From 5625fae6183319cd6503c7f6a9822dc0aa579293 Mon Sep 17 00:00:00 2001
From: Jernej Kos <jernej@kos.mx>
Date: Thu, 7 May 2020 18:01:23 +0200
Subject: [PATCH] changelog: Assemble changes for release 20.6

---
 .changelog/1898.breaking.md   |   1 -
 .changelog/2440.feature.1.md  |   1 -
 .changelog/2440.feature.2.md  |   9 -
 .changelog/2687.breaking.md   |  10 -
 .changelog/2687.feature.md    |  11 -
 .changelog/2687.internal.1.md |  40 ----
 .changelog/2687.internal.2.md |  10 -
 .changelog/2687.internal.3.md |   4 -
 .changelog/2710.breaking.md   |   1 -
 .changelog/2748.bugfix.md     |   6 -
 .changelog/2748.internal.md   |   3 -
 .changelog/2767.internal.md   |   6 -
 .changelog/2778.feature.md    |   6 -
 .changelog/2791.doc.md        |   1 -
 .changelog/2826.internal.md   |   1 -
 .changelog/2832.bugfix.md     |   4 -
 .changelog/2832.internal.1.md |   1 -
 .changelog/2832.internal.2.md |   4 -
 .changelog/2834.breaking.1.md |   3 -
 .changelog/2834.breaking.2.md |   6 -
 .changelog/2837.internal.md   |   7 -
 .changelog/2838.internal.md   |   1 -
 .changelog/2840.trivial.md    |   0
 .changelog/2843.breaking.6.md |   8 -
 .changelog/2843.bugfix.1.md   |   1 -
 .changelog/2843.bugfix.2.md   |   1 -
 .changelog/2843.bugfix.3.md   |   4 -
 .changelog/2843.feature.4.md  |   3 -
 .changelog/2843.feature.5.md  |   1 -
 .changelog/2844.breaking.md   |  10 -
 .changelog/2848.breaking.md   |   4 -
 .changelog/2848.feature.md    |   5 -
 .changelog/2849.internal.md   |   1 -
 .changelog/2853.bugfix.md     |   4 -
 .changelog/2855.feature.md    |  10 -
 .changelog/2856.bugfix.md     |   7 -
 .changelog/2858.bugfix.md     |   4 -
 .changelog/2860.internal.1.md |   5 -
 .changelog/2860.internal.2.md |   1 -
 .changelog/2863.feature.1.md  |   1 -
 .changelog/2863.feature.2.md  |   4 -
 .changelog/2866.internal.md   |   1 -
 .changelog/2867.internal.md   |   3 -
 .changelog/2868.breaking.md   |   5 -
 .changelog/2872.bugfix.md     |   6 -
 .changelog/2873.feature.md    |   6 -
 .changelog/2874.bugfix.md     |   9 -
 .changelog/2876.bugfix.md     |   5 -
 .changelog/2876.internal.1.md |   1 -
 .changelog/2876.internal.2.md |   4 -
 .changelog/2878.trivial.md    |   0
 .changelog/2879.trivial.md    |   0
 .changelog/2881.breaking.md   |   1 -
 .changelog/2885.bugfix.1.md   |  10 -
 .changelog/2885.bugfix.2.md   |   1 -
 .changelog/2889.feature.1.md  |   5 -
 .changelog/2889.feature.2.md  |   4 -
 .changelog/2890.internal.md   |   1 -
 .changelog/2892.bugfix.md     |   4 -
 .changelog/2894.internal.md   |   1 -
 CHANGELOG.md                  | 403 ++++++++++++++++++++++++++++++++++
 61 files changed, 403 insertions(+), 277 deletions(-)
 delete mode 100644 .changelog/1898.breaking.md
 delete mode 100644 .changelog/2440.feature.1.md
 delete mode 100644 .changelog/2440.feature.2.md
 delete mode 100644 .changelog/2687.breaking.md
 delete mode 100644 .changelog/2687.feature.md
 delete mode 100644 .changelog/2687.internal.1.md
 delete mode 100644 .changelog/2687.internal.2.md
 delete mode 100644 .changelog/2687.internal.3.md
 delete mode 100644 .changelog/2710.breaking.md
 delete mode 100644 .changelog/2748.bugfix.md
 delete mode 100644 .changelog/2748.internal.md
 delete mode 100644 .changelog/2767.internal.md
 delete mode 100644 .changelog/2778.feature.md
 delete mode 100644 .changelog/2791.doc.md
 delete mode 100644 .changelog/2826.internal.md
 delete mode 100644 .changelog/2832.bugfix.md
 delete mode 100644 .changelog/2832.internal.1.md
 delete mode 100644 .changelog/2832.internal.2.md
 delete mode 100644 .changelog/2834.breaking.1.md
 delete mode 100644 .changelog/2834.breaking.2.md
 delete mode 100644 .changelog/2837.internal.md
 delete mode 100644 .changelog/2838.internal.md
 delete mode 100644 .changelog/2840.trivial.md
 delete mode 100644 .changelog/2843.breaking.6.md
 delete mode 100644 .changelog/2843.bugfix.1.md
 delete mode 100644 .changelog/2843.bugfix.2.md
 delete mode 100644 .changelog/2843.bugfix.3.md
 delete mode 100644 .changelog/2843.feature.4.md
 delete mode 100644 .changelog/2843.feature.5.md
 delete mode 100644 .changelog/2844.breaking.md
 delete mode 100644 .changelog/2848.breaking.md
 delete mode 100644 .changelog/2848.feature.md
 delete mode 100644 .changelog/2849.internal.md
 delete mode 100644 .changelog/2853.bugfix.md
 delete mode 100644 .changelog/2855.feature.md
 delete mode 100644 .changelog/2856.bugfix.md
 delete mode 100644 .changelog/2858.bugfix.md
 delete mode 100644 .changelog/2860.internal.1.md
 delete mode 100644 .changelog/2860.internal.2.md
 delete mode 100644 .changelog/2863.feature.1.md
 delete mode 100644 .changelog/2863.feature.2.md
 delete mode 100644 .changelog/2866.internal.md
 delete mode 100644 .changelog/2867.internal.md
 delete mode 100644 .changelog/2868.breaking.md
 delete mode 100644 .changelog/2872.bugfix.md
 delete mode 100644 .changelog/2873.feature.md
 delete mode 100644 .changelog/2874.bugfix.md
 delete mode 100644 .changelog/2876.bugfix.md
 delete mode 100644 .changelog/2876.internal.1.md
 delete mode 100644 .changelog/2876.internal.2.md
 delete mode 100644 .changelog/2878.trivial.md
 delete mode 100644 .changelog/2879.trivial.md
 delete mode 100644 .changelog/2881.breaking.md
 delete mode 100644 .changelog/2885.bugfix.1.md
 delete mode 100644 .changelog/2885.bugfix.2.md
 delete mode 100644 .changelog/2889.feature.1.md
 delete mode 100644 .changelog/2889.feature.2.md
 delete mode 100644 .changelog/2890.internal.md
 delete mode 100644 .changelog/2892.bugfix.md
 delete mode 100644 .changelog/2894.internal.md

diff --git a/.changelog/1898.breaking.md b/.changelog/1898.breaking.md
deleted file mode 100644
index d0ddd9f4cd1..00000000000
--- a/.changelog/1898.breaking.md
+++ /dev/null
@@ -1 +0,0 @@
-go/consensus/tendermint: Use MKVS for storing application state
diff --git a/.changelog/2440.feature.1.md b/.changelog/2440.feature.1.md
deleted file mode 100644
index 31aa0ef8842..00000000000
--- a/.changelog/2440.feature.1.md
+++ /dev/null
@@ -1 +0,0 @@
-go/consensus: Add basic API for supporting light consensus clients
diff --git a/.changelog/2440.feature.2.md b/.changelog/2440.feature.2.md
deleted file mode 100644
index 4b619ad6b64..00000000000
--- a/.changelog/2440.feature.2.md
+++ /dev/null
@@ -1,9 +0,0 @@
-go/worker/consensusrpc: Add public consensus RPC services worker
-
-A public consensus services worker enables any full consensus node to expose
-light client services to other nodes that may need them (e.g., they are needed
-to support light clients).
-
-The worker can be enabled using `--worker.consensusrpc.enabled` and is
-disabled by default. Enabling the public consensus services worker exposes
-the light consensus client interface over publicly accessible gRPC.
diff --git a/.changelog/2687.breaking.md b/.changelog/2687.breaking.md
deleted file mode 100644
index 6aa9f678feb..00000000000
--- a/.changelog/2687.breaking.md
+++ /dev/null
@@ -1,10 +0,0 @@
-`oasis-node`: Refactor `metrics` parameters
-
-- `--metrics.push.job_name` renamed to `--metrics.job_name`.
-- `--metrics.push.interval` renamed to `--metrics.interval`.
-- `--metrics.push.instance_label` replaced with more general
-  `--metrics.labels` map parameter where `instance` is a required key, if
-  metrics are enabled. For example `--metrics.push.instance_label abc` now
-  becomes `--metrics.labels instance=abc`. User can also set other
-  arbitrary Prometheus labels, for example
-  `--metrics.labels instance=abc,cpu=intel_i7-8750`.
diff --git a/.changelog/2687.feature.md b/.changelog/2687.feature.md
deleted file mode 100644
index edf8de8ec41..00000000000
--- a/.changelog/2687.feature.md
+++ /dev/null
@@ -1,11 +0,0 @@
-`oasis-node`: Add benchmarking utilities
-
-- New Prometheus metrics for:
-  - datadir space usage,
-  - I/O (read/written bytes),
-  - memory usage (VMSize, RssAnon, RssFile, RssShmem),
-  - CPU (utime and stime),
-  - network interfaces (rx/tx bytes/packets),
-- Bumps `prometheus/go_client` to latest version which fixes sending label
-  values containing non-url characters.
-- Bumps `spf13/viper` which fixes `IsSet()` behavior.
diff --git a/.changelog/2687.internal.1.md b/.changelog/2687.internal.1.md
deleted file mode 100644
index 358af57804e..00000000000
--- a/.changelog/2687.internal.1.md
+++ /dev/null
@@ -1,40 +0,0 @@
-`oasis-test-runner`: Add benchmarking utilities
-
-- `oasis-test-runner` now accepts `--metrics.address` and `--metrics.interval`
-  parameters which are forwarded to `oasis-node` workers.
-- `oasis-test-runner` now signals `oasis_up` metric to Prometheus when a test
-  starts and when it finishes.
-- `--num_runs` parameter added which specifies how many times each test should
-  be run.
-- `basic` E2E test was renamed to `runtime`.
-- Scenario names now use corresponding namespace. e.g. `halt-restore` is now
-  `e2e/runtime/halt-restore`.
-- Scenario parameters are now exposed and settable via CLI by reimplementing
-  `scenario.Parameters()` and setting it with `--<test_name>.<param>=<val>`.
-- Scenario parameters can also be generally set, for example
-  `--e2e.node.binary` will set `node.binary` parameter for all E2E tests and
-  `--e2e/runtime.node.binary` will set it for tests which inherit `runtime`.
-- Multiple parameter values can be provided in form
-  `--<test_name>.<param>=<val1>,<val2>,...`. In this case, `oasis-test-runner`
-  combines them with other parameters and generates unique parameter sets for
-  each test.
-- Each scenario is run in a unique datadir per parameter set of form
-  `oasis-test-runnerXXXXXX/<test_name>/<run_id>`.
-- Due to very long datadir for some e2e tests, custom internal gRPC socket
-  names are provided to `oasis-node`.
-- If metrics are enabled, new labels are passed to oasis-nodes and pushed to
-  Prometheus for each test:
-  - `instance`,
-  - `run`,
-  - `test`,
-  - `software_version`,
-  - `git_branch`,
-  - whole test-specific parameter set.
-- New `version.GitBranch` variable determined and set during compilation.
-- Current parameter set, run number, and test name dumped to `test_info.json`
-  in corresponding datadir. This is useful when packing whole datadir for
-  external debugging.
-- New `cmp` command for analyzing benchmark results has been added which
-  fetches the last two batches of benchmark results from Prometheus and
-  compares them. For more information, see `README.md` in
-  `go/oasis-test-runner` folder.
diff --git a/.changelog/2687.internal.2.md b/.changelog/2687.internal.2.md
deleted file mode 100644
index fefc8a76b4d..00000000000
--- a/.changelog/2687.internal.2.md
+++ /dev/null
@@ -1,10 +0,0 @@
-`oasis-node`: Add custom internal socket path flag (for E2E tests only!)
-
-`--debug.grpc.internal.socket_name` flag was added which forces `oasis-node`
-to use the given path for the internal gRPC socket. This was necessary,
-because some E2E test names became very lengthy and original datadir exceeded
-the maximum unix socket path length. `oasis-test-runner` now generates
-shorter socket names in `/tmp/oasis-test-runnerXXXXXX` directory and provides
-them to `oasis-node`. **Due to security risks never ever use this flag in
-production-like environments. Internal gRPC sockets should always reside in
-node datadir!**
diff --git a/.changelog/2687.internal.3.md b/.changelog/2687.internal.3.md
deleted file mode 100644
index ec2ab714c98..00000000000
--- a/.changelog/2687.internal.3.md
+++ /dev/null
@@ -1,4 +0,0 @@
-ci: New benchmarks pipeline has been added
-
-`benchmarks.pipeline.yml` runs all E2E tests and compares the benchmark
-results from the previous batch using the new `oasis-test-runner cmp` command.
diff --git a/.changelog/2710.breaking.md b/.changelog/2710.breaking.md
deleted file mode 100644
index 08fec163a6a..00000000000
--- a/.changelog/2710.breaking.md
+++ /dev/null
@@ -1 +0,0 @@
-go/consensus/tendermint: Store consensus parameters in ABCI state
diff --git a/.changelog/2748.bugfix.md b/.changelog/2748.bugfix.md
deleted file mode 100644
index 99266823305..00000000000
--- a/.changelog/2748.bugfix.md
+++ /dev/null
@@ -1,6 +0,0 @@
-go: Extract and generalize registry's staking sanity checks
-
-Augment the checks to check if an entity has enough stake for all stake claims
-in the Genesis document to prevent panics at oasis-node start-up due to
-entities not having enough stake in the escrow to satisfy all their stake
-claims.
diff --git a/.changelog/2748.internal.md b/.changelog/2748.internal.md
deleted file mode 100644
index 56e458f8096..00000000000
--- a/.changelog/2748.internal.md
+++ /dev/null
@@ -1,3 +0,0 @@
-go/registry/api: Extend `NodeLookup` and `RuntimeLookup` interfaces
-
-Define `Nodes()` and `AllRuntimes()` methods.
diff --git a/.changelog/2767.internal.md b/.changelog/2767.internal.md
deleted file mode 100644
index e88d8139858..00000000000
--- a/.changelog/2767.internal.md
+++ /dev/null
@@ -1,6 +0,0 @@
-go/staking/tests: Add escrow and delegations to debug genesis state
-
-Introduce `stakingTestsState` that holds the current state of staking
-tests and enable the staking implementation tests
-(`StakingImplementationTest`, `StakingClientImplementationTests`) to always
-use this up-to-date state.
diff --git a/.changelog/2778.feature.md b/.changelog/2778.feature.md
deleted file mode 100644
index ca435e18a0e..00000000000
--- a/.changelog/2778.feature.md
+++ /dev/null
@@ -1,6 +0,0 @@
-Add `GetEvents` to backends
-
-The new `GetEvents` call returns all events at a specific height,
-without having to watch for them using the `Watch*` methods.
-It is currently implemented for the registry, roothash, and staking
-backends.
diff --git a/.changelog/2791.doc.md b/.changelog/2791.doc.md
deleted file mode 100644
index 12f002bb0cf..00000000000
--- a/.changelog/2791.doc.md
+++ /dev/null
@@ -1 +0,0 @@
-Refactor documentation, add architecture overview
diff --git a/.changelog/2826.internal.md b/.changelog/2826.internal.md
deleted file mode 100644
index 86ffd39d15b..00000000000
--- a/.changelog/2826.internal.md
+++ /dev/null
@@ -1 +0,0 @@
-go/runtime/committee: Don't close gRPC connections on connection refresh
diff --git a/.changelog/2832.bugfix.md b/.changelog/2832.bugfix.md
deleted file mode 100644
index 5dac5363d15..00000000000
--- a/.changelog/2832.bugfix.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go/oasis-node/cmd/ias: Fix WatchRuntimes retry
-
-Previously the IAS proxy could incorrectly panic during shutdown when the
-context was cancelled.
diff --git a/.changelog/2832.internal.1.md b/.changelog/2832.internal.1.md
deleted file mode 100644
index e2f4816a87a..00000000000
--- a/.changelog/2832.internal.1.md
+++ /dev/null
@@ -1 +0,0 @@
-go/oasis-node: Move storage benchmark subcommand under debug
diff --git a/.changelog/2832.internal.2.md b/.changelog/2832.internal.2.md
deleted file mode 100644
index c04cb564bf7..00000000000
--- a/.changelog/2832.internal.2.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go: Refactor E2E coverage integration test wrapper
-
-This makes it possible to easily have E2E coverage instrumented binaries for
-things other than oasis-node.
diff --git a/.changelog/2834.breaking.1.md b/.changelog/2834.breaking.1.md
deleted file mode 100644
index 6cc84257a2a..00000000000
--- a/.changelog/2834.breaking.1.md
+++ /dev/null
@@ -1,3 +0,0 @@
-go: Bump tendermint to v0.33.3-oasis1
-
-This is breaking as the tendermint block format has changed.
diff --git a/.changelog/2834.breaking.2.md b/.changelog/2834.breaking.2.md
deleted file mode 100644
index ed69e77dcbe..00000000000
--- a/.changelog/2834.breaking.2.md
+++ /dev/null
@@ -1,6 +0,0 @@
-go/consensus/genesis: Make max evidence age block and time based
-
-- Rename `max_evidence_age` -> `max_evidence_age_blocks`
-- Add `max_evidence_age_time` (default 48h)
-
-This is obviously breaking.
diff --git a/.changelog/2837.internal.md b/.changelog/2837.internal.md
deleted file mode 100644
index 6564c9f8b83..00000000000
--- a/.changelog/2837.internal.md
+++ /dev/null
@@ -1,7 +0,0 @@
-keymanager-runtime: replace with test/simple-keymanager
-
-Common keymanager initalization code is extracted into the keymanager-lib
-crate. This enables for the actual key manager implementation to only
-provide a set of key manager policy signers.
-Aditionally the `keymanager-runtime` crate is removed and replaced with
-a test `simple-keymanager` runtime that is used in E2E tests.
diff --git a/.changelog/2838.internal.md b/.changelog/2838.internal.md
deleted file mode 100644
index 8a7e259b010..00000000000
--- a/.changelog/2838.internal.md
+++ /dev/null
@@ -1 +0,0 @@
-docker: remove docker image build pipelines and cleanup testing image
diff --git a/.changelog/2840.trivial.md b/.changelog/2840.trivial.md
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/.changelog/2843.breaking.6.md b/.changelog/2843.breaking.6.md
deleted file mode 100644
index 6698461d939..00000000000
--- a/.changelog/2843.breaking.6.md
+++ /dev/null
@@ -1,8 +0,0 @@
-keymanager-lib: Bind persisted state to the runtime ID
-
-It is likely prudent to bind the persisted master secret to the runtime
-ID.  This change does so by including the key manager runtime ID as the
-AAD when sealing the master secret.
-
-This is backward incompatible with all current key manager instances as
-the existing persisted master secret will not decrypt.
diff --git a/.changelog/2843.bugfix.1.md b/.changelog/2843.bugfix.1.md
deleted file mode 100644
index e7ad116dae4..00000000000
--- a/.changelog/2843.bugfix.1.md
+++ /dev/null
@@ -1 +0,0 @@
-go/worker/keymanager: Add an enclave rpc handler
diff --git a/.changelog/2843.bugfix.2.md b/.changelog/2843.bugfix.2.md
deleted file mode 100644
index ea3be17a8d1..00000000000
--- a/.changelog/2843.bugfix.2.md
+++ /dev/null
@@ -1 +0,0 @@
-go/keymanager/client: Support km->km connections
diff --git a/.changelog/2843.bugfix.3.md b/.changelog/2843.bugfix.3.md
deleted file mode 100644
index 8dc1af336d3..00000000000
--- a/.changelog/2843.bugfix.3.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go/worker/keymanager: Actually allow replication to maybe work
-
-Access control forbidding replication may be more secure, but is not all
-that useful.
diff --git a/.changelog/2843.feature.4.md b/.changelog/2843.feature.4.md
deleted file mode 100644
index 6ffc14300c8..00000000000
--- a/.changelog/2843.feature.4.md
+++ /dev/null
@@ -1,3 +0,0 @@
-go/keymanager/api: Add a gRPC endpoint for status queries
-
-Mostly so that the test cases can query statuses.
diff --git a/.changelog/2843.feature.5.md b/.changelog/2843.feature.5.md
deleted file mode 100644
index 778549f1d5f..00000000000
--- a/.changelog/2843.feature.5.md
+++ /dev/null
@@ -1 +0,0 @@
-go/oasis-test-runner/oasis: Add a keymanager replication test
diff --git a/.changelog/2844.breaking.md b/.changelog/2844.breaking.md
deleted file mode 100644
index dd98ec9674f..00000000000
--- a/.changelog/2844.breaking.md
+++ /dev/null
@@ -1,10 +0,0 @@
-go/runtime/enclaverpc: Refactor gRPC endpoint routing
-
-Previously each endpoint required its own gRPC service. But since all
-EnclaveRPC requests already include an "endpoint" field, it is better to use
-that for routing requests.
-
-This commit adds a new enclaverpc.Endpoint interface that is used as an
-endpoint descriptor. All endpoints must be registered in advance (e.g.,
-during init). It also changes the key manager EnclaveRPC support to use the
-new API.
diff --git a/.changelog/2848.breaking.md b/.changelog/2848.breaking.md
deleted file mode 100644
index e8128e4d12c..00000000000
--- a/.changelog/2848.breaking.md
+++ /dev/null
@@ -1,4 +0,0 @@
-`oasis-net-runner`: `--net.*` flags renamed to `--fixture.default.*`
-
-For example `--net.node.binary mynode/oasis-node` becomes
-`--fixture.default.node.binary mynode/oasis-node`.
diff --git a/.changelog/2848.feature.md b/.changelog/2848.feature.md
deleted file mode 100644
index f992091bc61..00000000000
--- a/.changelog/2848.feature.md
+++ /dev/null
@@ -1,5 +0,0 @@
-`oasis-net-runner`: Add support for fixtures in JSON file
-
-New flag `--fixture.file` allows user to load default fixture from JSON file.
-In addition `dump-fixture` command dumps configured JSON-encoded fixture to
-standard output which can serve as a template.
diff --git a/.changelog/2849.internal.md b/.changelog/2849.internal.md
deleted file mode 100644
index 88c0aac2464..00000000000
--- a/.changelog/2849.internal.md
+++ /dev/null
@@ -1 +0,0 @@
-go/oasis-test-runner: Generate a new random seed on each run
diff --git a/.changelog/2853.bugfix.md b/.changelog/2853.bugfix.md
deleted file mode 100644
index d37b9eeb074..00000000000
--- a/.changelog/2853.bugfix.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go/common/crypto/mrae/deoxysii: Use SHA512/256 for the KDF
-
-Following 73aacaa73d7116a6be0443e70f2d10d0c7a4b76e, this should also use
-the correct hash algorithm for the KDF.
diff --git a/.changelog/2855.feature.md b/.changelog/2855.feature.md
deleted file mode 100644
index 381499e949f..00000000000
--- a/.changelog/2855.feature.md
+++ /dev/null
@@ -1,10 +0,0 @@
-go/consensus/tendermint: Expose new config options added in Tendermint 0.33
-
-Tendermint 0.33 added the concept of unconditional P2P peers. Support for
-setting the unconditional peers via `tendermint.p2p.unconditional_peer_ids`
-configuration flag is added. On sentry node, upstream nodes will automatically
-be set as unconditional peers.
-
-Tendermint 0.33 added support for setting maximum re-dial period when
-dialing persistent peers. This adds support for setting the period via
-`tendermint.p2p.persistent_peers_max_dial_period` flag.
diff --git a/.changelog/2856.bugfix.md b/.changelog/2856.bugfix.md
deleted file mode 100644
index e21d58918d0..00000000000
--- a/.changelog/2856.bugfix.md
+++ /dev/null
@@ -1,7 +0,0 @@
-go/extra/stats: fix & simplify node-entity mapping
-
-Instead of separately querying for entities and nodes, we can get Entity IDs
-from nodes directly.
-
-This change also fixes a case that previous variant missed: node that was
-removed from entity list of nodes, but has not yet expired.
diff --git a/.changelog/2858.bugfix.md b/.changelog/2858.bugfix.md
deleted file mode 100644
index 7b0c928d287..00000000000
--- a/.changelog/2858.bugfix.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go/extra/stats: fix heights at which missing nodes should be queried
-
-If a missing signature is encountered, the registry should be queried at
-previous height, since that is the height at which the vote was made.
diff --git a/.changelog/2860.internal.1.md b/.changelog/2860.internal.1.md
deleted file mode 100644
index a80e9f8d1f8..00000000000
--- a/.changelog/2860.internal.1.md
+++ /dev/null
@@ -1,5 +0,0 @@
-go/storage/mkvs/checkpoint: Add common checkpointer implementation
-
-Previously there was a checkpointer implemented in the storage worker
-but since this may be useful in multiple places, the checkpointer
-implementation is generalized and moved to the checkpoint package.
diff --git a/.changelog/2860.internal.2.md b/.changelog/2860.internal.2.md
deleted file mode 100644
index 6bf780ad6ce..00000000000
--- a/.changelog/2860.internal.2.md
+++ /dev/null
@@ -1 +0,0 @@
-go/storage/mkvs/checkpoint: Refactor restorer interface
diff --git a/.changelog/2863.feature.1.md b/.changelog/2863.feature.1.md
deleted file mode 100644
index 0c44e3d9701..00000000000
--- a/.changelog/2863.feature.1.md
+++ /dev/null
@@ -1 +0,0 @@
-go/consensus/tendermint: Bump Tendermint Core to 0.33.4
diff --git a/.changelog/2863.feature.2.md b/.changelog/2863.feature.2.md
deleted file mode 100644
index 82d3db31dca..00000000000
--- a/.changelog/2863.feature.2.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go/consensus/tendermint: Signal RetainHeight on Commit
-
-This allows Tendermint Core to discard data for any heights that were pruned
-from application state.
diff --git a/.changelog/2866.internal.md b/.changelog/2866.internal.md
deleted file mode 100644
index caa928e1ed6..00000000000
--- a/.changelog/2866.internal.md
+++ /dev/null
@@ -1 +0,0 @@
-go/oasis-test-runner: Configure consensus state pruning
diff --git a/.changelog/2867.internal.md b/.changelog/2867.internal.md
deleted file mode 100644
index 9786b394242..00000000000
--- a/.changelog/2867.internal.md
+++ /dev/null
@@ -1,3 +0,0 @@
-go: Start using new protobuf module location
-
-The previous location has been deprecated.
diff --git a/.changelog/2868.breaking.md b/.changelog/2868.breaking.md
deleted file mode 100644
index bce1572c519..00000000000
--- a/.changelog/2868.breaking.md
+++ /dev/null
@@ -1,5 +0,0 @@
-go/consensus: Stake weighted voting
-
-That is, validator voting power proportional to entity stake
-(previously: "flat" all-validators-equal voting power).
-Radical!
diff --git a/.changelog/2872.bugfix.md b/.changelog/2872.bugfix.md
deleted file mode 100644
index 616503743b5..00000000000
--- a/.changelog/2872.bugfix.md
+++ /dev/null
@@ -1,6 +0,0 @@
-client/rpc: Change session identifier on reset
-
-Previously the EnclaveRPC client did not change the session identifier on
-reset, resulting in unnecessary round-trips during a transport error. The
-EnclaveRPC client now changes the session identifier whenever resetting the
-session.
diff --git a/.changelog/2873.feature.md b/.changelog/2873.feature.md
deleted file mode 100644
index 27545a9429c..00000000000
--- a/.changelog/2873.feature.md
+++ /dev/null
@@ -1,6 +0,0 @@
-go/consensus/tendermint: sync-worker additionally check block timestamps
-
-Sync-worker relied on Tendermint fast-sync to determine if the node is still
-catching up. This PR adds aditional condition that the latest block is not
-older than 1 minute. This prevents cases where node would report as caught up
-after stopping fast-sync, but before it has actually caught up.
diff --git a/.changelog/2874.bugfix.md b/.changelog/2874.bugfix.md
deleted file mode 100644
index f89e80b3860..00000000000
--- a/.changelog/2874.bugfix.md
+++ /dev/null
@@ -1,9 +0,0 @@
-go/worker/storage: Correctly apply genesis storage state
-
-Previously genesis storage state was only applied at consensus genesis which
-did not support dynamically registered runtimes. Now genesis state is
-correctly applied when the storage node initializes for the first time (e.g.,
-when it sees the registered runtime).
-
-This also removes the now unused RegisterGenesisHook method from the
-consensus backend API.
diff --git a/.changelog/2876.bugfix.md b/.changelog/2876.bugfix.md
deleted file mode 100644
index 8a84f1aa930..00000000000
--- a/.changelog/2876.bugfix.md
+++ /dev/null
@@ -1,5 +0,0 @@
-worker/registration: use WatchLatestEpoch when watching for registrations
-
-By using WatchLatestEpoch the worker will always try to register for latest
-known epoch, which should prevent cases where registration worker fell behind
-and was trying to register for past epochs.
diff --git a/.changelog/2876.internal.1.md b/.changelog/2876.internal.1.md
deleted file mode 100644
index dc18fe192cc..00000000000
--- a/.changelog/2876.internal.1.md
+++ /dev/null
@@ -1 +0,0 @@
-go/common/pubsub: support subscriptions based on bounded ring channels
diff --git a/.changelog/2876.internal.2.md b/.changelog/2876.internal.2.md
deleted file mode 100644
index 2a0ce378276..00000000000
--- a/.changelog/2876.internal.2.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go/epochtime: add WatchLatestEpoch method
-
-The method is similar to the existing WatchEpochs method, with the change that
-unread epochs get overridden with latest epoch.
diff --git a/.changelog/2878.trivial.md b/.changelog/2878.trivial.md
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/.changelog/2879.trivial.md b/.changelog/2879.trivial.md
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/.changelog/2881.breaking.md b/.changelog/2881.breaking.md
deleted file mode 100644
index 85301ddfb8f..00000000000
--- a/.changelog/2881.breaking.md
+++ /dev/null
@@ -1 +0,0 @@
-go/common/node: Add RoleConsensusRPC role bit
diff --git a/.changelog/2885.bugfix.1.md b/.changelog/2885.bugfix.1.md
deleted file mode 100644
index 93f37a2365d..00000000000
--- a/.changelog/2885.bugfix.1.md
+++ /dev/null
@@ -1,10 +0,0 @@
-go/runtime/committee: Restore previously picked node in RR selection
-
-Previously the round-robin node selection policy would randomize the order on
-every update ignoring the currently picked node. This would cause the current
-node to flip on each update causing problems with EnclaveRPC which is
-stateful.
-
-The fix makes the round-robin node selection policy attempt to restore the
-currently picked node on each update. This means that in case the node is
-still in the node list, it will not change.
diff --git a/.changelog/2885.bugfix.2.md b/.changelog/2885.bugfix.2.md
deleted file mode 100644
index 91daccbeec1..00000000000
--- a/.changelog/2885.bugfix.2.md
+++ /dev/null
@@ -1 +0,0 @@
-go/runtime/client: Actually store the created key manager client
diff --git a/.changelog/2889.feature.1.md b/.changelog/2889.feature.1.md
deleted file mode 100644
index 6d189163e7d..00000000000
--- a/.changelog/2889.feature.1.md
+++ /dev/null
@@ -1,5 +0,0 @@
-go/staking: Add event hashes
-
-Staking events now have a new `TxHash` field, which contains
-the hash of the transaction that caused the event (or the empty
-hash in case of block events).
diff --git a/.changelog/2889.feature.2.md b/.changelog/2889.feature.2.md
deleted file mode 100644
index 724961c5347..00000000000
--- a/.changelog/2889.feature.2.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go/consensus: Add GetGenesisDocument
-
-The consensus client now has a new method to return the original
-genesis document.
diff --git a/.changelog/2890.internal.md b/.changelog/2890.internal.md
deleted file mode 100644
index ea628afe7e8..00000000000
--- a/.changelog/2890.internal.md
+++ /dev/null
@@ -1 +0,0 @@
-go/common/crypto/hash: Add NewFrom and NewFromBytes functions
diff --git a/.changelog/2892.bugfix.md b/.changelog/2892.bugfix.md
deleted file mode 100644
index 519aece97dc..00000000000
--- a/.changelog/2892.bugfix.md
+++ /dev/null
@@ -1,4 +0,0 @@
-go/scheduler: Increase tokens per voting power
-
-We'll need this to fit under tendermint's maximum total voting power
-limit.
diff --git a/.changelog/2894.internal.md b/.changelog/2894.internal.md
deleted file mode 100644
index b876017dd98..00000000000
--- a/.changelog/2894.internal.md
+++ /dev/null
@@ -1 +0,0 @@
-ci: automatically retry jobs due to host agent failures
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ad7d32fcc64..7fdba573bc7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,409 @@ The format is inspired by [Keep a Changelog].
 
 <!-- TOWNCRIER -->
 
+## 20.6 (2020-05-07)
+
+### Removals and Breaking changes
+
+- go/consensus/tendermint: Use MKVS for storing application state
+  ([#1898](https://github.com/oasislabs/oasis-core/issues/1898))
+
+- `oasis-node`: Refactor `metrics` parameters
+  ([#2687](https://github.com/oasislabs/oasis-core/issues/2687))
+
+  - `--metrics.push.job_name` renamed to `--metrics.job_name`.
+  - `--metrics.push.interval` renamed to `--metrics.interval`.
+  - `--metrics.push.instance_label` replaced with more general
+    `--metrics.labels` map parameter where `instance` is a required key, if
+    metrics are enabled. For example `--metrics.push.instance_label abc` now
+    becomes `--metrics.labels instance=abc`. User can also set other
+    arbitrary Prometheus labels, for example
+    `--metrics.labels instance=abc,cpu=intel_i7-8750`.
+
+- go/consensus/tendermint: Store consensus parameters in ABCI state
+  ([#2710](https://github.com/oasislabs/oasis-core/issues/2710))
+
+- go: Bump tendermint to v0.33.3-oasis1
+  ([#2834](https://github.com/oasislabs/oasis-core/issues/2834))
+
+  This is breaking as the tendermint block format has changed.
+
+- go/consensus/genesis: Make max evidence age block and time based
+  ([#2834](https://github.com/oasislabs/oasis-core/issues/2834))
+
+  - Rename `max_evidence_age` -> `max_evidence_age_blocks`
+  - Add `max_evidence_age_time` (default 48h)
+
+  This is obviously breaking.
+
+- keymanager-lib: Bind persisted state to the runtime ID
+  ([#2843](https://github.com/oasislabs/oasis-core/issues/2843))
+
+  It is likely prudent to bind the persisted master secret to the runtime
+  ID.  This change does so by including the key manager runtime ID as the
+  AAD when sealing the master secret.
+
+  This is backward incompatible with all current key manager instances as
+  the existing persisted master secret will not decrypt.
+
+- go/runtime/enclaverpc: Refactor gRPC endpoint routing
+  ([#2844](https://github.com/oasislabs/oasis-core/issues/2844))
+
+  Previously each endpoint required its own gRPC service. But since all
+  EnclaveRPC requests already include an "endpoint" field, it is better to use
+  that for routing requests.
+
+  This commit adds a new enclaverpc.Endpoint interface that is used as an
+  endpoint descriptor. All endpoints must be registered in advance (e.g.,
+  during init). It also changes the key manager EnclaveRPC support to use the
+  new API.
+
+- `oasis-net-runner`: `--net.*` flags renamed to `--fixture.default.*`
+  ([#2848](https://github.com/oasislabs/oasis-core/issues/2848))
+
+  For example `--net.node.binary mynode/oasis-node` becomes
+  `--fixture.default.node.binary mynode/oasis-node`.
+
+- go/consensus: Stake weighted voting
+  ([#2868](https://github.com/oasislabs/oasis-core/issues/2868))
+
+  That is, validator voting power proportional to entity stake
+  (previously: "flat" all-validators-equal voting power).
+  Radical!
+
+- go/common/node: Add RoleConsensusRPC role bit
+  ([#2881](https://github.com/oasislabs/oasis-core/issues/2881))
+
+### Features
+
+- go/worker/consensusrpc: Add public consensus RPC services worker
+  ([#2440](https://github.com/oasislabs/oasis-core/issues/2440))
+
+  A public consensus services worker enables any full consensus node to expose
+  light client services to other nodes that may need them (e.g., they are needed
+  to support light clients).
+
+  The worker can be enabled using `--worker.consensusrpc.enabled` and is
+  disabled by default. Enabling the public consensus services worker exposes
+  the light consensus client interface over publicly accessible gRPC.
+
+- go/consensus: Add basic API for supporting light consensus clients
+  ([#2440](https://github.com/oasislabs/oasis-core/issues/2440))
+
+- `oasis-node`: Add benchmarking utilities
+  ([#2687](https://github.com/oasislabs/oasis-core/issues/2687))
+
+  - New Prometheus metrics for:
+    - datadir space usage,
+    - I/O (read/written bytes),
+    - memory usage (VMSize, RssAnon, RssFile, RssShmem),
+    - CPU (utime and stime),
+    - network interfaces (rx/tx bytes/packets),
+  - Bumps `prometheus/go_client` to latest version which fixes sending label
+    values containing non-url characters.
+  - Bumps `spf13/viper` which fixes `IsSet()` behavior.
+
+- Add `GetEvents` to backends
+  ([#2778](https://github.com/oasislabs/oasis-core/issues/2778))
+
+  The new `GetEvents` call returns all events at a specific height,
+  without having to watch for them using the `Watch*` methods.
+  It is currently implemented for the registry, roothash, and staking
+  backends.
+
+- go/keymanager/api: Add a gRPC endpoint for status queries
+  ([#2843](https://github.com/oasislabs/oasis-core/issues/2843))
+
+  Mostly so that the test cases can query statuses.
+
+- go/oasis-test-runner/oasis: Add a keymanager replication test
+  ([#2843](https://github.com/oasislabs/oasis-core/issues/2843))
+
+- `oasis-net-runner`: Add support for fixtures in JSON file
+  ([#2848](https://github.com/oasislabs/oasis-core/issues/2848))
+
+  New flag `--fixture.file` allows user to load default fixture from JSON file.
+  In addition `dump-fixture` command dumps configured JSON-encoded fixture to
+  standard output which can serve as a template.
+
+- go/consensus/tendermint: Expose new config options added in Tendermint 0.33
+  ([#2855](https://github.com/oasislabs/oasis-core/issues/2855))
+
+  Tendermint 0.33 added the concept of unconditional P2P peers. Support for
+  setting the unconditional peers via `tendermint.p2p.unconditional_peer_ids`
+  configuration flag is added. On sentry node, upstream nodes will automatically
+  be set as unconditional peers.
+
+  Tendermint 0.33 added support for setting maximum re-dial period when
+  dialing persistent peers. This adds support for setting the period via
+  `tendermint.p2p.persistent_peers_max_dial_period` flag.
+
+- go/consensus/tendermint: Signal RetainHeight on Commit
+  ([#2863](https://github.com/oasislabs/oasis-core/issues/2863))
+
+  This allows Tendermint Core to discard data for any heights that were pruned
+  from application state.
+
+- go/consensus/tendermint: Bump Tendermint Core to 0.33.4
+  ([#2863](https://github.com/oasislabs/oasis-core/issues/2863))
+
+- go/consensus/tendermint: sync-worker additionally check block timestamps
+  ([#2873](https://github.com/oasislabs/oasis-core/issues/2873))
+
+  Sync-worker relied on Tendermint fast-sync to determine if the node is still
+  catching up. This PR adds aditional condition that the latest block is not
+  older than 1 minute. This prevents cases where node would report as caught up
+  after stopping fast-sync, but before it has actually caught up.
+
+- go/consensus: Add GetGenesisDocument
+  ([#2889](https://github.com/oasislabs/oasis-core/issues/2889))
+
+  The consensus client now has a new method to return the original
+  genesis document.
+
+- go/staking: Add event hashes
+  ([#2889](https://github.com/oasislabs/oasis-core/issues/2889))
+
+  Staking events now have a new `TxHash` field, which contains
+  the hash of the transaction that caused the event (or the empty
+  hash in case of block events).
+
+### Bug Fixes
+
+- go: Extract and generalize registry's staking sanity checks
+  ([#2748](https://github.com/oasislabs/oasis-core/issues/2748))
+
+  Augment the checks to check if an entity has enough stake for all stake claims
+  in the Genesis document to prevent panics at oasis-node start-up due to
+  entities not having enough stake in the escrow to satisfy all their stake
+  claims.
+
+- go/oasis-node/cmd/ias: Fix WatchRuntimes retry
+  ([#2832](https://github.com/oasislabs/oasis-core/issues/2832))
+
+  Previously the IAS proxy could incorrectly panic during shutdown when the
+  context was cancelled.
+
+- go/worker/keymanager: Add an enclave rpc handler
+  ([#2843](https://github.com/oasislabs/oasis-core/issues/2843))
+
+- go/worker/keymanager: Actually allow replication to maybe work
+  ([#2843](https://github.com/oasislabs/oasis-core/issues/2843))
+
+  Access control forbidding replication may be more secure, but is not all
+  that useful.
+
+- go/keymanager/client: Support km->km connections
+  ([#2843](https://github.com/oasislabs/oasis-core/issues/2843))
+
+- go/common/crypto/mrae/deoxysii: Use SHA512/256 for the KDF
+  ([#2853](https://github.com/oasislabs/oasis-core/issues/2853))
+
+  Following 73aacaa73d7116a6be0443e70f2d10d0c7a4b76e, this should also use
+  the correct hash algorithm for the KDF.
+
+- go/extra/stats: fix & simplify node-entity mapping
+  ([#2856](https://github.com/oasislabs/oasis-core/issues/2856))
+
+  Instead of separately querying for entities and nodes, we can get Entity IDs
+  from nodes directly.
+
+  This change also fixes a case that previous variant missed: node that was
+  removed from entity list of nodes, but has not yet expired.
+
+- go/extra/stats: fix heights at which missing nodes should be queried
+  ([#2858](https://github.com/oasislabs/oasis-core/issues/2858))
+
+  If a missing signature is encountered, the registry should be queried at
+  previous height, since that is the height at which the vote was made.
+
+- client/rpc: Change session identifier on reset
+  ([#2872](https://github.com/oasislabs/oasis-core/issues/2872))
+
+  Previously the EnclaveRPC client did not change the session identifier on
+  reset, resulting in unnecessary round-trips during a transport error. The
+  EnclaveRPC client now changes the session identifier whenever resetting the
+  session.
+
+- go/worker/storage: Correctly apply genesis storage state
+  ([#2874](https://github.com/oasislabs/oasis-core/issues/2874))
+
+  Previously genesis storage state was only applied at consensus genesis which
+  did not support dynamically registered runtimes. Now genesis state is
+  correctly applied when the storage node initializes for the first time (e.g.,
+  when it sees the registered runtime).
+
+  This also removes the now unused RegisterGenesisHook method from the
+  consensus backend API.
+
+- worker/registration: use WatchLatestEpoch when watching for registrations
+  ([#2876](https://github.com/oasislabs/oasis-core/issues/2876))
+
+  By using WatchLatestEpoch the worker will always try to register for latest
+  known epoch, which should prevent cases where registration worker fell behind
+  and was trying to register for past epochs.
+
+- go/runtime/client: Actually store the created key manager client
+  ([#2885](https://github.com/oasislabs/oasis-core/issues/2885))
+
+- go/runtime/committee: Restore previously picked node in RR selection
+  ([#2885](https://github.com/oasislabs/oasis-core/issues/2885))
+
+  Previously the round-robin node selection policy would randomize the order on
+  every update ignoring the currently picked node. This would cause the current
+  node to flip on each update causing problems with EnclaveRPC which is
+  stateful.
+
+  The fix makes the round-robin node selection policy attempt to restore the
+  currently picked node on each update. This means that in case the node is
+  still in the node list, it will not change.
+
+- go/scheduler: Increase tokens per voting power
+  ([#2892](https://github.com/oasislabs/oasis-core/issues/2892))
+
+  We'll need this to fit under tendermint's maximum total voting power
+  limit.
+
+### Documentation improvements
+
+- Refactor documentation, add architecture overview
+  ([#2791](https://github.com/oasislabs/oasis-core/issues/2791))
+
+### Internal changes
+
+- `oasis-test-runner`: Add benchmarking utilities
+  ([#2687](https://github.com/oasislabs/oasis-core/issues/2687))
+
+  - `oasis-test-runner` now accepts `--metrics.address` and `--metrics.interval`
+    parameters which are forwarded to `oasis-node` workers.
+  - `oasis-test-runner` now signals `oasis_up` metric to Prometheus when a test
+    starts and when it finishes.
+  - `--num_runs` parameter added which specifies how many times each test should
+    be run.
+  - `basic` E2E test was renamed to `runtime`.
+  - Scenario names now use corresponding namespace. e.g. `halt-restore` is now
+    `e2e/runtime/halt-restore`.
+  - Scenario parameters are now exposed and settable via CLI by reimplementing
+    `scenario.Parameters()` and setting it with `--<test_name>.<param>=<val>`.
+  - Scenario parameters can also be generally set, for example
+    `--e2e.node.binary` will set `node.binary` parameter for all E2E tests and
+    `--e2e/runtime.node.binary` will set it for tests which inherit `runtime`.
+  - Multiple parameter values can be provided in form
+    `--<test_name>.<param>=<val1>,<val2>,...`. In this case, `oasis-test-runner`
+    combines them with other parameters and generates unique parameter sets for
+    each test.
+  - Each scenario is run in a unique datadir per parameter set of form
+    `oasis-test-runnerXXXXXX/<test_name>/<run_id>`.
+  - Due to very long datadir for some e2e tests, custom internal gRPC socket
+    names are provided to `oasis-node`.
+  - If metrics are enabled, new labels are passed to oasis-nodes and pushed to
+    Prometheus for each test:
+    - `instance`,
+    - `run`,
+    - `test`,
+    - `software_version`,
+    - `git_branch`,
+    - whole test-specific parameter set.
+  - New `version.GitBranch` variable determined and set during compilation.
+  - Current parameter set, run number, and test name dumped to `test_info.json`
+    in corresponding datadir. This is useful when packing whole datadir for
+    external debugging.
+  - New `cmp` command for analyzing benchmark results has been added which
+    fetches the last two batches of benchmark results from Prometheus and
+    compares them. For more information, see `README.md` in
+    `go/oasis-test-runner` folder.
+
+- ci: New benchmarks pipeline has been added
+  ([#2687](https://github.com/oasislabs/oasis-core/issues/2687))
+
+  `benchmarks.pipeline.yml` runs all E2E tests and compares the benchmark
+  results from the previous batch using the new `oasis-test-runner cmp` command.
+
+- `oasis-node`: Add custom internal socket path flag (for E2E tests only!)
+  ([#2687](https://github.com/oasislabs/oasis-core/issues/2687))
+
+  `--debug.grpc.internal.socket_name` flag was added which forces `oasis-node`
+  to use the given path for the internal gRPC socket. This was necessary,
+  because some E2E test names became very lengthy and original datadir exceeded
+  the maximum unix socket path length. `oasis-test-runner` now generates
+  shorter socket names in `/tmp/oasis-test-runnerXXXXXX` directory and provides
+  them to `oasis-node`. **Due to security risks never ever use this flag in
+  production-like environments. Internal gRPC sockets should always reside in
+  node datadir!**
+
+- go/registry/api: Extend `NodeLookup` and `RuntimeLookup` interfaces
+  ([#2748](https://github.com/oasislabs/oasis-core/issues/2748))
+
+  Define `Nodes()` and `AllRuntimes()` methods.
+
+- go/staking/tests: Add escrow and delegations to debug genesis state
+  ([#2767](https://github.com/oasislabs/oasis-core/issues/2767))
+
+  Introduce `stakingTestsState` that holds the current state of staking
+  tests and enable the staking implementation tests
+  (`StakingImplementationTest`, `StakingClientImplementationTests`) to always
+  use this up-to-date state.
+
+- go/runtime/committee: Don't close gRPC connections on connection refresh
+  ([#2826](https://github.com/oasislabs/oasis-core/issues/2826))
+
+- go: Refactor E2E coverage integration test wrapper
+  ([#2832](https://github.com/oasislabs/oasis-core/issues/2832))
+
+  This makes it possible to easily have E2E coverage instrumented binaries for
+  things other than oasis-node.
+
+- go/oasis-node: Move storage benchmark subcommand under debug
+  ([#2832](https://github.com/oasislabs/oasis-core/issues/2832))
+
+- keymanager-runtime: replace with test/simple-keymanager
+  ([#2837](https://github.com/oasislabs/oasis-core/issues/2837))
+
+  Common keymanager initalization code is extracted into the keymanager-lib
+  crate. This enables for the actual key manager implementation to only
+  provide a set of key manager policy signers.
+  Aditionally the `keymanager-runtime` crate is removed and replaced with
+  a test `simple-keymanager` runtime that is used in E2E tests.
+
+- docker: remove docker image build pipelines and cleanup testing image
+  ([#2838](https://github.com/oasislabs/oasis-core/issues/2838))
+
+- go/oasis-test-runner: Generate a new random seed on each run
+  ([#2849](https://github.com/oasislabs/oasis-core/issues/2849))
+
+- go/storage/mkvs/checkpoint: Refactor restorer interface
+  ([#2860](https://github.com/oasislabs/oasis-core/issues/2860))
+
+- go/storage/mkvs/checkpoint: Add common checkpointer implementation
+  ([#2860](https://github.com/oasislabs/oasis-core/issues/2860))
+
+  Previously there was a checkpointer implemented in the storage worker
+  but since this may be useful in multiple places, the checkpointer
+  implementation is generalized and moved to the checkpoint package.
+
+- go/oasis-test-runner: Configure consensus state pruning
+  ([#2866](https://github.com/oasislabs/oasis-core/issues/2866))
+
+- go: Start using new protobuf module location
+  ([#2867](https://github.com/oasislabs/oasis-core/issues/2867))
+
+  The previous location has been deprecated.
+
+- go/common/pubsub: support subscriptions based on bounded ring channels
+  ([#2876](https://github.com/oasislabs/oasis-core/issues/2876))
+
+- go/epochtime: add WatchLatestEpoch method
+  ([#2876](https://github.com/oasislabs/oasis-core/issues/2876))
+
+  The method is similar to the existing WatchEpochs method, with the change that
+  unread epochs get overridden with latest epoch.
+
+- go/common/crypto/hash: Add NewFrom and NewFromBytes functions
+  ([#2890](https://github.com/oasislabs/oasis-core/issues/2890))
+
+- ci: automatically retry jobs due to host agent failures
+  ([#2894](https://github.com/oasislabs/oasis-core/issues/2894))
+
 ## 20.5 (2020-04-10)
 
 ### Process