From 851fc667b93acb83d533ed70d4db78c29fc1115c Mon Sep 17 00:00:00 2001 From: Ruediger Birkner Date: Mon, 3 Mar 2025 18:27:16 +0000 Subject: [PATCH] add proposal to install salt sharing canister --- .../proposals/install_03-03-2025_135629.md | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 rs/boundary_node/salt_sharing/proposals/install_03-03-2025_135629.md diff --git a/rs/boundary_node/salt_sharing/proposals/install_03-03-2025_135629.md b/rs/boundary_node/salt_sharing/proposals/install_03-03-2025_135629.md new file mode 100644 index 00000000000..c0c95c859fd --- /dev/null +++ b/rs/boundary_node/salt_sharing/proposals/install_03-03-2025_135629.md @@ -0,0 +1,81 @@ +# Install the Salt-Sharing Canister from Commit 374556b + +__Proposer__: Boundary Node Team at the DFINITY Foundation + +__Source code__: [374556b515a5c48782ddaf80cffb399cb83ce487][new-commit] + +[new-commit]: https://github.com/dfinity/ic/tree/374556b515a5c48782ddaf80cffb399cb83ce487 + +## Summary + +The API boundary nodes are in a unique position to provide insights, as all external requests pass through them. +This data is valuable not only for the operation of the Internet Computer Protocol, but also for dapp developers. +As part of the [Levitron milestone](https://internetcomputer.org/roadmap#Platform%20Decentralization-Levitron), +work is being done to make these insights publicly accessible. + +A key prerequisite for this milestone is the consistent anonymization of sensitive data. +To achieve this, the salt-sharing canister is proposed as a solution, +which securely distributes a shared salt exclusively to API boundary nodes, +enabling them to consistently anonymize sensitive data such as IP addresses. + +For more information, take a look at the [corresponding forum post](https://forum.dfinity.org/t/observability-with-the-new-boundary-node-architecture/41725). + +## Verifying the Installation + +First, make sure your Git repository is up-to-date. + +``` +# Option A. Get a fresh copy of the code. +git clone git@github.com:dfinity/ic.git && cd ic +# Option B. If you already have a copy of the ICP repo. +git fetch +``` + +Second, checkout the right revision of the code. + +``` +git checkout 374556b515a5c48782ddaf80cffb399cb83ce487 +``` + +### Argument Verification + +The [didc][latest_didc] tool is required. + +[latest_didc]: https://github.com/dfinity/candid/releases/latest + +Fingerprint the canister argument: + +``` +didc encode \ + -d rs/boundary_node/salt_sharing/canister/salt_sharing_canister.did \ + -t '(InitArg)' \ + '( + record { + salt_generation_strategy = variant { StartOfMonth }; + regenerate_now = true; + registry_polling_interval_secs = 300 : nat64; + }, + )' | xxd -r -p | sha256sum +``` + +This should match `arg_hash` field of this proposal. + +### WASM Verification + +See ["Building the code"][prereqs] for prerequisites. + +[prereqs]: https://github.com/dfinity/ic/tree/374556b515a5c48782ddaf80cffb399cb83ce487/README.adoc#building-the-code + +Build the release version of the canisters: + +``` +./ci/container/build-ic.sh -c +``` + +Fingerprint the canister module: + +``` +sha256sum ./artifacts/canisters/salt-sharing-canister.wasm.gz +``` + +This should match `wasm_module_hash` field of this proposal.