Aleph-vm 0.5.1-rc1

This release fixes important bugs and increases the reliability of the metrics of the node.

As usual, node operators are expected to upgrade to the new release within a 2 weeks windows from the release.

Main changes

Core Functionality and Stability

• Confidential Computing Implementation: We have implemented confidential computing features using AMD SEV, enhancing data security and privacy.
• Enhanced Testing: Comprehensive tests were added for various components to improve code reliability and identify potential issues early.
• Internet Connectivity Checks: The build process was streamlined, ensuring compatibility with different Ubuntu versions and efficient resource management.
• Bug Fixes: Addressed issues with duplicated CORS headers in the HTTP response, ensuring proper handling and preventing CORS-related errors.

Security and Compliance

• Security Enhancements: Additional checks and measures were put in place to strengthen the overall security posture of the system.

User Experience and Developer Productivity

• Documentation Improvements: Documentation was updated to provide better guidance for developers and users.
• Code Quality: Codebase was cleaned up and refactored for better maintainability and readability.

These changes aim to improve the robustness, usability, and maintainability of the system, ensuring a smoother experience for both developers and end-users. Please refer to the project documentation for detailed instructions on the new features and improvements.

What's Changed

• Fix: Pytest did not test legacy diagnostic by @hoh in #603
• Installation documentation was moved to aleph doc by @olethanh in #613
• Problem /about/usage/system was not tested by @olethanh in #609
• Problem: allocation endpoints was not tested by @olethanh in #610
• Fix: Backquote in shell script executed command by @hoh in #611
• Fix: System testing on DO took too many resources by @hoh in #614
• Added Qemu automatic tests by @nesitor in #615
• Fix: Branch main could not be tested easily by @hoh in #612
• Fix: Unkwnown hashes raised exception by @hoh in #606
• Use standard system package for ECDSA verification and add tests by @BjrInt in #460
• Added USE_CONFIDENTIAL_COMPUTING check by @nesitor in #617
• 601 creating instance tests by @Antonyjin in #616
• Minor code cleanup in check_system_module by @hoh in #621
• Fix: Some dependencies were inconsistent between pyproject.toml and packaging by @hoh in #625
• Fix: No .deb was built for Ubuntu 24.04 by @hoh in #624
• Add platform confidential directory on Settings by @nesitor in #618
• Implement get platform certificates endpoint by @nesitor in #619
• Fix: Correct string formatting in VM startup response by @1yam in #631
• Fix: Orchestrator failed with assert result["result"] == HTTPOk.status_code by @hoh in #628
• Problem: Crash when trying to auth via websocket by @olethanh in #630
• Fix: CI Droplet cleanup failed when same name was used by @hoh in #633
• Fix: make clean did not cleanup all resources by @hoh in #634
• Update test and linting dependencies by @hoh in #623
• Fix: Binary sevctl was absent from debian packages by @hoh in #629
• Disable printing system logs on deb package as per default configuration recommendation by @aliel in #640
• Add more information on testing for devs by @olethanh in #642
• Add test for the reboot endpoint by @olethanh in #635
• Problem : Log was not working on system. Unify logging method by @olethanh in #644
• Fix: Path to sevctl was not from settings by @hoh in #637
• Fix: CRN API did not expose CPU features for trusted computing by @hoh in #622
• Problem: Websocket were required to fetch logs by @olethanh in #645
• Improve instances code by @nesitor in #654
• Fix: AttributeError: 'MicroVM' object has no attribute 'send_shutdown_message' by @hoh in #653
• Implement Confidential Computing by @olethanh in #650
• Problem: sevctl command was not tested on the proplet by @olethanh in #651
• Add missing cpuid dependency by @nesitor in #656
• Solve Websocket error handling by @nesitor in #657
• Small fixes noticed on new installations. by @nesitor in #659
• Solve Firecracker reboot issues by @nesitor in #658
• Allocate endpoint allow starting confidential with hold payment method by @olethanh in #660
• Fix: error when user balance is zero and no remaining executions to r… by @olethanh in #661
• Start documentation on confidential by @olethanh in #655
• Enable Qemu support by default by @nesitor in #662

Full Changelog: 0.4.1...v0.5.1-rc1

How to upgrade

1. Upgrade the packages

This part did not change, download and install the new package as usual.

On Debian 11 (Bullseye):

rm -f /opt/aleph-vm.debian-11.deb
wget -P /opt https://github.com/aleph-im/aleph-vm/releases/download/0.5.1-rc1/aleph-vm.debian-11.deb
apt install /opt/aleph-vm.debian-11.deb

On Debian 12 (Bookworm):

rm -f /opt/aleph-vm.debian-12.deb
wget -P /opt https://github.com/aleph-im/aleph-vm/releases/download/0.5.1-rc1/aleph-vm.debian-12.deb
apt install /opt/aleph-vm.debian-12.deb

On Ubuntu 22.04 (Jammy Jellyfish):

rm -f /opt/aleph-vm.ubuntu-22.04.deb
sudo wget -P /opt https://github.com/aleph-im/aleph-vm/releases/download/0.5.1-rc1/aleph-vm.ubuntu-22.04.deb
sudo apt install /opt/aleph-vm.ubuntu-22.04.deb

On Ubuntu 24.04 (Noble Numbat):

rm -f /opt/aleph-vm.ubuntu-24.04.deb
sudo wget -P /opt https://github.com/aleph-im/aleph-vm/releases/download/0.5.1-rc1/aleph-vm.ubuntu-24.04.deb
sudo apt install /opt/aleph-vm.ubuntu-24.04.deb

2. Enable Confidential Computing (optional)

In order to enable Confidential Computing on our Compute Resource Node, you must:

Enable SEV in the configuration of aleph-vm, by default in /etc/aleph-vm/supervisor.env:

ALEPH_VM_ENABLE_QEMU_SUPPORT=1
ALEPH_VM_ENABLE_CONFIDENTIAL_COMPUTING=1

After launching the server you can check the endpoint
http://localhost:4020/status/config and verify that ENABLE_CONFIDENTIAL_COMPUTING is true