @Artemkaaas in #613
- Added index for all certificates by subject key id by @Artemkaaas in #617
- Refactored PKI Keeper to reduce code duplication by @Artemkaaas in #616
- Split Transactions document into sub documents by @Artemkaaas in #614
- Added basic sample of rewriting CLI integration test in GO by @Artemkaaas in #615
- Latest release binary version in upgrade tests increment by @DenisRybas in #511
- #523 PID scoped Accounts by @Abdulbois in #530
- Add NOC root certificate transactions design doc by @akarabashov in #529
- Update the NOC root certificate design based on discussion feedback by @akarabashov in #534
- Compliance module unit tests refactoring by @DenisRybas in #514
- #519 Query Certificates with subjectKeyId by @Abdulbois in #532
- Update the NOC root certificate design in accordance with the latest feedback by @akarabashov in #539
- #535 Enable providing serial number while revoking x509 certs by @Abdulbois in #541
- #535 Add transaction command to remove non-root certificates by @Abdulbois in #542
- #524 Implement adding and requesting root NOC certificates by @akarabashov in #543
- Support for forward and backward compatibility in DCL schemes by @akarabashov in #540
- #535 Make the revocation of child certificates optional by @Abdulbois in #544
- #535 Enable checking VID matchings while adding x509 certificate by @Abdulbois in #545
- #535 Enable adding non-root NOC(ICA) certificates by @Abdulbois in #546
- #535 Enhancements to Adding, Revoking, and Removing Non-Root Certificates by @akarabashov in #548
- #524 Enable revocation of NOC root certificates by @Abdulbois in #550
- #524 Enable revocation of NOC non-root certificates by @Abdulbois in #551
- #502 Add SchemaVersion field into PKI, Compliance, Model and VendorInfo schemas by @Abdulbois in #552
- #538 Add commissioner remote UI flow url field into model schema by @Abdulbois in #555
- Update transactions.md document by @akarabashov in #553
- Rename non-root NOC to NOC_ICA (in doc, code, state, CLI command) by @akarabashov in #559
- #531 Publish pai certificates for crl signer certificate verification by @Abdulbois in #557
- Refactor update tests for sequential version upgrades starting from initial version by @akarabashov in #561
- Set CommissioningModeInitialStepsHint to 1 by default for standard flow by @akarabashov in #562
- Query NOC Root certificates by VID and SKID by @akarabashov in #564
- #303 Upgrade Cosmos SDK by @Abdulbois in #536
- #560 Enable removing NOC ICA certificates by @Abdulbois in #567
- #524 Enable removing NOC root certificates by @Abdulbois in #568
- Add instructions on how to use the Ledger Nano with DCL by @akarabashov in #569
- Improve error message texts by @Abdulbois in #571
- improvements #566 #570 by @Abdulbois in #572
- Fix error message texts by @Abdulbois in #574
- Add schemaVersion field into NOC/ICA and auxiliary models by @Abdulbois in #573
- Bumped spellcheck action to latest version, since 0.24.0 is EOL by @jonasbn in #526
- #575 Rename CommissionerRemoteUiFlowUrl to ManagedAclExtensionRequestFlowUrl by @Abdulbois in #576
- #547 Add new fields into Model entity by @Abdulbois in #577
- Correct transactions documentation by @akarabashov in #578
- Query NOC Intermediate by VID+SKID by @DenisRybas in #584
- Removed managedAclExtensionRequestFlowUrl from model by @DenisRybas in #586
- vid for PAIs by @DenisRybas in #585
- Docs clarification for NOC certs by @DenisRybas in #587
- Improve clarity on how to fetch account number by @smides-nest in #579
- Model fields fixes by @DenisRybas in #588
- Upgrade test 1.4.1 by @DenisRybas in #590
- Update docs troubleshooting by @ashcherbakov in #591
- Fix macos version/runner by @ashcherbakov in #592
- Add validation for making Schema Version zero value by @Toktar in #594
- Update Upgrade Test for 1.4.2 Release by @ashcherbakov in #595
- Fix delete model version by @DenisRybas in #599
- Certificate comparison improvement by @DenisRybas in #600
- Url validations update by @DenisRybas in #604
- Model DiscoveryCapabilitiesBitmask field by @DenisRybas in #589
- Updated openapi by @ashcherbakov in #605
- Upgrade upgrade test to v1.4.3-pre1 by @DenisRybas in #606
Upgrade procedure
- The release must be applied via cosmovisor and Upgrade Proposal transactions, see pool-upgrade-how-to.md.
- The upgrade name must be equal to
v1.4.4
. - The release must be applied to all nodes (Validators, Observers, Sentries, etc.)
- All upgraded nodes must be at v1.4.4 with cosmovisor enabled.
- It's recommended to enable the auto-download for cosmovisor on all nodes, see pool-upgrade-how-to.md.
- Adding new nodes to the running pool (Test Net in particular) must be done via one of the ways described in running-node-in-existing-network.md.