Release of Daml 2.7.3
Summary
This is a maintenance release that addresses several issues.
What’s New
- Several optimizations improve pruning performance on Postgres.
- Corrects a situation where the PingService can fail repeatedly.
- The Canton console will read the applicationId/userId from the token when supplied. This will allow the remote console to better function with the user-management feature as it forces the creation of a user CantonConsole.
- Some KMS requests were passed an empty TraceContext resulting in no trace id in the audit log.
- The ACS migration works on a remote node.
- It was possible for implicitly added Archive choices to be included in the coverage report which reduces the coverage percentage. The flag --coverage-ignore-choice PATTERN was added to selectively disable choices in the coverage report to ignore implicit Archive choices. Any choice whose fully qualified name matches the regular expression in PATTERN is removed from the coverage report. The choice will not be included in counts of defined choices or in counts of exercised choices. The choice is treated as if it does not exist.
- The console command keys.secret.rotate_node_key can now accept a name for the newly generated key. This allows a rotated key to have a friendly name.
- The previous owner_to_key_mappings.rotate_key is deprecated and now expects a node reference (InstanceReferenceCommon) as a parameter to avoid any dangerous and/or unwanted key rotations.
- The bin/canton script can be used the same way as in prior Canton releases.
Impact and Migration
There were some adjustments to the canton drivers tarball to better match the canton tarball of previous minor releases. Specifically:
- The bin directory has been restored and has the canton launch script.
- The JAR files have been moved to a lib directory.
For production deployment, we recommend using the JAR file directly, rather than the tarball. The JAR file is linked in the table below. Any automation that assumes the prior directory structure will need to be updated.
Installation or Download
The Daml 2.7.3 SDK has been released. You can install it using the command: daml install 2.7.3.
The table below lists how you can download Daml Enterprise or individual components.
|
Daml Enterprise v2.7.3 |
||
|
Component |
File download |
Docker Image |
|
SDK |
N/A |
|
|
Canton for Daml Enterprise |
Standalone JAR file |
digitalasset-docker.jfrog.io/canton-enterprise:2.7.3 |
|
Daml Finance |
N/A |
|
|
HTTP JSON API Service |
digitalasset-docker.jfrog.io/http-json:2.7.3 |
|
|
Trigger Service |
digitalasset-docker.jfrog.io/trigger-service:2.7.3 |
|
|
OAuth 2.0 middleware (Open-Source) |
digitalasset-docker.jfrog.io/oauth2-middleware:2.7.3 |
|
|
Participant Query Store |
N/A |
|
|
Trigger Runner |
digitalasset-docker.jfrog.io/trigger-runner:2.7.3 |
|
|
Daml Script |
digitalasset-docker.jfrog.io/daml-script:2.7.3 |
|
If you are using Oracle JVM and testing security provider signatures, you should note that the provided Canton JAR file embeds the BouncyCastle Provider as a dependency. To enable the JVM to verify the signature, you need to put the “bcprov” JAR on the classpath before the Canton Standalone JAR. For example:
java -cp bcprov-jdk15on-1.70.jar:canton-drivers-2.7.3-all.jar com.digitalasset.canton.CantonEnterpriseApp
Note: These Docker images are designed to be minimal in size and attack surface, and are thus suitable for production use. Minimal images can sometimes make debugging difficult (e.g. no shell in the containers). For convenience, we provide “debug” versions of each of the above images, which you can access by appending “-debug” to the image tag (e.g. digitalasset-docker.jfrog.io/http-json:2.7.3-debug).